Severe Risk
IP 196.191.254.26 is a critical-risk address associated with an exploited host that has generated 408 abuse reports, indicating sustained malicious activity originating from a compromised system within Ethiopian Telecommunication Corporation's network (ASN AS24757). The IP has been flagged with a maximum threat score of 10/10 and an activity frequency rating of 8/10, reflecting continuous engagement in malware and exploit-related operations over the December 2025 reporting window. Detection across 20 independent automated honeypot sensors confirms a 94% confidence level that this address is actively participating in hostile operations without the knowledge of its legitimate operator.
The 408 total reports and high activity frequency establish this as one of the most actively reported addresses in the observed timeframe. All 20 report sources are automated honeypot sensors, which detected exploit-oriented activity consistent with a compromised host being weaponized for external attacks. Ethiopian Telecommunication Corporation operates the underlying network infrastructure, but the address itself shows clear signs of having fallen under unauthorized control. The geographic attribution to Ethiopia (ET) and the concentration of identical honeypot detections point to automated scanning and exploitation activity rather than isolated manual attempts.
An exploited host presents a concrete and serious threat because the machine is being weaponized remotely, typically through malware or remote access tooling, while its owner remains unaware. Attackers leverage such compromised infrastructure to conduct scanning, exploit delivery, credential abuse or further propagation of malicious payloads against other targets globally. For network defenders, an exploited host in a foreign network means attacks may carry the weight of a seemingly legitimate residential or corporate IP, making detection and attribution harder for victims' defensive systems. The real-world risk extends beyond this single address: it represents a node in a potential botnet or attack chain that could affect any exposed service on the internet.
Site operators should immediately block IP 196.191.254.26 at the network perimeter and monitor logs for any related attempt patterns. Deploying or strengthening rate-limiting and brute-force protection mechanisms—such as fail2ban or equivalent tools—reduces the impact of similar scanning activity from this source. Enforcing strong authentication on exposed services, applying least-privilege access controls and maintaining up-to-date patching across all internet-facing systems limits the effectiveness of any exploitation attempts. Organizations experiencing repeated contact from this address should consider filing an abuse report with Ethiopian Telecommunication Corporation to facilitate remediation of the compromised host at its source.
RO 
FR 
SE 
TR