JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.159.28.210

34.159.28.210 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 87%: ?

87%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	210.28.159.34.bc.googleusercontent.com
Domain Name	google.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.159.28.210

Whois 34.159.28.210

IP Abuse Reports for 34.159.28.210:

This IP address has been reported a total of 20 times from 15 distinct sources. 34.159.28.210 was first reported on June 8th 2026, and the most recent report was 28 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 alferez	2026-06-11 00:16:43 (28 minutes ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇪🇸 alferez	2026-06-10 00:01:52 (1 day ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇵🇱 dzpk	2026-06-09 04:31:37 (1 day ago)	34.159.28.210 - - [08/Jun/2026:07:28:13 +0200] "GET /backup.sql HTTP/1.1" 404 848 "-" "Mozilla/5.0 ( ... show more 34.159.28.210 - - [08/Jun/2026:07:28:13 +0200] "GET /backup.sql HTTP/1.1" 404 848 "-" "Mozilla/5.0 (Linux; Android 9; moto g(7) play) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36" show less	Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-08 21:59:35 (2 days ago)	Auto-ban: >3000 req/min op 2026-06-08	Web App Attack SSH Hacking
🇪🇸 alferez	2026-06-08 18:09:10 (2 days ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇫🇷 Hostynet	2026-06-08 14:51:42 (2 days ago)	TCP SYN flood detected by MikroTik RouterOS filter (sustained half-open connection rate from single ... show more TCP SYN flood detected by MikroTik RouterOS filter (sustained half-open connection rate from single source). Source automatically blacklisted. show less	DDoS Attack
🇳🇱 Roderic	2026-06-08 13:20:14 (2 days ago)	(mod_security) mod_security triggered on hostname [redacted])	SQL Injection
🇫🇷 dynamix	2026-06-08 11:59:22 (2 days ago)	Multiple WAF Violations	Web App Attack
🇳🇱 e.fierstra	2026-06-08 10:47:33 (2 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 10:21:56 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 34.159.28.210 (210.28.159.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.159.28.210 (210.28.159.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 06:21:48.316721 2026] [security2:error] [pid 8036:tid 8036] [client 34.159.28.210:37486] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|personal-sportswear.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "personal-sportswear.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aiaXvIDJmJD1d2kQuhdXKAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-08 08:46:33 (2 days ago)	Restricted File Access Attempt. Matched phrase ".aws/" at REQUEST_FILENAME. (930130-195)	Hacking Web App Attack
🇳🇱 Savvii	2026-06-08 06:18:17 (2 days ago)	15 attempts against mh-modsecurity-ban on pf221102	Brute-Force Web App Attack
🇵🇱 dzpk	2026-06-08 05:28:13 (2 days ago)	[08/Jun/2026:07:28:12 +0200] 178089649265.163835 34.159.28.210 42380 HOST 443 [08/Jun/2026:07:28:12 ... show more [08/Jun/2026:07:28:12 +0200] 178089649265.163835 34.159.28.210 42380 HOST 443 [08/Jun/2026:07:28:12 +0200] 178089649236.920309 34.159.28.210 42392 HOST 443 [08/Jun/2026:07:28:12 +0200] 178089649244.010904 34.159.28.210 42416 HOST 443 show less	Web App Attack
🇬🇧 consul.to	2026-06-08 05:18:28 (2 days ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 04:30:28 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 34.159.28.210 (210.28.159.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.159.28.210 (210.28.159.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 00:30:11.989106 2026] [security2:error] [pid 18121:tid 18121] [client 34.159.28.210:42448] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.backtosleep.backstore.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.backtosleep.backstore.com"] [uri "/backup.sql"] [unique_id "aiZFU6wpeL35qP5h3ACcsQAAAD8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.120

🇫🇮 135.181.182.250

🇨🇳 116.179.37.177

🇸🇬 114.119.139.207

🇱🇹 81.30.98.49

🇧🇬 79.124.56.138

🇧🇬 78.128.114.102

🇺🇸 64.62.197.77

🇮🇪 54.217.85.143

🇳🇱 45.148.10.82

🇬🇧 35.203.211.44

🇨🇳 14.103.120.147

🇨🇳 8.134.239.76

🇸🇬 194.164.107.4

🇸🇬 194.5.82.144

🇳🇱 193.176.31.226

🇲🇾 188.68.3.110

🇺🇿 185.191.141.115

🇺🇸 184.33.150.230

🇺🇸 172.182.196.48