JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.84.137.21

34.84.137.21 was found in our database!

This IP was reported 40 times. Confidence of Abuse is 93%: ?

93%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	21.137.84.34.bc.googleusercontent.com
Domain Name	google.com
Country	🇯🇵 Japan
City	Tokyo, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.84.137.21

Whois 34.84.137.21

IP Abuse Reports for 34.84.137.21:

This IP address has been reported a total of 40 times from 28 distinct sources. 34.84.137.21 was first reported on June 8th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Epimetheus	2026-06-11 14:12:41 (2 weeks ago)	Zombie network / Bot scanner detected: [GET] /.env.backup.txt [GET] /services/auth/.env [GET] /var/ ... show more Zombie network / Bot scanner detected: [GET] /.env.backup.txt [GET] /services/auth/.env [GET] /var/.env [GET] /release/.env [GET] /htdocs/.env [GET] /admin/.env [GET] /backend/.env.staging [GET] /uploads/.env [GET] /dashboard/.env [GET] /html/.env [GET] /private/.env.production [GET] /services/api/.env [GET] /laravel/.env [GET] /temp/.env [GET] /data/.env [GET] /cms/.env [GET] /dist/.env [GET] /backend/.env [GET] /storage/.env [GET] /services/.env.local [GET] /private/.env [GET] /config/.env.local [GET] /public/.env [GET] /deploy/.env [GET] /frontend/.env.backup [GET] /services/backend/.env [GET] /wordpress/.env [GET] /docker/.env [GET] /www/.env [GET] /symfony/.env [GET] /admin/.env.local [GET] /apps/frontend/.env [GET] /config/.env.production [GET] /service/.env [GET] /server/.env.production [GET] /wp/.env [GET] /admin/.env.backup [GET] /backend/.env.production [GET] /backend/.env.bak [GET] /.env.test [GET] /api/.env.bak [GET] /api/v2/.env [GET] /backend/.env.prod [GE ...(Truncated) show less	Bad Web Bot Exploited Host Web App Attack
🇩🇪 Dominik Lysiak	2026-06-11 09:00:26 (2 weeks ago)	34.84.137.21 - - [11/Jun/2026:11:00:25 +0200] "GET /.env.live HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Wind ... show more 34.84.137.21 - - [11/Jun/2026:11:00:25 +0200] "GET /.env.live HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 6.2; rv:19.0) Gecko/20121129 Firefox/19.0" 34.84.137.21 - - [11/Jun/2026:11:00:25 +0200] "GET /.env.template HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Linux; Android 9; Nokia 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36" 34.84.137.21 - - [11/Jun/2026:11:00:25 +0200] "GET /.env.production.bak HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Linux; Android 7.0; LGMS428) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36" ... show less	Web App Attack
Anonymous	2026-06-11 04:54:16 (2 weeks ago)	34.84.137.21 - - [11/Jun/2026:06:54:14 +0200] "GET /api/.env.backup HTTP/1.1" 404 440 "-" "Mozilla/5 ... show more 34.84.137.21 - - [11/Jun/2026:06:54:14 +0200] "GET /api/.env.backup HTTP/1.1" 404 440 "-" "Mozilla/5.0 (compatible; Konqueror/4.2; Linux) KHTML/4.2.4 (like Gecko) Slackware/13.0" 34.84.137.21 - - [11/Jun/2026:06:54:14 +0200] "GET /api/.env.backup HTTP/1.1" 404 245 "-" "Mozilla/5.0 (compatible; Konqueror/4.2; Linux) KHTML/4.2.4 (like Gecko) Slackware/13.0" 34.84.137.21 - - [11/Jun/2026:06:54:14 +0200] "GET /uat/.env HTTP/1.1" 404 440 "-" "Opera/9.80 (Android; Opera Mini/42.0.2254/150.36; U; en) Presto/2.12.423 Version/12.16" 34.84.137.21 - - [11/Jun/2026:06:54:14 +0200] "GET /uat/.env HTTP/1.1" 404 245 "-" "Opera/9.80 (Android; Opera Mini/42.0.2254/150.36; U; en) Presto/2.12.423 Version/12.16" 34.84.137.21 - - [11/Jun/2026:06:54:14 +0200] "GET /test/.env HTTP/1.1" 404 440 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 OPR/62.0.3331.116" 34.84.137.21 - - [11/Jun/2026:06:54:14 +0200] "GET /test/.env HTTP/1.1" 404 245 ... show less	Bad Web Bot Web App Attack
🇩🇪 ecs.ge	2026-06-11 03:12:04 (2 weeks ago)	Automatic Fail2Ban report from jail plesk-modsecurity: multiple matching events detected.	Web App Attack Hacking
🇳🇱 ConsulHosting	2026-06-10 21:50:00 (2 weeks ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇨🇦 ISPLtd	2026-06-10 21:49:45 (2 weeks ago)	Jun 10 18:49:45 34.84.137.21 TCP SPT=56392 DPT=443 SYN Jun 10 18:49:45 34.84.137.21 TCP SPT=56404 DP ... show more Jun 10 18:49:45 34.84.137.21 TCP SPT=56392 DPT=443 SYN Jun 10 18:49:45 34.84.137.21 TCP SPT=56404 DPT=443 SYN Jun 10 18:49:45 34.84.137.21 TCP SPT=56396 DPT=443 SYN ... show less	DDoS Attack
