Check an IP Address, Domain Name, Subnet, or ASN

85.217.140.35 was found in our database!

$ whois 85.217.140.35

country·🇫🇷 France

city·Gravelines

isp·Modat B.V.

asn·AS209334

network·Standard

$ sikker risk 85.217.140.35scoring →

confidence

87%Very High

first_seen·Feb 11, 2026

last_seen·2h ago

first_reported·Mar 3, 2026

last_reported·7d ago

sessions·175

events·179

reports·4

$ sikker protocols 85.217.140.35

SMTP

44 / 44

HTTPS

43 / 43

IMAP

26 / 26

SSH

8 / 9 / 1r

HTTP

8 / 8

TELNET

8 / 8

ELASTICSEARCH

6 / 6

DOCKER

5 / 5 / 1r

SMB

5 / 5

REDIS

2 / 5

FTP

4 / 4

SIP

4 / 4

MONGODB

4 / 4

MSSQL

3 / 3 / 1r

POSTGRES

3 / 3

RDP

1 / 1

RTSP

1 / 1

MYSQL

0 / 0 / 1r

$ sikker summary 85.217.140.35

85.217.140.35 has a threat confidence score of 87%. This IP address from France (AS209334, Modat B.V.) has been observed in 175 honeypot sessions and reported 4 times targeting SMTP, HTTPS, IMAP, SSH, HTTP and 13 other protocols. First observed on February 11, 2026, most recently active March 20, 2026.

$ sikker behaviors 85.217.140.35catalog →

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoSmtp Tls Capability Probe2x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 85.217.140.35

elastic_root_path_probe5 elastic_http_get_request5 http_method_get4 https_path_root4 docker_get_method4 smtp_ehlo_greeting4 smtp_starttls_upgrade_request2 docker_bad_request_uri1 elastic_http_bad_request_path_probe1

$ sikker reports 85.217.140.35submit →

Showing 4 of 4 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 13, 2026, 06:55	Brute Force	MSSQL	SikkerGuard: 14 blocked packets
User	Mar 4, 2026, 07:40	Brute Force	SSH	SikkerGuard: 14 blocked packets
User	Mar 3, 2026, 16:40	Brute Force	MYSQL	SikkerGuard: 14 blocked packets
User	Mar 3, 2026, 16:10	Brute Force	DOCKER	SikkerGuard: 14 blocked packets

$ sikker related 85.217.140.35

Report IP WHOIS Lookup →

IP Address	Confidence	Events
85.217.149.48	66%	76
85.217.140.10	99%	1,050
85.217.149.60	86%	128
85.217.140.44	92%	203
85.217.149.44	91%	443

IP Address	Confidence	Events
51.195.209.134	11%	5
51.91.168.102	99%	623,878
54.38.41.116	87%	23,291
54.38.60.112	100%	17,715
91.231.89.145	77%	109