167.94.146.52
IP Intelligence Briefing: 167.94.146.52
*Generated via IPDebrief tools: Profile, History, Relationships, Neighbors*
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership: Censys, Inc. (ASN 398705)
- Geolocation: US (generalized; no city/region)
- Threat Indicators: No known malicious activity, blacklists, or campaigns.
- Network Role: Firewalled / No Services (no open ports, TLS, or HTTP services).
---
**2. Observation History**
- Recent Activity (2026):
- DNS associations with `censys-scanner.com` (likely scanning infrastructure).
- DNSSEC validation and minimal route changes (stable routing).
- No persistent malicious behavior or threat persistence.
---
**3. Relationships**
- Key Associations:
- Strong DNS ties to `censys-scanner.com` (multiple resolved PTR records).
- Linked to subnet `CENSY` (Censys network).
- No connections to known malicious organizations or domains.
---
**4. Neighborhood Analysis**
- Subnet: `167.94.146.0/24`
- Abuse Density: 68.75% (high abuse risk in subnet).
- Neighbor Risks:
- 11/16 neighbors flagged as high-risk (65+ risk scores).
- 4 neighbors with moderate risk (40).
- Notable: IP is isolated in subnet but part of a broader high-abuse network.
---
**5. Actionable Insights**
- SOC Recommendations:
- Monitor traffic from this subnet for unusual patterns (high abuse density).
- Investigate DNS queries to `censys-scanner.com` for potential reconnaissance.
- Consider blocking or restricting traffic from this IP if it correlates with suspicious activity.
- Context: Likely benign (Censys is a legitimate cybersecurity company), but subnet-wide risks suggest vigilance.
---
Conclusion: 167.94.146.52 is a passive scanning node linked to Censys, with no direct malicious indicators. However, its subnetβs high abuse density warrants closer monitoring for potential lateral movement or compromised hosts.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Censys, Inc. |
| ASN | AS398705 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 52.146.94.167.censys-scanner.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 52.146.94.167.censys-scanner.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 21% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:52 UTC |
| Last Seen | 2026-06-26 18:10:45 UTC |
| Profile Built | 2026-06-22 20:15:57 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.