Extreme Threat
IP 147.185.133.145 is a critical-risk address operating from Google Cloud Platform infrastructure in the United States, with a threat level of 10 out of 10 based on 473 reported incidents of hacking activity detected by automated honeypot sensors between August 2025 and May 2026. Despite a relatively low activity frequency score of 3 out of 10, the sheer volume of abuse reports and maximum threat classification make this IP a significant concern for any organization running exposed services.
The IP is registered to AS396982 (GOOGLE-CLOUD-PLATFORM), a major cloud provider frequently leveraged by threat actors for its reputation diversity and flexible infrastructure. All 20 most recent reports consistently cite hacking as the threat category, indicating sustained and focused malicious intent rather than opportunistic scanning. The detection confidence of 74% reflects solid empirical evidence from community reports and automated honeypot infrastructure, placing this address firmly in the high-confidence malicious category. The nine-month reporting window from first to last incident demonstrates persistent threatening behavior rather than transient probing.
Hacking activity encompasses a broad range of intrusion attempts, including exploitation of application vulnerabilities, credential stuffing, and unauthorized access vectors. This IP's repeated classification as a hacking threat suggests sustained attempts to compromise target systems through varied methods. The real-world risk includes potential data breaches, service disruption, malware deployment, and lateral movement within compromised networks. Organizations with SSH, RDP, web applications, or API endpoints exposed to this address face concrete threats of unauthorized access and system compromise.
Site operators should immediately block IP 147.185.133.145 at the firewall level and implement fail2ban or similar dynamic blocking tools to automatically respond to repeated connection attempts. Enforcing strong, unique credentials alongside multi-factor authentication on all exposed services significantly reduces successful intrusion risk. Regular security patching and intrusion detection monitoring will help identify any attempted exploitation. Finally, reviewing authentication logs for any matching connection patterns from this address can reveal whether systems were previously targeted.
JP 
BE 
GB 
TW 
UA 
CA