JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 35.252.196.158

35.252.196.158 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 46%: ?

46%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	158.196.252.35.bc.googleusercontent.com
Domain Name	google.com
Country	🇺🇸 United States of America
City	The Dalles, Oregon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 35.252.196.158

Whois 35.252.196.158

IP Abuse Reports for 35.252.196.158:

This IP address has been reported a total of 18 times from 11 distinct sources. 35.252.196.158 was first reported on May 10th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 LRNP	2026-05-19 17:17:28 (2 weeks ago)	_:80 35.252.196.158 - - [19/May/2026:17:17:22 +0000] "\x16\x03\x01\x05\xDE\x01\x00\x05\xDA\x03\x034\ ... show more _:80 35.252.196.158 - - [19/May/2026:17:17:22 +0000] "\x16\x03\x01\x05\xDE\x01\x00\x05\xDA\x03\x034\xBB\xB2\xEA\x19=\xE4G\x19]\x08\x1C\x88\xBD\x13T\x8Du_\xA80\x0C1\x8En\x81\x18\x9E\xBB" 400 150 "-" "-" ... show less	Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-05-15 23:05:21 (2 weeks ago)	Scanning/Probing (20)	Brute-Force Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-15 22:05:37 (2 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-14. show less	Web App Attack SSH Hacking
🇬🇧 Aetherweb Ark	2026-05-15 10:13:59 (2 weeks ago)	(mod_security) mod_security (id:949110) triggered by 35.252.196.158 (US/United States/158.196.252.35 ... show more (mod_security) mod_security (id:949110) triggered by 35.252.196.158 (US/United States/158.196.252.35.bc.googleusercontent.com): N in the last X secs show less	Web App Attack
🇦🇺 screwlooseit.com.au	2026-05-15 09:39:53 (2 weeks ago)	Blocked by CSF 13 firewall - Rule: config-dotfile US/United States/158.196.252.35.bc.googleuserconte ... show more Blocked by CSF 13 firewall - Rule: config-dotfile US/United States/158.196.252.35.bc.googleusercontent.com show less	Web App Attack
🇫🇷 masterguru	2026-05-15 06:52:22 (2 weeks ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 35.252.196.158 (US/United States/158. ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 35.252.196.158 (US/United States/158.196.252.35.bc.googleusercontent.com): 2 in the last 3600 secs (0-193) show less	Hacking
🇫🇷 dynamix	2026-05-15 05:14:16 (2 weeks ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 03:19:46 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 35.252.196.158 (158.196.252.35.bc.googleusercon ... show more (mod_security) mod_security (id:210492) triggered by 35.252.196.158 (158.196.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 23:19:40.352721 2026] [security2:error] [pid 2205:tid 2205] [client 35.252.196.158:47500] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.martinka.org"] [uri "/.env"] [unique_id "agaQzH4Wv-55Y7mtAvf0xwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2026-05-15 03:12:00 (2 weeks ago)	block ruleset 3D3AFA921A373ECE19B6BA285C2D722163304638	Bad Web Bot
Anonymous	2026-05-15 01:58:18 (2 weeks ago)	(caddyscan) Scanner path probe from 35.252.196.158 (US/United States/158.196.252.35.bc.googleusercon ... show more (caddyscan) Scanner path probe from 35.252.196.158 (US/United States/158.196.252.35.bc.googleusercontent.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:01:58:15 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:01:58:15 +0000] "GET /.env.docker HTTP/1.1" [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:01:58:15 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:01:58:15 +0000] "GET /app/.env.local HTTP/1.1" [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:01:58:15 +0000] "GET /.env.development.local HTTP/1.1" show less	Port Scan
Anonymous	2026-05-15 01:32:09 (2 weeks ago)	(caddyscan) Scanner path probe from 35.252.196.158 (US/United States/158.196.252.35.bc.googleusercon ... show more (caddyscan) Scanner path probe from 35.252.196.158 (US/United States/158.196.252.35.bc.googleusercontent.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:01:32:06 +0000] "GET /app/.env.local HTTP/1.1" [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:01:32:06 +0000] "GET /.env.docker HTTP/1.1" [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:01:32:06 +0000] "GET /admin/.env HTTP/1.1" [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:01:32:06 +0000] "GET /app/.env HTTP/1.1" [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:01:32:06 +0000] "GET /.env.local HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-15 00:48:50 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 35.252.196.158 (158.196.252.35.bc.googleusercon ... show more (mod_security) mod_security (id:210492) triggered by 35.252.196.158 (158.196.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 20:48:44.518476 2026] [security2:error] [pid 26910:tid 26910] [client 35.252.196.158:38454] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "elissazeches.com"] [uri "/admin/.env"] [unique_id "agZtbPSe2nSaDkLcTQ5T4gAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-15 00:13:27 (2 weeks ago)	(caddyscan) Scanner path probe from 35.252.196.158 (US/United States/158.196.252.35.bc.googleusercon ... show more (caddyscan) Scanner path probe from 35.252.196.158 (US/United States/158.196.252.35.bc.googleusercontent.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:00:13:26 +0000] "GET /app/.env HTTP/1.1" [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:00:13:26 +0000] "GET /.env.docker HTTP/1.1" [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:00:13:26 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:00:13:26 +0000] "GET /app/.env.local HTTP/1.1" [REDACTED] 200 2627 35.252.196.158 - - [15/May/2026:00:13:26 +0000] "GET /admin/.env HTTP/1.1" show less	Port Scan
🇩🇪 BlueWire Hosting	2026-05-14 23:50:20 (2 weeks ago)	Probing websites for vulnerabilities	Web App Attack SQL Injection
🇺🇸 mnsf	2026-05-14 22:05:54 (2 weeks ago)	Scanning/Probing (20)	Brute-Force Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 186.96.145.241

🇦🇷 181.95.190.244

🇩🇪 172.71.164.115

🇺🇸 165.227.98.222

🇺🇸 152.32.149.47

🇺🇸 64.62.156.66

🇺🇸 43.166.168.202

🇺🇸 40.83.182.122

🇬🇧 35.203.211.130

🇺🇸 195.184.76.221

🇺🇸 165.154.173.17

🇩🇪 151.243.11.35

🇺🇸 135.237.125.177

🇨🇳 122.96.28.113

🇺🇸 66.132.172.201

🇳🇱 45.153.34.149

🇧🇷 20.226.60.108

🇹🇭 1.179.174.189

🇨🇳 218.81.48.101

🇦🇷 190.181.108.102