IPMediumSignal 73/100

`185.247.137.61`

Location

Turkey

Manchester, Bursa

ASN

AS211298

Constantine Cybersecurity LTD

First Seen

Dec 14, 2024

Last Seen

Jun 15, 2026

Dec 14

First Seen

555d ago

Jun 15

Last Seen

7d ago

Reports

source reports

73%

Confidence

medium

Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

73%

Signal Score

73 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

67 techniques

Network Information

Country

Turkey

RegionManchester, Bursa

ASNAS211298

OrganizationConstantine Cybersecurity LTD

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

33 reports73% confidence

Source reports

73%

Confidence score

Category tags

abuseaccount compromiseactive scanactive scanningaptatif feedattachment phishingattackattacker-ipattacking-ipsaustraliaauthentication attackauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauto-generated securityautomated emailbad reputationbad web botbanlist feedbase64base64 encodingbecbeningbening scannerbinary defenseblacklisted ipblocked ipblocklist_allbotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebulk emailc2ciscocisco asacisco devicecivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostcompromised hostsconpotconpot honeypotcowriecowrie honeypotcowrie ssh attackscowrie ssh honeypotcredential accesscredential brute-forcecredential harvestingcredential phishingcredential stuffingctadata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdefault credential abusedenial of servicedevice managementdigital oceandigitalocean ipsdionaeadionaea honeypotdistributed attacksdnsdns attackdriftnet-benignemailencryptionenterprise networkingenumerationeuropeeurope/asiaexploitexploit attemptsexploit kit activityexploitation activityexploitation attemptexploitation attemptsexploited hostfattfinlandfrancefraud voipftpftp attacksftp brute forcegbgermanygithubgovernment technologyhackinghoneynet connecthoneytrap honeypothttp brute forcehttp floodhttp scannerhttp/sics securityidentity & access exploitationindicatorindicators of compromiseindicators-of-compromiseindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet_measurement-benignintrusion detectioniot device exploitationiot securityiot targetediot/ics attackipphoney honeypotit infrastructurelamplamp server attacklateral movementlinux serverlogin attemptmailoney honeypotmalicious activitymalicious login attemptsmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware-related botnet activitymanualmodbusmssqlnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork threatnetwork-based attack attemptsnorth americaoceaniaopenctiopportunistic-attackoriginp0fpasswordpassword attackpassword attackspassword theftpayment fraudphishingphishing attackphishing campaignphishing trappolandport-scanningportscanpossible botnet infectionpossible malicious activitypotential compromisepotential data breachpotential malware propagationprice requestprice request scamprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policypythonransomwarerdprdp attacksreconnaissanceredisregulatory agenciesremote accessremote access attemptremote servicesresearchedresource hijackingsansscams & fraudscannerscannersscanning activityschedule themescheduled task abusescripting attackssecurity operationssensor-taggedsentrypeer botnetsentrypeer dataserver exploitationservice scansftpsftp attacksipsip brute forcesip scanningslugsmb brute forcesmtpsmtp attackssmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsql injectionsshssh attackssh attacksssh monitoringsurface websystem accesst-pott1003t1003.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1192t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1587.001t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003t1598t1598.003tannertargeting databasetariff server compromisetariff server themetariffs servertcp protocoltcp scantelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat-intelligencetor nodetpottrturkeyudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunited kingdomunited statesus ip addressus sourceverified-benignvnc protocolvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationvulnerability-scanningvultrweb app attackweb application attackweb application attacksweb attackweb exploitweb exploitationweb trafficwetransfer abuse

Activity Timeline

1 total obs

Jun 15Jun 15

Threat Activity Heatmap

· Peak: 2026-06-15

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

73%

Confidence

Reports

First seenDec 14, 2024

Last seenJun 15, 2026

GeolocationTR

CountryTurkey

LocationManchester, Bursa

ASNAS211298

OrgConstantine Cybersecurity LTD

Coords53.8008, -1.5491

VPN

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=fatt, p0f, tanner; threshold?1; private IPs excluded. geo=GB; ports=80; proto=http Location=Sydney, Australia.
raw: inetnum: 185.247.137.0 - 185.247.137.127 netname: DRIFTNET-IPV4-E remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:39:03Z last-modified: 2024-12-09T15:47:02Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 185.247.137.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:33:43Z last-modified: 2024-11-28T11:34:21Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

`185.247.137.61`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey