Maximum Danger
IP 35.200.237.19 is a critical-risk address operating from Google Cloud Platform infrastructure in India that has accumulated 880 abuse reports primarily documenting sustained SSH brute-force activity, with the additional concern that automated honeypot sensors have classified portions of this traffic as originating from an exploited host. This IP presents a direct threat to any publicly accessible SSH service.
Analysis of the 880 reports filed between October 2025 and April 2026 reveals consistent detection across 20 independent automated honeypot sensors, with the majority of threat signatures categorised as SSH-related intrusion attempts alongside generalised hacking activity and confirmed exploited-host indicators. The network route traces to AS396982, operated by Google Cloud Platform, meaning the attacking infrastructure is cloud-hosted rather than a residential connection. While the reported activity frequency metric suggests the volume of current operations has decreased, the historical report count and multiple exploit-category confirmations indicate persistent engagement in credential attacks over a six-month observation window.
The dominant threat pattern involves automated SSH brute-force attempts, a technique where adversaries cycle through common username/password combinations to gain unauthorised shell access to servers. When paired with exploited-host classification, this suggests the cloud instance itself may have been compromised and subsequently weaponised by threat actors to conduct these attacks, effectively masking their true origin infrastructure while leveraging Google's IP ranges for their campaign. This dual classification elevates the risk beyond a simple scanning IP because the host has demonstrably been used to compromise systems.
Network defenders should immediately block 35.200.237.19 at the firewall or network perimeter level and audit inbound SSH connections for any successful sessions from this address. Organisations running accessible SSH services should enforce key-based authentication exclusively, disable root login, and change the default port to reduce exposure surface. Implementing automated response tools such as fail2ban can dynamically ban repeated offenders. Because this IP belongs to Google Cloud Platform infrastructure, organisations with existing channels to Google or relevant abuse-reporting frameworks should consider submitting a formal report to facilitate remediation of the potentially compromised cloud instance.
JP 
BE 
GB 
TW 
FR 
HK 
SE 
VN