Critical Threat
IP 187.251.246.169 is a high-risk address associated with an exploited host being leveraged for malicious activity, originating from Total Play Telecomunicaciones SA de CV networks in Mexico. With a threat level of 10/10 and 164 total reports logged between November 2025 and April 2026, this IP presents a significant danger to exposed services, particularly those accepting connections from Mexican IP space.
The IP was flagged across 20 automated honeypot sensors generating 22 distinct threat-category reports, with the dominant classification being Exploited Host (20 instances) alongside Hacking activity (2 instances). Detection patterns consistently indicate malware or exploit behavior, specifically Suricata alerts flagging potentially unsafe SMBv1 protocol usage. Despite the high volume of abuse reports, the activity frequency score sits at 0/10, suggesting the most aggressive scanning phases may have subsided by the final reporting period, though the historical record remains alarming.
An Exploited Host classification means this IP address belongs to a system that has been compromised and is now being weaponized as an attack platform, likely without the knowledge of its legitimate owner. The repeated detection of SMBv1 protocol anomalies is particularly concerning, as this legacy Windows file-sharing protocol has a well-documented history of being exploited by ransomware and remote code execution campaigns such as EternalBlue. A hacked endpoint on a Mexican ISP residential or business connection poses risks both as a scanning source and as a pivot point for lateral movement targeting neighbouring network segments.
Site operators should block 187.251.246.169 at the firewall or load-balancer level as an immediate defensive measure. Where feasible, consider reaching out to Total Play Telecomunicaciones to report the compromised customer premises equipment. Systems should be audited for any exposed SMB services, and outdated SMBv1 implementations should be disabled entirely unless explicitly required by legacy infrastructure. Deploying or strengthening brute-force mitigation tools such as fail2ban, enforcing multi-factor authentication on all externally facing authentication portals, and maintaining up-to-date intrusion-detection signatures will further reduce exposure to automated exploitation attempts originating from addresses in this category.
RO 
JP 
HK 
GB