IOC Radar
IPMediumSignal 71/100

185.247.137.92

Location
TurkeyTurkey
Manchester, England
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Dec 14, 2024
Last Seen
Jun 14, 2026
Dec 14
First Seen
559d ago
Jun 14
Last Seen
12d ago
32
Reports
source reports
71%
Confidence
medium
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Network Information

CountryTRTurkey
RegionManchester, England
ASNAS211298
OrganizationConstantine Cybersecurity LTD

IP Category

VPN
VPN exit node

Feed Intelligence Summary

32 reports71% confidence
32
Source reports
71%
Confidence score
Category tags
abuseaccessactive scanactive scanningadb attacksadbhoney activityadbhoney honeypotaptattackattacker-ipaustraliaauthentication attackauthentication attemptauthentication failureauto-generated securityautomated attackautomated attack attemptsautomated-attackbad reputationbad web botbeningbening scannerblacklisted ipblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force-attackbrute_forcec2 communicationciscocisco devicecisco device attackscisco exploitation attemptscivil servicescode-injectioncommand & controlcommand and controlcommand executioncommunication protocolcompromised hostconnectconpotconpot activityconpot honeypotconpot ics attackconpot interactioncowriecowrie activitycowrie honeypotcowrie interactioncowrie ssh attackcowrie ssh honeypotcredential accesscredential brute-forcecredential harvestingcredential stuffingcredential-abusecredential-stuffingcredential_accessctadata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdefault credential abusedenial of servicedevice managementdigital oceandionaeadionaea activitydionaea honeypotdionaea malware detectiondistributed attacksdriftnet-benignemailencryptionenterprise networkingenumerationeuropeeurope/asiaexploitexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostfattftpftp attacksftp brute forceftp brute-forcegbgovernment technologygroupshackinghoneytrap honeypothttp floodhttp scannerhttp/shttpsics securityics/scada attacksidentity & access exploitationindicatorindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinjection activityinjection attacksinternet_measurement-benignintrusion detectioniot attacksiot device exploitationiot securityiot targetediot/ics attackit infrastructurelamplamp exploitation attemptslamp server attacklamp stack targetinglamp vulnerability exploitationlateral movementlinux servermailoney activitymailoney email spoofingmailoney honeypotmalicious activitymalicious softwaremalicious trafficmalicious-activitymalicious_activitymalwaremalware behaviourmalware capturemalware communicationmalware distributionmalware downloadmalware download attemptsmanualmodbusmonthlymssqlmysqlnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusionsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork-devicesnetwork_intrusionnorth americaoceaniaopenctioriginp0fpassword attackpassword attackspassword-guessingphishingphishing attackphishing trapping of deathport-scanningportscanpossible malware distributionpotential malware distributionprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwarerdpreconnaissanceredisregulatory agenciesremote accessremote servicesresearchedresource hijackingsansscannerscannersscanning activityscriptscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer p2p attackserver exploitationservice scansftpsftp access attemptsftp activitysftp attacksftp scanningsipsip attackssip brute forcesip scanningslugsmb attackssmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsql injectionsql-injectionsshssh attackssh monitoringsurface websystem accesst-pott1003t1016t1018t1021t1021.001t1021.002t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.005t1059.007t1071t1071.001t1076t1077t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner web attacktargeting databasetcptcp protocoltcp/3306telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat_activitytor nodetpottpotcetrtraffic anomalyturkeyunauthorized accessunauthorized loginunited kingdomunited kingdom of great britain and northern irelandunited statesus sourceverified-benignvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationvulnerability-scanningvultrweb app attackweb application attackweb application attacksweb attackweb attacksweb exploitweb exploitationweb spamweb trafficweb-application-attackweb-servers

Activity Timeline

1 total obs
Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
32
Reports
First seenDec 14, 2024
Last seenJun 14, 2026
GeolocationTR
CountryTurkey
LocationManchester, England
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords53.8008, -1.5491
VPN

VirusTotal

Not checked

WHOIS

description
2025-02-15T17:51:04.308Z Honeypot : Dionaea : Source: 185.247.137.92 : Port: 1723 Connection: {'type': 'accept', 'protocol': 'pptpd', 'transport': 'tcp'}
raw
inetnum: 185.247.137.0 - 185.247.137.127 netname: DRIFTNET-IPV4-E remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:39:03Z last-modified: 2024-12-09T15:47:02Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 185.247.137.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:33:43Z last-modified: 2024-11-28T11:34:21Z source: RIPE
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 12 days ago
Appeared in 32 threat reports