85.217.140.32

Summary (Bottom Line Up Front)

IP address 85.217.140.32 (Modat B.V./AS209334) conducted sustained reconnaissance scanning against multiple targets from March 3-14, 2026. This represents medium-severity threat activity with 42 recorded events targeting HTTPS services. Network defenders should implement blocking measures and monitor for similar scanning patterns.

TCP TCP/SYN TLS TLS/1.0 TLS/1.2+ https
SCANNER
Activity Timeline
INITIAL REPORT2026-03-14T17:40:00Z
Source: batch_hunting
IP address 85.217.140.32 (Modat B.V./AS209334) conducted sustained reconnaissance scanning against multiple targets from March 3-14, 2026. This represents medium-severity threat activity with 42 recorded events targeting HTTPS services. Network defenders should implement blocking measures and monitor for similar scanning patterns.
Technical details
  • Source: 85.217.140.32 (France, AS209334 Modat B.V.)
  • Activity Period: March 3, 2026 18:00 - March 14, 2026 03:00 UTC
  • Attack Volume: 42 events across 11-day period
  • Protocols: TCP SYN scanning, TLS 1.0/1.2+ reconnaissance, HTTPS probing
  • Target Profile: 3 unique destination ports focused on web services
  • MITRE ATT&CK: T1046 (Network Service Scanning)
  • Threat Classification: Scanner-Modat pattern, AbuseIPDB score 100/100
  • IOCs: 85.217.140.32
IOCs
IP:85.217.140.32
ASN:209334
COUNTRY:FR
Recommendations
  • Block 85.217.140.32 at perimeter firewalls and web application firewalls immediately
  • Monitor for additional scanning activity from AS209334 (Modat B.V.) address space
  • Review logs for any successful connections from this IP during the March 3-14 timeframe
  • Implement rate limiting on HTTPS services to mitigate future reconnaissance attempts
  • Consider blocking or restricting traffic from known VPS/hosting providers if operationally feasible
Threat Assessment
Threat Level LOW
Total Events 42
AbuseIPDB 100/100
Indicators of Compromise
ip 85.217.140.32
asn 209334
country FR