AbuseIPDB » 167.94.145.102

167.94.145.102 was found in our database!

This IP was reported 16,131 times. Confidence of Abuse is 0%: ?

ISP	Censys, Inc.
Usage Type	Commercial
ASN	AS398705
Domain Name	censys.com
Country	Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Important Note: 167.94.145.102 is an IP address from within our whitelist belonging to the subnet 167.94.145.0/24, which we identify as: "Censys (https://about.censys.io/)".

Whitelisted netblocks are typically owned by trusted entities, such as Google or Microsoft who may use them for search engine spiders. However, these same entities sometimes also provide cloud servers and mail services which are easily abused. Pay special attention when trusting or distrusting these IPs.

Report 167.94.145.102

Whois 167.94.145.102

IP Abuse Reports for 167.94.145.102:

This IP address has been reported a total of 16,131 times from 720 distinct sources. 167.94.145.102 was first reported on April 19th 2024, and the most recent report was 17 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
Beta	2025-05-24 16:44:04 (17 minutes ago)	ports, 143/24H:1/7D:1, 21/24H:1/7D:1, 22/24H:1/7D:1, 5060/24H:1/7D:1	Port Scan
Study Bitcoin 🤗	2025-05-24 16:32:29 (29 minutes ago)	Port probe to tcp/3000 (remoteware client) [srv129]	Port Scan
SiyCah	2025-05-24 14:00:03 (3 hours ago)	IP banned by fail2ban; banned in jail postfix. Report generated by fail2abuseipdb.	Hacking Brute-Force
Largnet SOC	2025-05-24 13:03:59 (3 hours ago)	167.94.145.102 triggered Icarus honeypot on port 5900. Check us out on github.	Port Scan Hacking
Kiba Dempsey	2025-05-24 12:58:59 (4 hours ago)	2025-05-24T05:58:46.876717-07:00 gw1 sshd[706627]: refused connect from 167.94.145.102 (167.94.145.1 ... show more2025-05-24T05:58:46.876717-07:00 gw1 sshd[706627]: refused connect from 167.94.145.102 (167.94.145.102) 2025-05-24T05:58:55.250792-07:00 gw1 sshd[706628]: refused connect from 167.94.145.102 (167.94.145.102) 2025-05-24T05:58:58.429166-07:00 gw1 sshd[706629]: refused connect from 167.94.145.102 (167.94.145.102) ... show less	Brute-Force SSH
sefinek.net	2025-05-24 12:45:39 (4 hours ago)	Honeypot hit: Unauthorized traffic on 27017/mongod	Port Scan
mdgudell	2025-05-24 11:22:11 (5 hours ago)	[Sat May 24 06:22:00.315760 2025] [security2:error] [pid 282762:tid 282762] [client 167.94.145.102:4 ... show more[Sat May 24 06:22:00.315760 2025] [security2:error] [pid 282762:tid 282762] [client 167.94.145.102:40746] [client 167.94.145.102] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "70.122.135.34"] [severity "WARNING"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "70.122.135.34"] [uri "/"] [unique_id "aDGr2CIc6FVNni31cQ3y0wAAAAI"] [Sat May 24 06:22:10.783092 2025] [security2:error] [pid 282766:tid 282766] [client 167.94.145.102:56040] [client 167.94.145.102] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350" ... show less	Port Scan Web App Attack
Study Bitcoin 🤗	2025-05-24 10:23:01 (6 hours ago)	2 port probes: tcp/8006, tcp/5357 [srv136]	Port Scan
MPL	2025-05-24 08:58:55 (8 hours ago)	tcp port scan (14 or more attempts)	Port Scan
MPL	2025-05-24 08:58:55 (8 hours ago)	tcp port scan (14 or more attempts)	Port Scan
centurion	2025-05-24 08:34:04 (8 hours ago)	Blocked by UFW on ns03 [2379/tcp] Source port: 56560 TTL: 55 Packet length: 60<br ... show moreBlocked by UFW on ns03 [2379/tcp] Source port: 56560 TTL: 55 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
SSP	2025-05-24 08:00:03 (9 hours ago)	Automatic report from iptables firewall - detected malicious activity	DDoS Attack Port Scan Hacking Brute-Force Web App Attack SSH
Anonymous	2025-05-24 06:35:28 (10 hours ago)	Honeypot hit.	Port Scan Hacking Exploited Host
QUADEMU Abuse Dpt	2025-05-24 05:13:21 (11 hours ago)	Noxious/Nuisible/вредоносный Host.	Port Scan Exploited Host
Study Bitcoin 🤗	2025-05-24 05:04:55 (11 hours ago)	Port probe to tcp/7081 [srv135]	Port Scan

Showing 1 to 15 of 16131 reports

1
2
3
4
5
6
7
8
...
1075
1076
›

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

38.114.121.200

210.61.91.140

118.120.231.252

107.170.37.144

185.93.89.118

107.170.228.16

184.105.247.194

218.145.181.48

157.10.53.82

167.94.138.96

2607:ff10:c8:594::4

188.127.165.240

68.69.184.218

1.234.63.196

156.255.7.106

80.94.95.112

162.216.149.149

116.179.37.181

162.142.125.213

36.99.163.23