Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
130.12.180.51 has a threat confidence score of 100%. This IP address from United States (AS214943, Railnet LLC) has been observed in 16,788 honeypot sessions and reported 6 times targeting SSH protocols. Detected attack patterns include ssh remote script download and execute. First observed on January 20, 2026, most recently active April 21, 2026.
SSH session performing remote script retrieval via wget or curl followed by immediate execution. The pattern reflects automated payload staging and execution on a compromised host, commonly used by botnets and post-exploitation frameworks to deploy malware, miners, loaders, or secondary implants.
| Reporter | Date | Category | Protocol | Comment |
|---|---|---|---|---|
| User | Mar 22, 2026, 08:37 | Brute Force | SSH | SikkerGuard: 14 blocked packets |
| User | Mar 22, 2026, 08:32 | Brute Force | SSH | SikkerGuard: 14 blocked packets |
| User | Mar 21, 2026, 21:41 | Brute Force | SSH | SikkerGuard: 14 blocked packets |
| User | Mar 21, 2026, 18:09 | Brute Force | SSH | SikkerGuard: 14 blocked packets |
| User | Mar 19, 2026, 13:05 | Brute Force | SSH | SikkerGuard: 2 blocked packets |