JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 35.228.159.234

35.228.159.234 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 52%: ?

52%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	234.159.228.35.bc.googleusercontent.com
Domain Name	google.com
Country	🇫🇮 Finland
City	Lappeenranta, South Karelia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 35.228.159.234

Whois 35.228.159.234

IP Abuse Reports for 35.228.159.234:

This IP address has been reported a total of 10 times from 9 distinct sources. 35.228.159.234 was first reported on June 13th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-13 15:38:23 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 35.228.159.234 (234.159.228.35.bc.googleusercon ... show more (mod_security) mod_security (id:210730) triggered by 35.228.159.234 (234.159.228.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 11:38:18.136520 2026] [security2:error] [pid 6067:tid 6067] [client 35.228.159.234:55772] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|plava.org\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "plava.org"] [uri "/.config/gcloud/credentials.db"] [unique_id "ai15akMYLqjHgmmRm5v0wAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-13 10:06:01 (5 days ago)	Scanning/Probing (61) Request Overload (383)	Brute-Force Web App Attack
🇩🇪 maxpower	2026-06-13 09:50:56 (5 days ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 35.228.159.234 (FI/Finland/234.159.228.3 ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 35.228.159.234 (FI/Finland/234.159.228.35.bc.googleusercontent.com): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 35.228.159.234 - - [13/Jun/2026:11:50:51 +0200] "GET /config/.aws/credentials HTTP/1.1" 404 355 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" "-" host=gessoart.it 35.228.159.234 - - [13/Jun/2026:11:50:51 +0200] "GET /.aws/credentials HTTP/1.1" 404 355 "-" "Mozilla/5.0 (iPad; U; CPU iPad OS 5_0_1 like Mac OS X; en-us) AppleWebKit/535.1+ (KHTML like Gecko) Version/7.2.0.0 Safari/6533.18.5" "-" host=gessoart.it show less	Port Scan
🇺🇸 WellSpring	2026-06-13 09:39:05 (5 days ago)	generic probe on 779.today/src/config.php — WellSpr.ing/NetSentinel civic-AI security layer	Bad Web Bot
🇬🇧 Celtic	2026-06-13 09:05:00 (5 days ago)	Blocked by Fail2Ban with Jail (plesk-modsecurity)	Brute-Force SSH
🇩🇪 gadix	2026-06-13 05:53:54 (5 days ago)	[13/Jun/2026:07:53:52.230776 +0200] aizwcPFphNYP--z9ZaoxEgAAAI0 35.228.159.234 51924 127.0.0.1 7081 ... show more [13/Jun/2026:07:53:52.230776 +0200] aizwcPFphNYP--z9ZaoxEgAAAI0 35.228.159.234 51924 127.0.0.1 7081 [13/Jun/2026:07:53:52.378843 +0200] aizwcPFphNYP--z9ZaoxGAAAAIk 35.228.159.234 52122 127.0.0.1 7081 [13/Jun/2026:07:53:52.403680 +0200] aizwcPFphNYP--z9ZaoxHAAAAII 35.228.159.234 52172 127.0.0.1 7081 ... show less	Web App Attack
🇮🇹 VHosting	2026-06-13 04:50:03 (5 days ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇨🇭 ca	2026-06-13 04:49:19 (5 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-crawl-non_statics	Web App Attack Bad Web Bot
🇫🇷 masterguru	2026-06-13 04:42:34 (6 days ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-193)	Hacking
🇺🇸 TPI-Abuse	2026-06-13 03:21:18 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 35.228.159.234 (234.159.228.35.bc.googleusercon ... show more (mod_security) mod_security (id:210730) triggered by 35.228.159.234 (234.159.228.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 23:21:12.510337 2026] [security2:error] [pid 15854:tid 15854] [client 35.228.159.234:60140] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|greenquince.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "greenquince.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aizMqHSWTInW6h8WBoDErAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.223.235.14

🇺🇸 162.216.149.102

🇮🇳 103.24.135.217

🇺🇸 20.168.99.52

🇰🇷 220.80.232.146

🇺🇸 209.71.184.240

🇭🇰 172.253.237.22

🇺🇸 107.170.196.135

🇳🇱 81.19.216.67

🇹🇷 78.135.66.249

🇮🇶 65.20.217.64

🇳🇱 45.148.10.152

🇳🇱 45.148.10.141

🇺🇸 23.146.240.24

🇹🇼 198.235.24.79

🇸🇬 188.166.215.16

🇳🇱 185.242.226.9

🇺🇸 170.106.103.20

🇺🇸 108.21.226.164

🇭🇺 84.225.51.158