← Back to feed
Subnet 185.247.137.0/24
SUBNET Active highWhy this campaign was detected
9 IPs from the same /24 subnet (185.247.137.0/24) were observed attacking our sensors within the same time window. All belong to Driftnet Ltd (AS211298). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS211298 · Driftnet Ltd
Subnet
185.247.137.0/24
Country
🇬🇧 GB
Cloud Provider
—
Member Count
9 IPs
Below average
Total Events
26
Below average by volume
Started / Ended
2026-02-20 09:12 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Discovery
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 185.247.137.224 | web_probe | 35% | 2 | 2 | http:scan | — | 2026-05-13 13:03 | evidence → | |
| 185.247.137.222 | web_probe | 25% | 1 | 1 | http:scan | — | 2026-05-12 10:30 | evidence → | |
| 185.247.137.168 | web_probe | 24% | 2 | 2 | http:scan | — | 2026-05-07 17:21 | evidence → | |
| 185.247.137.106 | scanner | 21% | 6 | 1 | ssh:bruteforce | — | 2026-05-11 12:11 | evidence → | |
| 185.247.137.160 | web_probe | 20% | 1 | 1 | http:scan | — | 2026-05-10 10:44 | evidence → | |
| 185.247.137.79 | scanner | 19% | 6 | 1 | ssh:bruteforce | — | 2026-05-10 08:24 | evidence → | |
| 185.247.137.97 | web_probe | 18% | 1 | 1 | http:scan | — | 2026-05-09 06:13 | evidence → | |
| 185.247.137.246 | scanner | 17% | 6 | 1 | ssh:bruteforce | — | 2026-05-08 20:19 | evidence → | |
| 185.247.137.219 | web_probe | 14% | 1 | 1 | http:scan | — | 2026-05-07 05:24 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds