IOC Radar
IPMediumSignal 67/100

185.247.137.98

Location
TurkeyTurkey
Manchester, 16
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Dec 11, 2024
Last Seen
May 31, 2026
Dec 11
First Seen
562d ago
May 31
Last Seen
26d ago
31
Reports
source reports
67%
Confidence
medium
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
67%
Signal Score
67 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

83 techniques

Network Information

CountryTRTurkey
RegionManchester, 16
ASNAS211298
OrganizationConstantine Cybersecurity LTD

Feed Intelligence Summary

31 reports67% confidence
31
Source reports
67%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbhoney activityadbhoney honeypotaptattackaustraliaauthentication attackauthentication attemptauto-generated securityautomated attackbackdoorbad reputationbad web botbeningbening scannerblacklisted ipblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebruteforcec&c communicationc2c2 servercisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostcompromised hostsconnected devicesconpot activityconpot honeypotconpot ics attackconpot ics exploitationcowrie activitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential harvestingcredential stuffingctadata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attacksddos reconnaissancedecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondistributed attacksdriftnet-benignelasticpot attackselasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenumerationeuropeeurope/asiaexploitexploit attemptsexploit probingexploitationexploitation activityexploitation attemptsexploited hostextortionfailed loginfattfatt signaturesfilefinlandfranceftpftp brute forceftp brute-forcegbgermanyhackinghashheralding probeshoneynet connecthoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scanningicmpics securityidentity & access exploitationindicatorindustrial control systemsindustrial iotinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinjection attacksinternet of thingsinternet_measurement-benignintrusion detectioniociot analyticsiot applicationsiot platformsiot securityiot targetediot/ics attackipphoney honeypotipv4keyloggerkill-chain exploitationkill-chain reconnaissancelamplamp exploit attemptlamp exploitation attemptslateral movementlateral movement attemptlogin attemptlogin attemptslow-riskmailoney activitymailoney email spoofingmailoney honeypotmailoney interactionsmalicious activitymalicious filemalicious linksmalicious softwaremalicious trafficmalwaremalware analysismalware behaviourmalware capturemalware distributionmalware-related botnet activitymanualmonthlynetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnorth americaoceaniaopenctiosintp0fp0f signaturespassword attackpassword attackspassword crackingpassword sprayingphishingphishing attackphishing trappolandpossible botnet infectionpossible malware infectionpotential compromisepotential intrusionpotential malware distributionpotential malware uploadprocess injectionprotocol abuseprotocol exploitationransomwarereconnaissanceredisredis exploitation attemptredis exploitation attemptsredis honeypotredishoneypot activityremote accessremote servicesresearchedresource developmentresource hijackingrootkitsansscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer interactionssentrypeer p2p attacksentrypeer sip attacksserver exploitationservice scansftp access attemptsftp access attemptssftp activitysftp attacksftp attemptsftp scanningsip brute forcesip scanningsip vulnerability exploitationsip vulnerability scansmart devicessmb brute forcesmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotspamspam distributionsql injectionsshssh attackssh monitoringsuricata alertssystem disruptiont1001t1001.001t1001.002t1001.003t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204t1204.001t1204.002t1486t1490t1496t1497t1499.001t1499.002t1499.003t1505.004t1550.002t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1573.002t1583t1587.001t1588t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner exploit attemptstanner exploit kittanner honeypot activitytanner interactionstanner web attacktargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottpotcetrtrojan malwareturkeyudp scanunauthorized accessunauthorized access attemptunited kingdomunited statesunusual network trafficus ip addressus source ipuser agentverified-benignvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb application attacksweb attackweb exploitationweb securityweb spamworm

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) represents a significant and active threat, demanding immediate attention. The IPv4 address 185.247.137.98 has a high threat score of 67.31 and is widely flagged across numerous reputable threat intelligence feeds, including AbuseIPDB, AlienVault OTX, and SANS Wide Scanners, indicating its persistent engagement in malicious activities. If this IOC is observed communicating with or within the organizational network, it signals a high probability of ongoing recon…

Threat ScoreMedium Risk
67
SIGNAL
Signal Score
67%
Confidence
31
Reports
First seenDec 11, 2024
Last seenMay 31, 2026
GeolocationTR
CountryTurkey
LocationManchester, 16
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords40.2024, 29.0398

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=fatt, p0f; threshold?1; private IPs excluded. geo=GB; ports=443; proto=tls Location=Sydney, Australia.
raw
inetnum: 185.247.137.0 - 185.247.137.127 netname: DRIFTNET-IPV4-E remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:39:03Z last-modified: 2024-12-09T15:47:02Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 185.247.137.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2024-11-27T15:33:43Z last-modified: 2024-11-28T11:34:21Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 26 days ago
Appeared in 31 threat reports