IPMediumSignal 79/100

`185.247.137.252`

Location

United Kingdom

Manchester, 16

ASN

AS211298

Constantine Cybersecurity LTD

First Seen

Dec 12, 2024

Last Seen

Jun 7, 2026

Dec 12

First Seen

549d ago

Jun 7

Last Seen

8d ago

Reports

source reports

79%

Confidence

medium

10/91

VirusTotal

detections

Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

79%

Signal Score

79 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

70 techniques

Network Information

Country

United Kingdom

RegionManchester, 16

ASNAS211298

OrganizationConstantine Cybersecurity LTD

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

32 reports79% confidence

Source reports

79%

Confidence score

Category tags

abuseaccount compromiseactive scanactive scanningadbadb protocoladbhoney activityadbhoney honeypotand exploitation attemptsapplication layer protocolaptasiaattackaustraliaauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication failureauto-generated securityautomated attackautomated attacksbad reputationbad web botbeningbening scannerblocklist_allbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force-attackc2 communicationc2 servercisco devicecisco exploitationcisco exploitation attemptcloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostcompromised hostsconpot activityconpot exploitationconpot honeypotconpot ics attackscowrie activitycowrie attackcowrie emulationcowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential-stuffingctadata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase brute forcedatabase securityddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaea activitydionaea attackdionaea capturedionaea honeypotdionaea interactionsdionaea malware collectiondionaea payloadsdirectory traversaldistributed attacksdnsdns attackdriftnet-benignelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenumerationeuropeeurope/asiaexploitexploit attemptsexploit kit activityexploitationexploitation activityexploitation attemptexploited hostexternal threatfailed loginfattfatt detectionsfinlandfranceftpftp brute forceftp brute-forcegbgeneric exploitgermanyhackingheralding activityhoneynet connecthoneytrap eventshoneytrap honeypothttp brute forcehttp exploitationhttp scannerics attacksics securityics/scada systemsidentity & access exploitationindicatorindustrial control systemsinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinjection activityinjection attacksinternet-facinginternet_measurement-benignintrusion detectioniociot attacksiot device targetingiot securityiot systemsiot targetediot/ics attackipv4ipv4 attackskazakhstankaznetkill-chain exploitationkill-chain reconnaissancelamplamp exploit attemptslamp server attacklamp stack attacklamp stack attackslateral movementlogin attacklogin attemptlow-riskmailoney eventsmailoney honeypotmalicious activitymalicious activity detectedmalicious ip detectedmalicious network activitymalicious payload detectionmalicious softwaremalicious software detectionmalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmodbusmodbus protocolmonthlymulti-protocol network scanningnetworknetwork activitynetwork attacksnetwork devicesnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-devicesnorth americaoceaniaopenctiosintot attacksp0fp0f signaturespassword attackpassword attackspassword-guessingphishingphishing attackphishing trappolandport-scanningportscanpossible botnet activitypossible reconnaissance activitypotential credential theftpotential malicious activitypotential malware deliveryprivilege escalationprocess injectionprotocol exploitationransomwareratrdpreconnaissanceredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredishoneypot activityremote accessremote access attacksremote loginremote servicesresearchedresource hijackings7comms7comm protocolsansscannerscannersscanning activityscripting attackssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventsserver exploitationservice scansftp access attemptsftp activitysftp attacksftp attackssftp exploitationsftp intrusion attemptsftp protocolsftp scanningshell access attemptssip attackssip brute forcesip protocolsip scanningsip vulnerability scanslugsmb brute forcesmb exploitationsmtpsmtp brute forcesocial engineeringsocradar honeypotspamsql injectionsshssh attackssh attacksssh monitoringssh protocolsurface websuricata alertst1003t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1036t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1550.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1583t1583.001t1583.002t1587.001t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeted logintargeting databasetcp protocoltcp scantcp scanningtcp/3306telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottrturkeyudp scanunauthorized access attemptunauthorized loginunited kingdomunited kingdom of great britain and northern irelandunited statesunknown threat actorus ip addressverified-benignvoipvoip attackvoip attacksvpnvpn ipvulnerability scanvulnerability-exploitationvulnerability-scanningweb app attackweb application attackweb application attacksweb attackweb attack attemptsweb attacksweb exploitationweb serversweb spamweb trafficweb-servers

Activity Timeline

1 total obs

Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

79%

Confidence

Reports

First seenDec 12, 2024

Last seenJun 7, 2026

GeolocationGB

CountryUnited Kingdom

LocationManchester, 16

ASNAS211298

OrgConstantine Cybersecurity LTD

Coords40.2024, 29.0398

VPN

VirusTotal

10/ 91vendors flagged

11% detection rateJun 8, 2026

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: inetnum: 185.247.137.128 - 185.247.137.255 netname: DRIFTNET-IPV4-F remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:42:56Z last-modified: 2024-12-09T15:47:14Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 185.247.137.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:33:43Z last-modified: 2024-11-28T11:34:21Z source: RIPE
references: https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://threats.kz

`185.247.137.252`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy