# IP Intelligence Briefing: 35.203.211.139/32
## Executive Summary
IP 35.203.211.139 is a Google Cloud infrastructure address with a moderate risk score of 40. The IP is located in London, England, operating within the GOOGLE-CLOUD network (AS396982, 35.192.0.0/12). While the IP itself shows no direct threat indicators, the surrounding /24 subnet exhibits elevated abuse characteristics that warrant monitoring.
## Infrastructure Profile
- Organization: Google LLC
- ASN: 396982 (GOOGLE-CLOUD)
- Geolocation: London, ENG, GB
- Service Classification: CloudCompute, Firewalled/No Services
- DNS: Resolves to 139.211.203.35.bc.googleusercontent.com
- Email Authentication: SPF and DMARC configured
- Network Role: Cloud hosting infrastructure with no publicly accessible services
## Risk Assessment
| Metric | Value |
|---|---|
| Risk Score | 40 (Moderate) |
| Abuse Confidence | Not assessed |
| Blacklist Status | Listed on 1 of 8 DNSBLs |
| Is Known Attacker | No |
| Is Spam Source | No |
| Is Tor Exit | No |
## Neighborhood Analysis (35.203.211.0/24)
The /24 subnet contains 46 sibling IPs with concerning characteristics:
- Abuse Density: 0.5682 (classified as high_abuse)
- Threat Siblings: 25 out of 44 active siblings
- Inherited Risk Score: 22
- Risk Distribution: 0 high-risk, 16 medium-risk, 30 low-risk neighbors
Multiple neighboring IPs (including 35.203.211.4, 35.203.211.13, 35.203.211.34, 35.203.211.41, 35.203.211.67, 35.203.211.82, 35.203.211.108, 35.203.211.109, 35.203.211.135, 35.203.211.151, 35.203.211.165, 35.203.211.177, 35.203.211.199, 35.203.211.209, 35.203.211.215, 35.203.211.236, 35.203.211.245, 35.203.211.253) share the same riskScore of 40.
## Observation History
24 observations recorded. Recent signals include:
- Subnet abuse classification (high_abuse) with 25 threat siblings
- AlienVault OTX geolocation data indicating threats present (50 pulses)
- Operator scoring at 0.3478 (Basic classification)
- One signal flagged with "has_threats": true
## Relationships
All 18 identified relationships are internal:
- Multiple "Same Network" entries to GOOGLE-CLOUD
- DNS associations to 139.211.203.35.bc.googleusercontent.com
- No external organization or certificate relationships detected
## Recommended Actions
No specific action recommendations generated. However, based on the risk profile and neighborhood context, the following firewall rules may be considered:
```
iptables -A INPUT -s 35.203.211.139 -j DROP
nft add rule inet filter input ip saddr 35.203.211.139 drop
```
## Intelligence Assessment
This IP represents legitimate Google Cloud infrastructure but operates within a subnet showing elevated abuse characteristics. The moderate risk score (40) combined with the high abuse density of the /24 subnet suggests this IP could be co-located with or adjacent to malicious activity. While the IP itself is not directly flagged as malicious, the neighborhood context warrants continued monitoring.
Recommendation: Monitor for anomalous activity patterns. Consider blocking if traffic exhibits suspicious behavior, given the subnet's elevated abuse profile.
---
*Report generated: 2026-06-16 | Source: IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | GOOGLE-CLOUD |
| CIDR Block | 35.192.0.0/12 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 139.211.203.35.bc.googleusercontent.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 139.211.203.35.bc.googleusercontent.com |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 27% | 2 | 2 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-30 06:22:48 UTC |
| Last Seen | 2026-06-21 05:10:17 UTC |
| Profile Built | 2026-06-21 05:20:11 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 26 |
Full dossier details are available via our API.