This IP address has been reported a total of
27
times from
26 distinct
sources.
104.155.30.159 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
SSH brute force attack on honeypot sensor. Credentials tried: GET / HTTP/1.1/Host: 31.187.198.146:23 ...
show moreSSH brute force attack on honeypot sensor. Credentials tried: GET / HTTP/1.1/Host: 31.187.198.146:23, User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36/Accept-Encoding: gzip, *1/$4 Detected by DShield/SANS ISC honeypot sensor.
show less
Failed login attempt for user User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537. ...
show moreFailed login attempt for user User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 on port unknown, total attempts: 1
show less
Automatic report from EV firewall log.
https://github.com/Ragnarocek/Windows_FW_AbuseIPDB_Reporti ...
show moreAutomatic report from EV firewall log.
https://github.com/Ragnarocek/Windows_FW_AbuseIPDB_Reporting ID: vyEw8ZqbajJ9vLW3IwBgK4xE3UnqDNjs
show less
Telnet credential brute-force observed by honeypot.
Source IP: 104.155.30.159
Targeted device: Ubunt ...
show moreTelnet credential brute-force observed by honeypot.
Source IP: 104.155.30.159
Targeted device: Ubuntu server
First seen: 05 Jul 2026 08:21:04 UTC
Last seen: 05 Jul 2026 08:21:04 UTC
Attempts: 1
Sample credentials: *1:$4
show less
Honeypot [honeypot-ca-sensor1]: Brute-force attack detected on 23/TELNET
โข Credentials: GET / HTTP/1 ...
show moreHoneypot [honeypot-ca-sensor1]: Brute-force attack detected on 23/TELNET
โข Credentials: GET / HTTP/1.1:Host: [SOME-IP]:23, User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36:Accept-Encoding: gzip, *1:$4, OPTIONS rtsp://example.com RTSP/1.0:Cseq: 7949
โข Number of login attempts: 4
โข 1 command(s) were executed during the session
show less
(eximsyntax) Exim syntax errors from 104.155.30.159 (BE/Belgium/Brussels Capital/Brussels/-/[AS39698 ...
show more(eximsyntax) Exim syntax errors from 104.155.30.159 (BE/Belgium/Brussels Capital/Brussels/-/[AS396982 GOOGLE-CLOUD-PLATFORM]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_EXIMSYNTAX; Logs: 2026-07-05 10:15:29 SMTP call from 159.30.155.104.bc.googleusercontent.com [104.155.30.159]:46720 dropped: too many syntax or protocol errors (last command was "?\f?", NULL)
show less
2026-07-05T08:37:13.817592+02:00 mx postfix/dnsblog[730285]: addr 104.155.30.159 listed by domain ze ...
show more2026-07-05T08:37:13.817592+02:00 mx postfix/dnsblog[730285]: addr 104.155.30.159 listed by domain zen.spamhaus.org as 127.0.0.4
2026-07-05T08:37:13.868443+02:00 mx postfix/dnsblog[730286]: addr 104.155.30.159 listed by domain zen.spamhaus.org as 127.0.0.4
2026-07-05T08:37:13.935760+02:00 mx postfix/dnsblog[730287]: addr 104.155.30.159 listed by domain zen.spamhaus.org as 127.0.0.4
...
show less
Jul 5 01:33:27 <mail.info> [redacted] sm-mta[24532]: 6655XRTe024532: rejecting commands from 159.30 ...
show moreJul 5 01:33:27 <mail.info> [redacted] sm-mta[24532]: 6655XRTe024532: rejecting commands from 159.30.155.104.bc.googleusercontent.com [104.155.30.159] due to pre-greeting traffic after 0 seconds
Jul 5 01:33:29 <mail.info> [redacted] sm-mta[24533]: 6655XTCE024533: rejecting commands from 159.30.155.104.bc.googleusercontent.com [104.155.30.159] due to pre-greeting traffic after 0 seconds
show less
Brute-Force
Showing 1 to
15
of 27 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