Report for IP: 71.6.233.2

Threat LevelLOW17/1001 rule type
1 incident on record · last seen 14d ago · known internet scanner
PTR N/A
Org / ASN Rapid7 Labs - Traffic originating from this network is expected and part of Project Sonar opendata.rapid7.com/about
Country 🇺🇸 United States
City Boston, Massachusetts
Timezone America/New_York
Internet ScannerRapid7
Rapid7 / Project Sonar — security company running internet-wide surveys to track vulnerabilities at scale. Sonar collects data on exposed services and certificates. All unsolicited scanning probes are treated as hostile traffic on this network regardless of stated purpose.

Attack Analysis

🇺🇸 United States · Boston · 10439 · Carinet, Inc.
Port 22 Honeypot Probe
This IP connected to a fake SSH honeypot — a port 22 listener that is not a real SSH server. This is an automated scanner fingerprinting targets before launching a brute-force campaign. Legitimate systems never probe port 22 without a specific reason; this activity is virtually 100% malicious.

Reports (1)

Date Severity Description
5 Jun 2026 - 16:04 high IDS: Port 22 honeypot probe

Related IPs — Same /24 Block (71.6.233.0/24)

71.6.233.224ELEVATED1 report71.6.233.160ELEVATED1 report
Part of EagleEye Intelligence