Maximum Danger
IP 35.241.212.143 is a critical-risk address linked to automated hacking activity originating from Google Cloud Platform infrastructure in Belgium, carrying the maximum threat rating of 10/10 with a 96 percent confidence score across more than two hundred abuse reports filed between September 2025 and February 2026. The dominant threat category recorded against this address is general hacking activity, supplemented by evidence of exploited-host behaviour, aggressive web bot activity, unauthorized WordPress cron execution, and distributed denial-of-service indicators, making it a versatile and dangerous threat actor in any exposed environment.
The detection data shows 210 total reports submitted through 20 distinct sources, including 17 automated honeypot sensors and 3 community reports, indicating that this address persistently probes networks at scale rather than operating sporadically. Automated analysis of server logs attributed to this IP reveals systematic scanner behaviour against NGINX infrastructure, with specific attempts to trigger unauthorized cron execution on WordPress targets alongside general malware and exploit activity. The eight-out-of-ten activity frequency score confirms that this is not an isolated incident but a sustained campaign that has persisted across multiple months within the reported window.
Hacking activity from this address represents a concrete risk because it encompasses the initial reconnaissance and exploitation phases of an attack chain, including vulnerability probing, unauthorized access attempts, and potentially the deployment of payloads on vulnerable systems. The presence of exploited-host indicators alongside the primary hacking activity suggests that this address may itself be running weaponized tooling, turning it into a propagation platform for further compromise campaigns. The WordPress cron abuse pattern demonstrates targeted interest in common content management systems, while the general scanner signatures indicate broad-based opportunistic scanning against any reachable web service.
Operators with exposed services should block this address immediately at the firewall and network perimeter to eliminate contact with known hostile infrastructure. Implementing fail2ban or equivalent dynamic blocking tools on SSH and HTTP services will automate the response to repeated connection attempts. Web application firewalls should be configured to detect and throttle aggressive bot signatures matching the observed scanning patterns, and administrators should ensure all public-facing systems, particularly WordPress installations, are fully patched and monitored for unauthorized cron execution. If this IP represents a legitimate cloud resource, the hosting provider should be notified through standard abuse channels, as the activity strongly suggests the instance has been compromised and is being used as an unwitting attack platform.
JP 
GB 
TW