JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.180.58.1

34.180.58.1 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 65%: ?

65%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	1.58.180.34.bc.googleusercontent.com
Domain Name	google.com
Country	🇮🇳 India
City	Mumbai, Maharashtra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.180.58.1

Whois 34.180.58.1

IP Abuse Reports for 34.180.58.1:

This IP address has been reported a total of 19 times from 13 distinct sources. 34.180.58.1 was first reported on June 8th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-08 22:01:00 (1 week ago)	Auto-ban: >3000 req/min op 2026-06-08	Web App Attack SSH Hacking
Anonymous	2026-06-08 16:40:04 (1 week ago)	Bot / scanning and/or hacking attempts: GET /nginx.conf HTTP/1.1, GET /internal/config.json HTTP/1.1 ... show more Bot / scanning and/or hacking attempts: GET /nginx.conf HTTP/1.1, GET /internal/config.json HTTP/1.1, GET /config/application.properties HTTP/1.1, GET /logs/debug.log HTTP/1.1, GET /profiler HTTP/1.1, GET /v2/config.json HTTP/1.1, GET /sql/dump.sql HTTP/1.1, GET /docker-compose.prod.yml HTTP/1.1, GET /.idea/workspace.xml HTTP/1.1, GET /local-config.php HTTP/1.1, GET /profiler/phpinfo HTTP/1.1, GET /src/config.php HTTP/1.1, GET /config/parameters.yaml HTTP/1.1, GET /api/configprops HTTP/1.1, GET /debug.php HTTP/1.1, GET /credentials.yml HTTP/1.1, GET /app/parameters.yml HTTP/1.1, GET /admin/phpinfo.php HTTP/1.1, GET /wp-config.bak HTTP/1.1, GET /services/config.json HTTP/1.1, GET /server/settings.json HTTP/1.1, GET /deploy/docker-compose.yml HTTP/1.1, GET /backend/config.yml HTTP/1.1, GET /backend/docker-compose.prod.yml HTTP/1.1, GET /backend/parameters.yml HTTP/1.1, GET /.vscode/launch.json HTTP/1.1, GET /.vscode/tasks.json HTTP/1.1 show less	Hacking Web App Attack
Anonymous	2026-06-08 16:24:12 (1 week ago)	Bot / seems abusive / Apache connections: 123	DDoS Attack Web Spam Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 15:40:48 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 34.180.58.1 (1.58.180.34.bc.googleusercontent.c ... show more (mod_security) mod_security (id:210730) triggered by 34.180.58.1 (1.58.180.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 11:40:40.467317 2026] [security2:error] [pid 30257:tid 30257] [client 34.180.58.1:53022] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.chelseafootballprogrammes.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.chelseafootballprogrammes.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aibieP00jFeA9xvZh3aqOQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 dcnet	2026-06-08 14:01:02 (1 week ago)	FortiGate detected DOS attack from IPv4 address 34.180.58.1	DDoS Attack
🇺🇸 TPI-Abuse	2026-06-08 12:59:49 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 34.180.58.1 (1.58.180.34.bc.googleusercontent.c ... show more (mod_security) mod_security (id:210730) triggered by 34.180.58.1 (1.58.180.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 08:59:44.719334 2026] [security2:error] [pid 17889:tid 17889] [client 34.180.58.1:43004] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|k0cgy.net\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "k0cgy.net"] [uri "/.config/gcloud/credentials.db"] [unique_id "aia8wHAi1U9wkpKhLHv-1gAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-08 12:54:06 (1 week ago)	(mod_security) mod_security triggered on hostname [redacted] 34.180.58.1 (IN/India/1.58.180.34.bc.go ... show more (mod_security) mod_security triggered on hostname [redacted] 34.180.58.1 (IN/India/1.58.180.34.bc.googleusercontent.com) show less	SQL Injection
🇺🇸 TPI-Abuse	2026-06-08 12:01:50 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 34.180.58.1 (1.58.180.34.bc.googleusercontent.c ... show more (mod_security) mod_security (id:210492) triggered by 34.180.58.1 (1.58.180.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 08:01:45.310527 2026] [security2:error] [pid 3480:tid 3497] [client 34.180.58.1:46242] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/config/config.yml" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.safeco-ins.com"] [uri "/config/config.yml"] [unique_id "aiavKThng_WdrJdy2u3uKgAAAEw"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-08 11:47:51 (1 week ago)	Excessive multi-domain requests	Brute-Force
🇳🇱 Site.eu	2026-06-08 10:53:11 (1 week ago)	Excessive 404/403 errors	Brute-Force
🇩🇪 Marc	2026-06-08 10:35:57 (1 week ago)	34.180.58.1 - - [08/Jun/2026:12:35:56 +0200] "GET /.github/workflows/deploy.yml HTTP/1.1" 404 3230 " ... show more 34.180.58.1 - - [08/Jun/2026:12:35:56 +0200] "GET /.github/workflows/deploy.yml HTTP/1.1" 404 3230 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 YaBrowser/19.9.1.64 (beta) Yowser/2.5 Safari/537.36" 34.180.58.1 - - [08/Jun/2026:12:35:56 +0200] "GET /.github/workflows/production.yml HTTP/1.1" 404 3229 "-" "Mozilla/5.0 (Symbian/3; Series60/5.2 NokiaC6-01/011.010; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/525 (KHTML, like Gecko) Version/3.0 BrowserNG/7.2.7.2 3gpp-gba" 34.180.58.1 - - [08/Jun/2026:12:35:56 +0200] "GET /.github/workflows/main.yml HTTP/1.1" 404 3230 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8" show less	Brute-Force
🇫🇷 masterguru	2026-06-08 08:00:13 (1 week ago)	Restricted File Access Attempt. Matched phrase "credentials.json" at REQUEST_FILENAME. (930130-193)	Hacking Web App Attack
🇺🇸 mnsf	2026-06-08 05:07:10 (1 week ago)	Scanning/Probing (60) Request Overload (377)	Brute-Force Web App Attack
Anonymous	2026-06-08 04:05:10 (1 week ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇩🇪 IloGus	2026-06-08 04:00:17 (1 week ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 220.135.29.164

🇨🇳 203.76.241.18

🇳🇱 45.148.10.152

🇬🇧 35.203.211.43

🇨🇳 120.48.141.101

🇨🇳 113.246.154.35

🇪🇸 81.36.95.164

🇺🇸 66.132.172.146

🇧🇷 45.168.140.230

🇨🇦 216.26.232.74

🇷🇺 188.32.104.175

🇺🇸 147.185.132.149

🇺🇸 143.42.0.97

🇯🇵 128.1.49.46

🇭🇰 118.193.47.155

🇿🇦 102.129.55.242

🇫🇷 91.231.89.234

🇫🇷 91.231.89.158

🇩🇪 45.135.193.193

🇶🇦 37.211.178.234