35.203.210.212
# IP Intelligence Briefing: 35.203.210.212/32
## Executive Summary
IP address 35.203.210.212 is a Google Cloud infrastructure endpoint located in London, GB. The IP carries a moderate risk score of 40 with a high-abuse density classification (0.641) in its /24 subnet. Despite being part of Google Cloud's infrastructure, the subnet exhibits elevated abuse activity with 25 of 39 sibling IPs flagged as threats. No direct threat indicators or blacklist listings were identified for this specific IP.
## Infrastructure Profile
- Organization: Google LLC (GOOGLE-CLOUD)
- ASN: 396982
- CIDR Block: 35.192.0.0/12
- Geolocation: London, England, GB (51.51°N, -0.13°W)
- DNS Resolution: 212.210.203.35.bc.googleusercontent.com
- Service Status: Firewalled / No Services Open
- Network Role: Cloud Infrastructure (Google Cloud)
## Risk Assessment
| Metric | Value | Classification |
|---|---|---|
| Risk Score | 40 | Moderate |
| Abuse Confidence | 0.641 | High Abuse |
| Authority Score | 90 | Legitimate |
| Blacklist Count | 0 | Clean |
| DNSBL Listed | 1/8 | Minor Flag |
Key Observations:
- No known attacker patterns, Tor exit nodes, or spam source indicators
- No active threat campaigns or certificate-based threat matches
- DNSSEC valid with CAA records present
- Route stability flag indicates potential routing changes in last 30 days
## Neighborhood Analysis (35.203.210.0/24)
The /24 subnet contains 39 total IPs with 25 active siblings and 25 threat siblings:
- Abuse Density: 0.641 (high_abuse classification)
- Risk Distribution: 0 High-risk, 12 Medium-risk, 30 Low-risk neighbors
- Inherited Risk: 25 (moderate from subnet context)
- Notable Pattern: Most neighbors show authority scores of 90, indicating legitimate Google Cloud usage, but 25 IPs share threat indicators
The elevated neighborhood abuse density suggests this subnet may be hosting compromised instances or experiencing abuse from other tenants.
## Relationship Graph
- DNS Associations: Multiple references to 212.210.203.35.bc.googleusercontent.com
- Network Affiliations: GOOGLE-CLOUD (repeated associations)
- Control Plane: Origin ASN 396982 with BGP prefix 35.203.210.0/24
## Observation History
Analysis of 19 signal observations reveals consistent patterns:
- Recent observations (June 16, 2026) show stable high_abuse classification
- Geographic consistency maintained across observations (London, GB)
- No evidence of persistent malicious behavior or ownership changes
- Operator score remains at 0.3478 (Basic level)
## Recommended Actions
Immediate Mitigation Measures:
1. Network Filtering:
```bash
iptables -A INPUT -s 35.203.210.212 -j DROP
nft add rule inet filter input ip saddr 35.203.210.212 drop
```
2. Application-Level Blocking:
```nginx
deny 35.203.210.212;
```
3. Cloud Provider Integration:
- Cloudflare WAF: Block IP with expression `ip.src eq 35.203.210.212`
- AWS WAF: Add address `35.203.210.212/32` to rule group
4. Security Context:
- Action is probabilistic and should be combined with additional threat signals
- Monitor for similar IPs from the 35.203.210.0/24 subnet
- Evaluate if traffic patterns align with legitimate Google Cloud service usage
## Intelligence Context
This IP represents legitimate Google Cloud infrastructure but operates within a high-abuse subnet. The moderate risk score (40) and high abuse density warrant monitoring but do not indicate confirmed malicious activity. Defense-in-depth measures should include subnet-level filtering for the 35.203.210.0/24 range if business context permits, particularly given 25 sibling IPs with threat indicators.
Classification: Moderate Risk - Monitor with Filtering
Threat Level: 4/10
Recommended Action: Block with logging for forensic analysis
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | GOOGLE-CLOUD |
| CIDR Block | 35.192.0.0/12 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 212.210.203.35.bc.googleusercontent.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 212.210.203.35.bc.googleusercontent.com |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-06 01:24:15 UTC |
| Last Seen | 2026-06-29 14:58:54 UTC |
| Profile Built | 2026-06-29 15:05:00 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 24 |
Full dossier details are available via our API.