Check an IP Address, Domain Name, Subnet, or ASN

2a06:4882:5000::5a was found in our database!

$ whois 2a06:4882:5000::5a

country·🇬🇧 United Kingdom

isp·Driftnet Ltd

asn·AS211298

network·Standard

$ sikker risk 2a06:4882:5000::5ascoring →

confidence

72%High

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·121

events·145

$ sikker protocols 2a06:4882:5000::5a

SIP

21 / 29

POSTGRES

26 / 27

HTTPS

23 / 24

MSSQL

24 / 24

SMTP

12 / 15

IMAP

6 / 8

FTP

2 / 7

REDIS

4 / 6

RTSP

1 / 3

SSH

2 / 2

$ sikker summary 2a06:4882:5000::5a

2a06:4882:5000::5a has a threat confidence score of 72%. This IP address from United Kingdom (AS211298, Driftnet Ltd) has been observed in 121 honeypot sessions targeting SIP, POSTGRES, HTTPS, MSSQL, SMTP and 5 other protocols. First observed on January 23, 2026, most recently active March 20, 2026.

$ sikker behaviors 2a06:4882:5000::5acatalog →

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

lowFtp Capability Enumeration Over Tls1x

FTP session where the client upgrades to TLS (AUTH TLS) and proceeds to request server capability information using FEAT, HELP, and SYST before cleanly terminating the session. This pattern indicates structured service and feature enumeration rather than file interaction. The sequence is consistent with automated reconnaissance used to fingerprint FTP server configuration, supported extensions, and implementation details

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Capability Enumeration1x

FTP session where the client issues HELP, SYST, and FEAT commands to query supported commands, system type, and server capabilities before terminating the session.

$ sikker primitives 2a06:4882:5000::5a

rtsp_options3 https_path_root2 ftp_help_request2 ftp_session_quit2 ftp_system_type_request2 ftp_feature_list_request2 ftp_auth_tls1 smtp_ehlo_greeting1 smtp_quit_session_termination1 smtp_starttls_upgrade_request1

$ sikker related 2a06:4882:5000::5a

🇬🇧·More threats fromUnited Kingdom→AS·More threats fromDriftnet Ltd→SIP·More threats targetingSIP→POST·More threats targetingPOSTGRES→HTTP·More threats targetingHTTPS→MSSQ·More threats targetingMSSQL→SMTP·More threats targetingSMTP→IMAP·More threats targetingIMAP→FTP·More threats targetingFTP→REDI·More threats targetingREDIS→RTSP·More threats targetingRTSP→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
2a06:4883:3000::29	72%	184
2a06:4883:9000::95	58%	150
2a06:4882:3000::44	62%	157
2a06:4883:9000::97	63%	146
2a06:4882:3000::3b	53%	166

IP Address	Confidence	Events
2a06:4883:3000::29	72%	184
2a06:4883:9000::95	58%	150
2a06:4882:3000::44	62%	157
2a06:4883:9000::97	63%	146
51.89.235.201	89%	53,549