High Risk
IP address 167.94.146.60 presents a high-risk threat profile with a threat level of 8/10 and a confidence rating of 84%, based on 539 total abuse reports submitted through 20 automated honeypot sensors over approximately nine months of activity between September 2025 and June 2026. The dominant threat category associated with this address is general hacking activity, accounting for 19 of the most recent reported incidents, supplemented by isolated reports of IoT-targeted attacks and port-scanning reconnaissance behavior.
The volume and consistency of reports for IP 167.94.146.60 paint a picture of persistent automated scanning infrastructure operating from AS398705 under the operator designation CENSYS-ARIN-02. The 539 total reports represent substantial exposure to threat-detection systems, while the activity frequency score of 8/10 indicates that this address initiates connections at a high rate against honeypot sensors. Abstracted attack-pattern indicators reference IoT and industrial control system reconnaissance, CiscoASA device probing, and Suricata intrusion-detection alerts capturing anomalous application-layer traffic patterns consistent with reconnaissance scanning. The nine-month reporting window demonstrates that whatever activity this IP conducts has been ongoing and systematic rather than opportunistic or transient.
The prevailing hacking-category activity reflects automated intrusion attempts and exploitation reconnaissance against exposed services. In practical terms, this means the address is likely running continuous scanning scripts designed to identify vulnerable entry points across internet-facing systems, cataloging potential targets for subsequent exploitation. The IoT-targeted subcategory signals specific interest in smart devices, routers, cameras, or industrial equipment with historically weak security postures. Port-scanning behavior serves as the foundational reconnaissance phase, systematically probing target networks to map open services and attack surface before launching more targeted intrusion attempts.
Organizations with internet-facing infrastructure should treat connections from IP 167.94.146.60 as hostile by default. Implementing strict firewall rules to block or heavily rate-limit unexplained inbound connections from this address range is recommended. Deploying fail2ban or similar dynamic blocking tools can automate the response to repeated scanning activity. Ensuring all internet-facing services run current security patches, minimizing the exposure of administrative interfaces, and segmenting IoT devices onto isolated network zones will reduce the effectiveness of any reconnaissance or intrusion attempts originating from addresses exhibiting this threat profile.
RO 
IR 
ES 
BG 
EE 
FR