JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.158.142.104

34.158.142.104 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 56%: ?

56%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	104.142.158.34.bc.googleusercontent.com
Domain Name	google.com
Country	🇳🇱 Netherlands
City	Groningen, Groningen

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.158.142.104

Whois 34.158.142.104

IP Abuse Reports for 34.158.142.104:

This IP address has been reported a total of 34 times from 17 distinct sources. 34.158.142.104 was first reported on May 11th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-05-19 22:45:00 (2 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇵🇱 sefinek.net	2026-05-19 16:37:05 (2 weeks ago)	Honeypot hit: Unauthorized traffic (239 bytes of payload); 3001 [4], 9000 [4], 8181 [4], 8001 [4], 5 ... show more Honeypot hit: Unauthorized traffic (239 bytes of payload); 3001 [4], 9000 [4], 8181 [4], 8001 [4], 5001 [4], 8000 [4] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-15 11:08:10 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 34.158.142.104 (104.142.158.34.bc.googleusercon ... show more (mod_security) mod_security (id:210730) triggered by 34.158.142.104 (104.142.158.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 07:08:05.616849 2026] [security2:error] [pid 32023:tid 32023] [client 34.158.142.104:34884] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|artocratic.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "artocratic.com"] [uri "/api.sql"] [unique_id "agb-lZsB_JNoHB9cF0Nz7wAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-05-14 17:00:55 (3 weeks ago)	Unauthorized access to webpage admin	Web App Attack
🇳🇱 e.fierstra	2026-05-14 13:37:18 (3 weeks ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
Anonymous	2026-05-14 07:39:06 (3 weeks ago)	(PERMBLOCK) 34.158.142.104 (NL/The Netherlands/104.142.158.34.bc.googleusercontent.com) has had more ... show more (PERMBLOCK) 34.158.142.104 (NL/The Netherlands/104.142.158.34.bc.googleusercontent.com) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs: show less	Port Scan
Anonymous	2026-05-14 07:11:41 (3 weeks ago)	(caddyscan) Scanner path probe from 34.158.142.104 (NL/The Netherlands/104.142.158.34.bc.googleuserc ... show more (caddyscan) Scanner path probe from 34.158.142.104 (NL/The Netherlands/104.142.158.34.bc.googleusercontent.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:07:11:35 +0000] "GET /.env.zip HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:07:11:36 +0000] "GET /.env.tar.gz HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:07:11:36 +0000] "GET /.env.tgz HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:07:11:37 +0000] "GET /.env.tar HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:07:11:37 +0000] "GET /.env.tar.bz2 HTTP/1.1" show less	Port Scan
Anonymous	2026-05-14 07:11:24 (3 weeks ago)	(mod_security) mod_security triggered on hostname [redacted] 34.158.142.104 (NL/Netherlands/104.142. ... show more (mod_security) mod_security triggered on hostname [redacted] 34.158.142.104 (NL/Netherlands/104.142.158.34.bc.googleusercontent.com) show less	SQL Injection
🇺🇸 TPI-Abuse	2026-05-14 06:22:17 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 34.158.142.104 (104.142.158.34.bc.googleusercon ... show more (mod_security) mod_security (id:210730) triggered by 34.158.142.104 (104.142.158.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 02:22:13.848810 2026] [security2:error] [pid 29368:tid 29368] [client 34.158.142.104:57016] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|rallentarecg.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rallentarecg.com"] [uri "/api.sql"] [unique_id "agVqFeoUysij5jjjl_eOVwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-14 03:51:15 (3 weeks ago)	(caddyscan) Scanner path probe from 34.158.142.104 (NL/The Netherlands/104.142.158.34.bc.googleuserc ... show more (caddyscan) Scanner path probe from 34.158.142.104 (NL/The Netherlands/104.142.158.34.bc.googleusercontent.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:03:51:05 +0000] "GET /.env.zip HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:03:51:06 +0000] "GET /.env.tar.gz HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:03:51:07 +0000] "GET /.env.tgz HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:03:51:07 +0000] "GET /.env.tar HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:03:51:08 +0000] "GET /.env.tar.bz2 HTTP/1.1" show less	Port Scan
🇺🇸 mnsf	2026-05-14 02:05:15 (3 weeks ago)	Too many Status 40X (16)	Brute-Force Web App Attack
Anonymous	2026-05-14 01:40:28 (3 weeks ago)	(caddyscan) Scanner path probe from 34.158.142.104 (NL/The Netherlands/104.142.158.34.bc.googleuserc ... show more (caddyscan) Scanner path probe from 34.158.142.104 (NL/The Netherlands/104.142.158.34.bc.googleusercontent.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:01:40:25 +0000] "GET /.env.zip HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:01:40:26 +0000] "GET /.env.tar.gz HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:01:40:26 +0000] "GET /.env.tgz HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:01:40:27 +0000] "GET /.env.tar HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:01:40:27 +0000] "GET /.env.tar.bz2 HTTP/1.1" show less	Port Scan
🇳🇱 Site.eu	2026-05-14 01:25:17 (3 weeks ago)	Excessive multi-domain requests	Brute-Force
🇬🇧 consul.to	2026-05-14 00:55:36 (3 weeks ago)	Web attack/malicious scanning detected	Web App Attack
Anonymous	2026-05-14 00:36:28 (3 weeks ago)	(caddyscan) Scanner path probe from 34.158.142.104 (NL/The Netherlands/104.142.158.34.bc.googleuserc ... show more (caddyscan) Scanner path probe from 34.158.142.104 (NL/The Netherlands/104.142.158.34.bc.googleusercontent.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:00:36:21 +0000] "GET /.env.zip HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:00:36:22 +0000] "GET /.env.tar.gz HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:00:36:22 +0000] "GET /.env.tgz HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:00:36:23 +0000] "GET /.env.tar HTTP/1.1" [REDACTED] 200 2627 34.158.142.104 - - [14/May/2026:00:36:24 +0000] "GET /.env.tar.bz2 HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 193.32.162.16

🇮🇳 122.187.230.162

🇺🇸 44.209.187.99

🇸🇬 35.240.174.82

🇳🇱 31.56.209.34

🇳🇱 20.23.229.100

🇮🇪 2a05:d018:10df:d401:4f6f:1619:36f9:d249

🇧🇪 198.235.24.195

🇦🇷 190.16.128.172

🇧🇷 186.236.48.208

🇺🇸 147.185.132.203

🇺🇸 108.167.177.224

🇰🇪 102.216.85.27

🇨🇳 101.126.55.95

🇧🇷 205.210.31.208

🇧🇷 205.210.31.200

🇧🇪 198.235.24.245

🇷🇴 193.32.162.13

🇺🇸 91.230.168.183

🇺🇸 147.185.132.64