🇩🇪 4server	2026-06-10 20:13:05 (2 weeks ago)	[WedJun1022:13:03.0417112026][security2:error][pid881351:tid881434][client34.84.137.21:0]ModSecurity ... show more [WedJun1022:13:03.0417112026][security2:error][pid881351:tid881434][client34.84.137.21:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:10\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"www.serban.ch\"][uri\"/.env.local\"][unique_id\"ainFTyKXrawV86G5BoZEwAAAAJM\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-06-10 17:45:45 (2 weeks ago)	(mod_security) mod_security triggered on hostname [redacted] 34.84.137.21 (JP/Japan/21.137.84.34.bc. ... show more (mod_security) mod_security triggered on hostname [redacted] 34.84.137.21 (JP/Japan/21.137.84.34.bc.googleusercontent.com) show less	SQL Injection
🇩🇪 itsolon	2026-06-10 17:36:11 (2 weeks ago)	[10/Jun/2026:19:36:08 +0200] 178111296824.340878 34.84.137.21 0 217.154.7.177 443 [10/Jun/2026:19:36 ... show more [10/Jun/2026:19:36:08 +0200] 178111296824.340878 34.84.137.21 0 217.154.7.177 443 [10/Jun/2026:19:36:08 +0200] 178111296823.622799 34.84.137.21 0 217.154.7.177 443 [10/Jun/2026:19:36:08 +0200] 17811129680.445549 34.84.137.21 0 217.154.7.177 443 [10/Jun/2026:19:36:08 +0200] 178111296843.008234 34.84.137.21 0 217.154.7.177 443 [10/Jun/2026:19:36:08 +0200] 178111296826.569570 34.84.137.21 0 217.154.7.177 443 ... show less	Port Scan Hacking Brute-Force Web App Attack
🇩🇪 itsolon	2026-06-10 11:14:06 (2 weeks ago)	[10/Jun/2026:13:14:03 +0200] 178109004360.739635 34.84.137.21 0 217.154.7.177 443 [10/Jun/2026:13:14 ... show more [10/Jun/2026:13:14:03 +0200] 178109004360.739635 34.84.137.21 0 217.154.7.177 443 [10/Jun/2026:13:14:03 +0200] 178109004336.413774 34.84.137.21 0 217.154.7.177 443 [10/Jun/2026:13:14:03 +0200] 178109004339.093804 34.84.137.21 0 217.154.7.177 443 [10/Jun/2026:13:14:03 +0200] 178109004347.153062 34.84.137.21 0 217.154.7.177 443 [10/Jun/2026:13:14:03 +0200] 178109004363.331873 34.84.137.21 0 217.154.7.177 443 ... show less	Port Scan Hacking Brute-Force Web App Attack
🇲🇾 Rizzy	2026-06-10 09:37:58 (2 weeks ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 09:33:05 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 34.84.137.21 (21.137.84.34.bc.googleusercontent ... show more (mod_security) mod_security (id:210492) triggered by 34.84.137.21 (21.137.84.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 05:33:01.062615 2026] [security2:error] [pid 4619:tid 4619] [client 34.84.137.21:57962] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.sanmarinoresidentagent.com"] [uri "/.env.local"] [unique_id "aikvTQxCR0kiS93F70fkvQAAADU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 updown.io	2026-06-10 07:45:13 (2 weeks ago)	{"level":"info","ts":1781077511.9951925,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1781077511.9951925,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.84.137.21","remote_port":"59956","client_ip":"34.84.137.21","proto":"HTTP/1.1","method":"GET","host":"cbupdate.zyxupdate.tsrqponmlkjilkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/.env.bak","headers":{"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (Linux; U; Android 8.1.0; zh-CN; Mi Note 3 Build/OPM1.171019.019) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.108 UCBrowser/12.5.9.1039 Mobile Safari/537.36"]}},"bytes_read":0,"user_id":"","duration":0.000082588,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://cbupdate.zyxupdate.tsrqponmlkjilkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/.env.bak"],"Content-Type":[]}} {"level":"info","ts":1781077512.0335104,"logger":"http.log.access.log1" ... show less	DDoS Attack Web App Attack
🇳🇱 Cloud86 B.V.	2026-06-10 04:00:09 (2 weeks ago)	categories: DDoS Attack	DDoS Attack
🇸🇪 vaia.cloud	2026-06-10 00:37:01 (2 weeks ago)	trying wp-login.php/xmlrpc.php 146 times in 1 minutes	Brute-Force Web App Attack

Showing 1 to 15 of 40 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇰 2001:df4:d1c0:cdf1:d0ab:74a9:a509:2ffc

🇺🇸 216.222.199.239

🇳🇱 195.178.110.26

🇫🇷 185.177.72.69

🇹🇷 94.154.43.181

🇺🇸 66.132.172.158

🇺🇸 66.132.172.109

🇭🇰 52.175.55.5

🇸🇪 46.246.5.69

🇨🇦 45.194.92.58

🇻🇳 27.79.43.34

🇮🇳 20.219.13.14

🇷🇺 188.243.191.29

🇳🇱 185.223.235.13

🇺🇸 184.105.139.120

🇨🇳 124.193.81.23

🇹🇼 111.70.32.11

🇺🇸 64.62.156.188

🇫🇷 2001:41d0:33a:a00::408

🇨🇦 165.227.42.30