IOC Radar
IPMediumSignal 62/100

185.247.137.32

Location
TurkeyTurkey
Manchester, 16
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Dec 11, 2024
Last Seen
Jun 6, 2026
Dec 11
First Seen
552d ago
Jun 6
Last Seen
10d ago
30
Reports
source reports
62%
Confidence
medium
11/91
VirusTotal
detections
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

64 techniques

Network Information

CountryTRTurkey
RegionManchester, 16
ASNAS211298
OrganizationConstantine Cybersecurity LTD

IP Category

VPN
VPN exit node

Feed Intelligence Summary

30 reports62% confidence
30
Source reports
62%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadb scanningadbhoney activityadbhoney honeypotaptasiaattackaustraliaauthentication attemptauthentication attemptsauto-generated securityautomated attacksautomated-attackbad reputationbad web botbeningbening scannerblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcec2cisco brute forcecisco devicecisco exploitationcisco exploitation attemptcloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostcompromised hostsconnected devicesconpot activityconpot honeypotconpot ics attacksconpot ics exploitationcowriecowrie activitycowrie attackscowrie honeypotcowrie ssh attackscowrie ssh honeypotcredential accesscredential guessingcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase brute forcedatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdictionary attackdionaeadionaea activitydionaea attacksdionaea honeypotdionaea malware analysisdionaea malware collectiondistributed attacksdnsdns attackdriftnet-benignelasticpot activityelasticpot attackselasticpot honeypotelasticsearch monitoringencryptionenterprise networkingeuropeeurope/asiaexploitexploit attemptsexploit public-facing applicationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal-scanningfattfinlandfrancefraud voipftpftp brute forcegbgermanyhackingheralding activityheralding attacksheralding probeshoneynet connecthoneytrap honeypothttp brute forcehttp scannerhttp scanningics securityidentity & access exploitationindicatorindustrial control systemsindustrial iotinfected systeminfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsinternet_measurement-benignintrusion detectioniot analyticsiot applicationsiot platformsiot securityiot targetediot/ics attackipmi scanningipphoney activityipphoney honeypotipv4kfsensor honeypotlamplamp exploitationlamp exploitation attemptslamp stack targetinglateral movementlinuxlogin attemptmailoney honeypotmalaysiamalicious activitymalicious ip addressesmalicious payloadmalicious scanmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware distribution attemptmalware-related botnet activitymanualmssqlnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork logonnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork-reconnaissancenorth americaoceaniaopenctip0fpassword attackpassword attacksphishingphishing attackphishing trappolandportscanpossible botnet infectionpossible exploit attemptpotential malware distributionprocess injectionprotocol exploitationransomwarereconnaissanceredis exploitation attemptredis exploitation attemptsredis honeypotremote accessremote servicesresearchedresource hijackingsansscams & fraudscannerscannersscanning activityscripting attackssensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetserver exploitationservice enumerationservice scansftp access attemptsftp attacksftp attackssftp attemptsip attackssip brute forcesip scanningsmart devicessmb attackssmb brute forcesmtpsmtp attackersmtp brute forcesmtp probingsocial engineeringsocradar honeypotspamsql injectionsshssh attackssh attacksssh brute-force activityssh monitoringt1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.002t1078.003t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1505.004t1550.002t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner exploit kittanner honeypot activitytargeting databasetcp protocoltcp scantcp-scanningtcp/3306telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottpotcetrturkeyudp scanudp-scanningunauthorized access attemptunited kingdomunited statesunited states sourceus ip addressus ip sourceus sourceverified-benignvnc protocolvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb attackweb exploitationweb serverweb server attacksweb spamweb traffic

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
30
Reports
First seenDec 11, 2024
Last seenJun 6, 2026
GeolocationTR
CountryTurkey
LocationManchester, 16
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords40.2024, 29.0398
VPN

VirusTotal

11/ 91vendors flagged
12% detection rateJun 7, 2026

WHOIS

description
Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).
raw
inetnum: 185.247.137.0 - 185.247.137.127 netname: DRIFTNET-IPV4-E remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:39:03Z last-modified: 2024-12-09T15:47:02Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 185.247.137.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:33:43Z last-modified: 2024-11-28T11:34:21Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 days ago
Appeared in 30 threat reports