Critical Threat
IP 112.196.70.142 is a critical-risk address originating from India that has been linked to sustained SSH brute-force attack attempts, accumulating 206 abuse reports across a five-month observation window with a maximum threat score of 10/10. The IP is registered to Quadrant Televentures Limited operating under ASN AS17917, and its activity profile indicates repeated automated targeting of SSH services despite a relatively low activity frequency score. The concentration of recent reports exclusively on SSH-related threats, combined with honeypot sensor detections documenting 10 or more violations, establishes a clear and ongoing pattern of credential-compromise attempts against exposed Secure Shell endpoints.
The volume and consistency of reporting for IP 112.196.70.142 paint a concerning picture for any organization with SSH services accessible from the internet. Over the period spanning November 2025 through March 2026, automated honeypot sensors recorded multiple instances of brute-force activity, with pattern data from defensive tools confirming repeated SSH intrusion attempts involving the same attack vector across multiple detection events. The 68% confidence score reflects the automated nature of the reports while acknowledging that attribution to definitive malicious intent carries inherent uncertainty. Nonetheless, the sheer number of reports combined with the severity rating leaves little ambiguity about the IP's behavioral profile. The fact that all recent categorized activity falls exclusively within the SSH threat category strongly suggests a focused, automated campaign rather than opportunistic scanning.
SSH brute-force attacks represent one of the most common initial-access vectors employed against internet-facing servers, with attackers using automated tooling to cycle through credential combinations until access is gained. A successful compromise via this method can grant attackers persistent access to sensitive systems, enabling data exfiltration, lateral movement within networks, or deployment of secondary payloads including ransomware and cryptocurrency miners. Even failed attempts consume server resources and generate log noise that can obscure genuine security incidents. The targeting observed from IP 112.196.70.142 follows this well-documented attack pattern precisely, representing a material threat to any SSH daemon exposed to the broader internet without additional protective controls.
MC 
UA 
GB 
IR 
CO