JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 35.228.38.150

35.228.38.150 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 59%: ?

59%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	150.38.228.35.bc.googleusercontent.com
Domain Name	google.com
Country	🇫🇮 Finland
City	Lappeenranta, South Karelia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 35.228.38.150

Whois 35.228.38.150

IP Abuse Reports for 35.228.38.150:

This IP address has been reported a total of 17 times from 11 distinct sources. 35.228.38.150 was first reported on June 8th 2026, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-09 22:04:30 (6 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-08. show less	Web App Attack SSH Hacking
🇮🇩 PENJAGA.AUM	2026-06-09 15:28:49 (6 days ago)	35.228.38.150 - Attack: Possible XSS attack, js event handler	Web App Attack SQL Injection Spoofing
🇳🇱 homeshowdomain.nl	2026-06-08 22:07:22 (1 week ago)	Auto-ban: >3000 req/min op 2026-06-08	Web App Attack SSH Hacking
🇮🇩 PENJAGA.AUM	2026-06-08 13:03:07 (1 week ago)	35.228.38.150 - Attack: Possible XSS attack, js event handler	Web App Attack SQL Injection Spoofing
🇺🇸 TPI-Abuse	2026-06-08 11:29:06 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 35.228.38.150 (150.38.228.35.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 35.228.38.150 (150.38.228.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 07:29:00.408892 2026] [security2:error] [pid 25451:tid 25451] [client 35.228.38.150:36932] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.creativemediacommunications.cmcnow.net\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.creativemediacommunications.cmcnow.net"] [uri "/.config/gcloud/credentials.db"] [unique_id "aianfMLNkwb4ATOBT4rC3AAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 10:49:14 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 35.228.38.150 (150.38.228.35.bc.googleuserconte ... show more (mod_security) mod_security (id:210492) triggered by 35.228.38.150 (150.38.228.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 06:49:09.118441 2026] [security2:error] [pid 17960:tid 17960] [client 35.228.38.150:40054] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ropesandsneakers.com.flatchestedmama.com"] [uri "/.htpasswd"] [unique_id "aiaeJfhRHloaEq8tUdb8rAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 10:23:45 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 35.228.38.150 (150.38.228.35.bc.googleuserconte ... show more (mod_security) mod_security (id:210492) triggered by 35.228.38.150 (150.38.228.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 06:23:39.494026 2026] [security2:error] [pid 26878:tid 26878] [client 35.228.38.150:45060] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.wvbigdaddy.com"] [uri "/config/parameters.yml"] [unique_id "aiaYK-fzJiW7C-TTy1P7JgAAACM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-08 10:20:03 (1 week ago)	\| Suspicious URL access.	Web App Attack Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-06-08 09:09:08 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 35.228.38.150 (150.38.228.35.bc.googleuserconte ... show more (mod_security) mod_security (id:210492) triggered by 35.228.38.150 (150.38.228.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:09:03.649274 2026] [security2:error] [pid 29223:tid 29223] [client 35.228.38.150:52060] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.fsmfl.com"] [uri "/wp-config.php.old"] [unique_id "aiaGr5KR4vel8V5yDD5--wAAAEs"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-08 06:35:31 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
Anonymous	2026-06-08 04:42:30 (1 week ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇺🇸 ambor	2026-06-08 04:04:45 (1 week ago)	Honeypot access: PHP file scan attempt: /api/phpinfo.php. Path: /api/phpinfo.php	Web App Attack
🇩🇪 updown.io	2026-06-08 03:45:59 (1 week ago)	{"level":"info","ts":1780890358.008478,"logger":"http.log.access.log1","msg":"handled request","requ ... show more {"level":"info","ts":1780890358.008478,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"35.228.38.150","remote_port":"51650","client_ip":"35.228.38.150","proto":"HTTP/1.1","method":"GET","host":"zyxupdate.psrqponmlkjilkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/actuator/logfile","headers":{"Accept-Encoding":["gzip"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.80 Safari/537.36"],"Accept-Charset":["utf-8"]}},"bytes_read":0,"user_id":"","duration":0.000027202,"size":0,"status":308,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Connection":["close"],"Location":["https://zyxupdate.psrqponmlkjilkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/actuator/logfile"]}} {"level":"info","ts":1780890358.015174,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"35.228.38.150","remote_port":"51662", ... show less	DDoS Attack Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 02:46:43 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 35.228.38.150 (150.38.228.35.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 35.228.38.150 (150.38.228.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 22:46:39.454149 2026] [security2:error] [pid 1217:tid 1239] [client 35.228.38.150:46116] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|esgcommission.org\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "esgcommission.org"] [uri "/.config/gcloud/credentials.db"] [unique_id "aiYtD2GstBcZHrhSe00O-AAAAJI"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-06-08 02:15:04 (1 week ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 193.176.31.236

🇮🇳 152.32.156.138

🇬🇧 143.110.170.196

🇰🇷 118.33.113.91

🇨🇳 111.53.106.140

🇱🇦 103.114.147.217

🇺🇸 66.132.195.21

🇨🇳 42.179.119.185

🇬🇧 35.203.211.181

🇺🇸 2607:f8b0:4001:c0d::124

🇷🇺 193.17.92.5

🇦🇷 186.57.3.137

🇺🇸 154.83.197.72

🇨🇳 117.91.186.55

🇫🇷 91.231.89.176

🇫🇷 91.231.89.6

🇺🇸 65.49.1.222

🇳🇱 45.148.10.151

🇨🇳 42.51.32.228

🇩🇪 207.154.212.47