IOC Radar
IPMediumSignal 84/100

85.217.140.18

Location
FranceFrance
Gravelines, Ile-de-France
ASN
AS209334
Modat B.V
First Seen
Feb 2, 2026
Last Seen
Jun 13, 2026
Feb 2
First Seen
140d ago
Jun 13
Last Seen
9d ago
25
Reports
source reports
84%
Confidence
medium
13/91
VirusTotal
detections
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Network Information

CountryFRFrance
RegionGravelines, Ile-de-France
ASNAS209334
OrganizationModat B.V

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

25 reports84% confidence
25
Source reports
84%
Confidence score
Category tags
abuseaccount compromiseackactive reconnaissanceactive scanactive scanningalienvault_ransomwareallapacheapache attackeraptasiaattackattack activityattack attemptattack preparatoryattack vectorsattacker ip addressesaustraliaauthentication attackauthentication attacksauthentication attemptsauthentication failureautomated attackautomated attacksautomated-attackautomated_attackbad ip'sbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attackbrute_force_attemptbruteforcebulgariac2classcloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescloud-infrastructurecloud_infrastructurecommand & controlcommand and controlcommand executioncommunication protocolcompromised hostcompromised hostsconnect scancountcountrycowriecowrie honeypotcredential accesscredential access attemptcredential access attemptscredential attackcredential attackscredential brute forcecredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-accesscredential_accesscredential_attackcyberattackdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedictionary_attackdigital oceandigitalocean infrastructuredionaeadionaea honeypotdistributed attacksdownldrencryptionentropyenumerationeuropeeventsexploitexploit public-facing applicationexploitation activityexploited hostexposed servicesexternal attackexternal reconnaissanceexternal scanningexternal threatexternal-scanningexternal-threatexternal_threatfattfieldfin scanfrfrancefraud ordersfraud voipftpftp brute forceftp brute-forceftp scanftp scanningftp_scanhackinghoneytrap honeypothttp brute forcehttp scanhttp scannerhttp_scanhttpsidentity & access exploitationimapimap attackindicatorindicators of compromiseinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial_accessinjection activityinjection attacksinternet background noiseinternet facing assetinternet facing assetsinternet scaninternet wide scaninternet-facinginternet-facing assetsinternet-facing systemsinternet-scanninginternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion attemptintrusion detectionioc.ipiocsiot securityiot targetedip-addressesipv4ipv4 activityipv4 addressipv4 addressesipv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 trafficipv4-addressesipv4-iocipv4-scanningipv4_activityipv4_addressipv4_scanningjapanlateral movementlogin attacklogin_attemptlondonmailoney honeypotmalaysiamalicious activitymalicious infrastructuremalicious ip addressesmalicious ip listmalicious ipsmalicious ipv4malicious softwaremalicious trafficmalicious-scanmalwaremalware behaviourmalware capturemalware distributionmass scanningmass-scanningmelbourne regionmeshnetworknetwork attacksnetwork discoverynetwork enumerationnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_discoverynetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnull scanoceaniaopen proxyopen_port_discoveryopenctiopportunistic attackp0fparispassword attackpassword attackspassword crackingpassword_attackpathphishingphishing attackphishing trapping of deathpolandport-scanningportscanpotential threat actorpotential vulnerability probingpre-attackprocess injectionprotocol exploitationproxypublic cloudpublic cloud targetingransomwarerdp scanrdp scanningrdp_scanreconnaissanceredisremote accessremote servicesresearchresearchedresource hijackingsansscams & fraudscannerscanner ipscannersscanning activityscanning_activityscoresecurity eventsecurity operationssensor-taggedsentrypeer botnetserver exploitationserviceservice detectionservice discoveryservice enumerationservice scanservice-discoveryservice_enumerationseveresingaporesmtpsmtp scansocial engineeringsocradarsocradar honeypotspamsql injectionsshssh attackssh monitoringssh scanssh-brutessh_scansynsyn scansyn_scant-pott1018t1021t1021.001t1021.002t1021.004t1040t1046t1053t1055t1059t1059.003t1059.004t1059.005t1071t1071.001t1076t1077t1078t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1497t1499.001t1499.002t1499.003t1505.004t1563t1565t1566.001t1566.002t1566.003t1583t1589t1590t1590.002t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp scanningtcp-scantcp-scanningtcp/iptcp_scantelnet scantelnet scanningtelnet threatthreat actorthreat actor: unknownthreat detectionthreat intelligencethreat intelligence feedthreat-intelligencethreat_actor_unknownthreat_discoverythreat_intelligencetokyotor nodetpottypeudp port scanudp scanudp-scanudp-scanningudp_scanunattributed activityunattributed threat actorunauthorized access attemptunauthorized_access_attemptunited kingdomunknown actorunknown threat actorvaluevoip attackvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructurevultr infrastructure targetedvultr ip addressvultr parisvultr-platformvultr_platform_activitywannawannacryweb app attackweb application attackweb exploitationweb spamweb trafficxmas scanxmas_scan

Activity Timeline

1 total obs
Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
25
Reports
First seenFeb 2, 2026
Last seenJun 13, 2026
GeolocationFR
CountryFrance
LocationGravelines, Ile-de-France
ASNAS209334
OrgModat B.V
Coords48.9000, 2.3333
ProxyVPN

VirusTotal

13/ 91vendors flagged
14% detection rateJun 15, 2026

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 85.217.140.0 - 85.217.140.255 geoloc: 48.8582 2.3387 netname: NL-MODAT-20050118 country: FR org: ORG-MB333-RIPE admin-c: SA44188-RIPE tech-c: SA44188-RIPE status: ALLOCATED PA mnt-by: lir-nl-modat-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2025-10-01T10:50:59Z last-modified: 2026-01-05T14:34:51Z source: RIPE descr: -----BEGIN TOKEN-----0583cd002dd2d40e0493d0b39614036b09af1496be82f0ea11044c6a4f69570044d6239017a1a02777ac81b2b9fb53ace406737ea8afd965b98f4332ad67b88d-----END TOKEN----- organisation: ORG-MB333-RIPE org-name: Modat B.V. country: NL org-type: LIR address: Wilhelmina van Pruisenweg 104 address: 2595 AN address: Den Haag address: NETHERLANDS phone: +31625014423 admin-c: SA44188-RIPE tech-c: SA44188-RIPE abuse-c: AR78809-RIPE mnt-ref: lir-nl-modat-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-nl-modat-1-MNT created: 2025-09-16T07:00:41Z last-modified: 2025-09-16T07:00:41Z source: RIPE # Filtered role: security address: NETHERLANDS address: Den Haag address: 2595 AN address: Wilhelmina van Pruisenweg 104 phone: +31625014423 nic-hdl: SA44188-RIPE mnt-by: lir-nl-modat-1-MNT created: 2025-09-16T07:00:41Z last-modified: 2025-09-16T07:00:41Z source: RIPE # Filtered route: 85.217.140.0/24 origin: AS209334 mnt-by: lir-nl-modat-1-MNT created: 2025-10-10T08:43:52Z last-modified: 2025-10-10T08:43:52Z source: RIPE
references
https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-05-02/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-02/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-05-02/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-05-01/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-01/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-05-01/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-30/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-30/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-29/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-29/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-29/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-30/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-30/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-30/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-26/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 9 days ago
Appeared in 25 threat reports