← Back to feed

Subnet 185.247.137.0/24

SUBNET Active high
Why this campaign was detected
6 IPs from the same /24 subnet (185.247.137.0/24) were observed attacking our sensors within the same time window. All belong to Driftnet Ltd (AS211298). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS211298 · Driftnet Ltd
Subnet
185.247.137.0/24
Country
🇬🇧 GB
Cloud Provider
Member Count
6 IPs
Below average
Total Events
36
Below average by volume
Started / Ended
2026-02-20 09:12 — ongoing
Attack Types
http:scan ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
185.247.137.207 scanner 37% 7 2 http:scanssh:bruteforce 2026-07-13 07:27 evidence →
185.247.137.78 web_probe 36% 8 2 http:scanssh:bruteforce 2026-07-13 02:44 evidence →
185.247.137.56 web_probe 32% 2 2 http:scan 2026-07-15 20:09 evidence →
185.247.137.135 scanner 29% 6 1 ssh:bruteforce 2026-07-16 09:30 evidence →
185.247.137.246 scanner 29% 12 2 ssh:bruteforce 2026-07-14 06:35 evidence →
185.247.137.118 web_probe 17% 1 1 http:scan 2026-07-13 04:54 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds