JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 35.252.181.225

35.252.181.225 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 76%: ?

76%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	225.181.252.35.bc.googleusercontent.com
Domain Name	google.com
Country	🇺🇸 United States of America
City	The Dalles, Oregon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 35.252.181.225

Whois 35.252.181.225

IP Abuse Reports for 35.252.181.225:

This IP address has been reported a total of 20 times from 15 distinct sources. 35.252.181.225 was first reported on June 14th 2026, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇳 PrivateLiu	2026-06-21 10:44:31 (3 hours ago)	[AbuseIPDB auto-report] Rules: Rule1, Rule2, Rule5. Region: non-CN. Config/sensitive path probing: a ... show more [AbuseIPDB auto-report] Rules: Rule1, Rule2, Rule5. Region: non-CN. Config/sensitive path probing: accessed .env/.config/admin/.git paths returning 4xx/444; Broad path scanning: 29 x 404/403 responses in short window indicating automated scanner; Known vulnerability path probing: targeting CMS (WordPress/Drupal), phpMyAdmin, actuator endpoints, or other known vulnerable paths. Sample paths: /blog/.git/config, /v1/.git/config, /www/.git/config, /htdocs/.git/config, /wordpress/.git/config, /site/.git/config, /project/.git/config, /admin/.git/config, /frontend/.git/config, /v2/.git/config, /wp-content/.git/config, /symfony/.git/config. Statuses: 404. Methods: GET. UA: N/A show less	Port Scan Bad Web Bot Web App Attack
🇨🇳 PrivateLiu	2026-06-19 14:56:30 (1 day ago)	[AbuseIPDB auto-report] Rules: Rule1, Rule2, Rule5. Region: non-CN. Config/sensitive path probing: a ... show more [AbuseIPDB auto-report] Rules: Rule1, Rule2, Rule5. Region: non-CN. Config/sensitive path probing: accessed .env/.config/admin/.git paths returning 4xx/444; Broad path scanning: 29 x 404/403 responses in short window indicating automated scanner; Known vulnerability path probing: targeting CMS (WordPress/Drupal), phpMyAdmin, actuator endpoints, or other known vulnerable paths. Sample paths: /site/.git/config, /dist/.git/config, /symfony/.git/config, /app/.git/config, /wordpress/.git/config, /assets/.git/config, /api/.git/config, /dashboard/.git/config, /backend/.git/config, /.git/config, /web/.git/config, /laravel/.git/config. Statuses: 404. Methods: GET. UA: N/A show less	Port Scan Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 07:35:01 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 35.252.181.225 (225.181.252.35.bc.googleusercon ... show more (mod_security) mod_security (id:210492) triggered by 35.252.181.225 (225.181.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 03:34:56.592668 2026] [security2:error] [pid 9750:tid 9750] [client 35.252.181.225:54416] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bizecommnet.bizecomm.com"] [uri "/app/.git/config"] [unique_id "ajD8oDalg3632fGbWht3egAAAG4"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-16 07:30:14 (5 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇳🇱 Savvii	2026-06-16 07:03:43 (5 days ago)	20 attempts against mh-misbehave-ban on storm	Brute-Force Bad Web Bot Web App Attack
🇧🇾 lns.bz	2026-06-16 06:38:00 (5 days ago)	Too many 404 requests [BY]	Web App Attack
Anonymous	2026-06-16 06:24:38 (5 days ago)	35.252.181.225 - - [16/Jun/2026:08:24:38 +0200] "GET /htdocs/.git/config HTTP/1.1" 301 169 "-" "Mozi ... show more 35.252.181.225 - - [16/Jun/2026:08:24:38 +0200] "GET /htdocs/.git/config HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.9 Safari/536.5" show less	Web App Attack
🇫🇷 masterguru	2026-06-16 05:45:12 (5 days ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 35.252.181.225 (US/United States/225. ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 35.252.181.225 (US/United States/225.181.252.35.bc.googleusercontent.com): 1 in the last 3600 secs (0-195) show less	Hacking
🇨🇳 PrivateLiu	2026-06-16 00:38:27 (5 days ago)	[AbuseIPDB auto-report] Rules: Rule1, Rule2, Rule5. Region: non-CN. Config/sensitive path probing: a ... show more [AbuseIPDB auto-report] Rules: Rule1, Rule2, Rule5. Region: non-CN. Config/sensitive path probing: accessed .env/.config/admin/.git paths returning 4xx/444; Broad path scanning: 29 x 404/403 responses in short window indicating automated scanner; Known vulnerability path probing: targeting CMS (WordPress/Drupal), phpMyAdmin, actuator endpoints, or other known vulnerable paths. Sample paths: /htdocs/.git/config, /dashboard/.git/config, /public/.git/config, /src/.git/config, /laravel/.git/config, /frontend/.git/config, /code/.git/config, /api/.git/config, /backend/.git/config, /project/.git/config, /v3/.git/config, /v2/.git/config. Statuses: 404. Methods: GET. UA: Mozilla/5.0 (X11; U; Linux x86_64; sv-SE; rv:1.8.1.12) Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2. show less	Port Scan Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-15 23:48:41 (5 days ago)	Excessive 404/403 errors	Brute-Force
🇫🇷 dynamix	2026-06-15 21:41:31 (5 days ago)	Multiple WAF Violations	Web App Attack
🇷🇺 DZBOT	2026-06-15 05:09:47 (6 days ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇺🇸 mnsf	2026-06-15 02:06:32 (6 days ago)	Scanning/Probing (40) Request Overload (141)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 00:42:18 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 35.252.181.225 (225.181.252.35.bc.googleusercon ... show more (mod_security) mod_security (id:210730) triggered by 35.252.181.225 (225.181.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 20:42:11.856990 2026] [security2:error] [pid 15362:tid 15362] [client 35.252.181.225:35140] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|onlinesoldier.mymuscles.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "onlinesoldier.mymuscles.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "ai9KY8NGV73wL2-GRep-sQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 23:58:59 (6 days ago)	(mod_security) mod_security (id:949110) triggered by 35.252.181.225 (225.181.252.35.bc.googleusercon ... show more (mod_security) mod_security (id:949110) triggered by 35.252.181.225 (225.181.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 19:58:52.047668 2026] [security2:error] [pid 12181:tid 12181] [client 35.252.181.225:45996] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "agoodsign.biz"] [uri "/.config/gcloud/credentials.db"] [unique_id "ai9APATQbxYnfSZg2lBn7QAAAF0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇭 103.10.230.180

🇫🇷 51.77.158.34

🇺🇸 3.130.168.2

🇺🇸 2604:a880:400:d1:0:4:9e79:d001

🇧🇷 189.123.37.115

🇨🇳 120.48.175.69

🇰🇷 112.216.129.27

🇦🇺 58.178.225.83

🇺🇸 18.119.209.50

🇳🇱 5.61.209.92

🇹🇼 1.162.64.193

🇺🇸 216.25.89.130

🇹🇼 211.20.223.181

🇮🇷 185.172.214.211

🇨🇳 180.76.168.83

🇭🇰 101.36.106.78

🇮🇩 43.173.1.69

🇷🇴 2.57.122.238

🇺🇸 2604:a880:400:d1:0:4:9e7f:b001

🇬🇧 193.163.125.254