High Risk
IP 85.217.140.13 is a high-risk address associated with sustained hacking activity, having accumulated 934 abuse reports across 20 automated honeypot sensors since January 2026, with a threat level rated 8 out of 10 and an activity frequency score of 8 out of 10. The IP originates from France and is registered under Modat B.V. via ASN AS209334, with general hacking activity—including intrusion attempts, vulnerability exploitation, and unauthorized access scanning—accounting for all reported threat categories over the observed six-month period.
Detection data from automated honeypot sensors confirms this IP has been actively conducting malicious operations from January through June 2026, representing approximately five months of sustained hostile activity. The confidence score of 75% reflects substantial corroboration across multiple detection points, though some uncertainty remains inherent to automated threat classification. The report volume of 934 instances, combined with an 8/10 activity frequency rating, indicates this is not an opportunistic scanner but rather a systematically engaged threat actor or compromised infrastructure performing repeated intrusion operations against honeypot targets.
Attack pattern analysis reveals SSH session activity on unusual ports, a well-established technique used to bypass standard firewall rules and evade signature-based detection systems. This behavior aligns with the "Hacking" classification—general intrusion activity involving attempts to exploit vulnerabilities, gain unauthorized access, and maintain persistent footholds on targeted systems. For organizations running publicly accessible SSH services, such probing represents a concrete risk of credential compromise, lateral movement, or data exfiltration if defenses are insufficient.
Network administrators should immediately block this IP at the perimeter firewall level given the sustained volume and nature of reported activity. Implementing automated abuse detection tools such as fail2ban can dynamically ban repeated connection attempts from this source. All SSH services should be audited for access on non-standard ports, and traffic on unexpected ports should be logged and analyzed. Enabling intrusion detection signatures, maintaining comprehensive access logs, and enforcing strong authentication mechanisms—including key-based authentication and multi-factor authentication where feasible—will substantially reduce exposure to this category of threat.
CA 
KR 
UA 
RO 
MX 
UG