2a06:4882:9000::9c — Driftnet Ltd, GB — High (62%)

Check an IP Address, Domain Name, Subnet, or ASN

2a06:4882:9000::9c was found in our database!

Confidence Level

62%

High?

Geolocation

🇬🇧

United Kingdom

ISPDriftnet Ltd

ASNAS211298

Activity Timeline

First seenJan 20, 2026, 11:53 PM

Last seen1h ago

76Sessions

104Events

Protocol Breakdown

HTTPS

14 / 26

POSTGRES

24 / 24

SIP

11 / 18

MSSQL

12 / 12

SMTP

4 / 6

SMB

4 / 5

IMAP

3 / 4

MONGODB

1 / 4

DOCKER

1 / 3

RTSP

1 / 1

REDIS

1 / 1

2a06:4882:9000::9c has a high threat confidence level of 62%, originating from United Kingdom, on the Driftnet Ltd network (211298). It has been observed across 76 sessions targeting HTTPS, POSTGRES, SIP, MSSQL, SMTP and 6 other protocols, First observed on January 20, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Rtsp Options Probe

low1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

Mongodb Handshake Fingerprint

info1x

Client performs a modern MongoDB handshake using the hello command followed by a buildinfo request to gather server capabilities and version details. This sequence is commonly associated with automated fingerprinting or discovery activity against exposed MongoDB instances rather than normal application queries.

Redis Info Command Invocation

info1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

Primitives

Individual actions observed

Mongodb Hello4 Mongodb Buildinfo4 Rtsp Options1 Https Path Root1 Redis Info Lowercase1

Related Threats

Explore related threat intelligence

🇬🇧More threats fromUnited Kingdom ASMore threats fromDriftnet Ltd HTTPSMore threats targetingHTTPS POSTGRESMore threats targetingPOSTGRES SIPMore threats targetingSIP MSSQLMore threats targetingMSSQL SMTPMore threats targetingSMTP SMBMore threats targetingSMB IMAPMore threats targetingIMAP MONGODBMore threats targetingMONGODB DOCKERMore threats targetingDOCKER RTSPMore threats targetingRTSP REDISMore threats targetingREDIS { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
185.247.137.96	87%	328
185.247.137.76	81%	357
87.236.176.206	80%	355
185.247.137.80	88%	309
185.247.137.102	79%	304

IP Address	Confidence	Events
178.128.165.87	100%	1,125
193.181.46.12	100%	5,729
46.101.54.39	100%	2,241
185.247.137.159	77%	330
87.236.176.165	80%	305