JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 35.199.111.152

35.199.111.152 was found in our database!

This IP was reported 39 times. Confidence of Abuse is 100%: ?

100%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	152.111.199.35.bc.googleusercontent.com
Domain Name	google.com
Country	🇧🇷 Brazil
City	Sao Paulo, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 35.199.111.152

Whois 35.199.111.152

IP Abuse Reports for 35.199.111.152:

This IP address has been reported a total of 39 times from 29 distinct sources. 35.199.111.152 was first reported on June 8th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-12 05:14:17 (1 day ago)	148 attacks on env grabbing URLs, too many concurrent requests: GET /.env.local HTTP/1.1 GET /env.ol ... show more 148 attacks on env grabbing URLs, too many concurrent requests: GET /.env.local HTTP/1.1 GET /env.old HTTP/1.1 show less	Hacking Bad Web Bot
🇺🇸 kosada.com	2026-06-12 01:50:02 (1 day ago)	Web vulnerability probing: /backend/.env.old	Web App Attack
🇸🇪 vaia.cloud	2026-06-11 23:34:01 (1 day ago)	trying wp-login.php/xmlrpc.php 144 times in 1 minutes	Brute-Force Web App Attack
🇧🇷 dominioz	2026-06-11 18:26:44 (1 day ago)	2026-06-11 18:26:30 GET /app/backend/.env - - 35.199.111.152 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.1;+W ... show more 2026-06-11 18:26:30 GET /app/backend/.env - - 35.199.111.152 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+coc_coc_browser/80.0.180+Chrome/74.0.3729.180+Safari/537.36 - 301 511 2026-06-11 18:26:30 GET /app/.env - - 35.199.111.152 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/69.0.3497.100+Safari/537.36 - 301 503 2026-06-11 18:26:30 GET /services/.env - - 35.199.111.152 HTTP/1.1 Mozilla/5.0+(iPad;+CPU+OS+9_3_2+like+Mac+OS+X)+AppleWebKit/601.1.46+(KHTML,+like+Gecko)+Mobile/13F69 - 301 508 2026-06-11 18:26:30 GET /v1/.env - - 35.199.111.152 HTTP/1.1 Mozilla/5.0+(X11;+Linux+i686)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/48.0.2564.116+Safari/537.36 - 301 502 ... show less	Web App Attack
🇩🇪 updown.io	2026-06-11 13:49:55 (1 day ago)	{"level":"info","ts":1781185795.1222596,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1781185795.1222596,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"35.199.111.152","remote_port":"37186","client_ip":"35.199.111.152","proto":"HTTP/1.1","method":"GET","host":"status.amitgawande.com","uri":"/.env.orig","headers":{"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (compatible; alexa site audit/1.0; +http://www.alexa.com/help/webmasters; )"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"status.amitgawande.com","ech":false}},"bytes_read":0,"user_id":"","duration":0.000160186,"size":0,"status":429,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Retry-After":["1"]}} {"level":"info","ts":1781185795.1240141,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"35.199.111.152","remote_port":"37238","client_ip":"35.199.111.152","proto":"HTTP/1.1","method":"GET","host":"status.amitgawan ... show less	DDoS Attack Web App Attack
🇬🇧 consul.to	2026-06-11 10:42:07 (1 day ago)	Web attack/malicious scanning detected	Web App Attack
🇳🇱 e.fierstra	2026-06-11 09:07:09 (1 day ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-11 08:51:14 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇨🇦 Dunham Support	2026-06-11 05:14:11 (2 days ago)	(mod_security) mod_security triggered on hostname [redacted] 35.199.111.152 (BR/Brazil/152.111.199.3 ... show more (mod_security) mod_security triggered on hostname [redacted] 35.199.111.152 (BR/Brazil/152.111.199.35.bc.googleusercontent.com) show less	SQL Injection
🇳🇱 Site.eu	2026-06-11 05:09:12 (2 days ago)	Excessive multi-domain requests	Brute-Force
🇳🇱 homeshowdomain.nl	2026-06-10 22:02:02 (2 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-09. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-10 14:57:13 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 35.199.111.152 (152.111.199.35.bc.googleusercon ... show more (mod_security) mod_security (id:210831) triggered by 35.199.111.152 (152.111.199.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 10:57:08.284374 2026] [security2:error] [pid 11596:tid 11596] [client 35.199.111.152:0] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:user-agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.tellusafe.com\|F\|4"] [data "Web Downloader"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.tellusafe.com"] [uri "/conf/.env"] [unique_id "ail7RBRGpayOHxlBAQ_G_QAAAEI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 14:42:29 (2 days ago)	35.199.111.152 - - [10/Jun/2026:16:42:27 +0200] "GET /.env.qa HTTP/1.1" 404 124 "-" "Opera/9.80 (And ... show more 35.199.111.152 - - [10/Jun/2026:16:42:27 +0200] "GET /.env.qa HTTP/1.1" 404 124 "-" "Opera/9.80 (Android; Opera Mini/7.5.33361/31.1543; U; en) Presto/2.8.119 Version/11.1010" 35.199.111.152 - - [10/Jun/2026:16:42:27 +0200] "GET /env.backup HTTP/1.1" 404 124 "-" "WebZIP/3.5 (http://www.spidersoft.com)" 35.199.111.152 - - [10/Jun/2026:16:42:27 +0200] "GET /.env.txt HTTP/1.1" 404 184 "-" "Mozilla/5.0 (Linux; U; Android 9; en-us; POCOPHONE F1 Build/PKQ1.180729.001) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/10.9.7-g" 35.199.111.152 - - [10/Jun/2026:16:42:27 +0200] "GET /api/.env HTTP/1.1" 404 184 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3724.8 Safari/537.36" 35.199.111.152 - - [10/Jun/2026:16:42:27 +0200] "GET /.env.backup HTTP/1.1" 404 124 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/74.0.3729.155 Mobile/15E1 ... show less	Bad Web Bot Web App Attack
🇩🇪 Viveronese	2026-06-10 08:22:01 (2 days ago)	HTTP vulnerability scanning	Web App Attack
🇩🇪 EGP Abuse Dept	2026-06-10 02:02:46 (3 days ago)	Scanning for web/db/file exploits on www.jdstaal.nl	SQL Injection Bad Web Bot Web App Attack

Showing 1 to 15 of 39 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2001:470:1:c84::b2

🇩🇪 217.154.144.111

🇳🇱 195.178.110.188

🇧🇿 190.197.31.229

🇷🇴 80.94.92.186

🇺🇸 66.175.212.77

🇰🇷 211.187.7.14

🇬🇧 185.99.255.24

🇭🇰 152.32.213.168

🇺🇸 147.185.132.206

🇩🇪 139.59.130.75

🇮🇪 89.106.136.89

🇺🇸 64.62.156.66

🇬🇧 57.128.131.65

🇺🇸 50.116.30.65

🇰🇷 34.64.156.78

🇨🇳 14.103.123.16

🇬🇧 2a06:4880:8000::b3

🇬🇧 217.146.80.105

🇬🇭 102.221.30.186