Check an IP Address, Domain Name, Subnet, or ASN

85.217.140.31 was found in our database!

$ whois 85.217.140.31

country·🇫🇷 France

city·Gravelines

isp·Modat B.V.

asn·AS209334

network·Standard

$ sikker risk 85.217.140.31scoring →

confidence

88%Very High

first_seen·Feb 10, 2026

last_seen·3h ago

first_reported·Feb 27, 2026

last_reported·4d ago

sessions·285

events·420

reports·4

$ sikker protocols 85.217.140.31

SMTP

135 / 257

SIP

55 / 55

HTTPS

22 / 34 / 1r

IMAP

20 / 20

SSH

13 / 14 / 1r

TELNET

8 / 8

FTP

7 / 7

HTTP

7 / 7

MSSQL

3 / 3 / 2r

REDIS

4 / 4

SMB

2 / 2

RTSP

2 / 2

MONGODB

2 / 2

ELASTICSEARCH

2 / 2

RDP

1 / 1

DOCKER

1 / 1

POSTGRES

1 / 1

$ sikker summary 85.217.140.31

85.217.140.31 has a threat confidence score of 88%. This IP address from France (AS209334, Modat B.V.) has been observed in 285 honeypot sessions and reported 4 times targeting SMTP, SIP, HTTPS, IMAP, SSH and 12 other protocols. First observed on February 10, 2026, most recently active March 17, 2026.

$ sikker behaviors 85.217.140.31catalog →

infoSmtp Tls Capability Probe5x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 85.217.140.31

smtp_ehlo_greeting12 smtp_starttls_upgrade_request5 http_method_get3 elastic_root_path_probe2 elastic_http_get_request2 rtsp_options1 https_path_root1 http_path_bad_request1

$ sikker reports 85.217.140.31submit →

Showing 4 of 4 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 12, 2026, 17:24	Brute Force	MSSQL	SikkerGuard: 14 blocked packets
User	Mar 11, 2026, 10:54	Brute Force	MSSQL	SikkerGuard: 14 blocked packets
User	Feb 28, 2026, 07:44	Brute Force	HTTPS	SikkerGuard: 14 blocked packets
User	Feb 27, 2026, 14:46	Brute Force	SSH	SikkerGuard: 14 blocked packets

$ sikker related 85.217.140.31

Report IP WHOIS Lookup →

IP Address	Confidence	Events
85.217.140.52	90%	146
85.217.140.39	92%	116
85.217.140.43	85%	149
85.217.140.18	94%	463
85.217.140.44	90%	162

IP Address	Confidence	Events
5.39.101.60	100%	50,361
5.135.12.120	99%	76,641
173.249.46.143	76%	766
54.38.41.116	87%	16,121
51.91.168.102	99%	606,881