AbuseIPDB » 167.94.138.38

167.94.138.38 was found in our database!

This IP was reported 3,415 times. Confidence of Abuse is 0%: ?

ISP	Censys, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS398324
Hostname(s)	scanner-06.ch1.censys-scanner.com
Domain Name	censys.com
Country	United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Important Note: 167.94.138.38 is an IP address from within our whitelist belonging to the subnet 167.94.138.0/24, which we identify as: "Censys (https://about.censys.io/)".

Whitelisted netblocks are typically owned by trusted entities, such as Google or Microsoft who may use them for search engine spiders. However, these same entities sometimes also provide cloud servers and mail services which are easily abused. Pay special attention when trusting or distrusting these IPs.

Report 167.94.138.38

Whois 167.94.138.38

IP Abuse Reports for 167.94.138.38:

This IP address has been reported a total of 3,415 times from 487 distinct sources. 167.94.138.38 was first reported on March 25th 2023, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
hostseries	2025-03-28 08:35:27 (1 hour ago)	Trigger: LF_EXIMSYNTAX	Brute-Force
Largnet SOC	2025-03-28 06:43:57 (3 hours ago)	167.94.138.38 triggered Icarus honeypot on port 1433. Check us out on github.	Port Scan Hacking
spamverify.com	2025-03-28 00:03:36 (10 hours ago)	Honeypot Hit: Port Scan (465) SMTP_SSL	Web Spam Blog Spam Bad Web Bot Web App Attack
Maike	2025-03-27 23:25:39 (10 hours ago)	ports, 465/24H:1/7D:1	Port Scan
Anonymous	2025-03-27 22:29:29 (11 hours ago)	$f2bV_matches	Brute-Force SSH
rtbh.com.tr	2025-03-27 20:48:32 (13 hours ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
Study Bitcoin 🤗	2025-03-27 18:34:25 (15 hours ago)	Port probe to tcp/22 (ssh) [srv129]	Port Scan Brute-Force SSH
Study Bitcoin 🤗	2025-03-27 16:15:02 (17 hours ago)	Port probe to tcp/31676 [srv136]	Port Scan
diego	2025-03-27 15:25:12 (18 hours ago)	[probe-68-69] 2025-03-27 15:02:44, Client: 167.94.138.38:42356, Protocol: 6, Unauthorized activity t ... show more[probe-68-69] 2025-03-27 15:02:44, Client: 167.94.138.38:42356, Protocol: 6, Unauthorized activity to HTTP: GET / show less	Web App Attack
diego	2025-03-27 15:02:43 (19 hours ago)	[rede-164-29] 03/27/2025-12:02:43.387971, 167.94.138.38, Protocol: 6, ET DROP Dshield Block Listed S ... show more[rede-164-29] 03/27/2025-12:02:43.387971, 167.94.138.38, Protocol: 6, ET DROP Dshield Block Listed Source group 1 show less	Hacking
ghostwarriors	2025-03-27 07:50:08 (1 day ago)	Unauthorized connection attempt detected, SSH Brute-Force	Port Scan Brute-Force SSH
mkaraki	2025-03-27 03:29:13 (1 day ago)	1743046151 # Service_probe # SIGNATURE_SEND # source_ip:167.94.138.38 # dst_port:10001 ...	Port Scan
sefinek.net	2025-03-27 01:22:16 (1 day ago)	Honeypot [kitty]: Empty payload on 52200/tcp (likely service probe)	Port Scan
ThreatBook.io	2025-03-27 01:09:57 (1 day ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/167.94.138.38	SSH
SSP	2025-03-27 01:00:01 (1 day ago)	Automatic report from iptables firewall - detected malicious activity	DDoS Attack Port Scan Hacking Brute-Force Web App Attack SSH