JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 35.228.239.2

35.228.239.2 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 84%: ?

84%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	2.239.228.35.bc.googleusercontent.com
Domain Name	google.com
Country	🇫🇮 Finland
City	Lappeenranta, South Karelia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 35.228.239.2

Whois 35.228.239.2

IP Abuse Reports for 35.228.239.2:

This IP address has been reported a total of 18 times from 16 distinct sources. 35.228.239.2 was first reported on June 8th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 Burayot	2026-06-11 11:24:15 (2 days ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 35.228.239.2 (FI/Finland/2.239.228.3 ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 35.228.239.2 (FI/Finland/2.239.228.35.bc.googleusercontent.com): 2 in the last 3600 secs show less	Web App Attack
🇨🇦 lakered	2026-06-11 04:56:12 (2 days ago)	Detectors: [NGINX] \| Reasons: Nginx Honeypot: Administration interface scan \| Tech Evidence: JA4H: 6 ... show more Detectors: [NGINX] \| Reasons: Nginx Honeypot: Administration interface scan \| Tech Evidence: JA4H: 66b3fb3a266bdbd02fe4019428cc496a, Incomplete-Browser-Profile (Missing: Accept, Accept-Language), TLS-JA4-Spoofing-Detected (UA claims Browser but JA4 reports No-HTTP/2: t13d190900), JA4: t13d190900 \| UA: Mozilla/5.0 (Linux; Android 9; Mi A1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Mobile Safari/537.36 show less	Port Scan Web App Attack
🇫🇷 masterguru	2026-06-11 04:17:01 (2 days ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 35.228.239.2 (FI/Finland/2.239.228.35 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 35.228.239.2 (FI/Finland/2.239.228.35.bc.googleusercontent.com): 1 in the last 3600 secs (0-195) show less	Hacking
Anonymous	2026-06-11 03:10:37 (2 days ago)	35.228.239.2 - - [11/Jun/2026:03:10:37 +0000] "GET /wp-json/wp/v2/settings HTTP/1.1" 404 19661 "-" " ... show more 35.228.239.2 - - [11/Jun/2026:03:10:37 +0000] "GET /wp-json/wp/v2/settings HTTP/1.1" 404 19661 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.2; es-US ) AppleWebKit/540.0 (KHTML like Gecko) Version/6.0 Safari/8900.00" ... show less	Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-10 17:56:33 (3 days ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 findlab	2026-06-10 13:35:01 (3 days ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇬🇧 poundawebsiteltd	2026-06-10 05:42:23 (3 days ago)	Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 35.228.239.2 - - [10/Jun/2026:06 ... show more Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 35.228.239.2 - - [10/Jun/2026:06:42:22 +0100] GET /wp-json/gravitysmtp/v1/config HTTP/1.1 403 3109 - Mozilla/5.0 (compatible; Konqueror/4.5; FreeBSD) KHTML/4.5.4 (like Gecko) show less	Web App Attack
🇨🇭 backslash	2026-06-10 03:48:01 (3 days ago)	block ruleset WAF detection and high score on abuseIPDB 149EB1B42C242111FADBBC2EF8F90219570691E1	Bad Web Bot
🇺🇸 mnsf	2026-06-10 00:11:33 (4 days ago)	Too many Status 40X (25)	Brute-Force Web App Attack
🇫🇷 conseilgouz	2026-06-09 22:43:00 (4 days ago)	mae-7 : Trying access unauthorized files/dir=>/wp-json/wp/v2/settings	Hacking
🇨🇦 polycoda	2026-06-09 19:00:20 (4 days ago)	AutoBlock: ⚙️ Configuration File Access (Non Decay-Based)	Hacking Web App Attack
🇬🇧 consul.to	2026-06-09 16:59:00 (4 days ago)	Web attack/malicious scanning detected	Web App Attack
🇨🇿 Prcek	2026-06-09 09:31:14 (4 days ago)	PortScan:HOST=35.228.239.2,DPORTS=443	Port Scan
🇸🇬 serverutama	2026-06-09 01:03:21 (5 days ago)	Nginx scanner: 35.228.239.2 - - [09/Jun/2026:08:01:54 +0700] "GET /wp-json/gravitysmtp/v1/settings H ... show more Nginx scanner: 35.228.239.2 - - [09/Jun/2026:08:01:54 +0700] "GET /wp-json/gravitysmtp/v1/settings HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Linux; Android 9; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36" "-" 35.228.239.2 - - [09/Jun/2026:08:01:54 +0700] "GET /wp-json/gravitysmtp/v1/tests/mock-data HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Linux; Android 9; STF-L09) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36" "-" show less	Web App Attack Bad Web Bot
🇬🇧 consul.to	2026-06-08 12:15:00 (5 days ago)	Web attack/malicious scanning detected	Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.116.59.144

🇧🇷 189.114.136.231

🇻🇪 154.62.123.117

🇭🇰 152.32.189.59

🇨🇦 142.93.153.43

🇻🇳 103.179.172.233

🇩🇪 69.5.169.127

🇺🇸 2001:470:1:fb5::22b

🇪🇸 193.125.46.254

🇦🇷 190.221.217.137

🇭🇰 152.32.171.99

🇯🇵 124.156.212.23

🇨🇳 123.145.9.253

🇺🇸 104.248.77.54

🇩🇪 57.129.5.143

🇺🇸 47.88.94.171

🇳🇱 45.148.10.151

🇬🇧 45.82.76.117

🇺🇸 20.65.194.183

🇺🇸 205.210.31.77