Severe Risk
IP 190.144.37.68, originating from Telmex Colombia S.A. network AS14080 in Colombia, presents a maximum threat level of 10/10 and is associated with 623 total abuse reports, indicating a high-risk address linked primarily to SSH brute-force intrusion attempts and broader hacking activity targeting exposed services.
The detection profile for 190.144.37.68 reflects sustained hostile engagement recorded across 20 automated honeypot sensors during August 2025, with 12 reports categorized as general hacking intrusion attempts and 8 specifically documenting SSH brute-force activity. Despite the elevated threat classification, the 59% confidence score suggests some variability in attribution certainty, which is typical when evaluating high-volume automated detection. The network operator, Telmex Colombia S.A., manages significant broadband infrastructure throughout Colombia, meaning this IP likely represents a dynamic residential or business connection being leveraged for automated attacks rather than a static server. The complete temporal concentration in August 2025 indicates this address came under intensive automated scanning during a defined campaign window.
SSH brute-force attacks represent one of the most persistent and indiscriminate threat vectors targeting publicly accessible servers worldwide. Attackers systematically cycle through common username and password combinations to compromise servers running exposed SSH daemons, often exploiting weak or default credentials. Once access is obtained, threat actors typically deploy backdoors, cryptocurrency miners or pivot laterally within networks. The 623 reports associated with 190.144.37.68 demonstrate sustained, high-volume automated scanning consistent with credential-stuffing toolkits distributed through underground markets, meaning any exposed SSH service in the targeted scan radius faced repeated authentication guessing attempts during the reporting period.
Site operators running publicly accessible SSH services should immediately audit authentication configurations for this IP address. Implementing key-based authentication exclusively, disabling root login and changing the default SSH port significantly reduces susceptibility to automated brute-force attempts. Deploying dynamic rate-limiting and automated blocking tools such as fail2ban or equivalent solutions can automatically quarantine repeated login failures. Additionally, enforcing strong password policies, maintaining current software patches and monitoring authentication logs for unusual patterns from Colombian address space will harden defenses against the scanning behavior evidenced by 190.144.37.68.
RO 
PH 
UA 
VN