Significant Threat
IP 167.94.146.55 is a high-risk address, evaluated at 8/10 threat level with 91% confidence, that has been repeatedly linked to hacking activity originating from US-based infrastructure operated by CENSYS-ARIN-02 (AS398705). With 431 total abuse reports spanning August 2025 through June 2026 and an activity frequency rating of 8/10, this IP represents a persistent, automated threat vector targeting exposed services across the internet. The overwhelming majority of reports (419) classify the activity as general hacking intrusion attempts, while one recent report flagged the address as an exploited host potentially being leveraged as an unwitting attack platform.
Detection data from 20 independent automated honeypot sensors documents sustained, high-volume activity over an eleven-month window, with attack-pattern indicators encompassing connection-based intrusion attempts and malware or exploit delivery behavior. The geographic and network context situates this IP within AS398705, an allocation associated with internet scanning and research infrastructure, though the volume and nature of current abuse reports confirm active malicious utilization regardless of the operator's original purpose. The 91% confidence score reflects strong corroboration across multiple independent detection points, establishing this address's threat reputation with substantial evidentiary certainty.
The dominant hacking classification signals systematic, automated attempts to compromise target systems through vulnerability scanning, exploit delivery, and unauthorized access vectors rather than opportunistic noise traffic. Such activity poses direct risk to any exposed service accepting connections from this address, as successful exploitation could grant attackers persistent foothold, data exfiltration capability, or the ability to pivot deeper into a network. The concurrent exploited host designation suggests this address may simultaneously function as both an active threat initiator and a compromised asset being misused by external threat actors, compounding the risk profile.
Site operators should implement immediate blocking or aggressive rate-limiting for traffic originating from 167.94.146.55 at the network perimeter. Exposed services should enforce strong authentication mechanisms, including key-based authentication for administrative protocols and account lockout policies to counter brute-force attempts. Maintaining comprehensive patch management across all internet-facing systems closes the vulnerabilities that such automated exploitation activity targets. Continuous traffic monitoring for unusual outbound connections can help identify if internal hosts have been compromised and enrolled in broader attack campaigns, while defensive tools such as fail2ban can dynamically respond to observed attack patterns from this address.
FR 
UA