JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.20.137.37

34.20.137.37 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 90%: ?

90%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	37.137.20.34.bc.googleusercontent.com
Domain Name	google.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.20.137.37

Whois 34.20.137.37

IP Abuse Reports for 34.20.137.37:

This IP address has been reported a total of 36 times from 24 distinct sources. 34.20.137.37 was first reported on June 9th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 WebNiraj	2026-06-12 02:12:50 (2 weeks ago)	(mod_security) mod_security (id:949110) triggered by 34.20.137.37 (US/United States/37.137.20.34.bc. ... show more (mod_security) mod_security (id:949110) triggered by 34.20.137.37 (US/United States/37.137.20.34.bc.googleusercontent.com): 5 in the last 3600 secs [SIGMA] show less	Brute-Force
🇳🇱 Site.eu	2026-06-11 12:49:51 (2 weeks ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 ghostwarriors	2026-06-11 09:20:05 (2 weeks ago)	Attempts against non-existent wp-login	Brute-Force Web App Attack
🇩🇪 4server	2026-06-11 03:04:02 (2 weeks ago)	[ThuJun1105:03:57.0120192026][security2:error][pid1352025:tid1352117][client34.20.137.37:0]ModSecuri ... show more [ThuJun1105:03:57.0120192026][security2:error][pid1352025:tid1352117][client34.20.137.37:0]ModSecurity:Accessdeniedwithcode403$phase2$.OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded$TotalScore:5$\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"www.fidmeyer.ch.136-243-54-122.cpanel.site\"][uri\"/api/env\"][unique_id\"aiolnS5z6XA8S5e82P8SZgAAAQA\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 rh24	2026-06-11 02:35:59 (2 weeks ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted] from 34.20.137.37 (US/Uni ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 34.20.137.37 (US/United States/37.137.20.34.bc.googleusercontent.com) show less	Bad Web Bot
🇬🇧 consul.to	2026-06-11 02:35:38 (2 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 Skyrider	2026-06-11 02:10:05 (2 weeks ago)	Nginx: HTTP 4xx probe/scan attempts. Automated fail2ban report.	Bad Web Bot Web App Attack
🇩🇪 updown.io	2026-06-11 01:20:04 (2 weeks ago)	{"level":"info","ts":1781140803.6722176,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1781140803.6722176,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.20.137.37","remote_port":"43858","client_ip":"34.20.137.37","proto":"HTTP/1.1","method":"GET","host":"kjihgfedcfedgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/actuator/heapdump","headers":{"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 10_0 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Mobile/14A346 Safari/602.1"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"]}},"bytes_read":0,"user_id":"","duration":0.0001001,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://kjihgfedcfedgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/actuator/heapdump"],"Content-Type":[]}} {"level":"info","ts":1781140803.6849837,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.20.137.37","remote_port":"43870","cli ... show less	DDoS Attack Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 01:17:59 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 34.20.137.37 (37.137.20.34.bc.googleusercontent ... show more (mod_security) mod_security (id:210730) triggered by 34.20.137.37 (37.137.20.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 21:17:52.232023 2026] [security2:error] [pid 13493:tid 13493] [client 34.20.137.37:41616] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.brojon.mroxygen.org\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.brojon.mroxygen.org"] [uri "/.config/gcloud/credentials.db"] [unique_id "aioMwLbgUWtceGTR32UkEQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 00:41:21 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 34.20.137.37 (37.137.20.34.bc.googleusercontent ... show more (mod_security) mod_security (id:210831) triggered by 34.20.137.37 (37.137.20.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 20:41:15.963638 2026] [security2:error] [pid 17237:tid 17237] [client 34.20.137.37:59910] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|arcadiapropertiesllc.com\|F\|4"] [data "Microsoft URL"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "arcadiapropertiesllc.com"] [uri "/heapdump"] [unique_id "aioEK_t5geERU0x2x7wwRAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 diosama	2026-06-10 23:55:11 (2 weeks ago)	CrowdSec blocked: crowdsecurity/appsec-vpatch	Brute-Force Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-10 22:00:24 (2 weeks ago)	Auto-ban: 260 malicious requests on 2026-06-09 (e.g., env/backup probes, brute-force, or error burst ... show more Auto-ban: 260 malicious requests on 2026-06-09 (e.g., env/backup probes, brute-force, or error bursts). show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-10 21:50:15 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 34.20.137.37 (37.137.20.34.bc.googleusercontent ... show more (mod_security) mod_security (id:210730) triggered by 34.20.137.37 (37.137.20.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 17:50:10.243238 2026] [security2:error] [pid 9751:tid 9751] [client 34.20.137.37:38640] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.weddings.jamesallenwalker.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.weddings.jamesallenwalker.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aincEsU-Ygi3CRHGWlg25gAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Octopuce	2026-06-10 21:35:58 (2 weeks ago)	Aggressive web search of vulnerable pages: /phpinfo.php /info.php /php.php /test.php /debug.php /adm ... show more Aggressive web search of vulnerable pages: /phpinfo.php /info.php /php.php /test.php /debug.php /admin/phpinfo.php /api/phpinfo.php /config.php ... show less	Web App Attack
🇺🇸 mnsf	2026-06-10 21:05:18 (2 weeks ago)	Abuse Detected (14)	Brute-Force Web App Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 189.245.166.146

🇰🇿 178.91.48.62

🇺🇸 172.212.200.188

🇮🇷 103.130.146.58

🇩🇪 64.226.126.224

🇹🇼 60.250.246.239

🇳🇱 45.198.224.134

🇺🇸 23.94.155.14

🇷🇺 5.255.231.6

🇮🇳 223.230.42.227

🇺🇦 194.44.78.232

🇵🇪 181.66.254.80

🇮🇹 151.77.66.132

🇺🇸 137.175.30.210

🇨🇳 124.239.153.90

🇻🇳 103.98.152.181

🇧🇬 79.124.49.174

🇮🇳 61.2.44.54

🇳🇱 45.153.34.112

🇸🇦 128.234.99.75