IPMediumSignal 69/100

`185.247.137.176`

Location

Kazakhstan

Manchester, 16

ASN

AS211298

Constantine Cybersecurity LTD

First Seen

Dec 12, 2024

Last Seen

Jun 12, 2026

Dec 12

First Seen

562d ago

Jun 12

Last Seen

16d ago

Reports

source reports

69%

Confidence

medium

Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

69%

Signal Score

69 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

84 techniques

Network Information

Country

Kazakhstan

RegionManchester, 16

ASNAS211298

OrganizationConstantine Cybersecurity LTD

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

32 reports69% confidence

Source reports

69%

Confidence score

Category tags

abuseaccessaccount discoveryaccount profilingaccount takeoveractive scanactive scanningadbhoney activityadbhoney honeypotaptasiaatif feedattackaustraliaauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication bypass attemptauthentication failureauto-generated securityautomated attackautomated attacksbad reputationbad web botbanlist feedbeningbening scannerbinary defenseblocklistblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2 communicationc2 servercisco asacisco asa targetingcisco devicecivil servicescommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostcompromised hostsconpot activityconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationcowriecowrie activitycowrie attackcowrie honeypotcowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential guessingcredential harvestingcredential stuffingctadata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea attackdionaea honeypotdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdistributed attacksdriftnet-benignelasticpot attackselasticpot dataelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingeuropeeurope/asiaexploitexploit attemptexploit attemptsexploitation activityexploited hostfailed login attemptsfattfilefinlandfranceftpftp brute forceftp brute-forceftp protocolftp scangbgermanygithubgovernment technologygroupshackingheralding activityheralding probeshoneynet connecthoneytrap activityhoneytrap exploit attemptshoneytrap honeypothttp brute forcehttp scannerics securityidentity & access exploitationimapimap attackindicatorindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial access attemptsinjection activityinjection attacksinternet_measurement-benignintrusion detectioniociot securityiot targetediot/ics attackipv4it infrastructurekazakhstankaznetkill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlinux systems targetedloginlogin attemptlow-riskmailoney activitymailoney email spoofingmailoney honeypotmalicious activitymalicious file transfermalicious ip detectedmalicious login attemptsmalicious payload attemptmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware hostingmalware propagationmalware scanningmanualnetworknetwork attacksnetwork device attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork traffic analysisnorth americaoceaniaosintp0fp0f network fingerprintingpassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible credential reusepossible reconnaissance activitypotential malicious activityprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policypythonransomwarerdp authenticationrdp protocolreconnaissanceredisredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityregulatory agenciesremote accessremote servicesresearchedresource hijackingsansscannerscanning activityscriptscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer p2p attackserver exploitationservice scansftpsftp access attemptsftp activitysftp attacksftp intrusion attemptsftp scanningsipsip attackssip brute forcesip enumerationsip scansip scanningsip vulnerability scanningslugsmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsql injectionsql injection attemptssshssh attackssh monitoringssh protocolssh scansurface websuricata alertst1005t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1550t1550.003t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1572t1573t1573.001t1583t1583.001t1583.002t1587.001t1588t1589t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner exploit kittanner honeypot activitytanner web attacktargeting databasetcp protocoltcp scantcp/3306telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottpotcetrturkeyudp scanunauthorized accessunauthorized access attemptunauthorized loginunited kingdomunited kingdom of great britain and northern irelandunited statesus sourcevalid accountsverified-benignvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationweb app attackweb application attackweb application attacksweb attackweb exploitationweb shell detectionweb spamweb traffic

Activity Timeline

1 total obs

Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

69%

Confidence

Reports

First seenDec 12, 2024

Last seenJun 12, 2026

GeolocationKZ

CountryKazakhstan

LocationManchester, 16

ASNAS211298

OrgConstantine Cybersecurity LTD

Coords40.2024, 29.0398

VPN

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=GB; ports=8443 Location=Sydney, Australia.
raw: inetnum: 185.247.137.128 - 185.247.137.255 netname: DRIFTNET-IPV4-F remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:42:56Z last-modified: 2024-12-09T15:47:14Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 185.247.137.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:33:43Z last-modified: 2024-11-28T11:34:21Z source: RIPE
references: https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://threats.kz, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

`185.247.137.176`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey