71.6.199.23
# INTELLIGENCE BRIEFING: 71.6.199.23
Classification: Moderate Risk | Date: 2026-06-18 | Status: Active Monitoring
---
## EXECUTIVE SUMMARY
IP address 71.6.199.23 presents a moderate risk profile (score: 55) with no confirmed malicious activity. The IP is associated with CariNet, Inc. (ASN 10439) and resolves to a single-service host configuration. While the IP itself shows no threat indicators, the broader subnet exhibits elevated abuse density requiring contextual awareness.
---
## OWNERSHIP & NETWORK ATTRIBUTES
| Attribute | Value |
|---|---|
| **Organization** | CariNet, Inc. |
| **ASN** | 10439 |
| **CIDR Block** | 71.6.199.0/25 |
| **Country** | US (CA) |
| **RIR** | ARIN |
| **Registration** | Inferred via RIR lookup |
Network Role: Single-service host with SSH service exposure.
---
## THREAT INTELLIGENCE
- Risk Score: 55/100 (Moderate)
- Known Campaigns: None detected
- Threat Feeds: No active matches
- DNSBL Listings: 3 of 8 total lists (high severity present)
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 0
Observed Services:
- Port 22/SSH: OpenSSH 7.6p1 Ubuntu-4ubuntu0.5
DNS Resolution:
- PTR Hostname: einstein.census.shodan.io
- Forward Resolution: Confirmed
---
## GEOLOCATION & CONTROL PLANE
- Geolocation: US (latitude 39.83, longitude -98.58)
- Origin ASN: 10439
- BGP Prefix: 71.6.128.0/17
- Route Stability: Not stable
- Operator Score: 0.2609 (Basic)
- Geo Confidence: 0.35 (moderate accuracy, 2500km radius)
---
## SUBNET CONTEXT (71.6.199.0/24)
- Abuse Density: 0.6667 (66.67% elevated)
- Subnet Classification: Mostly Clean
- Inherited Risk: 5
- Total Siblings: 3
- Active Siblings: 2
- Threat Siblings: 2
Neighbor Analysis:
| IP Address | Risk Score | Authority Score | Classification |
|---|---|---|---|
| 71.6.199.65 | 0 | 50 | Low Risk |
| 71.6.199.87 | 40 | 50 | Medium Risk |
---
## OBSERVATION HISTORY (Last 20 Signals)
- Latest Observation: 2026-06-18 17:02:15 UTC
- Signal Types: Geolocation, Subnet Analysis, Operator Score, Network Role, Threat Listings
- Confidence Range: 0.23β0.85
- Threat Persistence: 0 days (not persistently malicious)
- Ownership Changes: 0
- Threat Observations: 1
Recent Signal Timeline:
- 17:02:15 UTC β Geolocation (US, 0.35 confidence)
- 16:59:27 UTC β Subnet abuse density analysis
- 16:59:09 UTC β Operator score and network role classification
- 16:58:50 UTC β DNSBL listings (3 lists, high severity)
---
## RELATIONSHIP GRAPH
- Total Relationships: 76
- Primary Type: Same Network (NET-25)
- Linked Entities: Network blocks, organizational references
- No Certificate or Hostname Associations detected
---
## SOC ACTIONABLE INTELLIGENCE
Risk Assessment
This IP does not meet criteria for immediate blocking but warrants contextual monitoring due to subnet abuse density. The moderate risk score (55) with no active threat indicators suggests benign but potentially misconfigured infrastructure.
Monitoring Recommendations
1. Passive Monitoring: Monitor for outbound connections to known malicious destinations
2. Subnet Context: Be aware of 2 other IPs in the /24 subnet with elevated risk
3. DNSBL Watch: 3 DNSBL listings may indicate prior reputation issues
4. SSH Exposure: Port 22/SSH is open β verify if this is expected for CariNet infrastructure
Firewall/Rule Considerations
- No immediate blocking required
- Consider geo-blocking if traffic originates from non-US destinations
- Monitor for port scanning activity against port 22
- Review DNSBL listings if receiving complaints
Threat Indicators
Current: None
Historical: 1 threat observation recorded
Campaign Correlation: No matches in known campaigns
---
## CONCLUSION
IP 71.6.199.23 is a CariNet infrastructure endpoint with moderate risk characteristics. The primary concern is the high abuse density within its /24 subnet (66.67%), suggesting this IP may share infrastructure with other entities. While the IP itself shows no active malicious behavior, the subnet context warrants continued monitoring for correlated activity.
Recommended Action: Monitor with contextual awareness; no immediate remediation required.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | CariNet, Inc. |
| ASN | AS10439 |
| Network Name | NET-25 |
| CIDR Block | 71.6.199.0/25 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | β |
π DNS Intelligence
| PTR | einstein.census.shodan.io |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | einstein.census.shodan.io |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 37% | 2 | 5 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:33 UTC |
| Last Seen | 2026-06-26 18:11:33 UTC |
| Profile Built | 2026-06-26 02:32:56 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.