JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 35.234.105.48

35.234.105.48 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 56%: ?

56%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	48.105.234.35.bc.googleusercontent.com
Domain Name	google.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 35.234.105.48

Whois 35.234.105.48

IP Abuse Reports for 35.234.105.48:

This IP address has been reported a total of 11 times from 10 distinct sources. 35.234.105.48 was first reported on June 8th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-08 22:03:32 (1 week ago)	Auto-ban: >3000 req/min op 2026-06-08	Web App Attack SSH Hacking
🇮🇪 Jim Keir	2026-06-08 17:23:18 (1 week ago)	2026-06-08 17:23:18 35.234.105.48 File scanning, blocking 35.234.105.48 for 5 minutes	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 15:54:42 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 35.234.105.48 (48.105.234.35.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 35.234.105.48 (48.105.234.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 11:54:37.193605 2026] [security2:error] [pid 3953:tid 3967] [client 35.234.105.48:44486] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.exedesalesteam.exede-sales.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.exedesalesteam.exede-sales.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aiblvSB3Lv8RXAzc8H_VPwAAAII"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 14:51:36 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 35.234.105.48 (48.105.234.35.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 35.234.105.48 (48.105.234.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 10:51:33.021918 2026] [security2:error] [pid 29254:tid 29254] [client 35.234.105.48:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.wiszen.org\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.wiszen.org"] [uri "/.config/gcloud/credentials.db"] [unique_id "aibW9ZoNLJXeo1c96PfGVgAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 WeCloudit-Anti-Abuse	2026-06-08 14:00:03 (1 week ago)	SPAM - Bruteforce Attack - DDOS 2	Email Spam Brute-Force
🇺🇦 URAN Publishing Service	2026-06-08 12:09:50 (1 week ago)	35.234.105.48 - - [08/Jun/2026:15:09:35 +0300] "GET /wp-config.php~ HTTP/1.1" 404 3298 "-" "Mozilla/ ... show more 35.234.105.48 - - [08/Jun/2026:15:09:35 +0300] "GET /wp-config.php~ HTTP/1.1" 404 3298 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36" 35.234.105.48 - - [08/Jun/2026:15:09:35 +0300] "GET /wp-config.php.old HTTP/1.1" 404 3298 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 YaBrowser/19.3.1.828 Yowser/2.5 Safari/537.36" ... show less	Web App Attack
🇩🇪 Hazzard	2026-06-08 06:26:57 (1 week ago)	(mod_security) mod_security triggered on hostname [redacted]): (CF_ENABLE)	SQL Injection
🇩🇪 pigro	2026-06-08 04:47:21 (1 week ago)	35.234.105.48 - - [08/Jun/2026:06:47:20 +0200] "GET /api/actuator/env HTTP/1.1" 301 5 "-" "Mozilla/5 ... show more 35.234.105.48 - - [08/Jun/2026:06:47:20 +0200] "GET /api/actuator/env HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" 35.234.105.48 - - [08/Jun/2026:06:47:20 +0200] "GET /api/actuator/configprops HTTP/1.1" 301 5 "-" "libwww-perl/5.820" ... show less	Web App Attack
🇺🇸 mnsf	2026-06-08 03:08:54 (1 week ago)	Scanning/Probing (61) Request Overload (383)	Brute-Force Web App Attack
🇮🇹 VHosting	2026-06-08 02:40:03 (1 week ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇳🇱 wlt-blocker	2026-06-08 01:43:19 (1 week ago)	Unauthorized access to webpage admin	Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇴 200.105.172.184

🇺🇸 2607:f8b0:4001:c17::123

🇹🇼 198.235.24.64

🇧🇷 177.71.76.152

🇺🇸 147.185.132.210

🇷🇴 80.94.92.186

🇺🇸 47.251.190.104

🇳🇱 45.148.10.151

🇦🇴 154.116.254.157

🇸🇬 129.226.221.96

🇨🇳 123.52.35.143

🇫🇷 91.231.89.221

🇨🇦 85.217.149.17

🇧🇬 78.128.114.58

🇹🇷 77.92.144.97

🇺🇸 3.225.45.252

🇺🇸 3.131.220.121

🇹🇼 211.75.210.109

🇵🇭 112.207.172.37

🇭🇰 210.209.70.129