35.203.211.17
# IP Intelligence Briefing: 35.203.211.17/32
Classification: LOW RISK โ LEGITIMATE CLOUD INFRASTRUCTURE
Report Date: 2026-06-27
Analyst: IPDebrief Intelligence System
---
## EXECUTIVE SUMMARY
IP address 35.203.211.17 is identified as a low-risk Google Cloud infrastructure endpoint with minimal threat indicators. The IP operates within a mixed-abuse-density subnet (44.68%) but shows no active malicious behavior. No immediate defensive action required.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **IP Address** | 35.203.211.17/32 |
| **Organization** | Google LLC (ASN 396982) |
| **Location** | London, England, GB |
| **Infrastructure Type** | Cloud Compute (Google Cloud) |
| **Risk Score** | 25 (Low) |
| **Provider Score** | 0 |
| **Authority Score** | 0 |
---
## OBSERVATION HISTORY (23 TOTAL OBSERVATIONS)
Recent signal observations indicate consistent infrastructure characteristics:
- 2026-06-27: Certificate scan signals (crt-sh)
- 2026-06-26: Geographic location confirmed as London, GB with 80% confidence; 11,375 km RTT distance noted
- 2026-06-26: Network classification confirmed as Google Cloud infrastructure; CIDR: 35.203.210.0/23
- 2026-06-26: Subnet abuse density measured at 0.4468 (mixed classification)
Temporal Analysis: No ownership changes recorded. Threat persistence days: 0. Not persistently malicious.
---
## NETWORK RELATIONSHIPS
51 relationships identified:
- Multiple associations with GOOGLE-CLOUD network block
- DNS resolution to: `17.211.203.35.bc.googleusercontent.com`
- Reverse DNS forward-confirmed: True
- Hosted domain: googleusercontent.com
DNS Evidence:
- PTR Hostname: `17.211.203.35.bc.googleusercontent.com`
- Forward Resolution Count: 1
- Domain: googleusercontent.com
---
## NEIGHBORHOOD ANALYSIS (35.203.211.0/24)
Subnet Statistics:
- Total Siblings: 47
- Active Siblings: 35
- Threat Siblings: 21 (44.7% abuse density)
- Classification: Mixed
Risk Distribution in /24:
- High Risk: 0
- Medium Risk: 22
- Low Risk: 24
Notable High-Risk Neighbors:
- 35.203.211.4 (Risk: 40, Authority: 90)
- 35.203.211.14 (Risk: 40, Authority: 90)
- 35.203.211.34 (Risk: 40, Authority: 90)
- 35.203.211.184 (Risk: 50, Authority: 90) โ Highest risk in neighborhood
Risk Assessment: The IP's inherited risk score is 17, derived from neighborhood context. Despite elevated neighborhood abuse density, this specific IP shows no individual threat indicators.
---
## THREAT INTELLIGENCE
Threat Indicators:
- Blacklist Count: 0
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Known Campaigns: None
- Pulsedive Risk: Not applicable
- Abuse Confidence Score: Not assigned
Control Plane Data:
- Route Stability: False (route changes observed)
- DNSBL Listed: 1 of 8 total lists
- Operator Score: 0.3478 (Basic)
- RPKI State: Not verified
- Route Changes (30d): 0
Services:
- Open Ports: None
- TLS Certificate: Not detected
- HTTP Title: Not available
- Service Purpose: Firewalled / No Services
---
## GEOLOCATION VALIDATION
Validation Metrics:
- Distance: 471.1 km
- Minimum RTT: 91 ms
- Average RTT: 95.4 ms
- Probe Count: 5
- Geo Plausible: True
---
## RECOMMENDED ACTIONS
Security Recommendations: None required
Rationale:
- IP is legitimate Google Cloud infrastructure
- Low risk score (25) with no active threat indicators
- No open ports or services detected
- No known malicious associations
- No blacklist listings on major threat feeds
Firewall Rules: Not applicable
---
## CONCLUSION
IP 35.203.211.17 represents legitimate Google Cloud infrastructure with a low-risk profile. While the /24 neighborhood shows mixed abuse density (21 threat siblings), this specific endpoint demonstrates no malicious behavior. The IP's firewalled state, lack of open services, and consistent Google Cloud infrastructure characteristics support classification as benign cloud infrastructure.
SOC Action: Monitor for behavioral changes; no immediate blocking or alerting required.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 17.211.203.35.bc.googleusercontent.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 17.211.203.35.bc.googleusercontent.com |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 30% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 03:43:53 UTC |
| Last Seen | 2026-06-27 20:57:45 UTC |
| Profile Built | 2026-06-28 15:02:51 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 28 |
Full dossier details are available via our API.