JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 35.228.211.38

35.228.211.38 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 60%: ?

60%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	38.211.228.35.bc.googleusercontent.com
Domain Name	google.com
Country	🇫🇮 Finland
City	Lappeenranta, South Karelia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 35.228.211.38

Whois 35.228.211.38

IP Abuse Reports for 35.228.211.38:

This IP address has been reported a total of 10 times from 9 distinct sources. 35.228.211.38 was first reported on June 13th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-13 10:54:56 (1 hour ago)	Restricted File Access Attempt. Matched phrase "config.json" at REQUEST_FILENAME. (930130-196)	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 09:16:51 (2 hours ago)	(mod_security) mod_security (id:210730) triggered by 35.228.211.38 (38.211.228.35.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 35.228.211.38 (38.211.228.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 05:16:45.983262 2026] [security2:error] [pid 27263:tid 27263] [client 35.228.211.38:56646] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.infinite-a.com.sendalawyerletter.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.infinite-a.com.sendalawyerletter.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "ai0f_YeOI1iktjt0guILHgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 rafli	2026-06-13 07:13:29 (4 hours ago)	{"level":"info","ts":1781334807.2701688,"logger":"http.log.access.log3","msg":"handled request","req ... show more {"level":"info","ts":1781334807.2701688,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_ip":"35.228.211.38","remote_port":"39228","client_ip":"35.228.211.38","proto":"HTTP/1.1","method":"GET","host":"support.wa.trada112.id","uri":"/actuator/heapdump","headers":{"User-Agent":["Mozilla/5.0 (Linux; Android 7.0; HUAWEI VNS-L31) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"support.wa.trada112.id","ech":false}},"bytes_read":0,"user_id":"","duration":0.016054861,"size":1375,"status":404,"resp_headers":{"Permissions-Policy":["accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"],"X-Frame-Options":["SAMEORIGIN"],"Via":["1.1 Caddy"],"X-Runtime":["0.009677"],"Strict-Transport-Security":["max-age=63072000; includeSubDo ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 06:38:36 (5 hours ago)	(mod_security) mod_security (id:210730) triggered by 35.228.211.38 (38.211.228.35.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 35.228.211.38 (38.211.228.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 02:38:28.711875 2026] [security2:error] [pid 12565:tid 12613] [client 35.228.211.38:43710] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.henrisphoto.robertdanielsllc.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.henrisphoto.robertdanielsllc.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aiz65IognBwoFTR1j0t6tgAAAcg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-13 06:07:26 (5 hours ago)	Too many Status 40X (11) Scanning/Probing (61) Request Overload (383)	Brute-Force Web App Attack
🇩🇪 updown.io	2026-06-13 05:36:33 (6 hours ago)	{"level":"info","ts":1781328992.1650262,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1781328992.1650262,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"35.228.211.38","remote_port":"36866","client_ip":"35.228.211.38","proto":"HTTP/1.1","method":"GET","host":"gfedcbaupdate.yupdate.qtsrqponmlkjilkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/actuator/threaddump","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"]}},"bytes_read":0,"user_id":"","duration":0.000066978,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://gfedcbaupdate.yupdate.qtsrqponmlkjilkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/actuator/threaddump"],"Content-Type":[]}} {"level":"info","ts":1781328992.1711826,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"35.228.21 ... show less	DDoS Attack Web App Attack
🇩🇪 gadix	2026-06-13 05:07:30 (6 hours ago)	[13/Jun/2026:07:07:28.566890 +0200] aizlkMvaJ2hqQAHYn_30vAAAABE 35.228.211.38 53168 127.0.0.1 7081 [ ... show more [13/Jun/2026:07:07:28.566890 +0200] aizlkMvaJ2hqQAHYn_30vAAAABE 35.228.211.38 53168 127.0.0.1 7081 [13/Jun/2026:07:07:28.620758 +0200] aizlkL9Wtih2UWdlB9KcnQAAAAg 35.228.211.38 53280 127.0.0.1 7081 [13/Jun/2026:07:07:28.682712 +0200] aizlkL9Wtih2UWdlB9KcngAAAAg 35.228.211.38 53370 127.0.0.1 7081 ... show less	Web App Attack
🇮🇹 VHosting	2026-06-13 04:40:03 (7 hours ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇪🇸 pipeline.es	2026-06-13 03:24:47 (8 hours ago)	Web scanning / probing for vulnerable paths \| URL: /web.config \| Evidence: www.aevav.com 35.228.211. ... show more Web scanning / probing for vulnerable paths \| URL: /web.config \| Evidence: www.aevav.com 35.228.211.38 - - [13/Jun/2026:05:24:29 +0200] \"GET /web.config HTTP/1.1\" 404 - \"-\" \"Mozilla/5.0 (Linux; Android 9; ELE-L09) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36\" GEOIP_COUNTRY_CODE=FI \| ASN: GOOGLE-CLOUD-PLATFORM \| Country: FI show less	Port Scan Web App Attack
🇳🇱 Cloud86 B.V.	2026-06-13 03:13:05 (8 hours ago)	categories: DDoS Attack	DDoS Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 171.25.158.68

🇨🇳 123.233.236.150

🇫🇮 77.105.161.120

🇺🇸 74.249.144.130

🇺🇸 72.14.147.183

🇩🇪 69.5.169.172

🇰🇪 197.248.34.233

🇱🇹 62.60.130.14

🇳🇱 45.198.224.134

🇭🇰 20.2.90.131

🇭🇰 165.154.60.76

🇩🇪 134.122.93.100

🇮🇳 103.19.136.6

🇳🇱 34.7.137.192

🇩🇪 193.124.20.238

🇩🇪 172.68.195.189

🇯🇵 124.18.182.99

🇧🇪 104.155.27.82

🇮🇩 36.64.190.82

🇺🇸 35.221.9.233