IOC Radar
IPMediumSignal 58/100

185.247.137.90

Location
United KingdomUnited Kingdom
Manchester, 16
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Dec 12, 2024
Last Seen
Jun 12, 2026
Dec 12
First Seen
554d ago
Jun 12
Last Seen
6d ago
29
Reports
source reports
58%
Confidence
medium
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Network Information

CountryGBUnited Kingdom
RegionManchester, 16
ASNAS211298
OrganizationConstantine Cybersecurity LTD

Feed Intelligence Summary

29 reports58% confidence
29
Source reports
58%
Confidence score
Category tags
abuseaccessactionactive scanactive scanningadbhoney activityadbhoney honeypotaptattackaustraliaauthentication abuseauthentication attackauto-generated securitybad reputationbad web botbeningbening scannerblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute-forcec2 communicationciscocisco devicecisco exploitation attemptscommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostcompromised hostscompromised system attemptconfigconnectconpotconpot activityconpot honeypotconpot ics attackcowriecowrie activitycowrie honeypotcowrie ssh attackcredential accesscredential harvestingcredential stuffingcssdata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase probingdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdigital oceandigitalocean ipsdionaeadionaea activitydionaea honeypotdionaea malware collectiondionaea malware detectiondistributed attacksdriftnet-benignemailenterprise networkingeuropeexecutable fileexploitexploit attemptexploit attemptsexploitationexploitation activityexploited hostfattftpftp brute forceftp brute-forcegbgithubgroupshackinghoneytrap honeypothttp scannerics securityidentity & access exploitationindicatorindustrial control systemsinfoinfrastructure acquisitionreconnaissanceinitial accessinitiator ipinjection activityinjection attacksinternet_measurement-benignintrusion detectioniot securityiot targetediot/ics attacklamplamp server targetinglateral movementlinuxlogin attackmailoney activitymailoney email spoofingmailoney honeypotmalicious activitymalicious code detectionmalicious softwaremalicious sshmalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware distribution attemptmalware-related botnet activitymanualnetworknetwork activitynetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork sniffingnorth americaoceaniaopenctip0fpassword attackpassword attacksphishingphishing attackphishing trappingportscanpossible botnet infectionprocess injectionprotocol exploitationpythonransomwarerdpreconnaissanceredisredis honeypotredishoneypotremote accessremote servicesresearchedresource hijackingsansscannerscannersscanning activityscriptsecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer p2p attackserverserver exploitationservice scansftpsftp abusesftp access attemptssftp activitysftp attacksftp scanningsipsip attackssip brute forcesip scanningslugsmtpsmtp attackersocial engineeringsocradar honeypotsql injectionsshssh attackssh monitoringsurface webt-pott1016t1016.001t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.003t1059.004t1059.005t1068t1071t1071.001t1076t1078t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1550.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003tannertanner activitytanner web attacktargeting databasetcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottpotcetrturkeyunauthorized accessunauthorized access attemptunited kingdomunited statesus ip addressus sourceverified-benignvnc protocolvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb application probingweb application scanningweb exploitationweb traffic

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
29
Reports
First seenDec 12, 2024
Last seenJun 12, 2026
GeolocationGB
CountryUnited Kingdom
LocationManchester, 16
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords40.2024, 29.0398

VirusTotal

Not checked

WHOIS

description
Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.247.137.90 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).
raw
inetnum: 185.247.137.0 - 185.247.137.127 netname: DRIFTNET-IPV4-E remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:39:03Z last-modified: 2024-12-09T15:47:02Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 185.247.137.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:33:43Z last-modified: 2024-11-28T11:34:21Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 days ago
Appeared in 29 threat reports