Substantial Risk
193.142.146.230 is a high-risk address assessed at 8/10, originating from Germany and operated by ColocaTel Inc. via AS213438, with a dominant threat profile centred on SSH brute-force activity detected across automated honeypot sensors. The IP has accumulated 818 total abuse reports with a 96% confidence rating, placing it firmly in the upper tier of actively malicious infrastructure. Its activity frequency of 8/10 and a reporting window spanning January through April 2026 indicate sustained, repeated offensive operations over approximately four months rather than isolated scanning. The reported categories — Hacking (16), SSH (6), Web App Attack (1), and Exploited Host (1) — reveal a primary focus on credential-guessing attacks against exposed SSH services, supplemented by generalised intrusion probes and web application reconnaissance.
The report volume of 818 from 20 independent honeypot sources is particularly notable; this breadth of detection across multiple sensors underscores that the address is not merely a transient or misconfigured endpoint but an established actor conducting distributed automated attacks. Suricata alerts flagging SSH sessions in progress on expected ports, combined with raw SSH brute-force pattern notes, confirm repeated and persistent attempts to compromise login credentials on target servers. The presence of exploited-host reporting alongside the brute-force activity suggests that at least some of these attempts have succeeded, enabling subsequent command-and-control or lateral movement behaviour on compromised systems.
For organisations with internet-facing SSH services, an IP with this reputation poses a direct and material risk. SSH brute-force attacks remain one of the most common initial-access vectors for ransomware, data exfiltration, and infrastructure compromise, particularly when administrators rely on password-based authentication. The web application probe activity adds a secondary risk dimension, as successful exploitation of vulnerabilities could yield application-layer access or serve as a pivot point into internal networks.
Operators should block or aggressively rate-limit traffic from 193.142.146.230 at the network perimeter. SSH services should be hardened by enforcing key-based authentication, disabling root login, and moving from port 22 to a non-standard port where feasible; deploying fail2ban or equivalent tools will automatically mitigate repeated login attempts. Deploying a web application firewall and ensuring all internet-facing applications are on current patch cycles will address the secondary web probe vectors. Ongoing monitoring of authentication logs for source IPs matching this address or adjacent ranges is recommended given the sustained activity profile observed across the January–April 2026 reporting window.
BG 
AE 
GB