Extreme Threat
IP 49.249.236.90 is a critical-risk address linked to an exploited host operating within Tata Teleservices ISP's network in India, with 13,046 documented abuse reports generated by automated honeypot sensors between August and September 2025, indicating a compromised system weaponized for malicious network activity without the owner's knowledge.
The threat intelligence surrounding IP 49.249.236.90 reveals a pattern consistent with infrastructure that has been silently compromised and repurposed by threat actors. With a threat level of 10 out of 10 and a total report volume exceeding 13,000, this address stands among the most prolific sources of malicious traffic originating from Indian network space. The 20 automated honeypot sensors that contributed these reports span multiple detection points, lending credibility to the assessment despite a moderate 59% confidence score. The address belongs to ASN AS45820, operated by Tata Teleservices, a major Indian internet service provider, suggesting the compromised system is likely an end-user device or server whose owner remains unaware of its abuse. The reporting window covering August through September 2025 indicates active malicious operations over approximately two months.
The dominant classification of "Exploited Host" signifies that IP 49.249.236.90 does not represent a deliberate attack infrastructure operated by adversaries, but rather a victimized system commandeered to serve attack campaigns. Compromised hosts of this type typically participate in distributed denial-of-service operations, credential stuffing campaigns, scanning activities, or relay traffic for threat actors seeking anonymity. The owner of the infected system faces risks including data theft, service degradation, and potential legal liability, while the broader internet community faces automated attacks orchestrated from this address. With such a high report volume, the attack patterns emanating from this host are likely varied and sustained.
Network defenders should immediately block IP 49.249.236.90 at the perimeter firewall or intrusion prevention system level given its confirmed malicious status. Implementing fail2ban or equivalent dynamic blocking tools that automatically ban IPs exceeding login attempt thresholds provides an additional layer of defense against any residual authentication attacks originating from this address. Organizations running publicly accessible services should enforce strong, unique credentials and consider multi-factor authentication to mitigate brute-force risks. Finally, if this address falls within a managed service provider's range, notifying Tata Teleservices ISP through their abuse contact channels is strongly recommended so they can investigate and remediate the compromised customer premise equipment responsible for this sustained malicious activity.
RO 
PH 
UA 
VN