Critical Threat
IP 35.203.210.113 is a maximum-threat-level address linked to 523 documented hacking intrusion attempts over approximately nine months, representing a persistent, high-confidence danger to any exposed service. Operating from Google Cloud Platform infrastructure (AS396982) with a geographic designation in Great Britain, this IP has been consistently flagged by automated honeypot sensors as an active source of unauthorized access attempts and exploitation activity.
The abuse database records 523 reports attributed to this single address, with all reported incidents consistently categorised under hacking activity over a detection window spanning August 2025 through May 2026. With an activity frequency rated at 5/10 and a 71% confidence score, the volume and consistency of reports indicate sustained, deliberate scanning and intrusion behaviour rather than opportunistic or accidental contact. The exclusive detection source is automated honeypot infrastructure, suggesting the address maintains an active, methodical scanning posture against internet-facing systems at scale.
Hacking activity in this context encompasses various intrusion methodologies including vulnerability probing, credential attack patterns, and exploitation attempts against exposed services. The concrete risk to a system encountering this IP includes potential unauthorised access, data exposure, or compromised account integrity if defensive controls are insufficient. The use of reputable cloud infrastructure to launch these attempts also complicates reputation-based blocking alone, as the traffic originates from legitimate, high-availability network space that may also carry legitimate users.
Site operators should block or heavily rate-limit traffic from this address at the firewall or network edge, particularly on services with weak or absent authentication mechanisms. Implementing strict access controls, enforcing strong authentication requirements, and maintaining current patching cycles across all internet-facing systems substantially reduces exposure to the intrusion patterns associated with this threat source. Deploying intrusion detection rules or defensive tools such as fail2ban can automatically recognise and respond to the probing patterns typical of this activity. Continuous monitoring of authentication logs for repeated failure attempts from this IP range will enable rapid identification of targeted services.
JP 
BE 
TW 
KR 
HK