IPMediumSignal 61/100

`167.94.146.79`

Location

United States

Frankfurt am Main, Hesse

ASN

AS398705

Censys, Inc.

First Seen

Jan 25, 2022

Last Seen

Jun 19, 2026

Jan 25

First Seen

1612d ago

Jun 19

Last Seen

7d ago

Reports

source reports

61%

Confidence

medium

Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

61%

Signal Score

61 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

53 techniques

Network Information

Country

United States

RegionFrankfurt am Main, Hesse

ASNAS398705

OrganizationCensys, Inc.

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

27 reports61% confidence

Source reports

61%

Confidence score

Category tags

abuseaccess controlaccount compromiseackack scanactive reconnaissanceactive scanactive scanningapacheapache attackeraptasiaattackattack preparatoryattack surface discoveryattacker ipaustraliaauthentication attemptsautomated activityautomated attackautomated-attackbad reputationbad web botblacklist candidateblacklisted ip addressbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attemptbrute-forcec2c2 communicationcanadacensys-benigncertcloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescommand & controlcommand and controlcommunication protocolcompromised hostconnect scancredential accesscredential guessingcredential harvestingcredential stuffingcyberattackdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackddos attacksdedecoy systemdenial of servicedigital oceandigitalocean environmentdistributed attacksencryptionenumerationenumeration attempteuropeexploit attemptexploitationexploitation activityexploited hostexternal threatexternal-scanningexternal_threatfinfin scanfirewall detectionfirewall evasionftpftp brute forcegermanyhackinghttp scannerhttpsidentity & access exploitationinbound scanindicatorindicators of compromiseinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial access vectorinitial_access_attemptinjection activityinjection attacksinternet of thingsinternet-facing assetsinternet-wide scaninternet_scannersintrusion detectioniot botnetiot securityiot/ics attackipv4ipv4 activityipv4 addressesipv4 scanningipv4 threatsjapanlateral movementmalicious activitymalicious communicationmalicious domainsmalicious ipsmalicious softwaremalicious trafficmalwaremanualmasscanmassive port scanmelbourne regionmirai botnetnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork traffic analysisnetwork-reconnaissancenetwork_enumerationnetwork_scannetwork_scanningnetworkscanningnmapnorth americanull scanoceaniaopen port detectionopen port identificationopportunistic attackeros detectionos fingerprintingpassword attackpassword attacksphishingphishing attackping of deathportscanpossible exploit attemptspotential vulnerability probingprocess injectionprotocol exploitationproxyransomwarerdp scanningreconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingsansscanscannerscanner ipsscannersscanning activitysecurity operationssecurity policyservice discoveryservice enumerationservice probingservice scanservice version detectionsmtpsocial engineeringsocradarsql injectionsshssh attackstealth scansynsyn port scansyn scant1016t1016.001t1018t1021t1021.001t1021.002t1040t1046t1055t1059t1059.003t1071t1071.001t1071.004t1076t1077t1078t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1583t1587.001t1589t1590t1590.001t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantcp-scanningtelnet scanningtelnet threatthreat actorthreat intelligencethreat preventionthreat-intelligencethreat_intelligencetokyotor nodetorontoudp port scanudp scanudp-scanningunauthorized accessunauthorized access attemptunauthorized activityunauthorized probingunited statesunknown threat actorusverified-benignvulnerability scanvultrvultr cloud infrastructurevultr infrastructure targetedvultr_platform_activityweb app attackweb application attackweb exploitationweb trafficxmasxmas scan

Activity Timeline

1 total obs

Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

61%

Confidence

Reports

First seenJan 25, 2022

Last seenJun 19, 2026

GeolocationUS

CountryUnited States

LocationFrankfurt am Main, Hesse

ASNAS398705

OrgCensys, Inc.

Coords50.0987, 8.6323

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: NetRange: 167.94.145.0 - 167.94.146.255 CIDR: 167.94.145.0/24, 167.94.146.0/24 NetName: CENSY NetHandle: NET-167-94-145-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: AS398705 Organization: Censys, Inc. (CENSY) RegDate: 2021-09-13 Updated: 2023-08-05 Ref: https://rdap.arin.net/registry/ip/167.94.145.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN

`167.94.146.79`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey