JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 35.252.245.138

35.252.245.138 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 71%: ?

71%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	138.245.252.35.bc.googleusercontent.com
Domain Name	google.com
Country	🇺🇸 United States of America
City	The Dalles, Oregon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 35.252.245.138

Whois 35.252.245.138

IP Abuse Reports for 35.252.245.138:

This IP address has been reported a total of 32 times from 20 distinct sources. 35.252.245.138 was first reported on June 8th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 ConsulHosting	2026-06-12 00:02:19 (2 weeks ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇨🇦 ISPLtd	2026-06-11 22:23:11 (2 weeks ago)	Jun 11 19:23:11 35.252.245.138 TCP SPT=33496 DPT=443 SYN Jun 11 19:23:11 35.252.245.138 TCP SPT=3350 ... show more Jun 11 19:23:11 35.252.245.138 TCP SPT=33496 DPT=443 SYN Jun 11 19:23:11 35.252.245.138 TCP SPT=33502 DPT=443 SYN Jun 11 19:23:11 35.252.245.138 TCP SPT=33516 DPT=443 SYN ... show less	DDoS Attack
🇬🇧 consul.to	2026-06-11 19:42:11 (2 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 16:32:06 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 35.252.245.138 (138.245.252.35.bc.googleusercon ... show more (mod_security) mod_security (id:210492) triggered by 35.252.245.138 (138.245.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 12:32:02.496372 2026] [security2:error] [pid 20133:tid 20133] [client 35.252.245.138:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.plaiatech.com"] [uri "/frontend/.env.prod"] [unique_id "airjAi1nbe2w2VfVXaNtmgAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 electronico	2026-06-11 09:27:21 (2 weeks ago)	35.252.245.138 - - [11/Jun/2026:20:27:21 +1100] "GET /.env.testing HTTP/1.1" 404 5901 "-" "Mozilla/5 ... show more 35.252.245.138 - - [11/Jun/2026:20:27:21 +1100] "GET /.env.testing HTTP/1.1" 404 5901 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36" 35.252.245.138 - - [11/Jun/2026:20:27:21 +1100] "GET /.env.copy HTTP/1.1" 404 5901 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36" 35.252.245.138 - - [11/Jun/2026:20:27:21 +1100] "GET /api/.env.old HTTP/1.1" 404 5901 "-" "MOT-L7v/08.B7.5DR MIB/2.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Link/6.3.0.0.0" 35.252.245.138 - - [11/Jun/2026:20:27:21 +1100] "GET /api/.env.local HTTP/1.1" 404 5901 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15" 35.252.245.138 - - [11/Jun/2026:20:27:21 +1100] "GET /api/.env.backup HTTP/1.1" 404 5901 "-" "Mozilla/5.0 (Linux; U; Android 4.1; en-us; sdk Build/MR1) AppleWebKit/534.30 (KHTML ... show less	Brute-Force Web App Attack
🇳🇱 Site.eu	2026-06-11 05:02:29 (2 weeks ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 TPI-Abuse	2026-06-11 03:18:17 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 35.252.245.138 (138.245.252.35.bc.googleusercon ... show more (mod_security) mod_security (id:210492) triggered by 35.252.245.138 (138.245.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 23:18:14.047797 2026] [security2:error] [pid 22330:tid 22330] [client 35.252.245.138:45274] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.vadgossos.org.zentinex.com"] [uri "/.env.copy"] [unique_id "aioo9huPsbFrxYf5q9TEEwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 updown.io	2026-06-11 02:52:02 (2 weeks ago)	{"level":"info","ts":1781146320.2497876,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1781146320.2497876,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"35.252.245.138","remote_port":"38366","client_ip":"35.252.245.138","proto":"HTTP/1.1","method":"GET","host":"gupdate.update.xwvutsrutsrqpojihgfedcbwwwc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/.env.local","headers":{"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (Linux; Android 8.0.0; SAMSUNG-SM-G930A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36"]}},"bytes_read":0,"user_id":"","duration":0.000167229,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://gupdate.update.xwvutsrutsrqpojihgfedcbwwwc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/.env.local"],"Content-Type":[]}} {"level":"info","ts":1781146320.3179355,"logger":"http.log.access.log1","msg":"handled request","request":{"remote ... show less	DDoS Attack Web App Attack
🇩🇪 Philister11	2026-06-11 00:36:13 (2 weeks ago)	CrowdSec: crowdsecurity/http-admin-interface-probing (US/AS396982)	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-10 23:11:13 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 35.252.245.138 (138.245.252.35.bc.googleusercon ... show more (mod_security) mod_security (id:210492) triggered by 35.252.245.138 (138.245.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 19:11:07.737021 2026] [security2:error] [pid 10232:tid 10232] [client 35.252.245.138:33172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.candlecrawler.trade"] [uri "/.env.orig"] [unique_id "ainvC7Xf72YY7qvejzGBSAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-10 21:59:45 (2 weeks ago)	Auto-ban: >3000 req/min op 2026-06-10	Web App Attack SSH Hacking
🇺🇸 mnsf	2026-06-10 16:05:41 (2 weeks ago)	Too many Status 40X (84) Scanning/Probing (98) Request Overload (103)	Brute-Force Web App Attack
🇩🇪 XICTRON	2026-06-10 09:20:03 (2 weeks ago)	ModSecurity rule violation detected by Fail2Ban	Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 09:08:30 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 35.252.245.138 (138.245.252.35.bc.googleusercon ... show more (mod_security) mod_security (id:210492) triggered by 35.252.245.138 (138.245.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 05:08:22.681782 2026] [security2:error] [pid 7634:tid 7634] [client 35.252.245.138:51206] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lundtrading.com"] [uri "/.env.local"] [unique_id "aikphvggH0nolURtA7PcrAAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 06:21:41 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 35.252.245.138 (138.245.252.35.bc.googleusercon ... show more (mod_security) mod_security (id:210492) triggered by 35.252.245.138 (138.245.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 02:21:34.221915 2026] [security2:error] [pid 26889:tid 26905] [client 35.252.245.138:53124] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.plasticsurgeondallas.com.aafm.us"] [uri "/.env.local"] [unique_id "aikCbhuLzMW7b_9UWdujtwAAAMw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 189.52.134.66

🇵🇰 103.141.5.129

🇧🇬 79.124.62.230

🇧🇷 45.183.243.54

🇧🇷 45.183.243.11

🇧🇷 45.181.33.218

🇺🇸 45.33.84.124

🇩🇪 209.38.243.115

🇭🇰 199.45.154.188

🇺🇸 195.184.76.99

🇨🇳 182.138.158.210

🇧🇷 177.137.109.31

🇷🇺 109.73.206.231

🇺🇸 104.28.215.155

🇫🇷 95.111.231.180

🇩🇪 69.5.169.141

🇧🇷 45.181.33.191

🇧🇷 45.181.26.30

🇧🇷 45.180.99.213

🇩🇪 43.228.157.10