JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.158.209.104

34.158.209.104 was found in our database!

This IP was reported 54 times. Confidence of Abuse is 100%: ?

100%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	104.209.158.34.bc.googleusercontent.com
Domain Name	google.com
Country	🇰🇷 Korea (the Republic of)
City	Seoul, Seoul

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.158.209.104

Whois 34.158.209.104

IP Abuse Reports for 34.158.209.104:

This IP address has been reported a total of 54 times from 36 distinct sources. 34.158.209.104 was first reported on June 8th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Ba-Yu	2026-06-12 02:07:34 (1 day ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇳🇱 ConsulHosting	2026-06-12 00:17:12 (1 day ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇩🇪 FeG Deutschland	2026-06-11 19:25:36 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇬🇧 consul.to	2026-06-11 15:53:13 (1 day ago)	Web attack/malicious scanning detected	Web App Attack
Anonymous	2026-06-11 14:44:36 (1 day ago)	Aggressive web scan	Web App Attack
🇫🇷 dynamix	2026-06-11 14:17:15 (1 day ago)	Multiple WAF Violations	Web App Attack
🇫🇷 masterguru	2026-06-11 09:56:18 (1 day ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 34.158.209.104 (104.209.158.34.bc.goo ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 34.158.209.104 (104.209.158.34.bc.googleusercontent.com): 1 in the last 3600 secs (0-195) show less	Hacking
🇺🇸 Void Vendor	2026-06-11 06:59:37 (1 day ago)	VoidTrap [15,21]: [offense #1 → 30 minutes] Honeypot: /api/v1/.env \| ip: 34.158.209.104 \| loc: Seoul ... show more VoidTrap [15,21]: [offense #1 → 30 minutes] Honeypot: /api/v1/.env \| ip: 34.158.209.104 \| loc: Seoul, Seoul, KR, AS396982 Google LLC \| path: /api/v1/.env \| ua: Roku/DVP-4.1 (024.01E01250A) show less	Hacking Web App Attack
🇧🇷 Halux	2026-06-11 04:15:27 (2 days ago)	34.158.209.104 Probing protected path or service	Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-10 22:00:46 (2 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-09. show less	Web App Attack SSH Hacking
🇩🇪 updown.io	2026-06-10 21:25:34 (2 days ago)	{"level":"info","ts":1781126732.6888893,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1781126732.6888893,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.158.209.104","remote_port":"60756","client_ip":"34.158.209.104","proto":"HTTP/1.1","method":"GET","host":"lkjihgupdate.update.xwvutsrqtsrqpsrqponmlkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/.env.copy","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"]}},"bytes_read":0,"user_id":"","duration":0.000077799,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://lkjihgupdate.update.xwvutsrqtsrqpsrqponmlkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/.env.copy"],"Content-Type":[]}} {"level":"info","ts":1781126732.7335954,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.158.209 ... show less	DDoS Attack Web App Attack
🇨🇦 polycoda	2026-06-10 20:26:55 (2 days ago)	AutoBlock: 🎯 Vulnerability Scanner (Non Decay-Based)	Hacking Web App Attack
Anonymous	2026-06-10 17:24:48 (2 days ago)	(caddyscan) Scanner path probe from 34.158.209.104 (KR/South Korea/104.209.158.34.bc.googleuserconte ... show more (caddyscan) Scanner path probe from 34.158.209.104 (KR/South Korea/104.209.158.34.bc.googleusercontent.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 34.158.209.104 - - [10/Jun/2026:17:24:47 +0000] "GET /.env.txt HTTP/1.1" [REDACTED] 200 2627 34.158.209.104 - - [10/Jun/2026:17:24:47 +0000] "GET /api/.env HTTP/1.1" [REDACTED] 200 2627 34.158.209.104 - - [10/Jun/2026:17:24:47 +0000] "GET /.env.dev HTTP/1.1" [REDACTED] 200 2627 34.158.209.104 - - [10/Jun/2026:17:24:47 +0000] "GET /api/.env.local HTTP/1.1" [REDACTED] 200 2627 34.158.209.104 - - [10/Jun/2026:17:24:47 +0000] "GET /api/.env.backup HTTP/1.1" show less	Port Scan
🇳🇱 Site.eu	2026-06-10 12:01:36 (2 days ago)	Excessive multi-domain requests	Brute-Force
🇬🇧 consul.to	2026-06-10 10:30:07 (2 days ago)	Web attack/malicious scanning detected	Web App Attack

Showing 1 to 15 of 54 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2a02:6ea0:c493:2003:f8a4:5f11:98a4:4ea5

🇪🇸 185.210.19.48

🇩🇪 167.94.146.52

🇺🇸 162.216.149.190

🇭🇰 150.5.141.198

🇰🇷 112.216.129.27

🇳🇱 37.139.8.32

🇮🇳 34.131.126.129

🇫🇮 34.88.135.181

🇰🇷 222.239.251.12

🇮🇳 202.71.25.10

🇷🇺 195.218.159.123

🇨🇴 190.60.242.28

🇺🇸 186.179.39.55

🇺🇸 186.179.14.124

🇺🇸 181.177.80.239

🇭🇰 172.253.6.17

🇺🇸 147.185.132.231

🇰🇷 115.91.48.142

🇫🇷 85.217.140.33