JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.105.94.158

34.105.94.158 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 61%: ?

61%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	158.94.105.34.bc.googleusercontent.com
Domain Name	google.com
Country	🇺🇸 United States of America
City	The Dalles, Oregon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.105.94.158

Whois 34.105.94.158

IP Abuse Reports for 34.105.94.158:

This IP address has been reported a total of 16 times from 10 distinct sources. 34.105.94.158 was first reported on June 8th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-09 22:00:39 (4 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-08. show less	Web App Attack SSH Hacking
🇭🇺 DumaNet	2026-06-09 06:59:00 (4 days ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 08. 05:44:25 Source IP: 34.105 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 08. 05:44:25 Source IP: 34.105.94.158 Portion of the log(s): 34.105.94.158 - [08/Jun/2026:05:44:23 +0200] "GET /.env~ HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36" 34.105.94.158 - [08/Jun/2026:05:44:23 +0200] "GET /dev/.env HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Linux i686; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46" 34.105.94.158 - [08/Jun/2026:05:44:23 +0200] "GET /stage/.env HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Linux; Android 9; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36" 34.105.94.158 - [08/Jun/2026:05:44:23 +0200] "GET /staging/.env HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Linux; Android 9; SM-G975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36" 34.105.94.158 - [08/Jun/2026:05:44:23 +0200] "GET /production/.env HTTP/1.1" 404 555 "-" "Mozilla show less	Web App Attack
🇺🇸 mnsf	2026-06-09 00:12:05 (5 days ago)	Abuse Detected (122)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 16:21:25 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 34.105.94.158 (158.94.105.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210492) triggered by 34.105.94.158 (158.94.105.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 12:21:18.997785 2026] [security2:error] [pid 14695:tid 14695] [client 34.105.94.158:45754] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "adn-media.net"] [uri "/.env.local"] [unique_id "aibr_ofzU0o_hNkiWbPArwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 kosada.com	2026-06-08 15:35:58 (5 days ago)	Web vulnerability probing: /.env.testing	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 14:24:34 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 34.105.94.158 (158.94.105.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210492) triggered by 34.105.94.158 (158.94.105.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 10:24:27.639161 2026] [security2:error] [pid 15592:tid 15592] [client 34.105.94.158:38736] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tinseltownartificials.com"] [uri "/.env.local"] [unique_id "aibQm8y7o5EnoRsckn7B0AAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 13:50:35 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 34.105.94.158 (158.94.105.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210492) triggered by 34.105.94.158 (158.94.105.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 09:50:32.415831 2026] [security2:error] [pid 4820:tid 4820] [client 34.105.94.158:46504] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cffragrances.iee-usa.com"] [uri "/.env.preprod"] [unique_id "aibIqE-3U5KtIHSMCcyF6QAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 zynex	2026-06-08 10:35:29 (5 days ago)	URL Probing: /dashboard/.env	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 10:26:48 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 34.105.94.158 (158.94.105.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210492) triggered by 34.105.94.158 (158.94.105.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 06:26:42.018465 2026] [security2:error] [pid 28732:tid 28732] [client 34.105.94.158:53474] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "flemingtonmartins.com"] [uri "/.env.template"] [unique_id "aiaY4ruj4aX0AO019BlSMgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-08 09:08:49 (5 days ago)	Scanning/Probing (93)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 06:32:08 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 34.105.94.158 (158.94.105.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210492) triggered by 34.105.94.158 (158.94.105.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 02:32:01.846822 2026] [security2:error] [pid 15351:tid 15379] [client 34.105.94.158:34522] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.californiaplasticsurgeon.com.aafm.us"] [uri "/.env.txt"] [unique_id "aiZh4Y95ENRBvHWVx_bu8wAAANg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 updown.io	2026-06-08 05:42:29 (6 days ago)	{"level":"info","ts":1780897345.4827027,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1780897345.4827027,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.105.94.158","remote_port":"51112","client_ip":"34.105.94.158","proto":"HTTP/1.1","method":"GET","host":"update.jidcbahgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/.env.backup","headers":{"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:45.9) Gecko/20100101 Goanna/3.2 Firefox/45.9 PaleMoon/27.4.0"]}},"bytes_read":0,"user_id":"","duration":0.002088656,"size":0,"status":308,"resp_headers":{"Location":["https://update.jidcbahgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/.env.backup"],"Content-Type":[],"Server":["Caddy"],"Connection":["close"]}} {"level":"info","ts":1780897345.4987993,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.105.94.158","remote_port":"51118","client_ip":"34.105.94.158","proto":"HTTP/1.1","m ... show less	DDoS Attack Web App Attack
🇺🇸 ipblock.com	2026-06-08 04:48:00 (6 days ago)	IPBlock protected site ID [4055-d][s=06]. Exploit request, vulnerability scanner.	Hacking Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-08 04:12:21 (6 days ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 01:46:59 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 34.105.94.158 (158.94.105.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210492) triggered by 34.105.94.158 (158.94.105.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 21:46:56.359992 2026] [security2:error] [pid 389:tid 389] [client 34.105.94.158:43428] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bhempower.com"] [uri "/.env.copy"] [unique_id "aiYfEAqNNO1alAcK1JADpwAAAFE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.182

🇹🇼 49.158.179.118

🇺🇸 34.22.45.52

🇦🇷 181.116.220.140

🇺🇸 172.214.155.235

🇺🇸 162.216.150.184

🇺🇸 136.109.181.87

🇰🇷 112.175.29.94

🇮🇩 103.175.225.15

🇬🇧 37.143.61.84

🇯🇵 34.84.188.215

🇺🇸 34.22.41.211

🇵🇭 27.110.166.67

🇮🇪 3.252.149.207

🇮🇳 2401:c080:3400:29fe:5400:5ff:fe17:1a4b

🇻🇪 201.249.193.193

🇮🇩 163.7.11.155

🇹🇼 35.221.210.111

🇮🇱 34.165.107.192

🇮🇳 34.131.63.119