IPMediumSignal 84/100
167.94.146.60
Location
United StatesFrankfurt am Main, Michigan
ASN
AS398705
Censys, Inc.
First Seen
Nov 17, 2021
Last Seen
Jun 21, 2026
Found in 43 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionFrankfurt am Main, Michigan
ASNAS398705
OrganizationCensys, Inc.
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
43 reports84% confidence
43
Source reports
84%
Confidence score
Category tags
abuseaccessaccess attemptaccess controlaccount compromiseack scanactive reconnaissanceactive scanactive scanningadbadb scanningadbhoney activityadbhoney attackadbhoney attacksadbhoney honeypotadbhoney interactionsagentalertallamerican expressandroid devicesanomalous network connectionsapacheapache attackerapi servicesapplication layer attackapplication layer protocolaptasiaattackattack surface discoveryattacker ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failureauthentication failuresautomated attackautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated-attackautomated_attackautomated_attacksbad reputationbad web botblacklisted ip addressblock listblock.txtblocked ip addressesblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebrute-force attackbrute_forcebruteforcebuffer overflowc2c2 communicationcensys-benignchinachina mobilecins activecisco asacisco asa attackcisco asa targetedcisco attackcisco devicecisco device attackcisco device attackscisco device targetedcisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco exploitscisco logscisco network devicescisco vulnerability exploitationcisco_devicescisco_exploitcitrix attack attemptcitrix exploitation attemptcitrix exploitation attemptscitrix securityclassclosecloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncolumnscommandcommand & controlcommand and controlcommand executioncommand injectioncommand_injectioncommon password attackscommon vulnerabilitiescommon web exploitscommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised system attemptcompromised systemsconnectconnect scanconpotconpot activityconpot attackconpot attacksconpot emulationconpot honeypotconpot ics attacksconpot ics exploitationconpot ics/scada honeypotconpot interactionconpot interactionscontent deliverycountcountrycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detected activitycowrie emulationcowrie honeypotcowrie honeypot datacowrie honeypot detectioncowrie interactioncowrie interactionscowrie logscowrie sshcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscowrie ssh logscowrie_attackcredential accesscredential attackscredential brute forcecredential brute-forcecredential brute-forcingcredential bruteforcingcredential compromisecredential compromise attemptcredential exploitationcredential guessingcredential harvestingcredential stuffingcredential theftcredential-harvestingcredential-stuffingcredential_accesscredential_access_attemptscredentialscrosscross sitecross-site scripting attemptcsvctacve exploitationcve exploitation attemptdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration probedata harvesting attemptsdata store exposuredatabase activitydatabase attackdatabase attacksdatabase brute forcedatabase enumerationdatabase exploit attemptsdatabase exploitationdatabase exploitation attemptdatabase exploitation attemptsdatabase probingdatabase scandatabase securitydatabase serversdatabase-serverddosddos amplificationddos attackddos attacksddos attemptddos preparationdedecoy systemdefense evasiondenial of servicedenial-of-servicedenial-of-service attemptdevice managementdhcpdictionary attackdigital oceandionaeadionaea activitydionaea alertdionaea attackdionaea attacksdionaea capturedionaea emulationdionaea exploit attemptsdionaea exploitsdionaea honeypotdionaea interactionsdionaea logsdionaea malware analysisdionaea malware collectiondionaea malware detectiondirectory traversaldistributed attacksdnp3dshield blockelasticpot activityelasticpot attackselasticpot dataelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityentropyenumerationenv-huntinget dropethernet/ipeu cyber policieseuropeeventsexecutable fileexploitexploit attemptexploit attemptsexploit kitexploit kit activityexploit kitsexploit probingexploit scanexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexploitsexport-to-otxexposed services exploitationexternal access attemptsexternal threatexternal-scanningexternal-threatfail2ban alertfail2ban eventfail2ban triggeredfailed loginfailed login attemptsfieldfin scanfinlandfirewall evasionfrancefraud voipftogftpftp activityftp brute forceftp brute-forceftp scangeckogermanygithubgroupshackinghelloheralding activityheralding attacksheralding attemptsheralding behaviorheralding probesherolding attackshk abusehandlerhoneynet connecthoneypot 24h activityhoneypot datahoneytrap activityhoneytrap