JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 35.247.252.198

35.247.252.198 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 100%: ?

100%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	198.252.247.35.bc.googleusercontent.com
Domain Name	google.com
Country	🇧🇷 Brazil
City	Sao Paulo, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 35.247.252.198

Whois 35.247.252.198

IP Abuse Reports for 35.247.252.198:

This IP address has been reported a total of 38 times from 27 distinct sources. 35.247.252.198 was first reported on June 8th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇰 tomiisp	2026-06-11 22:12:00 (1 week ago)		DDoS Attack Brute-Force Hacking
🇦🇹 penguin-solutions.at	2026-06-11 21:41:19 (1 week ago)	Excessive 403/404 errors ...	Brute-Force Web App Attack
🇳🇱 Site.eu	2026-06-11 19:34:01 (1 week ago)	Excessive multi-domain requests	Brute-Force
🇨🇭 4server	2026-06-11 19:28:28 (1 week ago)	[ThuJun1121:28:21.5703242026][security2:error][pid560655:tid560946][client35.247.252.198:0]ModSecuri ... show more [ThuJun1121:28:21.5703242026][security2:error][pid560655:tid560946][client35.247.252.198:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"hostingedominio.ch.81-17-25-250.cpanel.site\"][uri\"/.env.old\"][unique_id\"aisMVcJnWR5mzzrUkQjgMgAAAQ8\"] show less	Hacking Web App Attack
🇳🇱 debestelapp	2026-06-11 17:00:06 (1 week ago)		Web App Attack
🇸🇬 serverutama	2026-06-11 15:03:05 (1 week ago)	Nginx scanner: 35.247.252.198 - - [11/Jun/2026:21:48:55 +0700] "GET /.env.local HTTP/1.1" 444 0 "-" ... show more Nginx scanner: 35.247.252.198 - - [11/Jun/2026:21:48:55 +0700] "GET /.env.local HTTP/1.1" 444 0 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16C104 MicroMessenger/7.0.5(0x17000523) NetType/4G Language/zh_CN" "-" 35.247.252.198 - - [11/Jun/2026:21:48:55 +0700] "GET /.env.bak HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Linux; Android 9; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36" "-" show less	Web App Attack Bad Web Bot
🇩🇪 Viveronese	2026-06-11 04:30:46 (1 week ago)	HTTP vulnerability scanning	Web App Attack
🇸🇪 nekopavel	2026-06-11 01:29:47 (1 week ago)	35.247.252.198 - - [11/Jun/2026:03:01:44 +0200]"GET /.env.prod.bak HTTP/1.1" 404 178"-" mta-sts.pave ... show more 35.247.252.198 - - [11/Jun/2026:03:01:44 +0200]"GET /.env.prod.bak HTTP/1.1" 404 178"-" mta-sts.pavel.gg "Mozilla/5.0 (Linux; Android 9; SM-A705GM) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36""0.000" "0.001""S\xC3\xA3o Paulo" "BR" 35.247.252.198 - - [11/Jun/2026:03:01:44 +0200]"GET /.env.staging HTTP/1.1" 404 118"-" mta-sts.pavel.gg "Gregarius/0.5.2 ( http://devlog.gregarius.net/docs/ua)""0.000" "0.001""S\xC3\xA3o Paulo" "BR" 35.247.252.198 - - [11/Jun/2026:03:01:44 +0200]"GET /.env HTTP/1.1" 404 118"-" mta-sts.pavel.gg "Opera/7.51 (Windows NT 5.1; U) [en]""0.001" "0.000""S\xC3\xA3o Paulo" "BR" ... show less	Hacking Bad Web Bot Web App Attack
🇩🇪 updown.io	2026-06-11 01:01:42 (1 week ago)	{"level":"info","ts":1781139701.567174,"logger":"http.log.access.log1","msg":"handled request","requ ... show more {"level":"info","ts":1781139701.567174,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"35.247.252.198","remote_port":"60548","client_ip":"35.247.252.198","proto":"HTTP/1.1","method":"GET","host":"bupdate.zyxwupdate.srqponmlkjihgfahgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/app/backend/.env","headers":{"Accept-Encoding":["gzip"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (X11; Linux i686; rv:40.0) Gecko/20100101 Firefox/40.0"],"Accept-Charset":["utf-8"]}},"bytes_read":0,"user_id":"","duration":0.000056107,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://bupdate.zyxwupdate.srqponmlkjihgfahgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/app/backend/.env"],"Content-Type":[]}} {"level":"info","ts":1781139701.5703545,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"35.247.252.198","remote_port":"60556","client_ip":"35.247.25 ... show less	DDoS Attack Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-10 22:01:02 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-09. show less	Web App Attack SSH Hacking
🇳🇱 Cloud86 B.V.	2026-06-10 19:13:06 (1 week ago)	categories: DDoS Attack	DDoS Attack
🇷🇴 iulianh	2026-06-10 09:39:24 (1 week ago)	*	Brute-Force SSH
Anonymous	2026-06-10 00:08:24 (1 week ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: BR, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: BR, Attack patterns: WordPress scanning, Backup file probing, Cloud secrets probing show less	Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-09 22:20:57 (1 week ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 updown.io	2026-06-09 22:20:38 (1 week ago)	{"level":"info","ts":1781043636.0273502,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1781043636.0273502,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"35.247.252.198","remote_port":"41650","client_ip":"35.247.252.198","proto":"HTTP/1.1","method":"GET","host":"edcbupdate.zupdate.rqponmponmlknmlkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/.env.backup","headers":{"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.19 Safari/537.36"]}},"bytes_read":0,"user_id":"","duration":0.000084942,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://edcbupdate.zupdate.rqponmponmlknmlkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/.env.backup"],"Content-Type":[]}} {"level":"info","ts":1781043636.031029,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"35.247.252.198", ... show less	DDoS Attack Web App Attack

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2600:1f18:5b75:b802:84f:ae7e:3c19:38fd

🇫🇮 147.185.133.175

🇺🇸 45.86.18.232

🇺🇸 20.38.37.110

🇳🇱 195.178.110.30

🇳🇱 188.166.68.252

🇳🇱 185.242.226.61

🇫🇷 185.235.146.29

🇦🇷 181.177.9.119

🇳🇬 152.32.140.39

🇨🇳 121.29.84.54

🇮🇳 120.62.8.17

🇺🇸 104.168.93.75

🇨🇦 85.217.149.59

🇩🇪 69.5.169.103

🇺🇸 64.62.197.135

🇺🇸 45.86.17.242

🇺🇸 45.86.17.231

🇺🇸 45.86.17.221

🇺🇸 45.86.17.217