JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 34.95.225.18

34.95.225.18 was found in our database!

This IP was reported 33 times. Confidence of Abuse is 100%: ?

100%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	34-95-225-18.gbrsp.bluecoatcloud.com
Domain Name	google.com
Country	🇧🇷 Brazil
City	Sao Paulo, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 34.95.225.18

Whois 34.95.225.18

IP Abuse Reports for 34.95.225.18:

This IP address has been reported a total of 33 times from 21 distinct sources. 34.95.225.18 was first reported on June 8th 2026, and the most recent report was 28 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-11 05:37:44 (28 minutes ago)	(mod_security) mod_security (id:210492) triggered by 34.95.225.18 (34-95-225-18.gbrsp.bluecoatcloud. ... show more (mod_security) mod_security (id:210492) triggered by 34.95.225.18 (34-95-225-18.gbrsp.bluecoatcloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 01:37:36.147008 2026] [security2:error] [pid 15891:tid 15891] [client 34.95.225.18:40944] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.joesteiner.com"] [uri "/.env.prod"] [unique_id "aipJoJZRPYnrmVunyEZ8eAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-11 05:33:11 (33 minutes ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇪🇸 alferez	2026-06-11 05:11:37 (54 minutes ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 02:41:49 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 34.95.225.18 (34-95-225-18.gbrsp.bluecoatcloud. ... show more (mod_security) mod_security (id:210492) triggered by 34.95.225.18 (34-95-225-18.gbrsp.bluecoatcloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 22:41:43.370438 2026] [security2:error] [pid 32242:tid 32242] [client 34.95.225.18:53148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tumerotata.com"] [uri "/.env.backup.txt"] [unique_id "aiogZ6E7HIGokxC0RCGfagAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 rubixstudios	2026-06-11 01:24:02 (4 hours ago)	Excessive HTTP requests consistent with automated attack behaviour detected by Imunify360	DDoS Attack Brute-Force Web App Attack
Anonymous	2026-06-10 21:16:53 (8 hours ago)	(caddyscan) Scanner path probe from 34.95.225.18 (BR/Brazil/34-95-225-18.gbrsp.bluecoatcloud.com): 5 ... show more (caddyscan) Scanner path probe from 34.95.225.18 (BR/Brazil/34-95-225-18.gbrsp.bluecoatcloud.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 34.95.225.18 - - [10/Jun/2026:21:16:50 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 34.95.225.18 - - [10/Jun/2026:21:16:50 +0000] "GET /api/.env.prod HTTP/1.1" [REDACTED] 200 2627 34.95.225.18 - - [10/Jun/2026:21:16:50 +0000] "GET /api/.env.production HTTP/1.1" [REDACTED] 200 2627 34.95.225.18 - - [10/Jun/2026:21:16:50 +0000] "GET /api/.env.backup HTTP/1.1" [REDACTED] 200 2627 34.95.225.18 - - [10/Jun/2026:21:16:50 +0000] "GET /api/.env.old HTTP/1.1" show less	Port Scan
🇨🇭 YF	2026-06-10 21:05:14 (9 hours ago)	404 errors Vulnerability scan	Web App Attack
Anonymous	2026-06-10 19:22:02 (10 hours ago)	(caddyscan) Scanner path probe from 34.95.225.18 (BR/Brazil/34-95-225-18.gbrsp.bluecoatcloud.com): 5 ... show more (caddyscan) Scanner path probe from 34.95.225.18 (BR/Brazil/34-95-225-18.gbrsp.bluecoatcloud.