185.247.137.189

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 185.247.137.189/32

Date: 2026-06-26

Classification: Moderate Risk (Score: 40/100)

Source: IPDebrief Intelligence Platform

---

## Executive Summary

IP address 185.247.137.189 belongs to Driftnet Hostmaster (ASN: 211298) and is geolocated to Manchester, England. The IP is classified as "Firewalled / No Services" with no open ports detected. While the IP itself shows no direct threat indicators, its /24 neighborhood exhibits mixed abuse characteristics with elevated sibling risk.

---

## Technical Profile

Ownership & Geolocation:

Organization: Driftnet Hostmaster
ASN: 211298
Location: Manchester, England, GB
CIDR Block: 185.247.137.0/24
RIR: RIPE

Network Classification:

Service Purpose: Firewalled / No Services
Open Ports: None detected
DNS PTR: r4-189-bd.monitoring.internet-measurement.com
Forward Resolution: r4-189-bd.monitoring.internet-measurement.com (confirmed)
Domain: internet-measurement.com (SPF: yes, DMARC: yes)

Control Plane Indicators:

Origin ASN: 211298
BGP Prefix: 185.247.137.0/24
Route Stability: False
Route Changes (30d): 0
DNSBL Listed: 2 of 8 total lists
Operator Score: 0.2609 (Basic)

---

## Threat Assessment

Direct Threat Indicators:

Known Attacker: No
Spam Source: No
Tor Exit Node: No
Campaign Association: None detected
Blacklist Count: 0

Neighborhood Context (185.247.137.0/24):

Total Siblings: 190
Active Siblings: 54
Threat Siblings: 72
Abuse Density: 0.3789
Classification: Mixed
Risk Distribution: High (0), Medium (38), Low (62)

Inherited Risk Score: 15 (from subnet)

---

## Historical Observations

Observation Count: 19 signals tracked

Geolocation: Consistent GB attribution with 500km accuracy radius
Operator Score: Stable at 0.2609 (Basic)
Subnet Risk: Consistent abuse density of 0.3789 across observations
Threat Persistence: No persistent malicious activity detected

---

## Related Entities

DNS Associations:

r4-189-bd.monitoring.internet-measurement.com (repeated association)

Network Associations:

UK-DRIFTNET-20180301 (network registration)

---

## Recommended Actions

Based on the moderate risk profile (Score: 40), the following rules are recommended for implementation:

iptables:

```

iptables -A INPUT -s 185.247.137.189 -j DROP

```

nftables:

```

nft add rule inet filter input ip saddr 185.247.137.189 drop

```

nginx:

```

deny 185.247.137.189;

```

Cloudflare WAF:

```json

{

"description": "Block 185.247.137.189 — IPDebrief risk score 40",

"action": "block",

"filter": {

"expression": "ip.src eq 185.247.137.189"

}

```

AWS WAF:

```json

{

"Addresses": ["185.247.137.189/32"],

"Description": "IPDebrief risk 40"

}

```

---

## Analyst Notes

The IP address resolves to a monitoring infrastructure hostname (internet-measurement.com) with valid email authentication records. Despite the moderate risk score, there are no direct threat indicators. The elevated neighborhood risk (0.3789 abuse density) suggests this /24 block may contain compromised hosts. The "firewalled/no services" classification indicates the IP may be part of a passive monitoring system rather than an active service endpoint.

Recommendation: Implement blocking rules per the recommended actions. Monitor for any changes in service availability or reputation over the next 30 days.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇬🇧 United Kingdom
Region	England
City	Manchester
Timezone	Europe/London
Latitude	51.51
Longitude	-0.13

🏢 Ownership & Registration

Organization	Driftnet Hostmaster
ASN	AS211298
Network Name	—
CIDR Block	185.247.137.0/24
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	r4-189-bd.monitoring.internet-measurement.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`r4-189-bd.monitoring.internet-measurement.com`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Single-Service Host
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
Closed Ports	22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	19%	2	2
routing	13%	1	1
services	8%	1	1
ownership	27%	2	3
reputation	13%	1	2
geolocation	19%	2	2
Overall	17%	9	11

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-10 22:17:25 UTC
Last Seen	2026-06-26 04:45:54 UTC
Profile Built	2026-06-26 05:11:58 UTC
Data Freshness	Live
Signal Types	22
Total Observations	23

🔍 22 signal types · 23 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

185.247.137.189📋 Copy