JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.152.125.194

34.152.125.194 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 62%: ?

62%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	194.125.152.34.bc.googleusercontent.com
Domain Name	google.com
Country	🇺🇸 United States of America
City	Columbus, Ohio

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.152.125.194

Whois 34.152.125.194

IP Abuse Reports for 34.152.125.194:

This IP address has been reported a total of 12 times from 10 distinct sources. 34.152.125.194 was first reported on June 13th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-13 21:59:53 (4 days ago)	Auto-ban: >3000 req/min op 2026-06-13	Web App Attack SSH Hacking
🇫🇷 masterguru	2026-06-13 14:36:09 (5 days ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 34.152.125.194 (US/United States/194. ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 34.152.125.194 (US/United States/194.125.152.34.bc.googleusercontent.com): 1 in the last 3600 secs (0-195) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-13 11:11:33 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 34.152.125.194 (194.125.152.34.bc.googleusercon ... show more (mod_security) mod_security (id:210492) triggered by 34.152.125.194 (194.125.152.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 07:11:26.921557 2026] [security2:error] [pid 3378:tid 3378] [client 34.152.125.194:40204] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jessicabaer.com"] [uri "/prod/.env"] [unique_id "ai063iqLSDTpvnsivT_rZgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Savvii	2026-06-13 10:39:29 (5 days ago)	20 attempts against mh_ha-misbehave-ban on ec102950	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-13 10:39:18 (5 days ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 mnsf	2026-06-13 09:09:41 (5 days ago)	Abuse Detected (29)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 08:49:52 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 34.152.125.194 (194.125.152.34.bc.googleusercon ... show more (mod_security) mod_security (id:210492) triggered by 34.152.125.194 (194.125.152.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 04:49:44.124157 2026] [security2:error] [pid 30426:tid 30426] [client 34.152.125.194:58580] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nationalenq.internetnameregistration.com"] [uri "/app/.env.backup"] [unique_id "ai0ZqCpTLP61eFG7FtTBKQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 vaia.cloud	2026-06-13 07:28:01 (5 days ago)	trying wp-login.php/xmlrpc.php 146 times in 1 minutes	Brute-Force Web App Attack
🇫🇷 Octopuce	2026-06-13 07:22:25 (5 days ago)	Aggressive web search of vulnerable pages: /.env /.env.local /staging/.env /production/.env /api/.en ... show more Aggressive web search of vulnerable pages: /.env /.env.local /staging/.env /production/.env /api/.env.local ... show less	Web App Attack
🇩🇪 updown.io	2026-06-13 05:34:27 (5 days ago)	{"level":"info","ts":1781328866.252907,"logger":"http.log.access.log1","msg":"handled request","requ ... show more {"level":"info","ts":1781328866.252907,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.152.125.194","remote_port":"46360","client_ip":"34.152.125.194","proto":"HTTP/1.1","method":"GET","host":"update.ponmlkjihwww.cbedgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/api/v2/.env","headers":{"User-Agent":["Mozilla/5.0 (Linux; Android 6.0.1; SM-N915T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"]}},"bytes_read":0,"user_id":"","duration":0.000134005,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://update.ponmlkjihwww.cbedgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/api/v2/.env"],"Content-Type":[]}} {"level":"info","ts":1781328866.2533216,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.152.125.194","remote_port":"46 ... show less	DDoS Attack Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 05:17:24 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 34.152.125.194 (194.125.152.34.bc.googleusercon ... show more (mod_security) mod_security (id:210492) triggered by 34.152.125.194 (194.125.152.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 01:17:19.509397 2026] [security2:error] [pid 32504:tid 32504] [client 34.152.125.194:44438] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hatfieldborodems.com"] [uri "/.env.backup"] [unique_id "aizn3yDHG8gWutGmK1llZgAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-06-13 03:25:03 (5 days ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 161.38.144.163

🇺🇸 100.29.192.59

🇺🇸 74.196.127.84

🇺🇸 66.132.172.155

🇱🇹 45.227.254.170

🇳🇱 45.148.10.152

🇮🇩 43.157.203.234

🇬🇧 35.203.210.4

🇨🇳 222.246.240.162

🇺🇸 193.36.220.175

🇧🇷 177.9.133.8

🇫🇷 172.71.122.241

🇺🇸 165.154.36.71

🇮🇳 103.179.171.33

🇻🇳 103.82.21.8

🇮🇷 5.75.94.186

🇺🇸 2a04:c300:400::1ef

🇺🇸 165.154.218.137

🇸🇬 146.103.18.237

🇧🇷 102.211.152.138