Severe Risk
IP 181.49.161.173 is a critical-risk address associated with 1,692 abuse reports from automated honeypot sensors, indicating it functions as an exploited host platform actively distributing malware or exploit activity originating from Telmex Colombia S.A. infrastructure in Colombia.
Security telemetry across 20 independent honeypot sensors documents sustained malicious connectivity from this address between November 2025 and March 2026, with the majority of reports categorizing the activity as exploited-host behavior alongside a smaller volume of general hacking attempts. The network operator, Telmex Colombia S.A. operating under ASN 14080, has received significant abuse complaints despite a notably low confidence score of 60 percent, suggesting some uncertainty in attribution. The report volume averaging over 280 per month during the active window demonstrates persistent rather than intermittent threat behavior, while the activity frequency metric paradoxically indicates this host is primarily a victimized platform being weaponized by external actors rather than an autonomous attacker.
An exploited-host classification signifies that 181.49.161.173 operates as a compromised system weaponized by threat actors to launch secondary attacks, distribute payloads, or establish command-and-control communications without the legitimate operator's awareness. This transforms the IP from a simple scanning address into a dangerous infrastructure component that can bypass reputation-based defenses since it originates from a legitimate Colombian ISP. Real-world risk includes credential harvesting against exposed services, propagation of malicious payloads to other systems, and participation in coordinated attack campaigns that could affect multiple organizations simultaneously.
Blocking 181.49.161.173 at the network perimeter is strongly recommended given the critical threat classification and high report volume. Operators should implement dynamic banning mechanisms using tools such as fail2ban to automatically block repeatedly offending addresses. Exposed services should enforce strong, unique credentials and multi-factor authentication alongside regular security monitoring to identify any successful connections. Since this address represents a compromised victim rather than a primary threat actor, notifying Telmex Colombia S.A. of the compromise may help disrupt the attack chain and potentially remediate the affected system.
BG 
TR 
UA 
VN 
CA 
RO 
TH 
GB