IP Address

167.94.146.49

IPv4 Public
US US
AS398705
CENSYS-ARIN-02
552 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
8/10 Threat
83% Confidence
552 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Above Average Risk
US
US Location
CENSYS-ARIN-02 ASN 398705
552 Reports
Honeypot Data Source

Notable Threat

IP 167.94.146.49 is a high-risk address linked to widespread hacking activity, having generated 531 abuse reports with a threat level of 8 out of 10 and an activity frequency rating of 8 out of 10. The IP has been continuously flagged by automated honeypot sensors since August 2025 through June 2026, indicating persistent malicious behavior over an extended monitoring period.

The address operates within AS398705 under the network operator CENSYS-ARIN-02 and is geolocated to the United States. With a confidence score of 84%, the correlation between observed behavior and known malicious patterns is substantial. Detection sources include 20 separate honeypot sensors, confirming the activity across multiple monitoring points. Recent reports document 19 instances of general hacking activity and one instance of exploited host behavior, with the primary attack vectors involving connection attempts and malware or exploit activity.

Hacking activity encompasses intrusion attempts, vulnerability exploitation and unauthorized access attempts against exposed services, while the detected exploited host classification indicates this address may originate from a compromised system being weaponized without the owner's knowledge. The combination of these threat categories suggests this IP functions as an active attack platform, potentially participating in broader automated campaigns against internet-facing infrastructure. The high report volume and frequency rating confirm this is not isolated or accidental traffic but sustained hostile activity targeting vulnerable systems.

Site operators should block IP 167.94.146.49 at the network perimeter to eliminate all inbound contact from this source. Implementing rate-limiting mechanisms on exposed services reduces the effectiveness of automated exploitation attempts. Authentication hardening through multi-factor authentication and strong credential policies significantly mitigates unauthorized access risk. Regular security monitoring, prompt patching of internet-facing services and deployment of defensive tools such as fail2ban provide additional layers of protection against this category of threat.

More threatening than 80% of monitored IPs

Threat Categories

Hacking 29
Exploited Host 1

Technical Details

General hacking activity includes various intrusion attempts, exploitation of vulnerabilities, and unauthorized access attempts.

Recommended Mitigations

Keep systems patched, implement intrusion detection, and follow security best practices.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over 4 weeks indicates persistent threat actor operations.

First Observed 11. May 2026
Last Activity 9. June 2026
Recent (7 days) 19 incidents

High-Risk Network Association

This IP belongs to a network (ASN 398705) with elevated threat levels. The ISP CENSYS-ARIN-02 hosts multiple reported malicious addresses, suggesting systemic security issues or permissive policies.

Network-wide patterns may indicate this is part of a larger malicious infrastructure.

Security Recommendations

Long-term blocking recommended.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 8/10 High
Critical
Activity Frequency 8/10 High
Confidence Score 83% Verified

Confidence History

30. May 2026 - 9. Jun 2026
83% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
New Hacking Honeypot 75%
New Hacking Honeypot 75%
New Hacking Honeypot 75%
New Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Exploited Host Honeypot 75%
Hacking Honeypot 75%
10 of 552 shown

Technical Details

Basic Information

IP Address
167.94.146.49
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class B

Geolocation

Country
US US
ASN
AS398705
ISP
CENSYS-ARIN-02

DNS Information

Reverse DNS
49.146.94.167.censys-scanner.com
PTR Record
Yes
Connection Type
Dynamic

Statistics

Total Reports
552
First Reported
17 Aug 2025
Last Reported
9 Jun 2026, 01:00

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS398705
Censys, Inc.
US US

Network Threat Assessment

7/10
This network shows moderate threat levels with some malicious activity patterns.

Network Statistics

45
Total IPs Monitored
6,021
Total Reports
133.8
Reports per IP

Network Context

This IP address belongs to Censys, Inc. (AS398705), which manages 45 IP addresses in our monitoring system. Out of these, 6,021 have been reported for suspicious activities, resulting in a network-wide threat level of 7/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

80 %

Global Threat Ranking

This IP is more threatening than 80% of all IPs in our database.

