JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.159.238.94

34.159.238.94 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 62%: ?

62%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	94.238.159.34.bc.googleusercontent.com
Domain Name	google.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.159.238.94

Whois 34.159.238.94

IP Abuse Reports for 34.159.238.94:

This IP address has been reported a total of 16 times from 14 distinct sources. 34.159.238.94 was first reported on June 8th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-08 22:04:44 (1 week ago)	Auto-ban: >3000 req/min op 2026-06-08	Web App Attack SSH Hacking
🇳🇱 e.fierstra	2026-06-08 17:27:15 (1 week ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 16:22:38 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 34.159.238.94 (94.238.159.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.159.238.94 (94.238.159.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 12:22:30.633166 2026] [security2:error] [pid 17449:tid 17449] [client 34.159.238.94:40548] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|m2oblivion.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "m2oblivion.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aibsRv5zqlw_ZD7JZ6vG3wAAAGI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-08 16:18:56 (1 week ago)	Excessive multi-domain requests	Brute-Force
🇮🇹 ciccio diddo	2026-06-08 15:45:00 (1 week ago)	CMS/WP Exploit multiple 404 port:Tcp/80,443	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 11:40:42 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 34.159.238.94 (94.238.159.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.159.238.94 (94.238.159.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 07:40:39.826009 2026] [security2:error] [pid 31580:tid 31584] [client 34.159.238.94:53752] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dasperformance.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dasperformance.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aiaqN204iJC_2_FFbNrWLQAAAUI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Major Hostility	2026-06-08 10:16:11 (2 weeks ago)	"GET /actuator/heapdump HTTP/1.1" 404 "GET /actuator/env HTTP/1.1" 404 "GET /actuator/configprops HT ... show more "GET /actuator/heapdump HTTP/1.1" 404 "GET /actuator/env HTTP/1.1" 404 "GET /actuator/configprops HTTP/1.1" 404 "GET /actuator/logfile HTTP/1.1" 404 "GET /actuator/threaddump HTTP/1.1" 404 "GET /actuator/trace HTTP/1.1" 404 "GET /actuator/dump HTTP/1.1" 404 "GET /actuator/httptrace HTTP/1.1" 404 "GET /actuator/auditevents HTTP/1.1" 404 "GET /actuator/sessions HTTP/1.1" 404 "GET /configprops HTTP/1.1" 404 "GET /heapdump HTTP/1.1" 404 "GET /env HTTP/1.1" 404 "GET /dump HTTP/1.1" 404 "GET /trace HTTP/1.1" 404 "GET /logfile HTTP/1.1" 404 "GET /threaddump HTTP/1.1" 404 "GET /api/actuator/heapdump HTTP/1.1" 404 "GET /api/actuator/env HTTP/1.1" 404 "GET /api/ show less	Web App Attack
🇩🇪 updown.io	2026-06-08 09:09:58 (2 weeks ago)	{"level":"info","ts":1780909797.4272244,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1780909797.4272244,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.159.238.94","remote_port":"55664","client_ip":"34.159.238.94","proto":"HTTP/1.1","method":"GET","host":"www.www.hrgquwwwsxooxwww.159.89.98.98.nip.io","uri":"/actuator/heapdump","headers":{"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 12_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.4(0x17000428) NetType/WIFI Language/zh_CN"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"]}},"bytes_read":0,"user_id":"","duration":0.000078519,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://www.www.hrgquwwwsxooxwww.159.89.98.98.nip.io/actuator/heapdump"],"Content-Type":[]}} {"level":"info","ts":1780909797.4414027,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.159.238.94","remote_port":"55678","client_ip":"34.159.238.94 ... show less	DDoS Attack Web App Attack
🇺🇸 mnsf	2026-06-08 09:08:32 (2 weeks ago)	Scanning/Probing (61) Request Overload (383)	Brute-Force Web App Attack
Anonymous	2026-06-08 07:30:05 (2 weeks ago)	\| Suspicious URL access.	Web App Attack Hacking SQL Injection
🇩🇪 grassau.com	2026-06-08 06:38:34 (2 weeks ago)	Port Scan detected from 34.159.238.94 (DE/Germany/Hesse/Frankfurt am Main/94.238.159.34.bc.googleu ... show more Port Scan detected from 34.159.238.94 (DE/Germany/Hesse/Frankfurt am Main/94.238.159.34.bc.googleusercontent.com). show less	Port Scan
Anonymous	2026-06-08 04:59:15 (2 weeks ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇩🇪 dbmwebdesign	2026-06-08 03:10:20 (2 weeks ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇩🇪 KiekerJan	2026-06-08 02:07:00 (2 weeks ago)	34.159.238.94 - - [08/Jun/2026:04:06:59 +0200] "GET /backup.sql HTTP/1.1" 404 181 "-" "Mozilla/5.0 ( ... show more 34.159.238.94 - - [08/Jun/2026:04:06:59 +0200] "GET /backup.sql HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36" 34.159.238.94 - - [08/Jun/2026:04:06:59 +0200] "GET /dump.sql HTTP/1.1" 404 118 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/75.0.3770.103 Mobile/15E148 Safari/605.1" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 01:35:52 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 34.159.238.94 (94.238.159.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210831) triggered by 34.159.238.94 (94.238.159.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 21:35:46.432762 2026] [security2:error] [pid 22885:tid 22885] [client 34.159.238.94:59402] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|johnheinrich.com\|F\|4"] [data "Microsoft URL"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "johnheinrich.com"] [uri "/backend/actuator/env"] [unique_id "aiYccmYweE1Ex4NTHnerwAAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 223.237.27.82

🇰🇷 222.116.34.84

🇹🇷 213.128.70.19

🇮🇳 122.170.97.94

🇭🇰 114.111.52.109

🇷🇴 80.94.92.187

🇺🇸 20.119.99.184

🇯🇵 8.216.17.61

🇺🇸 134.209.219.34

🇹🇭 125.27.12.122

🇨🇳 116.179.32.23

🇷🇴 92.118.39.202

🇫🇷 91.196.152.180

🇷🇴 80.94.92.182

🇺🇸 17.132.72.13

🇮🇷 2.185.242.92

🇨🇳 222.140.217.203

🇨🇳 222.89.169.98

🇱🇰 220.247.237.236

🇹🇷 176.227.77.145