Severe Risk
IP 85.105.205.63 is a maximum-threat-level address with 5,965 abuse reports spanning December 2025 through February 2026, classified as an exploited host indicating it operates as a compromised platform conducting malicious activity without its owner's knowledge. The address originates from Turkey and routes through Turk Telekom's autonomous system AS47331, and despite the extremely high threat classification and substantial report volume, its activity frequency score of zero suggests the most recent hostile operations may have ceased or shifted to new infrastructure.
Automated honeypot sensors across twenty distinct detection points registered the vast majority of these reports, with Exploited Host representing the dominant threat category at seventeen instances compared to four general Hacking classifications. The high report count relative to the three-month observation window indicates sustained, repeated malicious behavior rather than isolated probing, and the presence of multiple honeypot detections confirms this is not a false positive but rather coordinated hostile operations originating from this specific Turkish address.
An exploited host represents one of the more insidious threat profiles because the legitimate owner of the system typically remains unaware their infrastructure is being weaponized against others. The reported malware and exploit activity patterns suggest the compromised machine is functioning as an automated attack platform capable of launching distributed operations, scanning campaigns, or serving as a relay for further intrusion attempts. This arrangement provides attackers with a degree of anonymity and geographic distribution that complicates attribution while leveraging the bandwidth and computational resources of an unsuspecting victim.
Site operators should block this IP at the network perimeter and implement dynamic firewall rules to automatically respond to suspicious connection patterns. Maintaining current system patches and enforcing strong authentication mechanisms across all exposed services significantly reduces the attack surface available to compromised platforms. Organizations should also consider submitting abuse reports to Turk Telekom to facilitate remediation of the compromised host, and monitoring inbound connections from Turkish address space can help identify related threat infrastructure operating from similar network segments.
BG 
CO 
UA 
VN 
CA 
RO 
TH 
GB