JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.217.140.47

85.217.140.47 was found in our database!

This IP was reported 6,954 times. Confidence of Abuse is 100%: ?

100%

ISP	NL MODAT
Usage Type	Commercial
ASN	AS209334
Hostname(s)	o346.scanner.modat.io
Domain Name	modat.io
Country	🇫🇷 France
City	Gravelines, Hauts-de-France

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.217.140.47

Whois 85.217.140.47

IP Abuse Reports for 85.217.140.47:

This IP address has been reported a total of 6,954 times from 392 distinct sources. 85.217.140.47 was first reported on March 4th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 shabi	2026-06-04 17:18:51 (1 hour ago)	UFW Blocked [11561/TCP] Source: 85.217.140.47:33565 TTL: 52 Lenth: 52 TOS: 0x00	Port Scan
🇭🇰 PingMeMaybe	2026-06-04 17:17:58 (1 hour ago)	Blocked by UFW on hk [18262/tcp] Source port: 32933 TTL: 49 Packet length: 52 TOS: 0x00 This report ... show more Blocked by UFW on hk [18262/tcp] Source port: 32933 TTL: 49 Packet length: 52 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇭🇰 pengpeng	2026-06-04 15:50:13 (2 hours ago)	monitor: on ser162528253480 \| port: 23000 \| ttl: 127 script: github.com/sefinek/UFW-AbuseIPDB-Repor ... show more monitor: on ser162528253480 \| port: 23000 \| ttl: 127 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇦🇺 LiftUp Hosting	2026-06-04 14:40:40 (4 hours ago)	Honeypot hit: Empty payload (likely service probe); 3211 [1] TCP	Port Scan
🇩🇪 dispaisyenterprises	2026-06-04 14:35:01 (4 hours ago)	Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 61170 [1] TCP Reported by DisPaisy ... show more Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 61170 [1] TCP Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇬🇧 gbzret4d	2026-06-04 14:28:17 (4 hours ago)	Honeypot [uk-production01]: Unauthorized traffic (1 bytes of payload); 35500 [1], 7969 [1] TCP	Port Scan
🇫🇷 adnscom.net	2026-06-04 13:38:41 (5 hours ago)	IPS trigger: Brute force SSH scanning/attack	Brute-Force SSH
🇭🇰 pengpeng	2026-06-04 11:07:46 (7 hours ago)	monitor: on ser162528253480 \| port: 378 \| ttl: 47 script: github.com/sefinek/UFW-AbuseIPDB-Reporter	Port Scan
🇺🇸 podril1ak2.ru	2026-06-04 11:07:29 (7 hours ago)	Blocked by UFW on reporterUS [12005/tcp] \| SPT: 50858 \| TTL: 53 \| LEN: 52 \| TOS: 0x00 • Reported by: ... show more Blocked by UFW on reporterUS [12005/tcp] \| SPT: 50858 \| TTL: 53 \| LEN: 52 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 wiredalter	2026-06-04 10:52:05 (7 hours ago)	Blocked by UFW on dVPS [45319/tcp] Source Port: 47258 TTL: 55 Packet Length: 52 TOS: 0x00 Analyzed ... show more Blocked by UFW on dVPS [45319/tcp] Source Port: 47258 TTL: 55 Packet Length: 52 TOS: 0x00 Analyzed by https://ip.wiredalter.com show less	Port Scan Brute-Force
🇺🇸 mutebot.net	2026-06-04 10:50:18 (7 hours ago)	SRC=85.217.140.47, PROTO=TCP, SPT=44926, DPT=46930	Port Scan
🇲🇳 Public CSIRT/CC of Mongolia	2026-06-04 10:45:27 (7 hours ago)	Honeypot hit: SSH handshake/banner (12 bytes of payload); 49434 [1], 49265 [1], 49619 [1], 49276 [1] ... show more Honeypot hit: SSH handshake/banner (12 bytes of payload); 49434 [1], 49265 [1], 49619 [1], 49276 [1], 49583 [1], 49367 [1] TCP show less	Brute-Force SSH
🇩🇪 Justin F. \| AS204464	2026-06-04 09:04:43 (9 hours ago)	Honeypot [nx-infrastructure]: HTTP/1.1 request on 49738 GET / User-Agent: Mozilla/5.0 (compatible; ... show more Honeypot [nx-infrastructure]: HTTP/1.1 request on 49738 GET / User-Agent: Mozilla/5.0 (compatible; ModatScanner/1.2; +https://modat.io/) Accept: / Accept-Encoding: gzip; 49738 [1] TCP Reported by: Justin F. show less	Hacking Bad Web Bot
🇯🇵 mkaraki	2026-06-04 07:40:04 (11 hours ago)	1780558802 # Service_probe # SIGNATURE_SEND # source_ip:85.217.140.47 # dst_port:32797 ...	Port Scan
🇬🇧 gbzret4d	2026-06-04 06:04:15 (12 hours ago)	Honeypot [uk-production01]: Unauthorized traffic (1 bytes of payload); 12752 [1], 12739 [1], 12719 [ ... show more Honeypot [uk-production01]: Unauthorized traffic (1 bytes of payload); 12752 [1], 12739 [1], 12719 [1], 12672 [1] TCP show less	Port Scan

Showing 1 to 15 of 6954 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2602:80d:1007::19

🇩🇪 213.209.159.56

🇺🇸 206.221.176.152

🇧🇷 131.100.4.218

🇺🇸 35.199.145.230

🇧🇷 20.197.238.250

🇺🇸 20.83.48.88

🇺🇸 147.182.129.159

🇨🇳 122.96.28.218

🇱🇰 103.21.164.61

🇹🇷 88.241.139.31

🇰🇿 84.240.206.218

🇱🇹 81.30.98.49

🇩🇪 2a02:c202:2191:1846:1c1b::2

🇺🇸 208.84.100.28

🇹🇼 198.235.24.73

🇹🇼 198.235.24.45

🇲🇦 196.92.7.246

🇨🇳 180.76.184.79

🇺🇸 162.216.149.46