Maximum Danger
IP 87.251.64.146 is a high-risk address assessed at a perfect 10/10 threat level with 98% confidence, operating from the United States under ASN AS200730 registered to ISAEV Igor. With 1,774 total abuse reports and an activity frequency rated 8/10, this IP has been consistently flagged by automated honeypot sensors across a three-month surveillance window from April 2026 through June 2026, indicating persistent and deliberate hostile activity rather than isolated scanning.
The dominant threat classification assigned to this IP is Exploited Host, accounting for 20 recent reports submitted through automated honeypot infrastructure. This classification indicates the address belongs to a compromised system being weaponised as an attack platform without the legitimate owner's knowledge. The 1,774 total reports significantly outnumber the recent Exploited Host designations, suggesting a history of varied malicious activity including malware deployment and exploit attempts that ultimately resulted in full system compromise. The sustained volume of reports over three months demonstrates this is not a transient or opportunistic actor but an established threat resource.
An Exploited Host represents a concrete operational danger because it functions as a trusted intermediary, making attacks appear to originate from a legitimate US-based IP rather than clearly malicious infrastructure. Attackers leverage such compromised systems to conduct credential stuffing, distribute payloads, proxy malicious traffic and evade geographic blocking that would otherwise flag obviously foreign attack sources. The malware and exploit activity detected on this host confirms active infection, meaning the system is under criminal control and poses ongoing risk to any network it contacts.
Site operators should immediately block IP 87.251.64.146 at the firewall or edge security layer given the critical threat rating and confirmed exploit status. Implement defensive tools such as fail2ban or equivalent rate-limiting solutions to automatically block repeated connection attempts from this address and similar patterns. Review authentication logs for any matching source IPs and enforce multi-factor authentication on exposed services as a hardening measure against any successful proxy connections. Consider filing an abuse report with the upstream provider associated with AS200730 to facilitate notification to the compromised system's rightful owner.
PL 
RO 
BG 
JP 
BE 
AR 
KR 
AU