JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.95.210.27

34.95.210.27 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 92%: ?

92%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	27.210.95.34.bc.googleusercontent.com
Domain Name	google.com
Country	🇧🇷 Brazil
City	Sao Paulo, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.95.210.27

Whois 34.95.210.27

IP Abuse Reports for 34.95.210.27:

This IP address has been reported a total of 20 times from 16 distinct sources. 34.95.210.27 was first reported on June 14th 2026, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-15 17:06:06 (9 hours ago)	(mod_security) mod_security (id:210730) triggered by 34.95.210.27 (27.210.95.34.bc.googleusercontent ... show more (mod_security) mod_security (id:210730) triggered by 34.95.210.27 (27.210.95.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:06:02.882428 2026] [security2:error] [pid 23210:tid 23210] [client 34.95.210.27:60828] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|gpahomeinspections.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gpahomeinspections.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "ajAw-rcV89fVVMdl8k9RrgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-15 11:40:00 (15 hours ago)	Wordpress vulnerability scanning ...	Web App Attack
Anonymous	2026-06-15 11:13:40 (15 hours ago)	2026-06-15T11:13:39.161322+00:00 caddy caddy[63377]: {"level":"info","ts":1781522019.1612248,"logger ... show more 2026-06-15T11:13:39.161322+00:00 caddy caddy[63377]: {"level":"info","ts":1781522019.1612248,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"34.95.210.27","remote_port":"34434","client_ip":"34.95.210.27","proto":"HTTP/1.1","method":"GET","host":"static.19.232.132.142.clients.your-server.de","uri":"/.aws/config","headers":{"Connection":["close"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 OPR/60.0.3255.83"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"]}},"bytes_read":0,"user_id":"","duration":0.000047681,"size":0,"status":308,"resp_headers":{"Location":["https://static.19.232.132.142.clients.your-server.de/.aws/config"],"Content-Type":[],"Server":["Caddy"],"Connection":["close"]}} ... show less	Hacking Web App Attack
🇩🇪 LRob.fr	2026-06-15 08:15:06 (18 hours ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-15 08:01:31 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 34.95.210.27 (27.210.95.34.bc.googleusercontent ... show more (mod_security) mod_security (id:210492) triggered by 34.95.210.27 (27.210.95.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 04:01:27.180861 2026] [security2:error] [pid 2598:tid 2627] [client 34.95.210.27:39080] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "culturallyyours.org"] [uri "/api/v3/.env"] [unique_id "ai-xVyyyuxIrnUhX8e9dVAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-15 06:12:59 (20 hours ago)	[MonJun1508:12:54.9137522026][security2:error][pid3788818:tid3788894][client34.95.210.27:0]ModSecuri ... show more [MonJun1508:12:54.9137522026][security2:error][pid3788818:tid3788894][client34.95.210.27:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"traslochiamo.ch.136-243-54-122.cpanel.site\"][uri\"/env.bak\"][unique_id\"ai-X5rQIlTpZI9ViNxF2EgAAAE0\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 23:42:00 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 34.95.210.27 (27.210.95.34.bc.googleusercontent ... show more (mod_security) mod_security (id:210492) triggered by 34.95.210.27 (27.210.95.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 19:41:53.014097 2026] [security2:error] [pid 32506:tid 32506] [client 34.95.210.27:52870] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "forestvalleyfarm.com"] [uri "/.env.production.bak"] [unique_id "ai88QULY7_vHzPyaYw_yGwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Petros Stefanakis	2026-06-14 23:18:59 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted] 34.95.210.27 (BR/Brazil/27.210.95.34.bc ... show more (mod_security) mod_security triggered on hostname [redacted] 34.95.210.27 (BR/Brazil/27.210.95.34.bc.googleusercontent.com) show less	SQL Injection
🇺🇸 TPI-Abuse	2026-06-14 23:12:55 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 34.95.210.27 (27.210.95.34.bc.googleusercontent ... show more (mod_security) mod_security (id:210492) triggered by 34.95.210.27 (27.210.95.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 19:12:51.189293 2026] [security2:error] [pid 25928:tid 26046] [client 34.95.210.27:33920] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.desert-automotive.ceol.us"] [uri "/.env"] [unique_id "ai81c7DSwgM5fCKMUU4O6AAAAhA"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 zynex	2026-06-14 21:54:26 (1 day ago)	URL Probing: /staging/.env	Web App Attack
🇳🇱 Savvii	2026-06-14 12:28:26 (1 day ago)	20 attempts against mh-misbehave-ban on sonic	Brute-Force Bad Web Bot Web App Attack
🇳🇱 ConsulHosting	2026-06-14 07:39:29 (1 day ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇳🇱 wlt-blocker	2026-06-14 07:19:51 (1 day ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 mnsf	2026-06-14 06:08:00 (1 day ago)	Scanning/Probing (40)	Brute-Force Web App Attack
Anonymous	2026-06-14 05:12:02 (1 day ago)	Multiple web server 400 error codes from same source ip	Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 118.33.113.91

🇨🇳 113.93.109.152

🇺🇸 100.49.117.77

🇬🇧 87.236.176.107

🇺🇸 66.132.186.171

🇺🇸 63.141.245.60

🇬🇧 35.203.211.233

🇹🇼 211.21.61.225

🇵🇰 182.190.218.6

🇺🇸 173.255.242.196

🇺🇸 147.182.218.133

🇹🇭 147.50.227.79

🇻🇳 113.170.224.249

🇨🇳 112.113.130.102

🇱🇻 104.165.205.15

🇮🇳 103.248.120.6

🇮🇩 103.180.118.90

🇺🇸 91.230.168.189

🇲🇾 47.250.141.6

🇰🇪 41.89.96.242