Critical Alert
IP 45.149.204.47 is a critical-risk address assessed at threat level 10/10 that has accumulated 615 total reports from automated honeypot sensors since September 2025, with the dominant threat classification being an exploited host actively participating in malware and exploit activity without the knowledge of its operator, Contabo GmbH in Germany.
The IP, routed through AS51167 operated by Contabo GmbH, was first reported in September 2025 and most recently reported in December 2025, indicating sustained malicious engagement over approximately three months. The 615 abuse reports generated through automated honeypot sensors represent a significant volume, while the 20 most recent reports specifically categorize the threat as an exploited host. Despite a low activity frequency score of 0/10, the sheer volume of historical reports combined with a maximum threat rating and the exploited host classification establishes this address as a serious infrastructure risk requiring immediate defensive action.
An exploited host designation indicates that the system at 45.149.204.47 has been compromised and is now being weaponized by threat actors to conduct automated attacks, distribute malware payloads or scan for additional vulnerabilities across the internet. The system's owner, Contabo GmbH, is likely unaware of the compromise, meaning this machine is functioning as a botnet node or relay without authorization. For network defenders, an exploited host poses a dual risk: the compromised system may be actively targeting other networks while simultaneously serving as a potential entry point for lateral movement if its traffic is inadvertently trusted.
Site operators should immediately block IP 45.149.204.47 at the network perimeter and monitor logs for any matching inbound connections. Implementing fail2ban or similar intrusion-prevention tools to automatically ban repeat offenders provides an additional layer of automated defense. Organizations with visibility into outbound traffic should scan for any connections originating from internal networks toward this address, as compromised hosts frequently communicate with command-and-control infrastructure. Proactive notification to Contabo GmbH regarding the exploited host status supports broader community defense by enabling the hosting provider to remediate the compromised system and prevent its further abuse.
FR 
HK 
SE 
VN