Severe Risk
IP 198.235.24.42 is a high-risk address operating from Google Cloud Platform infrastructure within the United States that has accumulated 1051 abuse reports from automated honeypot sensors over roughly nine months, with a threat level of 10/10 and a dominant profile aligned to hacking activity and IoT-targeted intrusion attempts. The volume of reports, combined with a 72% confidence score and a consistent activity frequency rated 4/10, indicates this is not an isolated or accidental probe but an active, ongoing campaign rather than a single burst of opportunistic scanning. With 20 independent honeypot sources reporting and 1051 total incidents logged between August 2025 and May 2026, the address demonstrates persistent, deliberate engagement against exposed services worldwide.
The detection data reveals a dual focus: general hacking probes encompassing unauthorized access attempts and vulnerability exploitation, alongside specifically targeting IoT and ICS devices — a pattern corroborated by honeypot events and Suricata alerts flagging stream-packet anomalies and application-layer protocol mismatches. The presence of "broken ack" and "protocol mismatch" alerts suggests the actor is crafting or manipulating TCP streams to evade detection or exploit stateful inspection weaknesses in IoT firmware. Network operator Google Cloud Platform provides this address with the reputational ambiguity of a major cloud provider, meaning blocking solely by ASN may introduce collateral friction, yet the sustained and concentrated nature of the reports outweighs that consideration for targeted defenses.
For security teams managing exposed services, the concrete risk is clear: IoT devices on networks where this address has been observed face elevated credential-brute-force and protocol-exploitation threats, while general server infrastructure faces probing for known vulnerabilities and misconfigurations. The broken-ack anomalies observed in the traffic may indicate reconnaissance ahead of exploitation or attempts to trigger denial-of-service conditions in poorly hardened devices. Organizations with default-configured or unpatched IoT deployments are at the highest risk, as the attack pattern is explicitly oriented toward that exposure class.
Immediate defensive measures should include blocking or rate-limiting connections from this address at the network edge, enforcing strong unique credentials and firmware updates on all IoT devices, and isolating IoT segments from critical infrastructure using network segmentation. Deploying fail2ban or equivalent log-analysis tools to auto-block repeated authentication failures will reduce the effectiveness of brute-force attempts, while tuning intrusion-detection rules for the Suricata signatures observed will improve detection of subsequent waves from this or related actors. Continuous monitoring of inbound connection logs for the identified pattern will allow rapid response if the campaign shifts tactics.
JP 
BE 
GB 
TW 
UA