Severe Risk
IP 198.12.68.114 is a critical-risk address associated with 14,600 total abuse reports and a threat level of 10 out of 10, indicating it poses a severe and ongoing danger to exposed network services. Operating from the United States within AS-COLOCROSSING (AS36352), this IP has been flagged repeatedly for general hacking activity, representing a significant threat to any system that permits direct inbound access from untrusted external sources.
Detection data reveals that automated honeypot sensors logged all 20 of the most recent threat-category reports, with the first activity dating back to August 2025 and the most recent confirmed reports in November 2025. While the activity frequency metric appears subdued, the sheer volume of historical reports underscores persistent involvement in malicious scanning and intrusion attempts. The 59% confidence score reflects the specificity of the detections, meaning analysts can reliably attribute this address to hostile probing behaviour rather than coincidental or ambiguous traffic. The AS-COLOCROSSING network segment from which this traffic originates has been associated with aggressive automated scanning campaigns in broader threat intelligence, making this particular IP a high-priority candidate for defensive action.
The dominant hacking classification encompasses a broad range of intrusion techniques, including vulnerability probing, credential exploitation attempts, and unauthorized access enumeration against exposed services such as SSH, Telnet, HTTP interfaces, and databases. For a site operator, this translates to direct risk of compromise if administrative interfaces, remote-access ports, or web applications are reachable from the internet without strict access controls. Automated attack tools regularly target such services at scale, and an IP with 14,600 prior abuse reports is almost certainly running sustained offensive tooling rather than isolated probe attempts.
Administrators should immediately block IP 198.12.68.114 at the firewall or network perimeter level to eliminate inbound access from this source. Implementing fail2ban, OSSEC, or similar dynamic blocking tools can automate the process of identifying and quarantining repeated offenders. Rate-limiting incoming connections on sensitive ports and enforcing strong, non-default credentials across all internet-facing services will reduce the effectiveness of any subsequent attempts. Finally, continuous monitoring of access logs for this address and similar AS-COLOCROSSING source IPs will help identify potential lateral movement or persistent access attempts that bypass initial blocking controls.
RO 
PH 
UA 
VN