Substantial Risk
IP 85.217.140.3 is a high-risk address with a threat level of 8/10 that has generated 540 abuse reports since January 2026, predominantly linked to hacking activity including intrusion attempts, vulnerability exploitation, and unauthorized access attempts.
According to data from 20 automated honeypot sensors, this French IP address (AS209334, operated by Modat B.V.) demonstrates an activity frequency rated 8/10, with 19 of the most recent reports categorizing the activity as general hacking and 1 report noting IoT-targeted behavior. The sustained report volume over six months, combined with the high activity frequency, indicates persistent automated scanning and exploitation behavior rather than isolated incidents.
The hacking activity associated with this address includes various intrusion techniques targeting vulnerable services. Detection systems flagged suspicious SSH sessions on non-standard ports and connections consistent with IoT and ICS reconnaissance, suggesting the operator is conducting automated credential-based attacks and exploitation attempts against poorly secured devices and systems exposed to the internet.
Site operators should immediately block or closely monitor connections from this IP address. Implementing strict egress and ingress filtering, keeping all systems patched against known vulnerabilities, and deploying intrusion detection systems can help identify and mitigate exploitation attempts. For SSH services specifically, operators should enforce key-based authentication, implement rate-limiting using tools such as fail2ban, and avoid exposing management interfaces on non-standard ports.
CA 
MA 
GB 
UA