attackhoneytrap datahoneytrap emulationhoneytrap honeypothoneytrap logshong konghttp brute forcehttp exploitationhttp parserhttp parser attackhttp probinghttp request anomalieshttp scannerhttp scanninghttp/httpshttp/shttpshttps scanninghuaweihurricane usicmpics securityics/scada systemsidentity & access exploitationidleidsimapimap brute forceindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation leakageinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access activityinitial_accessinitial_access_attemptinitiator ipinjectioninjection activityinjection attacksinput validationinput validation bypassintel macinternet of thingsinternet-facing serviceinternet-facing servicesinternet_scannersintrusion detectioninvalid login attemptsiociocsiot attackiot attacksiot botnetiot deviceiot device targetingiot exploit attemptsiot securityiot targetediot/ics attackip-address-iocipmi scanningipphoney activityipphoney dataipphoney honeypotipsipv4ipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4-iocit infrastructureitalyjapankhtmlkill-chain exploitationkill-chain reconnaissanceknown malicious iplamplamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server probelamp server targetlamp server targetedlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack probinglamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp_exploitlateral movementlateral movement techniqueslcialdapleakagelfilinux malwarelinux serverlinux serverslinux systemslinux targetslinux x8664linux-server-attacklinux-systemlinux_server_attackslinux_serverslisted sourceload balancerlog analysisloginlogin attackslogin attemptlogin attemptslow-riskmail protocol abusemail protocol attacksmail service attackmailoney activitymailoney attackmailoney email attacksmailoney honeypotmailoney interactionsmailoney logsmailoney trafficmaimon scanmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious email activitymalicious emailsmalicious ip activitymalicious ip listmalicious ipv4malicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptsmalicious payload deliverymalicious payload detectionmalicious python scriptsmalicious scanmalicious script executionmalicious sftpmalicious sftp activitymalicious sip activitymalicious softwaremalicious software detectionmalicious ssh activitymalicious trafficmalicious-login-attemptsmalicious_activitymalwaremalware activitymalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware delivery attemptsmalware deploymentmalware detectionmalware distributionmalware downloadmalware download attemptmalware download attemptsmalware hostingmalware landingmalware propagationmalware propagation attemptmalware scanningmalware stagingmalware_activitymanualmasscanmelbourne regionmirai botnetmispmobilemobile securitymobile threatmodbusmssqlmysql brute forcenation-state activitynetworknetwork attacksnetwork devicenetwork device attacksnetwork device exploitationnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service attacknetwork service discoverynetwork service exploitationnetwork service scanningnetwork servicesnetwork traffic analysisnetwork-devicenetwork-discoverynetwork-reconnaissancenetwork_enumerationnetwork_reconnaissancenetwork_scanningnetwork_services_attacknetworkscanningnginxnmapnon-browser attacknorth americantpnull scanoceaniaopen port detectionopen proxyopportunistic attackeropportunistic attacksoracleos credential dumpingos fingerprintingos xosintowasp top 10parser attackpassword attackpassword attackspassword crackingpassword sprayingpasswords: testpathpath traversalpath_traversalpeexeperimeter devicesperimeter securitypgp signphishingphishing attackphishing trapphp injection attemptspingping of deathpolandpoor reputationportport-scanningportscanpossible botnet activitypossible compromisepossible credential reusepossible credential stuffingpossible credential theftpossible exploit attemptpossible exploit attemptspossible malware activitypossible malware distributionpossible malware dropperpossible malware payloadpossible malware propagationpossible mirai variantpossible reconnaissancepossible vulnerability exploitationpostgresql brute forcepotential botnetpotential botnet activitypotential compromisepotential credential compromisepotential credential theftpotential data exfiltrationpotential exploitpotential exploit activitypotential exploit attemptspotential intrusionpotential intrusion attemptpotential lateral movementpotential malicious activitypotential malwarepotential malware activitypotential malware deliverypotential malware deploymentpotential malware distributionpotential malware infectionpotential reconnaissancepotential vulnerability scanprivilege escalationprivilege escalation attemptprocess injectionprotoprotocol exploitationprotocol-abuseproxypythonransomwareransomware activityrdp