Severe Risk
IP 35.187.31.145, allocated to Google Cloud Platform in Belgium, presents a critical threat with a 10/10 threat level and 96% confidence based on 223 total reports. Automated honeypot sensors detected this address conducting systematic hacking activity spanning November 2025 through February 2026, with an activity frequency rating of 8/10 indicating persistent, ongoing engagement. The overwhelming majority of threat reports cite general hacking activity, supplemented by smaller volumes of exploited host, bad web bot and web application attack signatures, making this one of the most consistently reported addresses in recent threat feeds.
Detection data shows 18 separate automated honeypot sensors registered events associated with this IP, supplemented by 2 community-sourced reports. The honeypot captures document automated scanner probes targeting web infrastructure, with evidence of both web application probing and malware or exploit-related activity. NGINX log analysis from sensor data reveals automated reconnaissance scanning with requests to root URI paths, a classic indicator of initial compromise or vulnerability scanning campaigns. ElasticPot-style web application honeypot sensors also recorded direct attack connections, confirming deliberate targeting of web-facing services rather than incidental traffic.
The dominant hacking classification encompasses intrusion attempts, vulnerability exploitation and unauthorized access campaigns against exposed services. Combined with the exploited host signals, evidence suggests this cloud IP is functioning as an active attack platform, either under attacker control or co-opted into brute-force or scanning botnets. The bad web bot indicators point to aggressive automated traffic that ignores standard protocols, potentially harvesting content or probing for web application weaknesses. For any organization running publicly accessible SSH, HTTP or custom application services, this address represents a concrete risk of repeated probing, credential attacks or exploitation attempts that could lead to service disruption or unauthorized system access.
Site operators should immediately block 35.187.31.145 at the network perimeter firewall or WAF layer given the sustained threat activity and critical severity rating. Implementing fail2ban or similar intrusion prevention tools to dynamically ban repeated offenders provides automated protection against the observed scanning patterns. Rate limiting on authentication endpoints and enforcing strong credential policies significantly reduces the effectiveness of any brute-force attempts originating from this address. Continuous monitoring of access logs for repeated probes from this IP and similar cloud-hosted addresses enables rapid response to emerging threat patterns.
JP 
GB 
TW