JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.159.47.189

34.159.47.189 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 74%: ?

74%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	189.47.159.34.bc.googleusercontent.com
Domain Name	google.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.159.47.189

Whois 34.159.47.189

IP Abuse Reports for 34.159.47.189:

This IP address has been reported a total of 18 times from 13 distinct sources. 34.159.47.189 was first reported on June 8th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-08 22:04:54 (5 days ago)	Auto-ban: >3000 req/min op 2026-06-08	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-08 17:00:23 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 34.159.47.189 (189.47.159.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.159.47.189 (189.47.159.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 13:00:18.186023 2026] [security2:error] [pid 32393:tid 32393] [client 34.159.47.189:35676] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|goldenvalley1.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "goldenvalley1.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aib1IlrNnqISIZG52T-L4AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-08 16:00:10 (5 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇩🇪 LRob.fr	2026-06-08 15:45:07 (5 days ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇨🇦 Mediashaker	2026-06-08 14:11:06 (5 days ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 34.159.47.189 (DE/German ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 34.159.47.189 (DE/Germany/189.47.159.34.bc.googleusercontent.com) show less	Port Scan
🇫🇷 masterguru	2026-06-08 13:23:30 (5 days ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-193)	Hacking
🇺🇸 TPI-Abuse	2026-06-08 13:08:41 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 34.159.47.189 (189.47.159.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.159.47.189 (189.47.159.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 09:08:36.044236 2026] [security2:error] [pid 5978:tid 5990] [client 34.159.47.189:36056] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.lavonnesells.com.oldnorthwestlandco.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.lavonnesells.com.oldnorthwestlandco.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aia-1HfbIUCiKyvxKKdQ3gAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 11:04:46 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 34.159.47.189 (189.47.159.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.159.47.189 (189.47.159.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 07:04:42.814408 2026] [security2:error] [pid 32742:tid 32742] [client 34.159.47.189:51098] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.usagreenrecycling.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.usagreenrecycling.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aiahymW--aFVxuUw0qjnvwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 09:38:06 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 34.159.47.189 (189.47.159.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.159.47.189 (189.47.159.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:37:59.905409 2026] [security2:error] [pid 8913:tid 8913] [client 34.159.47.189:38238] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.usashooters.gemexpressions.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.usashooters.gemexpressions.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aiaNdyREduREvMEzcj7o7wAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 09:18:02 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 34.159.47.189 (189.47.159.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.159.47.189 (189.47.159.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:17:55.429147 2026] [security2:error] [pid 15870:tid 15870] [client 34.159.47.189:46288] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lfrmtmorris.encoremtmorris.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lfrmtmorris.encoremtmorris.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aiaIw1ScPCsBcRz3giATXwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 pipeline.es	2026-06-08 04:19:24 (6 days ago)	Web scanning / probing for vulnerable paths \| URL: /docker-compose.yaml \| Evidence: evatourviagens.c ... show more Web scanning / probing for vulnerable paths \| URL: /docker-compose.yaml \| Evidence: evatourviagens.com.br 34.159.47.189 - - [08/Jun/2026:06:18:52 +0200] \"GET /docker-compose.yaml HTTP/1.1\" 404 18817 \"-\" \"MOTORIZR-Z8/46.00.00 Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; 356) Opera 8.65 [it] UP.Link/6.3.0.0.0\" GEOIP_COUNTRY_CODE=DE \| ASN: GOOGLE-CLOUD-PLATFORM \| Country: DE show less	Port Scan Web App Attack
🇳🇱 Savvii	2026-06-08 02:46:23 (6 days ago)	73 attempts against mh-misbehave-ban on twig	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-08 01:36:40 (6 days ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇩🇪 updown.io	2026-06-08 01:24:56 (6 days ago)	{"level":"info","ts":1780881895.1625147,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1780881895.1625147,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.159.47.189","remote_port":"39610","client_ip":"34.159.47.189","proto":"HTTP/1.1","method":"GET","host":"updown.fackovec.cz","uri":"/configprops","headers":{"Connection":["close"],"User-Agent":["Mozilla/5.0 (X11; U; Linux i686; rv:19.0) Gecko/20100101 Slackware/13 Firefox/19.0"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"updown.fackovec.cz","ech":false}},"bytes_read":0,"user_id":"","duration":0.000096092,"size":0,"status":429,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Retry-After":["1"]}} {"level":"info","ts":1780881895.1647012,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.159.47.189","remote_port":"39618","client_ip":"34.159.47.189","proto":"HTTP/1.1","method":"GET","host":"updown.fackovec.cz","uri":"/act ... show less	DDoS Attack Web App Attack
🇺🇸 mnsf	2026-06-08 01:05:34 (6 days ago)	Too many Status 40X (11) Scanning/Probing (61) Request Overload (383)	Brute-Force Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 191.5.205.64

🇩🇪 151.243.11.35

🇺🇸 147.185.132.153

🇸🇬 128.199.231.249

🇰🇷 123.200.94.165

🇸🇬 103.134.154.138

🇫🇷 80.15.18.195

🇳🇱 45.198.224.138

🇳🇱 45.148.10.157

🇳🇱 45.148.10.141

🇮🇳 43.228.166.224

🇰🇷 43.108.47.221

🇬🇧 35.203.210.180

🇪🇹 196.190.180.18

🇺🇿 195.158.14.232

🇵🇰 182.184.120.110

🇺🇸 162.216.150.219

🇨🇦 137.184.162.226

🇺🇸 128.203.200.235

🇺🇸 103.143.238.100