Check an IP Address, Domain Name, Subnet, or ASN

71.6.232.28 was found in our database!

$ whois 71.6.232.28

country·🇺🇸 United States

isp·CariNet, Inc.

asn·AS10439

network·Standard

$ sikker risk 71.6.232.28scoring →

confidence

94%Very High

first_seen·Jan 21, 2026

last_seen·11m ago

first_reported·Mar 2, 2026

last_reported·13d ago

sessions·192

events·390

reports·3

$ sikker protocols 71.6.232.28

REDIS

27 / 147

HTTPS

56 / 93

HTTP

22 / 63

TELNET

48 / 48 / 1r

SMTP

39 / 39 / 1r

DOCKER

0 / 0 / 1r

$ sikker summary 71.6.232.28

71.6.232.28 has a threat confidence score of 94%. This IP address from United States (AS10439, CariNet, Inc.) has been observed in 192 honeypot sessions and reported 3 times targeting REDIS, HTTPS, HTTP, TELNET, SMTP and 1 other protocols. First observed on January 21, 2026, most recently active March 23, 2026.

$ sikker behaviors 71.6.232.28catalog →

lowRedis Automated Service Fingerprinting Sequence27x

Identifies an automated Redis service probing sequence consisting of PING, INFO (uppercase invocation), execution of a deliberately nonexistent command to assess error handling behavior, and QUIT. This tightly grouped pattern reflects reconnaissance and fingerprinting activity used by scanners and exploitation frameworks to determine Redis version, configuration details, and command availability prior to follow-on exploitation attempts. The inclusion of a nonexistent command indicates capability probing rather than normal client interaction.

infoHttps Root Path Request36x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 71.6.232.28

https_path_root37 smtp_ehlo_greeting32 redis_ping27 redis_quit27 redis_info_uppercase27 redis_nonexistent_command27 smtp_quit_session_termination17 http_method_get1

$ sikker reports 71.6.232.28submit →

Showing 3 of 3 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 10, 2026, 01:04	Brute Force	DOCKER	SikkerGuard: 2 blocked packets
User	Mar 4, 2026, 10:41	Brute Force	SMTP	SikkerGuard: 2 blocked packets
User	Mar 2, 2026, 19:40	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 71.6.232.28

🇺🇸·More threats fromUnited States→AS·More threats fromCariNet, Inc.→REDI·More threats targetingREDIS→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→TELN·More threats targetingTELNET→SMTP·More threats targetingSMTP→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
71.6.199.65	100%	1,785
71.6.134.234	100%	863
71.6.232.22	95%	1,110
66.240.236.119	100%	1,886
71.6.167.142	99%	1,939

IP Address	Confidence	Events
45.205.1.8	97%	7,605
20.81.46.129	45%	26
18.116.101.220	100%	33,319
64.62.156.94	99%	1,554
20.102.112.104	82%	2,330