IOC Radar
IPMediumSignal 66/100

185.247.137.40

Location
TurkeyTurkey
Manchester, 16
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Dec 14, 2024
Last Seen
Jun 1, 2026
Dec 14
First Seen
549d ago
Jun 1
Last Seen
15d ago
30
Reports
source reports
66%
Confidence
medium
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

67 techniques

Network Information

CountryTRTurkey
RegionManchester, 16
ASNAS211298
OrganizationConstantine Cybersecurity LTD

Feed Intelligence Summary

30 reports66% confidence
30
Source reports
66%
Confidence score
Category tags
abuseaccessaccess controlactive scanactive scanningadbhoney activityadbhoney honeypotaptasiaattackattacker-ipaustraliaauthentication attackauthentication attemptauthentication failureauto-generated securitybad reputationbad web botbeningbening scannerblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebruteforcec2 communicationcisco devicecode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialsconnectconpot activityconpot honeypotconpot ics attackconpot ics exploitationcowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential brute-forcecredential brute-forcingcredential harvestingcredential stuffingcredentialsdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase exploitation attemptsdatabase securityddosddos attackddos participationdecoy systemdefault credential abusedenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondistributed attacksdnsdns attackdriftnet-benignelasticpot attackselasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingeuropeeurope/asiaexploitexploit activityexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostfattfraud voipftpftp attacksftp brute forcegbgroupshackingheralding probeshoneytrap honeypothttp brute forcehttp scannerhttp scanninghttp/sics securityidentity & access exploitationindicatorindicators of compromiseindustrial control systemsinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet_measurement-benignintrusion detectioniociot device exploitationiot securityiot/ics attackipphoney activityipphoney honeypotkazakhstankaznetkill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploitation attemptslamp server attacklamp stack targetinglateral movementlinux serverlow-riskmailoney activitymailoney email spoofingmailoney honeypotmalicious activitymalicious domainmalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmodbusmssqlnetworknetwork attacksnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnorth americaoceaniaopenctiosintp0fpassword attackpassword attackspassword crackingphishingphishing attackphishing trappossible botnet activitypossible credential reusepossible reconnaissance activitypotential malware distributionprocess injectionprotocol exploitationransomwarerdp attacksreconnaissanceredis exploitation attemptredis exploitation attemptsredis honeypotremote accessremote access attemptremote servicesresearchedresource hijackingsansscams & fraudscannerscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer p2p attackserver exploitationservice enumerationservice scansftpsftp access attemptsftp activitysftp attacksftp attemptsftp attemptssftp scanningsipsip brute forcesip scanningsip vulnerability exploitationslugsmtpsmtp attackssmtp brute forcesocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsshssh attackssh attacksssh monitoringsurface websystem accesst-pott1016t1018t1021t1021.001t1021.002t1021.004t1021.006t1027t1040t1041t1046t1053t1055t1056t1059t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.004t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1583.001t1583.002t1587.001t1588t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003tannertanner activitytanner exploit attemptstanner exploit kittanner honeypot activitytanner web attacktargeting databasetcptcp protocoltelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpottpotcetrturkeyunauthorized accessunauthorized access attemptunauthorized loginunited kingdomunited kingdom of great britain and northern irelandunited statesus ip addressus sourceverified-benignvnc protocolvoidtrapvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb application attacksweb attackweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 1Jun 1

Threat Activity Heatmap

· Peak: 2026-06-01
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
30
Reports
First seenDec 14, 2024
Last seenJun 1, 2026
GeolocationTR
CountryTurkey
LocationManchester, 16
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords40.2024, 29.0398

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 185.247.137.0 - 185.247.137.127 netname: DRIFTNET-IPV4-E remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:39:03Z last-modified: 2024-12-09T15:47:02Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 185.247.137.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:33:43Z last-modified: 2024-11-28T11:34:21Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://threats.kz

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 15 days ago
Appeared in 30 threat reports