35.203.211.126
# IP Intelligence Briefing: 35.203.211.126/32
## Executive Summary
Intellectual analysis of IP address 35.203.211.126 identified this as a Google Cloud infrastructure endpoint with moderate risk profile (risk score 40). The IP resolved to googleusercontent.com domain and demonstrated consistent geolocation to London, GB across multiple observation periods. No active threat indicators were detected in the current threat feed scan.
## Technical Profile
The IP address belongs to Google LLC (ASN 396982) within the Google Cloud network infrastructure. Reverse DNS resolution returned 126.211.203.35.bc.googleusercontent.com, confirming legitimate cloud service hosting. No open ports were detected during service scanning, and no TLS certificates or HTTP banners were observed, classifying the endpoint as "Firewalled / No Services" infrastructure.
## Risk Assessment
Current risk assessment scored 40 (Moderate Risk) with the following breakdown:
- Ownership Score: 0 (Google Cloud infrastructure)
- Abuse Confidence Score: Null
- Blacklist Status: No blacklist listings detected
- Network Classification: CloudCompute (Google Cloud)
The IP demonstrated stable ownership characteristics with zero ownership changes recorded in the observation history.
## Observational History
Analysis of 24 historical observations revealed consistent patterns:
- Geolocation: Persistent London, GB signals across all observation periods (confidence 0.56)
- Subnet Classification: Mixed to high abuse classification observed, with abuse density ranging from 0.4681 to 0.5455
- Inherited Risk: 18-21 range across observation periods
- Network Stability: Moderate stability with no persistent malicious activity flags
Temporal analysis showed threat observation count of 1 with threat persistence days at 0, indicating transient rather than persistent malicious behavior.
## Neighborhood Analysis
The /24 subnet (35.203.211.0/24) contains 46 sibling IP addresses with the following distribution:
- Risk Distribution: 24 medium risk, 22 low risk, 0 high risk
- Abuse Density: 0.5455 (high abuse classification)
- Threat Siblings: 24 threat-identified IPs within the subnet
- Active Siblings: 27 currently active endpoints
Neighborhood analysis indicates this IP shares network infrastructure with multiple other cloud endpoints, which is typical for Google Cloud deployments.
## Relationship Graph
Thirty relationships were identified:
- DNS Associations: Multiple entries pointing to 126.211.203.35.bc.googleusercontent.com
- Network Association: GOOGLE-CLOUD network classification
- Related Entities: Standard Google Cloud infrastructure relationships
## Security Recommendations
Based on the risk profile, the following defensive measures are recommended:
Firewall Rules
- iptables: `iptables -A INPUT -s 35.203.211.126 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 35.203.211.126 drop`
- nginx: `deny 35.203.211.126;`
- pfSense: 35.203.211.126/32
- Cloudflare WAF: Block with expression `ip.src eq 35.203.211.126`
- AWS WAF: Add to protected addresses list
Analyst Notes
The moderate risk score and cloud infrastructure classification warrant monitoring but do not indicate confirmed malicious activity. The IP represents legitimate Google Cloud infrastructure. Blocking should be applied selectively based on specific threat intelligence correlation, as the neighborhood shows mixed risk characteristics typical of large-scale cloud deployments.
Classification: Cloud Infrastructure - Monitor
Status: No immediate threat indicators detected
Recommendation: Review against threat intelligence context before implementing blocking rules
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 126.211.203.35.bc.googleusercontent.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 126.211.203.35.bc.googleusercontent.com |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 11:46:37 UTC |
| Last Seen | 2026-06-28 11:51:01 UTC |
| Profile Built | 2026-06-29 05:55:14 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 26 |
Full dossier details are available via our API.