scanningreconnaissancereconnaissance activityredisredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredishoneypotredishoneypot activityredishoneypot attackregional securityremote accessremote access abuseremote access attacksremote access attemptremote access attemptsremote access serviceremote service exploitationremote servicesremote_code_executionresearchresearchedresource hijackingrfirtbhsansscada/ics attacksscams & fraudscanscannerscanner detectionscanner ipscannersscanning activityscorescriptscripting attackssecurity operationssecurity policysentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer connectionssentrypeer datasentrypeer detectionsentrypeer logsserver exploitationserver securityserver sideserver-side code injectionserviceservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionseveresftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitationsftp exploitation attemptsftp exploitation attemptssftp intrusion attemptsftp probingsftp scanningsftp traffic analysissftp-attacksftp_attacksftp_protocolshellshell access attemptshell access attemptssipsip attackssip brute forcesip heraldingsip scansip scanningsip vulnerability exploitationsip vulnerability scansip_attacksip_protocolsite scriptingslugsmb brute forcesmb exploitationsmb probingsmb scanningsmtpsmtp attacksmtp brute forcesmtp probesmtp probingsmtp scanningsmtp traffic analysissocial engineeringsocks5socradarsoftware developmentsoftware exploitationspainspamspam campaignssql injectionsql injection attemptsql injection attemptssql_injectionsshssh attackssh attacksssh brute-forcessh bruteforcessh monitoringssh scanssh-brutessh-brute-forcessh_bruteforcessh_protocolstealth scansurface websynsyn scant-pott1003t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1070t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1185t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1213t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1539t1550t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1569t1569.002t1572t1583t1583.001t1583.002t1583.003t1583.004t1583.005t1583.006t1584t1584.001t1584.002t1584.003t1586t1586.001t1586.002t1587.001t1588t1588.002t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.006t1592t1592.002t1592.004t1595t1595.001t1595.002t1595.003t1600t1608tannertanner activitytanner attacktanner attackstanner detected activitytanner exploit attemptstanner exploit kittanner honeypot activitytanner interactionstanner logstargeting databasetcptcp protocoltcp scantcp scanningtcp-scanningtelecommunicationtelecommunicationstelnet attemptstelnet scanningtelnet threattelnet-brute-forcetelnet_protocoltextthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetotal eventstpottpotcetsectypeubuntuudp port scanudp scanudp-scanningunauthorised access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized probingunauthorized-access-attemptunidentified attackerunited kingdomunited statesunix targetsunknown threat actorunusual network trafficusus abuseus ip addressus noneus source ipuser enumerationuser-agent: testusernames: testvalid accountsvalueverified-benignvnc protocolvoipvoip attackvoip attacksvoip systemsvpnvpn ipvulnerability scanvultrvultr cloud infrastructurevultr infrastructure targetedvultr-platformwafwaf bypassweak credentialsweak password attackweb apisweb app attackweb application attackweb application attacksweb application exploitationweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb crawling detectionweb developmentweb exploit attemptsweb exploitationweb hostingweb infrastructureweb scannerweb serverweb server attackweb server attacksweb server exploitationweb serversweb servicesweb shellweb shell attemptweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-serverweb_attackweb_attacksweb_serverwestpac new zealandwindow scanwindowswindows malwarewindows ntxmas scanxpath injectionxsszmap
Activity Timeline
Jun 21Jun 21
Threat Activity Heatmap
· Peak: 2026-06-21LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
43
Reports
First seenNov 17, 2021
Last seenJun 21, 2026
GeolocationUS
CountryUnited States
LocationFrankfurt am Main, Michigan
ASNAS398705
OrgCensys, Inc.
Coords42.2780, -83.7408
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
- raw
- NetRange: 167.94.145.0 - 167.94.146.255 CIDR: 167.94.145.0/24, 167.94.146.0/24 NetName: CENSY NetHandle: NET-167-94-145-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: AS398705 Organization: Censys, Inc. (CENSY) RegDate: 2021-09-13 Updated: 2023-08-05 Ref: https://rdap.arin.net/registry/ip/167.94.145.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN
- references
- https://github.com/telekom-security/tpotce, https://chiraba.com:8443/hourly, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 6 days ago
Appeared in 43 threat reports