Extreme Threat
IP 186.96.145.241 is a critical-risk address operated by Total Play Telecomunicaciones SA DE CV in Mexico, assessed at threat level 10/10 following 24,638 abuse reports from automated honeypot sensors over approximately seven months of sustained activity. The IP demonstrates an 8/10 activity frequency with a dominant pattern of SSH brute-force intrusion attempts, placing any publicly accessible SSH service in immediate danger of unauthorized access if exposed to this address.
The volume and consistency of reporting are exceptional for a single source, with 20 independent honeypot sensors submitting detections between November 2025 and June 2026. Suricata alert signatures confirmed "SSH brute-force attempt" activity alongside observations of SSH sessions initiating on standard SSH ports, indicating the host is actively conducting credential-guessing campaigns against exposed servers. The 76% confidence score reflects a substantial but not absolute attribution certainty, likely due to the potential for IP address spoofing or redirection in certain network configurations. The network belongs to AS22884 operated by Total Play Telecomunicaciones SA DE CV, a Mexican telecommunications provider, suggesting the source may represent a compromised endpoint, a botnet participant, or infrastructure leveraged for anonymized attack staging.
SSH brute-force attacks systematically attempt to guess valid username and password combinations to gain shell access to servers. Even low-probability success rates become statistically significant across tens of thousands of attempts, and attackers routinely pair these with credential-stuffing lists compiled from third-party data breaches. Successful access grants adversaries persistent backdoor entry, the ability to exfiltrate data, deploy additional malware, pivot laterally within networks, or leverage the compromised host as a launchpad for further attacks. The sustained 7-month campaign from this address dramatically elevates the probability that it has compromised weakly configured targets during this window.
Administrators should immediately block IP 186.96.145.241 at the firewall or network perimeter to eliminate exposure. Enforcing key-based SSH authentication exclusively, disabling password-based login and root access, and relocating SSH to a non-standard port substantially reduces attack surface. Deploying intrusion prevention tools such as fail2ban to automatically ban repeat offenders after failed login thresholds provides an additional automated defensive layer. Continuous monitoring of authentication logs for originating connections from this address, combined with regular audits of sudo and root-level accounts, helps identify any successful compromises before they propagate further.
CA 
UA 
UZ 
RO 
GB 
BD