IPMediumSignal 57/100

`185.247.137.139`

Location

Turkey

Manchester, Bursa

ASN

AS211298

Constantine Cybersecurity LTD

First Seen

Dec 15, 2024

Last Seen

Jun 8, 2026

Dec 15

First Seen

551d ago

Jun 8

Last Seen

11d ago

Reports

source reports

57%

Confidence

medium

10/91

VirusTotal

detections

Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

57%

Signal Score

57 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

75 techniques

Network Information

Country

Turkey

RegionManchester, Bursa

ASNAS211298

OrganizationConstantine Cybersecurity LTD

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

27 reports57% confidence

Source reports

57%

Confidence score

Category tags

abuseaccessactionactive scanactive scanningadbhoney activityadbhoney honeypotamerican expressaptattackaustraliaauthentication attackauto-generated securitybad reputationbad web botbeningbening scannerblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcec2c2 communicationcisco devicecisco exploitationcisco exploitation attemptcivil servicescommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptcompromised credentialscompromised hostconfigconnectconpotconpot activityconpot attackconpot honeypotconpot ics exploitationcowriecowrie activitycowrie capturecowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential harvestingcredential stuffingcssdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos preparationdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea capturedionaea honeypotdionaea malware analysisdionaea malware collectiondistributed attacksdnsdns attackdriftnet-benignelasticpot attackselasticpot honeypotelasticsearch monitoringemailenterprise networkingeuropeeurope/asiaexecutable fileexploitexploit attemptexploit attemptsexploit kit activityexploit public-facing applicationexploitationexploitation activityexploited hostfailed authenticationfattfinlandfrancefraud voipftpftp brute forcegbgermanygithubgovernment technologygroupshackingheralding probeshoneynet connecthoneytrap honeypothttp attackhttp brute forcehttp scannerhuaweiics securityidentity & access exploitationindicatorindustrial control systemsinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet_measurement-benignintrusion detectioniociot securityiot targetediot/ics attackit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp attackslamp exploitationlamp exploitation attemptslamp server targetlamp server targetinglamp stack exploitationlamp stack targetinglateral movementlinuxlogin attemptlow-riskmailoney honeypotmalicious activitymalicious code detectionmalicious payload detectionmalicious sftp activitymalicious sip activitymalicious softwaremalicious sshmalicious ssh activitymalwaremalware behaviourmalware capturemalware distributionmalware propagationmanualmssqlnation-state activitynetworknetwork activitynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probenetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnorth americaoceaniaopenctiosintp0fpassword attackpassword attacksphishingphishing attackphishing trappingpolandpossible intrusionpotential credential compromiseprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policypythonransomwarerdp exploitationreconnaissanceredis exploitation attemptredis exploitation attemptsredis honeypotredishoneypotredishoneypot activityregulatory agenciesremote accessremote servicesresearchedresource hijackingsansscams & fraudscannerscannersscanning activityscriptscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetserverserver exploitationsftpsftp access attemptsftp attacksftp attemptsftp intrusion attemptsftp probingsipsip brute forcesip scanningslugsmb brute forcesmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh monitoringsurface websystem accesst-pott1003t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1036t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1078t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.004t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1589t1589.002t1590t1590.001t1592t1593t1595t1595.001t1595.002t1595.003tannertanner activitytanner exploit kittanner honeypot activitytanner interactionstargeting databasetcp scantelecommunicationtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotturkeyudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized network activityunited kingdomunited kingdom of great britain and northern irelandunited statesus ip addressus source ipverified-benignvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationweb app attackweb application attackweb attackweb exploitweb exploitationweb spamweb trafficwestpac new zealand

Activity Timeline

1 total obs

Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

57%

Confidence

Reports

First seenDec 15, 2024

Last seenJun 8, 2026

GeolocationTR

CountryTurkey

LocationManchester, Bursa

ASNAS211298

OrgConstantine Cybersecurity LTD

Coords40.2024, 29.0398

VPN

VirusTotal

10/ 91vendors flagged

11% detection rateJun 8, 2026

WHOIS

description: IPv4 hosts detected attempting to brute force MSSQL on DigitalOcean Toronto (CA) honeypot
raw: inetnum: 185.247.137.128 - 185.247.137.255 netname: DRIFTNET-IPV4-F remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:42:56Z last-modified: 2024-12-09T15:47:14Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 185.247.137.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:33:43Z last-modified: 2024-11-28T11:34:21Z source: RIPE
references: https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

`185.247.137.139`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey