IPMediumSignal 74/100

`185.247.137.45`

Location

Turkey

Manchester, Bursa

ASN

AS211298

Constantine Cybersecurity LTD

First Seen

Dec 15, 2024

Last Seen

Jun 14, 2026

Dec 15

First Seen

559d ago

Jun 14

Last Seen

13d ago

Reports

source reports

74%

Confidence

medium

Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

74%

Signal Score

74 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

59 techniques

Network Information

Country

Turkey

RegionManchester, Bursa

ASNAS211298

OrganizationConstantine Cybersecurity LTD

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

34 reports74% confidence

Source reports

74%

Confidence score

Category tags

abuseaccessactionactive scanactive scanningadbhoney honeypotaptatif feedattackattack preparatoryaustraliaauthentication attackauthentication attemptauthentication brute forceauto-generated securityautomated attacksbad reputationbad web botbanlist feedbeningbening scannerbinary defenseblacklisted ipblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute-forcec2c2 servercisco asacisco asa targetedcisco asa targetingcisco devicecisco exploitation attemptscloud infrastructurecommand & controlcommand and controlcommand executioncommunication protocolcompromised hostcompromised hostsconfigconnectcowriecowrie activitycowrie honeypotcowrie ssh honeypotcredential accesscredential guessingcredential harvestingcredential stuffingcssctadata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea honeypotdistributed attacksdriftnet-benignelasticpot dataelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeeurope/asiaexecutable fileexploitexploit attemptsexploitation activityexploitation attemptsexploited hostexternal attackfattfinlandfrancefraud voipftpftp brute forceftp protocolgbgermanygithubgroupshackinghoneynet connecthoneytrap honeypothttp brute forcehttp scannerhttpsidentity & access exploitationindicatorinfoinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptsinjection activityinjection attacksinternet-wide scaninternet_measurement-benigniociot securityiot targetedipv4kill-chain exploitationkill-chain reconnaissancelamplamp exploitation attemptslamp server attacklamp stack targetinglateral movementlinuxlogin attemptlogin attemptslow-riskmailoney activitymailoney honeypotmalicious activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware downloadmanualnetworknetwork activitynetwork attacksnetwork device attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaoceaniaopenctiosintp0fpassword attackpassword attacksphishingphishing attackphishing trappingpolandpossible credential stuffingpossible malware propagationpotential lateral movementprocess injectionprotocol exploitationpythonransomwarerdp protocolreconnaissanceredis honeypotredishoneypotremote accessremote service exploitationremote servicesresearchedresource hijackingsansscams & fraudscannerscannersscanning activityscriptscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetserverserver exploitationservice scansftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attemptsftp probingsipsip attackssip brute forcesip scanningslugsmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsocradar honeypotspamsql injectionsshssh attackssh monitoringssh protocolsurface webt1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1497t1499.001t1499.002t1499.003t1505.004t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1587.001t1589t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottrturkeyudp scanunattributed activityunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunited kingdomunited kingdom of great britain and northern irelandunited statesus ip addressverified-benignvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationweb app attackweb application attackweb application attacksweb attackweb exploitationweb shell uploadsweb spamweb traffic

Activity Timeline

1 total obs

Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

74%

Confidence

Reports

First seenDec 15, 2024

Last seenJun 14, 2026

GeolocationTR

CountryTurkey

LocationManchester, Bursa

ASNAS211298

OrgConstantine Cybersecurity LTD

Coords40.2024, 29.0398

VPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: inetnum: 185.247.137.0 - 185.247.137.127 netname: DRIFTNET-IPV4-E remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:39:03Z last-modified: 2024-12-09T15:47:02Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 185.247.137.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:33:43Z last-modified: 2024-11-28T11:34:21Z source: RIPE
references: https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

`185.247.137.45`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey