JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 35.252.180.68

35.252.180.68 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 100%: ?

100%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	68.180.252.35.bc.googleusercontent.com
Domain Name	google.com
Country	🇺🇸 United States of America
City	The Dalles, Oregon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 35.252.180.68

Whois 35.252.180.68

IP Abuse Reports for 35.252.180.68:

This IP address has been reported a total of 22 times from 20 distinct sources. 35.252.180.68 was first reported on June 23rd 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 EvilTurkey	2026-06-24 12:06:01 (1 day ago)	Web app attack against financial institution website.	Web App Attack Hacking
🇺🇸 mnsf	2026-06-24 02:18:18 (2 days ago)	Too many Status 40X (12)	Brute-Force Web App Attack
🇫🇷 bazter.pro	2026-06-23 14:57:26 (2 days ago)	Fail2Ban: plesk-bot-aggressive - 15 failures	Port Scan Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 14:54:06 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 35.252.180.68 (68.180.252.35.bc.googleuserconte ... show more (mod_security) mod_security (id:225170) triggered by 35.252.180.68 (68.180.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 10:53:58.513924 2026] [security2:error] [pid 23488:tid 23488] [client 35.252.180.68:54298] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gegkal.com.greenlight.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gegkal.com.greenlight.us"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajqeBu65HaudEbh7ww7StgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-06-23 14:49:53 (2 days ago)	Unauthorized access to webpage admin	Web App Attack
🇫🇷 SpaceHost-Server	2026-06-23 14:45:58 (2 days ago)	35.252.180.68 - - [23/Jun/2026:16:45:49 +0200] "POST //xmlrpc.php HTTP/1.1" 200 5115 "-" "Mozilla/5. ... show more 35.252.180.68 - - [23/Jun/2026:16:45:49 +0200] "POST //xmlrpc.php HTTP/1.1" 200 5115 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 35.252.180.68 - - [23/Jun/2026:16:45:52 +0200] "POST //xmlrpc.php HTTP/1.1" 200 5115 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 35.252.180.68 - - [23/Jun/2026:16:45:55 +0200] "POST //xmlrpc.php HTTP/1.1" 200 5115 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 14:36:54 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 35.252.180.68 (68.180.252.35.bc.googleuserconte ... show more (mod_security) mod_security (id:225170) triggered by 35.252.180.68 (68.180.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 10:36:50.588906 2026] [security2:error] [pid 23726:tid 23726] [client 35.252.180.68:55528] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.fusteriafontane.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.fusteriafontane.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajqaAoBeUHriKQmLqPUOegAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-23 14:36:53 (2 days ago)	39.032 requests with url.path /xmlrpc.php 37.617 requests with url.path //xmlrpc.php 4.796 reque ... show more 39.032 requests with url.path /xmlrpc.php 37.617 requests with url.path //xmlrpc.php 4.796 requests with url.path */wp-includes/wlwmanifest.xml show less	Brute-Force Bad Web Bot
🇨🇦 polycoda	2026-06-23 14:35:42 (2 days ago)	AutoBlock: 🎯 Vulnerability Scanner (Non Decay-Based) - ❌ Excessive 40X Errors (Decay-Based) - ↪️ Exc ... show more AutoBlock: 🎯 Vulnerability Scanner (Non Decay-Based) - ❌ Excessive 40X Errors (Decay-Based) - ↪️ Excessive 30X Errors (Decay-Based) show less	Hacking Bad Web Bot Web App Attack
Anonymous	2026-06-23 14:30:09 (2 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
Anonymous	2026-06-23 14:26:40 (2 days ago)	Attac	Brute-Force
🇦🇱 router.al	2026-06-23 14:25:57 (2 days ago)	06/23/2026-14:25:57.190130 35.252.180.68 Protocol: 6 ET SCAN WordPress Scanner Performing Multiple R ... show more 06/23/2026-14:25:57.190130 35.252.180.68 Protocol: 6 ET SCAN WordPress Scanner Performing Multiple Requests to Windows Live Writer XML show less	Hacking
Anonymous	2026-06-23 14:18:09 (2 days ago)	[redacted] 35.252.180.68 - - [23/Jun/2026:16:18:02 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" " ... show more [redacted] 35.252.180.68 - - [23/Jun/2026:16:18:02 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" [redacted] 35.252.180.68 - - [23/Jun/2026:16:18:02 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" [redacted] 35.252.180.68 - - [23/Jun/2026:16:18:03 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" [redacted] 35.252.180.68 - - [23/Jun/2026:16:18:03 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" [redacted] 35.252.180.68 - - [23/Jun/2026:16:18:04 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Apple ... show less	Hacking Web App Attack
🇩🇪 Ba-Yu	2026-06-23 14:15:22 (2 days ago)	WP-xmlrpc exploit	Web Spam Blog Spam Hacking Exploited Host Web App Attack
Anonymous	2026-06-23 14:11:26 (2 days ago)	35.252.180.68 - - [23/Jun/2026:22:11:25 +0800] "GET //xmlrpc.php?rsd HTTP/1.1" 404 16 "-" "Mozilla/5 ... show more 35.252.180.68 - - [23/Jun/2026:22:11:25 +0800] "GET //xmlrpc.php?rsd HTTP/1.1" 404 16 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" ... show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 147.185.133.252

🇫🇷 141.101.97.31

🇨🇳 219.129.96.2

🇬🇧 193.32.209.237

🇫🇷 172.71.232.96

🇭🇰 152.32.213.68

🇨🇳 125.71.217.28

🇺🇸 66.132.195.106

🇹🇼 61.219.232.138

🇺🇸 50.2.64.90

🇨🇳 47.94.107.207

🇺🇸 47.77.217.63

🇧🇷 45.238.2.40

🇲🇽 38.58.38.206

🇺🇸 3.132.26.232

🇨🇳 116.62.185.211

🇮🇳 103.91.246.101

🇻🇳 27.68.86.13

🇮🇪 3.252.253.134

🇺🇸 2607:f8b0:4001:c5f::122