High Threat Percentile

Global Comparison

Compared against 199,317 reported IPs worldwide

Threat Level 8/10 avg: 5.3 ++
Total Reports 552 avg: 23 ++

Network Comparison

Compared against 45 IPs in ASN 398705

Threat Level 8/10 network avg: 8.6 =
Total Reports 552 network avg: 191 ++
Network CENSYS-ARIN-02 has overall threat level 7/10

Geographic Comparison

Compared against 38,426 IPs in US

Threat Level 8/10 country avg: 5.9 +
Total Reports 552 country avg: 41 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,017 threat incidents tracked globally • Last 24h: 18,967 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US THIS IP
    38,426 20.5%
  2. 02
    IN
    India IN
    28,977 15.5%
  3. 03
    CN
    China CN
    26,016 13.9%
  4. 04
    BR
    Brazil BR
    10,249 5.5%
  5. 05
    DE
    Germany DE
    7,139 3.8%
  6. 06
    SG
    Singapore SG
    6,475 3.5%
  7. 07
    ID
    Indonesia ID
    5,533 3%
  8. 08
    RU
    Russia RU
    4,701 2.5%
  9. 09
    PK
    Pakistan PK
    4,647 2.5%
  10. 10
    NL
    Netherlands NL
    4,355 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
9/10 Avg Threat
83% Avg Confidence
20 High Threat
High-risk network: Majority of related IPs are flagged
167.94.146.59 8/10
Confidence 94%
Reports 418
Location US US
8 Jun 2026
167.94.146.54 8/10
Confidence 93%
Reports 447
Location US US
8 Jun 2026
167.94.146.58 10/10
Confidence 93%
Reports 435
Location US US
9 Jun 2026
167.94.146.63 8/10
Confidence 93%
Reports 433
Location US US
8 Jun 2026
167.94.146.61 10/10
Confidence 93%
Reports 414
Location US US
8 Jun 2026
167.94.146.50 8/10
Confidence 92%
Reports 468
Location US US
9 Jun 2026
167.94.146.57 10/10
Confidence 91%
Reports 471
Location US US
9 Jun 2026
167.94.146.55 8/10
Confidence 90%
Reports 456
Location US US
9 Jun 2026
167.94.146.56 8/10
Confidence 88%
Reports 504
Location US US
9 Jun 2026
167.94.146.62 10/10
Confidence 88%
Reports 500
Location US US
8 Jun 2026
167.94.146.51 10/10
Confidence 87%
Reports 646
Location US US
9 Jun 2026
167.94.146.53 8/10
Confidence 87%
Reports 542
Location US US
8 Jun 2026
167.94.146.52 8/10
Confidence 86%
Reports 594
Location US US
9 Jun 2026
167.94.146.48 8/10
Confidence 86%
Reports 531
Location US US
9 Jun 2026
167.94.146.60 8/10
Confidence 84%
Reports 563
Location US US
9 Jun 2026
167.94.145.100 10/10
Confidence 67%
Reports 72
Location US US
8 Oct 2025
167.94.145.97 10/10
Confidence 64%
Reports 20
Location US US
7 Oct 2025
167.94.145.102 10/10
Confidence 63%
Reports 73
Location US US
16 Oct 2025
167.94.145.108 10/10
Confidence 63%
Reports 21
Location US US
7 Oct 2025
167.94.145.101 10/10
Confidence 62%
Reports 94
Location US US
15 Oct 2025

IPs from the same subnet range, likely same network segment.

16 Related IPs
8.8/10 Avg Threat
86% Avg Confidence
16 High Threat
High-risk network: Majority of related IPs are flagged
167.94.146.59 8/10
Confidence 94%
Reports 418
Location US US
8 Jun 2026
167.94.146.54 8/10
Confidence 93%
Reports 447
Location US US
8 Jun 2026
167.94.146.58 10/10
Confidence 93%
Reports 435
Location US US
9 Jun 2026
167.94.146.63 8/10
Confidence 93%
Reports 433
Location US US
8 Jun 2026
167.94.146.61 10/10
Confidence 93%
Reports 414
Location US US
8 Jun 2026
167.94.146.50 8/10
Confidence 92%
Reports 468
Location US US
9 Jun 2026
167.94.146.57 10/10
Confidence 91%
Reports 471
Location US US
9 Jun 2026
167.94.146.55 8/10
Confidence 90%
Reports 456
Location US US
9 Jun 2026
167.94.146.56 8/10
Confidence 88%
Reports 504
Location US US
9 Jun 2026
167.94.146.62 10/10
Confidence 88%
Reports 500
Location US US
8 Jun 2026
167.94.146.51 10/10
Confidence 87%
Reports 646
Location US US
9 Jun 2026
167.94.146.53 8/10
Confidence 87%
Reports 542
Location US US
8 Jun 2026
167.94.146.52 8/10
Confidence 86%
Reports 594
Location US US
9 Jun 2026
167.94.146.48 8/10
Confidence 86%
Reports 531
Location US US
9 Jun 2026
167.94.146.60 8/10
Confidence 84%
Reports 563
Location US US
9 Jun 2026
167.94.146.67 10/10
Confidence 35%
Reports 5
Location US US
15 Aug 2025

IPs from the same country with similar threat profiles.

