Maximum Danger
IP 147.185.133.104 is a maximum-threat-level address linked to sustained hacking activity, having accumulated 746 abuse reports from automated honeypot sensors since August 2025. Operating through Google Cloud Platform infrastructure (AS396982) in the United States, this IP presents a severe risk to any exposed service and warrants immediate blocking at the network perimeter.
The volume and persistence of reports spanning August 2025 through May 2026 establish a clear pattern of malicious behavior. With 20 recent reports specifying hacking as the threat category and detection by automated honeypot sensors across the community, the confidence score of 72 percent reflects the consistency of observed attack patterns. The network operator, Google Cloud Platform, is frequently exploited by threat actors precisely because cloud infrastructure provides legitimate-appearing origins for malicious traffic. The activity frequency rating of 4 out of 10 indicates repeated, deliberate attempts rather than opportunistic scanning.
Hacking activity in this context encompasses unauthorized access attempts, vulnerability exploitation, and intrusion patterns targeting exposed services. Detection logs reference attack connections and Suricata alerts indicating SSH sessions established on unusual ports, a technique commonly employed to evade detection by routing through non-standard channels. For services permitting SSH access or running exposed network interfaces, this IP represents a direct pathway for credential compromise, lateral movement, and potential data exfiltration if left unmitigated.
Site operators should block this IP address at the firewall or edge-device level immediately. Implementing rate-limiting on authentication endpoints and enforcing strong, unique credentials with multi-factor authentication significantly reduces successful compromise risk. Deploying intrusion detection rules that flag SSH traffic on non-standard ports adds an additional detection layer. Regular monitoring of authentication logs for patterns consistent with this actor's behavior, combined with automated tools such as fail2ban, provides ongoing protection against similar threats.
JP 
BE 
GB 
TW 
UA