Severe Risk
IP 34.77.70.250 is a critical-risk address operating from Google Cloud Platform infrastructure in Belgium, generating 205 abuse reports over approximately two months with a 96% confidence score and a dominant pattern of automated hacking activity targeting web servers and content management systems.
Detection data shows 20 total categorized incident reports sourced from 18 automated honeypot sensors and 2 community submissions, with the IP first reported in January 2026 and most recently flagged in February 2026. The activity frequency rating of 8/10 indicates sustained, repeated offensive operations rather than isolated probes. Network reconnaissance and unauthorized access attempts were documented through automated scanner detection on standard web ports, including systematic attempts to execute unauthorized WordPress scheduled tasks. The hosting environment—Google Cloud Platform's AS396982—is a known abuse vector because threat actors frequently leverage cloud infrastructure for its reputation anonymity and global reach, making attribution and blocking more complex for defenders.
The predominant threat category, Hacking, encompasses automated intrusion attempts, vulnerability probing, and unauthorized command execution against exposed services. The specific attack patterns observed—automated web crawling followed by unauthorized WP-Cron execution attempts—indicate a coordinated reconnaissance and exploitation campaign targeting WordPress installations at scale. This methodology allows attackers to identify unpatched plugins or misconfigured task scheduling mechanisms, potentially enabling subsequent data exfiltration, malware deployment, or network pivoting. The simultaneous presence of Bad Web Bot and DDoS activity suggests this IP may form part of a broader criminal infrastructure cluster conducting multiple attack vectors simultaneously.
Site operators should immediately block or challenge traffic from this address at the network edge, implement strict rate-limiting on authentication and administrative endpoints, and enforce strong credential policies to resist brute-force attempts. Deploying web application firewalls with signature-based detection and configuring tools such as fail2ban to automatically ban repeated offenders will significantly reduce exposure. Regular patching of content management systems and their plugins—particularly WordPress components—closes the exploitation pathways these automated scanners target. Continuous monitoring of access logs for the observed patterns will help identify any successful compromise before data loss occurs.
JP 
GB 
TW