162.216.150.58
# IP Intelligence Briefing: 162.216.150.58/32
Classification: Moderate Risk | Timestamp: 2026-06-16
## Executive Summary
IP address 162.216.150.58 is a Google Cloud infrastructure endpoint with a moderate risk score of 40. While classified as legitimate cloud compute infrastructure, the IP exhibits geolocation spoofing indicators and is listed on one DNSBL feed. The associated /24 subnet shows elevated abuse density (0.5455) with 18 threat-sibling addresses detected. Recommended action: Monitor and consider blocking depending on organizational threat tolerance.
## Ownership and Infrastructure
| Attribute | Value |
|---|---|
| Organization | Google LLC |
| ASN | 396982 (GOOGLE-CLOUD-PLATFORM) |
| Network | 162.216.148.0/22 |
| Infrastructure Type | CloudCompute |
| Classification | Cloud, Hosting |
| Service State | Firewalled / No Services |
## Geolocation Analysis
- Claimed Location: Moncks Corner, South Carolina, US (33.21°N, 80.17°W)
- Geolocation Validity: β INVALID
- Critical Finding: RTT measurement violation detected. The IP reports a 6,958km distance from the probe location with a measured RTT of 47ms. The minimum physically possible RTT for this distance is 139.2ms, indicating potential geolocation spoofing or inaccurate reporting.
## Threat Indicators
| Indicator | Status |
|---|---|
| Known Attacker | No |
| Spam Source | No |
| Tor Exit Node | No |
| Known Campaigns | None |
| Blacklist Status | 1 of 8 DNSBL lists |
| Pulsedive Risk | Not reported |
## Subnet Context (162.216.150.0/24)
- Abuse Density: 0.5455 (High Abuse Classification)
- Total Siblings: 33
- Active Siblings: 15
- Threat Siblings: 18
- Risk Distribution: 21 Medium Risk, 26 Low Risk, 0 High Risk
Neighboring IPs in the subnet show risk scores ranging from 25-40, indicating a mixed but elevated risk environment typical of cloud hosting infrastructure.
## DNS and Network Fingerprint
- PTR Hostname: 58.150.216.162.bc.googleusercontent.com
- Forward Resolution: 58.150.216.162.bc.googleusercontent.com (confirmed)
- HTTP Services: None detected
- TLS Certificate: Not reported
- Banners: No service banners detected
## Temporal Analysis
- Risk Persistence Days: 0
- Threat Observation Count: 1
- Persistently Malicious: No
- Ownership Changes: 0 (stable ownership)
## Recommended Security Actions
Immediate Recommendations (Firewall Rules)
```bash
# iptables
iptables -A INPUT -s 162.216.150.58 -j DROP
# nftables
nft add rule inet filter input ip saddr 162.216.150.58 drop
# nginx
deny 162.216.150.58;
# pfSense
162.216.150.58/32
# Cloudflare WAF
ip.src eq 162.216.150.58 β BLOCK
# AWS WAF
Addresses: 162.216.150.58/32 β Block
```
SOC Analyst Considerations
1. Monitor for Pattern Escalation: While currently showing moderate risk, the high-abuse subnet context suggests potential for lateral threat activity.
2. Validate Geolocation Anomaly: The RTT violation warrants investigation into whether this indicates compromised infrastructure or misconfiguration.
3. DNSBL Verification: Confirm which specific blacklist contains this IP to assess threat actor targeting.
4. Subnet Correlation: Monitor other IPs within 162.216.150.0/24 for coordinated activity patterns.
## Risk Assessment
- Overall Risk Score: 40/100 (Moderate)
- Provider Risk: Low (Google Cloud infrastructure)
- Authority Risk: Low
- Primary Concerns: Geolocation spoofing, DNSBL listing, elevated subnet abuse density
Final Determination: This IP represents legitimate Google Cloud infrastructure but operates within an elevated-risk subnet and exhibits anomalous geolocation reporting. Recommend blocking at perimeter boundaries while maintaining monitoring for any behavioral changes.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | GOOGLE-CLOUD |
| CIDR Block | 162.216.148.0/22 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 58.150.216.162.bc.googleusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 58.150.216.162.bc.googleusercontent.com |
π DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 5 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 4 |
| geolocation | 33% | 2 | 4 |
| Overall | 25% | 10 | 19 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-26 00:49:48 UTC |
| Last Seen | 2026-06-29 02:21:35 UTC |
| Profile Built | 2026-06-29 02:23:48 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 23 |
Full dossier details are available via our API.