Severe Risk
IP 35.233.5.189 is a critical-risk address with a threat level of 10/10 and a 96% confidence score, originating from Google Cloud Platform infrastructure in Belgium and linked to 199 reported incidents of hacking activity and exploited host behavior between January and March 2026.
The IP generated 199 reports across 20 automated honeypot sensors with an activity frequency rated 8/10, indicating sustained and aggressive engagement with target systems. Detection spanned from January 2026 through March 2026, with the most recent confirmed activity occurring in March 2026. The address routes through AS396982 operated by Google Cloud Platform, suggesting the infrastructure belongs to either a compromised cloud customer instance or is being actively weaponized as a disposable attack platform. Community reports and automated sensors recorded both general hacking probes and evidence of exploitation activity, with the dominant threat category being direct hacking attempts.
The reported attack patterns—classified as "attack connection" and "malware/exploit activity"—indicate this IP is actively conducting connection-based attacks and likely distributing or executing malicious payloads against exposed services. The exploited host classification confirms the source system itself has been compromised and is now being repurposed as an unwitting attack vehicle without the knowledge of its legitimate operator. This dual behavior presents a compounded risk: the address functions as both an intrusion tool and a potential vector for malware propagation, making it dangerous to any publicly accessible service it targets.
Site operators should immediately block this IP at the network perimeter and implement log monitoring to identify any related connection attempts. Deploying automated threat-response tools such as fail2ban can detect and mitigate repeated attack patterns in real time. System patching, strong authentication requirements, and intrusion detection signatures aligned with the observed exploit activity will reduce exposure to this threat vector. Organizations should also consider notifying Google Cloud Platform's abuse team given the compromised hosting infrastructure, and audit any cloud instances for signs of unauthorized access or compromise.
JP 
GB 
TW