IOC Radar
IPMediumSignal 70/100

185.247.137.155

Location
TurkeyTurkey
Manchester, Bursa
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Dec 14, 2024
Last Seen
Jun 9, 2026
Dec 14
First Seen
552d ago
Jun 9
Last Seen
10d ago
30
Reports
source reports
70%
Confidence
medium
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

71 techniques

Network Information

CountryTRTurkey
RegionManchester, Bursa
ASNAS211298
OrganizationConstantine Cybersecurity LTD

IP Category

VPN
VPN exit node

Feed Intelligence Summary

30 reports70% confidence
30
Source reports
70%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbadb protocoladb scanningadbhoney activityadbhoney honeypotand exploitation attemptsaptasiaattackattacker-ipaustraliaauthenticationauthentication attackauthentication attemptauthentication attemptsauthentication failureauto-generated securityautomated attackbad reputationbad web botbeningbening scannerblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcec2c2 communicationcisco asacisco devicecisco exploitationcommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostconpotconpot activityconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationcowriecowrie activitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackscredential harvestingcredential stuffingctadata encryptiondata exfiltrationdata manipulation attemptsdata store exposuredatabase attackdatabase securityddosddos attackddos participationdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attackdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondirectory traversaldistributed attacksdriftnet-benignelasticpot activityelasticpot attackselasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingeuropeeurope/asiaexploitexploit activityexploit kit activityexploitationexploitation activityexploitation attemptexploited hostfattfatt signaturesfinlandfranceftp brute forceftp scangbgeneric exploitgermanygithubhackingheralding activityheralding attacksheralding probeshoneynet connecthoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannericmpics attacksics securityics/scada systemsidentity & access exploitationindicatorindustrial control systemsinfected systeminfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinjection activityinjection attacksinternet_measurement-benignintrusion detectioniociot attacksiot securityiot systemsiot targetediot/ics attackipmi scanningipphoney activityipphoney honeypotkill-chain exploitationkill-chain reconnaissancelamplamp exploitationlamp stack targetinglateral movementloginlogin attemptlow-riskmailoney activitymailoney email spoofingmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious domainmalicious ip detectedmalicious login attemptsmalicious payload attemptmalicious scanmalicious softwaremalwaremalware analysismalware behaviourmalware capturemalware deliverymanualmodbusmodbus protocolmulti-protocol network scanningnetworknetwork attacksnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnorth americaoceaniaopenctiosintot attacksp0fp0f signaturespassword attackpassword attackspassword crackingphishingphishing attackphishing trappolandportscanpossible malware distributionpotential malicious activitypotential malware deliveryprocess injectionprotocol exploitationpythonransomwarereconnaissanceredisredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityremote accessremote servicesresearchedresource hijackings7comms7comm protocolsansscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer interactionssentrypeer p2p attackserver exploitationservice scansftpsftp access attemptsftp activitysftp attacksftp intrusion attemptsftp protocolsftp scanningshell access attemptssip attackssip brute forcesip protocolsip scansip scanningslugsmb brute forcesmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotspamsql injectionsshssh attackssh monitoringssh protocolssh scansurface websuricata alertst1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1505.004t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner exploit kittanner honeypot activitytanner interactionstanner web attacktargeting databasetcp protocoltcp scantcp/3306telecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotturkeyudp scanunauthorized access attemptunauthorized access attemptsunauthorized loginunited kingdomunited statesunknown threat actorus ip addressus sourceverified-benignvoidtrapvoipvoip attackvoip attacksvpnvpn ipvulnerability scanvulnerability-exploitationweb app attackweb application attackweb attackweb attacksweb exploitationweb serversweb spamweb traffic

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
70
SIGNAL
Signal Score
70%
Confidence
30
Reports
First seenDec 14, 2024
Last seenJun 9, 2026
GeolocationTR
CountryTurkey
LocationManchester, Bursa
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords40.2024, 29.0398
VPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 185.247.137.128 - 185.247.137.255 netname: DRIFTNET-IPV4-F remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:42:56Z last-modified: 2024-12-09T15:47:14Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 185.247.137.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:33:43Z last-modified: 2024-11-28T11:34:21Z source: RIPE
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 days ago
Appeared in 30 threat reports