← Back to feed
Subnet 85.217.149.0/24
SUBNET Active highWhy this campaign was detected
10 IPs from the same /24 subnet (85.217.149.0/24) were observed attacking our sensors within the same time window. All belong to Modat B.V. (AS209334). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS209334 · Modat B.V.
Subnet
85.217.149.0/24
Country
🇨🇦 CA
Cloud Provider
—
Member Count
10 IPs
Below average
Total Events
54
Below average by volume
Started / Ended
2026-02-16 18:57 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Discovery
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 85.217.149.69 | scanner | 64% | 2x OSINT | 13 | 3 | http:scanssh:bruteforce | — | 2026-05-15 12:37 | evidence → |
| 85.217.149.70 | web_probe | 53% | 2x OSINT | 5 | 2 | http:scanssh:bruteforce | — | 2026-05-18 11:58 | evidence → |
| 85.217.149.23 | scanner | 52% | 2x OSINT | 5 | 2 | http:scanssh:bruteforce | — | 2026-05-18 01:09 | evidence → |
| 85.217.149.56 | web_probe | 48% | 2x OSINT | 6 | 2 | http:scanssh:bruteforce | — | 2026-05-15 10:24 | evidence → |
| 85.217.149.57 | web_probe | 46% | 2x OSINT | 5 | 2 | http:scanssh:bruteforce | — | 2026-05-14 23:06 | evidence → |
| 85.217.149.72 | scanner | 38% | 1x OSINT | 9 | 2 | http:scanssh:bruteforce | — | 2026-05-11 23:30 | evidence → |
| 85.217.149.51 | web_probe | 33% | 2x OSINT | 1 | 1 | http:scan | — | 2026-05-18 01:13 | evidence → |
| 85.217.149.44 | web_probe | 33% | 2x OSINT | 5 | 1 | http:scanssh:bruteforce | — | 2026-05-12 12:58 | evidence → |
| 85.217.149.67 | scanner | 24% | 1x OSINT | 4 | 1 | ssh:bruteforce | — | 2026-05-15 10:27 | evidence → |
| 85.217.149.14 | web_probe | 22% | 2x OSINT | 1 | 1 | http:scan | — | 2026-05-12 00:53 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds