Extreme Threat
IP 35.240.174.82 is a critical-risk address with a 10/10 threat level and 1724 total abuse reports, indicating sustained malicious activity originating from Google Cloud infrastructure in Singapore. With a confidence score of 88% and activity frequency rated 8/10, this IP has been continuously reported over approximately six months between December 2025 and May 2026, making it one of the most persistently hostile addresses documented in contemporary threat feeds. All 20 most recent reports attribute the activity to automated honeypot sensors, confirming systematic scanning and intrusion attempts rather than isolated incidents.
The network operator AS396982 (Google Cloud Platform) hosts this address in Singapore (SG), a region frequently abused as a transit point for threat actors leveraging cloud infrastructure for its reputation flexibility and geographic distribution. The volume of total reports (1724) far exceeds the 20 most recent filings, suggesting the IP has been active well beyond the recent window and possibly under rotating or intermittent detection. The combination of high-frequency reports, elevated threat score, and confirmed automated detection positions this address firmly in the category of infrastructure actively used for hostile reconnaissance and exploitation attempts.
The dominant threat category logged against this IP is hacking, specifically including detected SSH sessions established on unusual non-standard ports. This pattern strongly suggests the operator is attempting to evade standard authentication enforcement by routing Secure Shell traffic through alternative ports to bypass naive firewall rules and signature-based detection. General hacking activity of this nature includes vulnerability probing, credential brute-forcing, and unauthorized access establishment against exposed services. The Suricata alert signature referencing an SSH session on an unusual port confirms active exploitation tooling is present in the attacker's toolkit, not merely port scanning.
Site operators should immediately block IP 35.240.174.82 at the network perimeter firewall and implement fail2ban or equivalent log-based automation to dynamically ban repeated SSH authentication failures. Enforce key-based authentication for all SSH access, disable root login, and ensure any SSH service runs only on the standard port or behind a strict allowlist. Regular patching of SSH daemons and surrounding infrastructure is essential given the active exploitation environment. Deploy or verify intrusion detection signatures covering non-standard SSH port usage and monitor for the specific Suricata alert pattern to catch future similar threats targeting your services.
JP 
BE 
GB 
TW 
RO 
BG