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 34.95.225.18 - - [10/Jun/2026:19:21:56 +0000] "GET /src/.env.local HTTP/1.1" [REDACTED] 200 2627 34.95.225.18 - - [10/Jun/2026:19:21:56 +0000] "GET /api/.env.old HTTP/1.1" [REDACTED] 200 2627 34.95.225.18 - - [10/Jun/2026:19:21:56 +0000] "GET /backend/.env.dev HTTP/1.1" [REDACTED] 200 2627 34.95.225.18 - - [10/Jun/2026:19:21:56 +0000] "GET /backend/api/.env HTTP/1.1" [REDACTED] 200 2627 34.95.225.18 - - [10/Jun/2026:19:21:56 +0000] "GET /frontend/.env.local HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-10 16:36:10 (13 hours ago)	(mod_security) mod_security (id:210492) triggered by 34.95.225.18 (34-95-225-18.gbrsp.bluecoatcloud. ... show more (mod_security) mod_security (id:210492) triggered by 34.95.225.18 (34-95-225-18.gbrsp.bluecoatcloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 12:36:01.641086 2026] [security2:error] [pid 17638:tid 17638] [client 34.95.225.18:45310] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.blackballprojects.com"] [uri "/uploads/.env"] [unique_id "aimScUm6YAwTios3Zs9_4gAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 BlueWire Hosting	2026-06-10 16:17:50 (13 hours ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇩🇪 updown.io	2026-06-10 09:48:18 (20 hours ago)	{"level":"info","ts":1781084897.0119958,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1781084897.0119958,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.95.225.18","remote_port":"37940","client_ip":"34.95.225.18","proto":"HTTP/1.1","method":"GET","host":"baupdate.yxupdate.tsrqponqponmlkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/.env.example","headers":{"Accept-Encoding":["gzip"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (Linux; Android 7.0; LG-H850) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36"],"Accept-Charset":["utf-8"]}},"bytes_read":0,"user_id":"","duration":0.000191836,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://baupdate.yxupdate.tsrqponqponmlkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/.env.example"],"Content-Type":[]}} {"level":"info","ts":1781084897.014084,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.95.225.18","re ... show less	DDoS Attack Web App Attack
🇳🇱 sernate	2026-06-10 07:30:14 (22 hours ago)	(403blocker) 403 trigger 34.95.225.18 (BR/Brazil/34-95-225-18.gbrsp.bluecoatcloud.com): 80 in the la ... show more (403blocker) 403 trigger 34.95.225.18 (BR/Brazil/34-95-225-18.gbrsp.bluecoatcloud.com): 80 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-10 06:24:28 (23 hours ago)	(mod_security) mod_security (id:210492) triggered by 34.95.225.18 (34-95-225-18.gbrsp.bluecoatcloud. ... show more (mod_security) mod_security (id:210492) triggered by 34.95.225.18 (34-95-225-18.gbrsp.bluecoatcloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 02:24:22.995074 2026] [security2:error] [pid 2656:tid 2656] [client 34.95.225.18:55410] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.desertshadowsrv.org"] [uri "/test/.env"] [unique_id "aikDFsOyBnXRzMzd8zTIbgAAAG4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 cwytech	2026-06-10 02:29:31 (1 day ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: crowdsecurity/http-sensitive-files.	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 21:57:55 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 34.95.225.18 (34-95-225-18.gbrsp.bluecoatcloud. ... show more (mod_security) mod_security (id:210492) triggered by 34.95.225.18 (34-95-225-18.gbrsp.bluecoatcloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 17:57:49.064988 2026] [security2:error] [pid 28643:tid 28643] [client 34.95.225.18:41602] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "woosterclassof64.com"] [uri "/.env.preprod"] [unique_id "aiiMXQTgW8t4aesdh0yeMQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 33 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.75.49.125

🇹🇭 202.29.220.130

🇹🇼 198.235.24.79

🇭🇰 128.1.132.220

🇺🇸 124.198.131.39

🇨🇳 119.29.16.38

🇭🇰 119.28.9.170

🇮🇩 116.254.97.194

🇨🇳 115.55.229.156

🇸🇪 84.55.70.103

🇺🇸 34.48.185.201

🇹🇷 194.87.129.212

🇧🇷 192.145.212.169

🇧🇷 185.194.204.183

🇳🇱 152.42.132.251

🇨🇳 120.48.17.184

🇨🇳 119.255.245.44

🇭🇰 119.246.18.112

🇭🇰 119.246.15.94

🇸🇬 119.28.115.213