15 Related IPs
8.3/10 Avg Threat
100% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
208.109.188.137 8/10
Confidence 100%
Reports 514
ISP GO-DADDY-COM-LLC
9 Jun 2026
50.6.7.129 8/10
Confidence 100%
Reports 447
ISP ORACLE-BMC-31898
22 May 2026
72.167.150.128 8/10
Confidence 100%
Reports 429
ISP GO-DADDY-COM-LLC
27 May 2026
50.6.229.148 8/10
Confidence 100%
Reports 346
ISP ORACLE-BMC-31898
9 May 2026
87.121.84.30 8/10
Confidence 100%
Reports 295
ISP Vpsvault.host Ltd
20 Apr 2026
50.6.226.221 10/10
Confidence 100%
Reports 223
ISP ORACLE-BMC-31898
2 Mar 2026
31.57.184.107 8/10
Confidence 100%
Reports 202
ISP Netiface LLC
3 Jun 2026
64.31.25.250 8/10
Confidence 100%
Reports 176
ISP Limestone Netwo...
8 Jun 2026
74.206.180.196 8/10
Confidence 100%
Reports 143
ISP MOJOHOST
4 Jun 2026
35.226.7.126 8/10
Confidence 100%
Reports 131
ISP Google LLC
18 May 2026
147.135.37.185 8/10
Confidence 100%
Reports 131
ISP OVH SAS
14 May 2026
162.241.152.21 8/10
Confidence 100%
Reports 126
ISP Network Solutio...
8 Jun 2026
38.95.35.74 8/10
Confidence 100%
Reports 112
ISP Limestone Netwo...
2 Jun 2026
50.6.169.131 8/10
Confidence 100%
Reports 106
ISP Network Solutio...
6 Jun 2026
162.214.206.32 10/10
Confidence 100%
Reports 98
ISP Unified Layer
30 May 2026

IPs with similar threat level and confidence scores.

15 Related IPs
8.9/10 Avg Threat
83% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
2a01:04f8:c012:4640:0000:0000:0000:0001 10/10
Confidence 83%
Reports 19,889
Location DE DE
9 Jun 2026
207.90.244.21 8/10
Confidence 83%
Reports 12,272
Location US US
9 Jun 2026
207.90.244.22 8/10
Confidence 83%
Reports 12,092
Location US US
9 Jun 2026
147.182.202.179 8/10
Confidence 83%
Reports 7,631
Location US US
9 Jun 2026
130.12.181.108 8/10
Confidence 83%
Reports 3,208
Location DE DE
6 Jun 2026
130.12.181.100 8/10
Confidence 83%
Reports 3,068
Location DE DE
6 Jun 2026
2.57.122.208 10/10
Confidence 83%
Reports 2,772
Location RO RO
13 May 2026
137.184.190.246 8/10
Confidence 83%
Reports 1,973
Location US US
9 Jun 2026
80.94.92.71 10/10
Confidence 83%
Reports 1,718
Location RO RO
3 Jun 2026
64.62.197.197 8/10
Confidence 83%
Reports 581
Location US US
9 Jun 2026
80.94.92.184 10/10
Confidence 83%
Reports 577
Location RO RO
4 Jun 2026
65.49.1.162 8/10
Confidence 83%
Reports 562
Location US US
9 Jun 2026
77.90.185.17 10/10
Confidence 83%
Reports 448
Location DE DE
9 Jun 2026
14.18.190.138 10/10
Confidence 83%
Reports 437
Location CN CN
9 Jun 2026
62.60.130.228 10/10
Confidence 83%
Reports 378
Location IR IR
9 Jun 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "167.94.146.49",
    "threat_level": 8,
    "confidence_score": 83,
    "total_reports": 552,
    "country_code": "US",
    "isp_name": "CENSYS-ARIN-02",
    "asn": "398705",
    "first_reported": "2025-08-17 07:06:25",
    "last_reported": "2026-06-09 01:00:47",
    "exported_at": "2026-06-09T07:52:48+02:00",
    "source": "https://reportedip.de/ip/167.94.146.49/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses