blocking by user hostname

NinjaFirewall doesn’t have that feature. The reason is because it would require to perform a reverse DNS lookup and that would slow down the access to the site.

Can you show some of those HTTP requests to see if they could be blocked using another option?

The domain doesn’t even have a A record:

$ dig googleusercontent.com

; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> googleusercontent.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16503
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;googleusercontent.com.		IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Oct 09 15:49:42 +07 2023
;; MSG SIZE  rcvd: 50

It seems that the correct ASN for those addresses IP is “AS396982” (GOOGLE-CLOUD-PLATFORM).
Blocking on the ASN would be much faster than doing a reverse DNS lookup.

Make sure you don’t block “AS15169”, otherwise Google bot couldn’t index your site!

That’s from AS396982 (GOOGLE-CLOUD-PLATFORM). Blocking on that AS number would get rid of them.

No, they won’t as Google uses another AS number for its own services, AS15169.

AS whitelist/blacklist isn’t available in the free version on NinjaFirewall, but only in the WP+ Edition.
If you want to write your own code, you’ll need the list of AS numbers in CSV format: https://nintechnet.com/share/GeoLite2-ASN-CSV.zip