IPMediumSignal 82/100

`167.94.146.61`

Location

Germany

Frankfurt am Main, Hesse

ASN

AS398705

Censys, Inc.

First Seen

Jan 25, 2022

Last Seen

Jun 18, 2026

Jan 25

First Seen

1613d ago

Jun 18

Last Seen

8d ago

Reports

source reports

82%

Confidence

medium

Found in 44 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

82%

Signal Score

82 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

107 techniques

Network Information

Country

Germany

RegionFrankfurt am Main, Hesse

ASNAS398705

OrganizationCensys, Inc.

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

44 reports82% confidence

Source reports

82%

Confidence score

Category tags

abuseaccessaccess attemptaccess controlaccount compromiseackack scanactive reconnaissanceactive scanactive scanningadbadb honeypot activityadb scanningadbhoney activityadbhoney attackadbhoney attacksadbhoney exploitsadbhoney honeypotagentalertallamerican expressandroid devicesanomalous network connectionsapacheapache attackerapi servicesapplication layer attackapplication layer protocolaptasiaattachment phishingattackattack vectorsattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication_failuresautomated attackautomated attacksautomated emailautomated enumerationautomated reconnaissance activityautomated threatautomated threatsautomated-attackautomated_attackautomated_attacksbad reputationbad web botbase64base64 encodingbecblacklisted ip addressblock listblock.txtblockedblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebulk emailc2c2 communicationc2 servercanadacensys-benigncertchinachina mobilecins activecisco asacisco asa targetedcisco attackcisco devicecisco device attackcisco device attackscisco device scanningcisco device targetedcisco device targetingcisco exploitcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescisco vulnerability exploitationcisco_device_attackcisco_devicescisco_exploitcitrix attackcitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securityclassclosecloud infrastructurecloud infrastructure attackcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommon vulnerabilitiescommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised host activitycompromised hostscompromised systemcompromised system attemptcompromised systemsconnectconnect scanconnected devicesconpotconpot activityconpot attackconpot attacksconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationcontent deliverycountcountrycowriecowrie activitycowrie artifactscowrie attackcowrie attackscowrie capturecowrie datacowrie detectedcowrie emulationcowrie honeypotcowrie honeypot datacowrie honeypot detectioncowrie interactioncowrie interactionscowrie logscowrie sshcowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscowrie_attackcredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential compromise attemptcredential guessingcredential harvestingcredential phishingcredential stuffingcredential theftcredential-harvestingcredential-stuffingcredential_accesscredential_access_attemptscredential_stuffingcredentialaccesscvecve exploitation attemptdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration probedata harvestingdata harvesting attemptsdata store exposuredata theftdatabase activitydatabase attackdatabase attack attemptsdatabase attacksdatabase brute forcedatabase enumerationdatabase exploit attemptsdatabase exploitationdatabase exploitation attemptdatabase exploitation attemptsdatabase probingdatabase scandatabase securitydatabase serversdatabase-serverdatabase_serverddosddos amplificationddos attackddos preparationddos reflectiondedecoy systemdefense evasiondenial of servicedenial-of-servicedenial-of-service attemptdenied connectiondevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdionaeadionaea activitydionaea alertdionaea artifactsdionaea attackdionaea attacksdionaea capturedionaea detecteddionaea honeypotdionaea interactionsdionaea logsdionaea malwaredionaea malware analysisdionaea malware collectiondionaea malware detectiondistributed attacksdnp3dshield blockelasticpot activityelasticpot attackselasticpot dataelasticpot detectedelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityentropyenumerationenv-huntinget dropethernet/ipeu cyber policieseuropeeventsexecutable fileexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit scanexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploitation_attemptexploited hostexploitsexport-to-otxexposed services exploitationexternal access attemptsexternal-threatfail2ban alertfailed login attemptsfieldfinfin scanfinlandfirewall actionfirewall blockfirewall probingfrancefraud voipftpftp activityftp attackftp brute forceftp brute-forceftp scanftp scanninggeckogermanygithubgroupshackinghelloheralding activityheralding attackheralding attacksheralding probesheralding protocol abusehk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap attackhoneytrap datahoneytrap honeypothong konghttp attackhttp brute forcehttp probehttp probinghttp request anomalieshttp request anomalyhttp scannerhttp scanninghttp/shttpshttps scanninghuaweihurricane usicmpics attacksics securityics/scada attackics/scada attacksics/scada systemsidentity & access exploitationimapimap attackindicatorindustrial control systemsindustrial iotinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access activityinitial access vectorinitial_accessinitial_access_attemptinitiator ipinjection activityinjection attacksintel macinternet of thingsinternet-facing serviceinternet-wide scaninternet_scannersintrusion detectioniociocsiot analyticsiot applicationsiot attackiot device attacksiot device targetingiot exploitation attemptsiot platformsiot securityiot targetediot/ics attackiot_attackip-address-iocipmi scanningipphoney activityipphoney honeypotipv4ipv4 scanningipv4-iocit - securityjapankhtmlknown malicious iplamplamp attacklamp attack attemptlamp attackslamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server attackslamp server probelamp server targetlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability scanlamp_exploitlamp_stack_attacklateral movementlateral movement techniqueslcialinuxlinux malwarelinux malware probelinux serverslinux systemslinux x8664linux-server-attacklinux-systemlinux_server_attackslinux_serverslisted sourceloginlogin attacklogin attemptloginattackmailoney activitymailoney attackmailoney attacksmailoney email spoofingmailoney honeypotmailoney trafficmalaysiamalicious activitymalicious activity detectedmalicious communication blockingmalicious emailmalicious email activitymalicious emailsmalicious ip activitymalicious ipsmalicious ipv4malicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptsmalicious