Critical Alert
IP address 189.157.229.52 is a critical-risk address that has been confirmed as an exploited host conducting malware and exploit activity, generating 205 abuse reports with a maximum threat-level score of 10/10 and a 94 percent confidence rating that malicious behavior has been verified by automated honeypot sensors.
The 205 reports attributed to 189.157.229.52 originate exclusively from 20 automated honeypot sensors that consistently identified the address as a compromised system being weaponized for malicious purposes during December 2025. All 20 most recent reports cite the same exploited-host classification, with no conflicting threat categories detected across the reporting period. The IP traces to Mexico and operates on the UNINET network under autonomous system number AS8151, a major Mexican telecommunications infrastructure provider. The absence of mixed threat categories alongside the unanimous sensor consensus indicates this address has been reliably characterized as a zombie host rather than a generic scanning or brute-force tool.
An exploited host represents one of the most dangerous threat vectors in network security because the system has been compromised by threat actors and is being leveraged for malicious activity without the knowledge or consent of its legitimate owner. In this confirmed case, automated honeypot sensors detected malware and exploit activity originating from 189.157.229.52, meaning the compromised machine is actively scanning external targets, distributing malicious payloads or launching attacks against other networks. This transforms the address into an ongoing hazard for any exposed service, as the associated infrastructure benefits from the anonymity of a compromised third-party system rather than a clearly identifiable attacker origin point.
Site operators should immediately block 189.157.229.52 at the network perimeter and monitor logs for any related activity patterns. Implementing automated defensive solutions such as fail2ban or equivalent intrusion-prevention tools can detect and block similar brute-force or exploit patterns proactively. Consider notifying UNINET (AS8151) about the compromised host so the legitimate operator can take remediation steps. Hardening authentication mechanisms on any exposed services, enforcing strong credential policies and reviewing access logs for signs of compromise remain essential defensive practices against exploited-host threats.
RO 
FR 
SE 
TR