Critical Threat
IP 162.216.149.205, registered to Google Cloud Platform under ASN 396982 in the United States, is a critical-risk address with a 10/10 threat level and 547 independent abuse reports from automated honeypot sensors accumulated over approximately seven months between October 2025 and May 2026. The dominant threat category driving this reputation score is general hacking activity, including unauthorized access attempts and intrusion behavior, with the IP demonstrating persistent engagement against exposed network services at a moderate-to-high frequency. The combination of cloud-hosted infrastructure, bulk reporting volume, and confirmed malicious activity patterns warrants immediate defensive action from any exposed asset.
Analysis of the aggregated honeypot telemetry reveals that all 547 reports originated exclusively from automated honeypot sensors, yielding a 71% confidence score in the malicious classification. The sustained reporting window spanning from autumn 2025 through mid-2026 indicates that this is not an opportunistic scanning event but rather sustained, deliberate hostile activity. Network attribution to Google Cloud Platform is significant because cloud infrastructure is frequently abused as a launch point for credential attacks and vulnerability exploitation, enabling threat actors to rotate through ephemeral compute resources while maintaining anonymity. The geographic location in the United States does not imply benign intent; cloud-hosted scanning operations routinely originate from North American data centers to exploit permissive egress policies and reputation gaps.
The reported hacking activity, as evidenced by the detected attack patterns including SSH session activity on non-standard ports, suggests this address is actively probing for improperly configured or weakly secured server infrastructure. SSH services operating on unusual ports represent a common security misconfiguration where administrators believe port obfuscation provides adequate protection against automated attacks. This IP is conducting exactly the kind of reconnaissance and authentication brute-forcing that can compromise poorly secured Linux and network devices within minutes of exposure. The real-world risk is unauthorized system access, lateral movement within networks, and potential deployment of persistent backdoors or cryptomining payloads on successfully breached hosts.
JP 
BE 
GB 
TW 
RO 
LV 
KR 
TH 
PL