JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.21.198.156

34.21.198.156 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 72%: ?

72%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	156.198.21.34.bc.googleusercontent.com
Domain Name	google.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.21.198.156

Whois 34.21.198.156

IP Abuse Reports for 34.21.198.156:

This IP address has been reported a total of 16 times from 15 distinct sources. 34.21.198.156 was first reported on June 14th 2026, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-16 22:01:17 (6 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-15. show less	Web App Attack SSH Hacking
🇺🇸 mnsf	2026-06-16 00:11:17 (1 week ago)	Scanning/Probing (12)	Brute-Force Web App Attack
🇫🇷 COMAITE	2026-06-15 17:06:04 (1 week ago)	Suspicious URL access.	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:31:40 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 34.21.198.156 (156.198.21.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.21.198.156 (156.198.21.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:31:34.912939 2026] [security2:error] [pid 17342:tid 17342] [client 34.21.198.156:56658] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bigheartskitchen.net\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bigheartskitchen.net"] [uri "/.config/gcloud/credentials.db"] [unique_id "ajAo5l_zn83T1NXYdDxKEAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 fazar	2026-06-15 15:21:37 (1 week ago)	crowdsecurity/http-sensitive-files on node: bdj03	Web App Attack Hacking
🇺🇸 jormaster3k	2026-06-15 13:28:19 (1 week ago)	Attack against Apache (too many 404s)	Web App Attack
Anonymous	2026-06-15 05:24:07 (1 week ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇩🇪 paissangroup	2026-06-15 04:16:23 (1 week ago)	Multiple WAF Violations	Web App Attack
🇩🇪 curiosity	2026-06-14 22:55:23 (1 week ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent	Web App Attack Bad Web Bot
🇫🇷 Octopuce	2026-06-14 20:50:48 (1 week ago)	Aggressive web search of vulnerable pages: /app/.env /storage/.env /app/.env.local /apps/frontend/.e ... show more Aggressive web search of vulnerable pages: /app/.env /storage/.env /app/.env.local /apps/frontend/.env /internal/.env ... show less	Web App Attack
🇩🇪 netclix.gr	2026-06-14 16:18:39 (1 week ago)	(mod_security) mod_security triggered on hostname [redacted] 34.21.198.156 (SG/Singapore/156.198.21. ... show more (mod_security) mod_security triggered on hostname [redacted] 34.21.198.156 (SG/Singapore/156.198.21.34.bc.googleusercontent.com): (CF_ENABLE) show less	SQL Injection
Anonymous	2026-06-14 15:10:24 (1 week ago)	Aggressive web scan	Web App Attack
Anonymous	2026-06-14 14:29:41 (1 week ago)	Http Port:80 (http_status:403) - Agent:Mozilla/5.0 (Linux; Android 8.1.0; MI 5X Build/OPM1.171019.01 ... show more Http Port:80 (http_status:403) - Agent:Mozilla/5.0 (Linux; Android 8.1.0; MI 5X Build/OPM1.171019.019) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Mobile Safari/537.36 show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 07:13:25 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 34.21.198.156 (156.198.21.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210492) triggered by 34.21.198.156 (156.198.21.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 03:13:21.588829 2026] [security2:error] [pid 28717:tid 28717] [client 34.21.198.156:41950] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "matchsticbranding.agency"] [uri "/.env.dist"] [unique_id "ai5UkdHInCNQpMyR9mvNPAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 dave	2026-06-14 02:12:16 (1 week ago)	threat-feed-sync observed repeated abuse from this IP after local filtering. scenarios=crowdsecurity ... show more threat-feed-sync observed repeated abuse from this IP after local filtering. scenarios=crowdsecurity/vpatch-env-access targets=lando hit_count=4 first_seen=2026-06-14T02:12:20Z last_seen=2026-06-14T02:12:16Z show less	Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇿 109.248.156.49

🇯🇵 8.216.11.149

🇯🇵 8.216.5.249

🇺🇸 209.50.171.19

🇧🇷 187.110.238.50

🇨🇳 182.244.0.150

🇵🇰 111.68.102.19

🇺🇸 104.238.215.91

🇧🇩 103.197.155.61

🇫🇷 91.231.89.137

🇧🇬 91.191.209.74

🇰🇷 59.24.28.114

🇰🇷 58.224.62.29

🇲🇦 41.250.204.200

🇺🇸 192.250.227.24

🇨🇳 192.144.218.190

🇮🇳 152.58.25.208

🇨🇳 101.70.108.159

🇺🇸 66.132.212.13

🇭🇰 45.249.247.165