IP address
Tags:
Login attempts
Scanner
- IP blacklists
Spamhaus SBL CSS
134.209.30.30 is listed on the Spamhaus SBL CSS blacklist.
Description: The Spamhaus CSS is part of the SBL. CSS listings will have return code 127.0.0.3 to differentiate from regular SBL listings, which have return code 127.0.0.2.
Type of feed:
secondary (DNSBL) (
feed detail page)
Last checked at:
2025-12-19 10:53:17.610000
Was present on blacklist at:
2025-12-19 10:53
DataPlane SSH login
134.209.30.30 is listed on the DataPlane SSH login blacklist.
Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login to a host using SSH password authentication.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-12-20 07:10:06.289000
Was present on blacklist at:
2025-12-19 15:10,
2025-12-19 19:10,
2025-12-20 03:10,
2025-12-20 07:10
blocklist.de SSH
134.209.30.30 is listed on the blocklist.de SSH blacklist.
Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-12-19 17:05:00.348000
Was present on blacklist at:
2025-12-19 17:05
blocklist.de web-login
134.209.30.30 is listed on the blocklist.de web-login blacklist.
Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs that attacks Joomla, Wordpress and<br>other Web-Logins with Brute-Force Logins.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-12-20 05:05:00.417000
Was present on blacklist at:
2025-12-19 23:05,
2025-12-20 05:05
blocklist.de Apache
134.209.30.30 is listed on the blocklist.de Apache blacklist.
Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the service<br>Apache, Apache-DDOS, RFI-Attacks.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-12-20 05:05:05.329000
Was present on blacklist at:
2025-12-19 23:05,
2025-12-20 05:05
UCEPROTECT L1
134.209.30.30 is listed on the UCEPROTECT L1 blacklist.
Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-12-20 08:45:00.509000
Was present on blacklist at:
2025-12-20 00:45,
2025-12-20 08:45
BruteForceBlocker
134.209.30.30 is listed on the BruteForceBlocker blacklist.
Description: Daniel Gerzo's BruteForceBlocker. The list is made by perl script,<br>that works along with pf - OpenBSD's firewall and it's main<br>purpose is to block SSH bruteforce attacks via firewall.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-12-20 03:52:00.258000
Was present on blacklist at:
2025-12-20 03:52
- Warden events (38)
- 2025-12-19
-
-
ReconScanning (node.4dc198): 13
-
ReconScanning (node.368407): 7
-
AttemptLogin (node.d2ecc6): 17
-
IntrusionUserCompromise (node.d2ecc6): 1
- DShield reports (IP summary, reports)
- 2025-12-19
- Number of reports: 1075
- Distinct targets: 45
- Origin AS
- AS14061 - DIGITALOCEAN-ASN
- BGP Prefix
- 134.209.16.0/20
- geo
-
United Kingdom, Slough
- 🕑 Europe/London
- hostname
- (null)
- Address block ('inetnum' or 'NetRange' in whois database)
- 134.209.0.0 - 134.209.255.255
- last_activity
- 2025-12-19 18:36:07
- last_warden_event
- 2025-12-19 18:36:07
- rep
- 0.11666666666666667
- reserved_range
- 0
- Shodan's InternetDB
- Open ports: 22, 80, 110, 443, 1443, 4000, 8442, 20151
- Tags: cloud
- CPEs: cpe:/a:f5:nginx, cpe:/o:canonical:ubuntu_linux, cpe:/a:openbsd:openssh:8.9p1
- ts_added
- 2025-12-19 10:53:17.438000
- ts_last_update
- 2025-12-20 08:49:12.038000
Warden event timeline
DShield event timeline
Presence on blacklists
