Maximum Danger
IP 103.105.66.26 is a critical-risk address originating from Indonesia that has been classified as an Exploited Host based on 726 reports from automated honeypot sensors, indicating this system has been compromised and weaponised by threat actors to conduct malware and exploit activity without the owner's knowledge.
The address resolves to network operator PT iForte Global Internet under ASN AS17995, and all reported activity was logged within October 2025 across 20 distinct honeypot detection sources. Despite a 10/10 threat level designation, the activity frequency metric of 0/10 suggests the reporting represents the discovery of a persistent compromised platform rather than ongoing high-volume traffic. The 67% confidence score reflects the certainty that this IP is actively participating in malicious operations, primarily documented as malware and exploit delivery mechanisms. The geographic concentration in Indonesia and the single-month reporting window indicate this is a targeted identification of a specific compromised infrastructure element rather than an extended campaign.
An Exploited Host classification means this IP almost certainly belongs to an organisation or end-user whose system has been breached and incorporated into an attacker's arsenal. Compromised systems are particularly dangerous because they often bypass reputation-based filters that might block known malicious networks, allowing the attack traffic to appear to originate from what appears to be a legitimate Indonesian internet service provider. The malware and exploit activity documented suggests the host is being used to scan for vulnerabilities, distribute malicious payloads, or serve as a relay point for additional attacks targeting systems worldwide.
Site operators should immediately block IP 103.105.66.26 at the network perimeter firewall and implement fail2ban or equivalent intrusion-prevention rules to automatically ban repeated suspicious connection attempts from this source. Deploying aggressive rate-limiting on exposed services, particularly SSH and web application endpoints, will reduce exposure to automated exploitation attempts originating from compromised infrastructure of this kind. Continuous monitoring of own network logs for inbound connections matching this address and any correlated scanning patterns is essential. Proactive notification to the hosting provider PT iForte Global Internet regarding the compromised nature of this address can help disrupt the attack infrastructure and potentially alert the unwitting system owner to the breach affecting their network.
HK 
UA 
GB