Check an IP Address, Domain Name, Subnet, or ASN

185.247.137.247 was found in our database!

$ whois 185.247.137.247

country·🇬🇧 United Kingdom

city·Manchester

isp·Driftnet Ltd

asn·AS211298

network·Standard

$ sikker risk 185.247.137.247scoring →

confidence

82%Very High

first_seen·Jan 20, 2026

last_seen·1h ago

sessions·363

events·423

$ sikker protocols 185.247.137.247

POSTGRES

84 / 85

HTTPS

57 / 73

MSSQL

72 / 72

SIP

49 / 56

SMTP

24 / 38

REDIS

11 / 28

IMAP

24 / 25

HTTP

15 / 15

SSH

10 / 10

TELNET

7 / 10

FTP

4 / 4

RTSP

4 / 4

SMB

2 / 3

$ sikker summary 185.247.137.247

185.247.137.247 has a threat confidence score of 82%. This IP address from United Kingdom (AS211298, Driftnet Ltd) has been observed in 363 honeypot sessions targeting POSTGRES, HTTPS, MSSQL, SIP, SMTP and 8 other protocols. First observed on January 20, 2026, most recently active March 23, 2026.

$ sikker behaviors 185.247.137.247catalog →

lowRtsp Options Probe3x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

lowFtp Capability Enumeration Over Tls2x

FTP session where the client upgrades to TLS (AUTH TLS) and proceeds to request server capability information using FEAT, HELP, and SYST before cleanly terminating the session. This pattern indicates structured service and feature enumeration rather than file interaction. The sequence is consistent with automated reconnaissance used to fingerprint FTP server configuration, supported extensions, and implementation details

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 185.247.137.247

smtp_ehlo_greeting11 smtp_quit_session_termination11 smtp_starttls_upgrade_request11 http_method_get6 ftp_auth_tls4 rtsp_options4 ftp_help_request4 ftp_system_type_request4 ftp_feature_list_request4 ftp_session_quit2 https_path_root1 redis_command_http_connection_close1

$ sikker related 185.247.137.247

Report IP WHOIS Lookup →

IP Address	Confidence	Events
185.247.137.111	91%	436
87.236.176.140	91%	430
185.247.137.84	89%	492
185.247.137.136	92%	434
87.236.176.100	91%	395

IP Address	Confidence	Events
78.153.140.250	99%	1,557
64.89.163.167	100%	16,574
51.89.235.201	89%	55,701
193.181.41.14	97%	7,979
64.89.163.91	100%	4,426