High Risk
IP 35.233.95.0, registered in Belgium and operated through Google Cloud Platform (ASN AS396982), presents a high-risk threat profile with a threat level of 8/10 and 1776 total abuse reports filed against it, indicating sustained malicious activity over approximately six months between October 2025 and April 2026. The dominant threat category is general hacking activity, with automated honeypot sensors across twenty distinct sources consistently detecting unauthorized intrusion attempts and exploitation behaviour originating from this address.
The volume of reports is notably high given the six-month observation window, averaging roughly 296 confirmed incident reports per month. Detection data from automated honeypot infrastructure identified the address attempting to establish attack connections, with Suricata network monitoring systems flagging the use of potentially unsafe SMBv1 protocol traffic, a known vector for malware propagation and lateral movement. This SMBv1 signature is particularly significant as the protocol is deprecated due to its involvement in widespread ransomware campaigns and lateral exploitation chains. Combined with the "Exploited Host" classification, evidence strongly suggests this Google Cloud Platform address belongs to a compromised virtual machine being weaponised by threat actors to conduct scanning and exploitation activities without the legitimate operator's knowledge.
Hacking activity of this nature poses concrete risks to any exposed services, particularly Windows-based systems listening on SMB ports, as successful exploitation could result in remote code execution, data exfiltration or ransomware deployment. The use of a cloud provider IP for these attacks also enables threat actors to bypass reputation-based blocking that might otherwise filter residential or known-bad IP ranges. Site operators running accessible services should treat inbound connections from this address as hostile and ensure defensive controls are applied at the network perimeter.
Immediate mitigation steps include blocking all inbound traffic from 35.233.95.0 at the firewall level, configuring fail2ban or equivalent intrusion-prevention tools to automatically drop repeated suspicious connections, and ensuring all accessible services are fully patched with particular attention to SMB vulnerabilities. Operators should also consider filing an abuse report with Google Cloud Platform using their designated channels, as this IP likely represents a compromised cloud resource that requires remediation by the account holder.
JP 
GB 
TW 
TM 
VN 
UA 
DZ