AbuseIPDB » 167.94.138.112

167.94.138.112 was found in our database!

This IP was reported 4,445 times. Confidence of Abuse is 0%: ?

ISP	Censys, Inc.
Usage Type	Commercial
ASN	AS398324
Hostname(s)	scanner-27.ch1.censys-scanner.com
Domain Name	censys.com
Country	United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Important Note: 167.94.138.112 is an IP address from within our whitelist belonging to the subnet 167.94.138.0/24, which we identify as: "Censys (https://about.censys.io/)".

Whitelisted netblocks are typically owned by trusted entities, such as Google or Microsoft who may use them for search engine spiders. However, these same entities sometimes also provide cloud servers and mail services which are easily abused. Pay special attention when trusting or distrusting these IPs.

Report 167.94.138.112

Whois 167.94.138.112

IP Abuse Reports for 167.94.138.112:

This IP address has been reported a total of 4,445 times from 530 distinct sources. 167.94.138.112 was first reported on March 20th 2023, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
YaRi78	2025-06-09 21:34:41 (1 week ago)	Unsolicited postgresql connection attempt from 167.94.138.112 detected	Port Scan
StatsMe	2025-06-09 21:23:35 (1 week ago)	2025-06-09T00:16:37.418099+0300 ET DROP Dshield Block Listed Source group 1	Port Scan Hacking Spoofing Brute-Force
oonux.net	2025-06-09 20:53:15 (1 week ago)	RouterOS: Scanning detected TCP 167.94.138.112:58914 > x.x.x.x:8893	Port Scan
MPL	2025-06-09 20:30:35 (1 week ago)	tcp/9933 (6 or more attempts)	Port Scan
sid3windr	2025-06-09 18:29:56 (1 week ago)	SSH port scan (Tarpitted for 20s, wasted 7B)	Port Scan SSH
drewf.ink	2025-06-09 18:10:07 (1 week ago)	[18:10] Port scanning. Port(s) scanned: TCP/5060	Port Scan
Axel	2025-06-09 15:08:05 (1 week ago)	SSH login attempts (endlessh): 2025-06-09T13:55:36.334Z ACCEPT host=::ffff:167.94.138.112 port=52724 ... show moreSSH login attempts (endlessh): 2025-06-09T13:55:36.334Z ACCEPT host=::ffff:167.94.138.112 port=52724 fd=4 n=2/4096 show less	Brute-Force SSH
diego	2025-06-09 12:40:27 (1 week ago)	[rede-188] 2025-06-09 12:19:38, Client: 167.94.138.112, Protocol: 6, Unauthorized activity to HTTP: ... show more[rede-188] 2025-06-09 12:19:38, Client: 167.94.138.112, Protocol: 6, Unauthorized activity to HTTP: GET / show less	Web App Attack
6kilowatti	2025-06-09 09:59:41 (1 week ago)	Blocked by UFW on mummo [8443/tcp] Source port: 49112 TTL: 53 Packet length: 60<br ... show moreBlocked by UFW on mummo [8443/tcp] Source port: 49112 TTL: 53 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
tedmichalik.com	2025-06-09 08:49:43 (1 week ago)	167.94.138.112 - - [09/Jun/2025:04:49:42 -0400] "GET /login HTTP/1.1" 302 2991 "-" "Mozilla/5.0 (com ... show more167.94.138.112 - - [09/Jun/2025:04:49:42 -0400] "GET /login HTTP/1.1" 302 2991 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" ... show less	Web App Attack
sefinek.net	2025-06-09 07:21:40 (1 week ago)	Honeypot hit: Empty payload (likely service probe); 5391 [3] TCP	Port Scan
Brian Minton	2025-06-09 07:00:39 (1 week ago)	2025-06-09T02:00:09.256944-05:00 lab dovecot: imap-login: Disconnected: Connection closed (no auth a ... show more2025-06-09T02:00:09.256944-05:00 lab dovecot: imap-login: Disconnected: Connection closed (no auth attempts in 7 secs): user=<>, rip=167.94.138.112, lip=199.181.238.151, TLS: Connection closed, session=<Z7VnIR43TtSnXopw> 2025-06-09T02:00:31.041601-05:00 lab dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts in 2 secs): user=<>, rip=167.94.138.112, lip=199.181.238.151, session=<XxO0Ih43VuqnXopw> 2025-06-09T02:00:33.191448-05:00 lab dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts in 1 secs): user=<>, rip=167.94.138.112, lip=199.181.238.151, session=<Ru/UIh43eOqnXopw> 2025-06-09T02:00:35.890169-05:00 lab dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts in 1 secs): user=<>, rip=167.94.138.112, lip=199.181.238.151, session=<kR3+Ih43luqnXopw> 2025-06-09T02:00:38.383263-05:00 lab dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts in 1 secs): user=<>, rip=167.94.138.112, lip=199 ... show less	Brute-Force
mkaraki	2025-06-09 06:20:28 (1 week ago)	1749450026 # Service_probe # SIGNATURE_SEND # source_ip:167.94.138.112 # dst_port:10001 ...	Port Scan
webbfabriken	2025-06-09 04:42:09 (1 week ago)	spam or other hacking activities reported by webbfabriken security servers Attack reported by ... show morespam or other hacking activities reported by webbfabriken security servers Attack reported by Webbfabriken Security API - WFSecAPI show less	Web Spam
COMPLEX	2025-06-09 01:18:41 (1 week ago)	Honeypot [1]: Empty payload (likely service probe); 32474 [1] TCP	Port Scan

Showing 106 to 120 of 4445 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

94.250.204.163

14.225.3.79

47.251.88.12

45.144.212.48

219.139.83.165

173.208.51.146

20.83.151.102

52.73.169.169

167.94.138.137

198.235.24.37

51.68.236.95

110.227.111.8

170.64.237.212

170.64.190.188

103.68.55.71

162.84.155.190

172.174.72.225

68.183.88.186

103.152.159.188

104.168.35.231