AbuseIPDB » 167.94.138.112

167.94.138.112 was found in our database!

This IP was reported 3,967 times. Confidence of Abuse is 0%: ?

ISP	Censys, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS398324
Hostname(s)	scanner-27.ch1.censys-scanner.com
Domain Name	censys.com
Country	United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Important Note: 167.94.138.112 is an IP address from within our whitelist belonging to the subnet 167.94.138.0/24, which we identify as: "Censys (https://about.censys.io/)".

Whitelisted netblocks are typically owned by trusted entities, such as Google or Microsoft who may use them for search engine spiders. However, these same entities sometimes also provide cloud servers and mail services which are easily abused. Pay special attention when trusting or distrusting these IPs.

Report 167.94.138.112

Whois 167.94.138.112

IP Abuse Reports for 167.94.138.112:

This IP address has been reported a total of 3,967 times from 509 distinct sources. 167.94.138.112 was first reported on March 20th 2023, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
Sawasdee	2025-05-13 08:09:12 (4 hours ago)	Port Scan ...	Port Scan
Study Bitcoin 🤗	2025-05-13 06:28:56 (6 hours ago)	2 port probes: 2x tcp/139 (netbios) [srv134]	Port Scan
Study Bitcoin 🤗	2025-05-13 05:56:53 (6 hours ago)	Port probe to tcp/21 (ftp control) [srv125]	FTP Brute-Force Port Scan Brute-Force
librebit	2025-05-13 05:44:34 (6 hours ago)	Brute force	Brute-Force
ozisp.com.au	2025-05-13 04:16:20 (8 hours ago)	US_Censys,_<33>1747109779 [1:2402000:7365] ET DROP Dshield Block Listed Source group 1 [Classificati ... show moreUS_Censys,_<33>1747109779 [1:2402000:7365] ET DROP Dshield Block Listed Source group 1 [Classification: Misc Attack] [Priority: 2] {TCP} 167.94.138.112:49422 show less	Hacking
StatsMe	2025-05-13 02:48:48 (9 hours ago)	2025-05-12T13:59:16.221848+0300 ET DROP Dshield Block Listed Source group 1	Port Scan Hacking Spoofing Brute-Force
brantknudson.org	2025-05-13 00:57:25 (11 hours ago)	Client sent invalid (non-HTTP) message to honeypot web server: 167.94.138.112 - - [12/May/2025 ... show moreClient sent invalid (non-HTTP) message to honeypot web server: 167.94.138.112 - - [12/May/2025:19:57:24 -0500] "\x16\x03\x01" 400 408 "-" "-" show less	Web App Attack
Schnuffi	2025-05-13 00:28:09 (12 hours ago)	ports, 143/24H:1/7D:1, 21/24H:1/7D:1, 3000/24H:1/7D:1	Port Scan
webnestify	2025-05-12 22:21:42 (14 hours ago)	[Webnestify Honeypot - China] Unauthorized connection attempt on port 9999.	Port Scan Hacking Brute-Force
mkaraki	2025-05-12 22:02:53 (14 hours ago)	1747087371 # Service_probe # SIGNATURE_SEND # source_ip:167.94.138.112 # dst_port:18332 ...	Port Scan
Soncraft	2025-05-12 21:56:09 (14 hours ago)	Blocked by UFW on Jellyfin [2637/tcp] Source port: 36500 TTL: 52 Packet length: 60 ... show moreBlocked by UFW on Jellyfin [2637/tcp] Source port: 36500 TTL: 52 Packet length: 60 TOS: 0x08 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Study Bitcoin 🤗	2025-05-12 20:36:24 (15 hours ago)	Port probe to tcp/110 (post office- version 3) [srv128]	Port Scan
6kilowatti	2025-05-12 18:09:11 (18 hours ago)	Blocked by UFW on koti [853/tcp] Source port: 35966 TTL: 52 Packet length: 60<br / ... show moreBlocked by UFW on koti [853/tcp] Source port: 35966 TTL: 52 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
mueller-nils.com	2025-05-12 17:02:28 (19 hours ago)	May 12 19:02:03 [host] kernel: [5767320.865749] [UFW BLOCK] IN=venet0 OUT= MAC= SRC=167.94.138.112 D ... show moreMay 12 19:02:03 [host] kernel: [5767320.865749] [UFW BLOCK] IN=venet0 OUT= MAC= SRC=167.94.138.112 DST=[munged] LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=3343 DF PROTO=TCP SPT=40658 DPT=21 WINDOW=21900 RES=0x00 SYN URGP=0 May 12 19:02:04 [host] kernel: [57 show less	Port Scan
Study Bitcoin 🤗	2025-05-12 11:52:40 (1 day ago)	2 port probes: tcp/123 (network time), tcp/143 (internet message access) [srv133,srv131]	Port Scan

Showing 1 to 15 of 3967 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

118.121.203.170

103.160.148.170

54.36.148.205

34.94.79.79

52.169.68.99

82.207.8.218

185.93.89.118

51.68.126.207

117.14.242.192

45.135.232.92

152.32.135.62

185.93.89.118

103.141.208.61

154.221.29.240

8.219.231.183

172.174.250.151

122.116.34.56

207.154.234.158

45.148.10.67

211.178.165.251