167.94.146.49

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: 167.94.146.49

## Executive Summary

IP address 167.94.146.49 is a moderate-risk (40/100) infrastructure endpoint owned by Censys, Inc. (AS398705) operating within the 167.94.146.0/24 BGP prefix. The IP exhibits firewalled behavior with no active services, but maintains associations with threat intelligence and scanning operations. The subnet demonstrates elevated neighbor risk concentrations requiring contextual monitoring.

## Ownership & Infrastructure

Organization: Censys, Inc. (AS398705)
Geolocation: US (Frankfurt am Main region per geolocation consensus)
CIDR Block: 167.94.146.0/24
Control Plane: BGP-stable origin ASN 398705
Infrastructure Type: Firewalled endpoint with no open ports or active services

## Threat Indicators

Risk Score: 40 (Moderate Risk)
DNSBL Status: Listed on 2 of 8 total DNS blacklists
Threat Signals: 24 historical observations; recent activity shows threat indicator associations (Pulsedive pulse count: 50)
Blacklist Severity: High severity listings confirmed in recent observations
Campaign Correlation: No active campaign matches detected
Known Campaigns: None identified

## Network Behavior & Services

Service Status: No open ports detected; infrastructure type: Firewalled / No Services
DNS Resolution: Points to 49.146.94.167.censys-scanner.com
PTR Record: 49.146.94.167.censys-scanner.com (forward confirmed)
Network Role: Provider infrastructure with Censys branding

## Subnet Context (167.94.146.0/24)

Neighbor Count: 15 sibling IPs in subnet
Abuse Density: 0.1875 (classification: mostly_clean)
Risk Distribution: 15 medium-risk neighbors, 0 high-risk neighbors
Key Neighbor Risk Scores:

- 167.94.146.50-62: Risk 65 (medium-high)

- 167.94.146.48, 58, 63: Risk 40 (medium)

Threat Siblings: 3 IPs within subnet flagged as threats

## Temporal Analysis

Observation Count: 24 total signal observations
Ownership Changes: 0 (stable ownership)
Threat Persistence: 0 days (not persistently malicious)
Recent Activity: Multiple observations from 2026-06-25 showing threat indicator correlations

## Recommended Actions

Immediate

1. Monitor inbound traffic from 167.94.146.0/24 subnet for anomalous patterns

2. Review firewall rules for the associated Censys-scanner hostname (49.146.94.167.censys-scanner.com)

3. Implement DNS-level filtering for known threat feeds associated with the subnet's blacklists

Ongoing

1. Correlate with neighbor IPs (167.94.146.50-62) showing elevated risk scores

2. Track DNSBL listing changes for the 2 current blacklist associations

3. Monitor for service changes on the firewalled endpoint (new ports or HTTP activity)

Contextual

The subnet's mostly_clean classification (abuse density 0.1875) suggests legitimate use, but the 65-risk neighbor concentration warrants periodic review
Censys is a legitimate vulnerability scanning and intelligence provider; traffic should be evaluated based on specific threat indicators rather than source alone

---

*Report generated: IPDebrief Intelligence Analysis*

*Classification: Operational Intelligence*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	Hesse
City	Frankfurt am Main (Innenstadt I)
Timezone	—
Latitude	37.75
Longitude	-97.82

🏢 Ownership & Registration

Organization	Censys, Inc.
ASN	AS398705
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	49.146.94.167.censys-scanner.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`49.146.94.167.censys-scanner.com`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	33%	2	4
routing	13%	1	1
services	11%	1	2
ownership	20%	2	3
reputation	22%	1	3
geolocation	19%	2	2
Overall	20%	9	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-08 17:17:41 UTC
Last Seen	2026-06-26 18:10:45 UTC
Profile Built	2026-06-25 08:36:37 UTC
Data Freshness	Live
Signal Types	22
Total Observations	24

🔍 22 signal types · 24 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

167.94.146.49📋 Copy