payload detectionmalicious scanmalicious script executionmalicious sftp activitymalicious sip activitymalicious softwaremalicious software detectionmalicious ssh activitymalicious trafficmalicious-login-attemptsmalicious_activitymalwaremalware attemptmalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware delivery attemptsmalware detectionmalware distributionmalware distribution attemptmalware download attemptmalware download attemptsmalware hostingmalware landingmalware propagationmalware scanningmalware_activitymanualmelbourne regionmispmobilemobile securitymobile threatmodbusmssqlmysql brute forcenation-state activitynetworknetwork attacksnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-devicenetwork-discoverynetwork_enumerationnetwork_intrusionnetwork_reconnaissancenetwork_scanningnetworkscanningnginxnmap scannorth americanull scanoceaniaopen port detectionopen proxyopportunistic attackeroriginos command injectionos credential dumpingos fingerprintingos xpasswordpassword attackpassword attackspassword crackingpassword sprayingpassword theftpassword_guessingpathpayment fraudperimeter devicesperimeter securitypgp signphishingphishing attackphishing campaignphishing trapphp exploitation attemptsphp injection attemptspingping of deathpolandpoor reputationportport-scanningportscanpossible botnet activitypossible botnet communicationpossible credential stuffingpossible exploit attemptpossible exploit attemptspossible malicious activitypossible malware deliverypossible malware deploymentpossible malware distributionpossible malware dropperpossible malware payloadpossible malware probingpossible malware propagationpossible mirai variantpossible reconnaissancepotential attack vectorpotential botnetpotential botnet activitypotential compromisepotential credential compromisepotential credential theftpotential exploitpotential exploit activitypotential exploit attemptspotential intrusionpotential intrusion attemptpotential lateral movementpotential malicious activitypotential malwarepotential malware activitypotential malware deliverypotential malware deploymentpotential malware distributionpotential malware downloadpotential malware infectionpotential malware uploadpotential reconnaissancepotential vulnerability assessmentprice requestprice request scamprivilege escalationprocess injectionprotoprotocol abuseprotocol exploitationprotocol scanprotocol-abuseproxypythonransomwarerdp scanningreconnaissancereconnaissance activityredis attacksredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot attacksredishoneypotredishoneypot activityredishoneypot attackregional securityremote accessremote access abuseremote access attemptremote access attemptsremote access serviceremote service exploitationremote servicesremote_accessremote_access_serviceresearchresearchedresource developmentresource hijackingrtbhsansscada/ics attacksscams & fraudscannerscanner detectionscanner ipscanner ipsscannersscanning activityschedule themescheduled task abusescorescriptscripting attackssecurity eventsecurity operationssecurity policysentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer p2p attacksentrypeer targetingserver exploitationserver securityserviceservice detectionservice discoveryservice enumerationservice exploitationservice probingservice scanservice scanningseveresftpsftp abusesftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitationsftp exploitation attemptsftp exploitation attemptssftp intrusion attemptsftp intrusion attemptssftp probingsftp protocolsftp scanningsftp traffic analysissftp-attacksftp_attackshellshell access attemptssipsip attackssip brute forcesip enumerationsip protocolsip scansip scanningsip vulnerability scanningsip_attackslugsmart devicessmb attackssmb brute forcesmb probingsmtpsmtp attackersmtp brute forcesmtp probesmtp probingsmtp scanningsmtp traffic analysissocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh bruteforcessh monitoringssh protocolssh scanssh-brutessh-brute-forcessh_bruteforcesslsurface websynsyn scant-pott1003t1003.001t1005t1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1029t1036t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1195t1195.002t1199t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1550.002t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1589t1589.002t1590t1590.001t1590.003t1590.004t1590.006t1592t1592.002t1593t1595t1595.001t1595.002t1595.003t1598t1598.003tannertanner activitytanner attacktanner attackstanner detectedtanner exploit kittanner honeypottanner honeypot activitytanner http honeypottanner interactionstanner web attacktargeting databasetariff server compromisetariff server themetariffs servertcptcp protocoltcp scantcp/23tcp/3306telecommunicationtelecommunicationstelnet attemptstelnet scanningtelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpottpotcettpstypeubuntuudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized-access-attemptunidentified attackerunidentified threat actorunited kingdomunited statesunknown threat actorunusual network trafficusus abuseus nonevalid accountsvalueverified-benignvnc protocolvoipvoip attackvoip attacksvoip servicesvoip systemsvpnvpn ipvulnerabilityvulnerability scanvultrvultr cloud infrastructurevultr infrastructure targetedvultr-platformweak credentialsweb apisweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb crawling detectionweb developmentweb exploit attemptweb exploit attemptsweb exploitationweb hostingweb infrastructureweb scannerweb serverweb server attackweb server attacksweb server exploitationweb serversweb servicesweb shellweb shell attemptweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-serverweb_attackweb_attacksweb_serverwestpac new zealandwetransfer abusewindows malwarewindows ntxmasxmas scan

Activity Timeline

1 total obs

Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

82%

Confidence

Reports

First seenJan 25, 2022

Last seenJun 18, 2026

GeolocationDE

CountryGermany

LocationFrankfurt am Main, Hesse

ASNAS398705

OrgCensys, Inc.

Coords50.0987, 8.6323

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw: NetRange: 167.94.145.0 - 167.94.146.255 CIDR: 167.94.145.0/24, 167.94.146.0/24 NetName: CENSY NetHandle: NET-167-94-145-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: AS398705 Organization: Censys, Inc. (CENSY) RegDate: 2021-09-13 Updated: 2023-08-05 Ref: https://rdap.arin.net/registry/ip/167.94.145.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN
references: https://github.com/telekom-security/tpotce, https://chiraba.com:8443/hourly, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

`167.94.146.61`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey