Critical Alert
IP 103.87.105.64 is a critical-risk address originating from an Indian cable ISP that has been classified as an exploited host, indicating a compromised system being weaponised against other targets without its owner's knowledge. With a threat level of 10/10 and 181 total abuse reports logged within a single month, this address represents an active infection chain rather than a simple scanning node. The detection pattern across automated honeypot sensors points to sustained malicious activity emanating from this network endpoint during October 2025.
The reporting data reveals 181 community and automated sensor submissions placing this IP firmly within malicious infrastructure categorisations. All 20 of the most recent reports consistently identify the address as an exploited host, with automated honeypot sensors accounting for the entirety of the detection sources. Despite a moderate confidence score of 66%, the volume and consistency of reports, combined with a zero activity frequency rating, suggest this is a dormant but confirmed compromise rather than a highly active botnet node. The IP resides on AS17465, operated by a cable ISP in India, placing it within a residential broadband context where infected routers, modems, or end-user devices commonly become unwitting attack platforms.
Exploited host classification means the compromised device is being remotely controlled to conduct automated attacks such as DDoS traffic amplification, credential stuffing, or vulnerability scanning against external targets. The risk to exposed services is threefold: the infected system may be used to mask true attack origins, its resources are being co-opted without consent, and any traffic appearing to originate from this IP could be malicious. Site operators with publicly accessible services should treat any connection from this address as hostile and implement immediate blocking at the network perimeter.
Recommended mitigation includes blocking 103.87.105.64 at the firewall level and monitoring inbound traffic logs for any associated session anomalies. Deploying tools such as fail2ban or equivalent authentication hardening mechanisms on exposed services will reduce the attack surface available to this compromised host. Organisations should also consider filing an abuse report with the upstream ISP responsible for AS17465 to facilitate remediation of the compromised subscriber endpoint. Regular review of IP reputation feeds will help maintain blocks as threat intelligence evolves.
FR 
HK 
SE 
VN