This IP address has been reported a total of
37
times from
26 distinct
sources.
34.158.202.80 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
[FriJun1203:18:28.6810342026][security2:error][pid2888693:tid2888792][client34.158.202.80:0]ModSecur ...
show more[FriJun1203:18:28.6810342026][security2:error][pid2888693:tid2888792][client34.158.202.80:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\(\?i\)\(\?:/\(\?:\^\|/\)\\\\\\\\.\(env\|git\|svn\|hg\|DS_Store\)\|/\(\?:wp-config\|\\\\\\\\.htaccess\|\\\\\\\\.htpasswd\)\|\\\\\\\\.\(\?:sql\|bak\|old\|log\)\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"beyondsecurity.ch\"][uri\"/env.old\"][unique_id\"aiteZFMKyAfSoB1MYfYecAAAAME\"]
show less
{"level":"info","ts":1781206737.493078,"logger":"http.log.access.log1","msg":"handled request","requ ...
show more{"level":"info","ts":1781206737.493078,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.158.202.80","remote_port":"42744","client_ip":"34.158.202.80","proto":"HTTP/1.1","method":"GET","host":"www.zvbciwww.ww.www.159.89.98.98.nip.io","uri":"/api/.env","headers":{"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36"]}},"bytes_read":0,"user_id":"","duration":0.000072478,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://www.zvbciwww.ww.www.159.89.98.98.nip.io/api/.env"],"Content-Type":[]}}
{"level":"info","ts":1781206737.4945736,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.158.202.80","remote_port":"42792","client_ip":"34.158.202.80","proto":"HTTP/1.1","method":"GET","host":"www.zvbciwww.ww.www.159.89.98.98.nip.io","uri":"
...
show less
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: KR, Attack patterns: Word ...
show moreBlocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: KR, Attack patterns: WordPress scanning, Backup file probing, Cloud secrets probing
show less
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show moreAuto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-09.
show less
Web App Attack
SSH
Hacking
Anonymous
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: KR, Attack patterns: Word ...
show moreBlocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: KR, Attack patterns: WordPress scanning, Backup file probing, Cloud secrets probing
show less
(mod_security) mod_security triggered on hostname [redacted] 34.158.202.80 (KR/South Korea/80.202.15 ...
show more(mod_security) mod_security triggered on hostname [redacted] 34.158.202.80 (KR/South Korea/80.202.158.34.bc.googleusercontent.com)
show less
(modsecurity) srv102 ModSecurity 34.158.202.80 (80.202.158.34.bc.googleusercontent.com): 10 in the l ...
show more(modsecurity) srv102 ModSecurity 34.158.202.80 (80.202.158.34.bc.googleusercontent.com): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 34.158.202.80 (80.202.158.34.bc.googl ...
show more(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 34.158.202.80 (80.202.158.34.bc.googleusercontent.com): 1 in the last 3600 secs (0-195)
show less