Critical Threat
IP 186.96.151.146, originating from Total Play Telecomunicaciones SA de CV's network in Mexico (AS22884), presents a critical threat level of 10/10 and is classified as an exploited host, indicating this address has been compromised and is being weaponised by threat actors to conduct attacks against other targets without the system owner's knowledge.
Automated honeypot sensors registered 187 abuse reports against this IP across a seven-month window from October 2025 through May 2026, with 20 distinct report sources flagging malicious activity. The dominant threat category driving these reports is exploited host behaviour, accounting for the majority of detections, complemented by general hacking activity. Suricata intrusion-detection systems specifically identified attempts to leverage the outdated SMBv1 protocol, a known dangerous vector for ransomware and remote-code-execution campaigns. Despite the substantial report volume, the confidence score sits at 61%, suggesting some uncertainty in attribution, yet the sheer frequency of detections from multiple independent sensors confirms persistent hostile intent.
An exploited host classification means IP 186.96.151.146 is almost certainly running malware or has been enrolled in a botnet without the legitimate operator's awareness. The SMBv1 exploitation attempts observed are particularly concerning because this legacy protocol contains multiple critical vulnerabilities that modern ransomware groups actively weaponise. Any organisation exposing SMB services to this address or operating SMBv1 internally faces immediate risk of lateral movement, data exfiltration or complete system compromise. The hostile traffic detected represents the outward manifestation of a compromised system being remotely controlled to probe and attack external infrastructure.
Network administrators should block 186.96.151.146 at the firewall or edge device immediately and monitor logs for any successful connections. Implement fail2ban or similar dynamic blocking tools to automatically deny repeated connection attempts. Audit internal networks for SMBv1 usage and disable the protocol entirely where possible, as it has no legitimate role in modern infrastructure. Consider notifying the Mexican hosting provider about the compromised customer premises equipment to facilitate remediation at the source.
RO 
JP 
HK 
GB