# IP Intelligence Briefing: 35.203.211.187/32
Classification: Cloud Infrastructure / Low Risk
Date of Analysis: Current
Intel Confidence: High
---
## Executive Summary
IP address 35.203.211.187 is a Google Cloud (GOOGLE-CLOUD) infrastructure address located in London, England. The IP currently presents as a low-risk cloud endpoint with no active open ports or services. However, historical signals indicate the IP was observed as a compromised server proxy, and the /24 subnet exhibits moderate abuse density with 23 threat-sibling IPs out of 47 total neighbors.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **Organization** | Google LLC |
| **ASN** | AS396982 |
| **CIDR Block** | 35.192.0.0/12 |
| **Geolocation** | London, England, GB |
| **Infrastructure Type** | CloudCompute |
| **Provider** | Google Cloud |
| **Risk Score** | 25 |
| **Abuse Confidence** | Null |
---
## Threat Indicators
Current Status: No active threat indicators detected. The IP is not flagged as a Tor exit, known attacker, or spam source. No blacklist entries in current threat feeds.
DNS Characteristics:
- PTR Record: `187.211.203.35.bc.googleusercontent.com`
- Forward Resolution: Confirmed to `googleusercontent.com`
- Forward Hostnames: 1
- Email Auth: SPF and DMARC configured
Service Status: No open ports detected. IP classified as "Firewalled / No Services" with no TLS certificates or HTTP services active.
---
## Neighborhood Analysis
The /24 subnet (35.203.211.0/24) shows mixed-risk characteristics:
| Metric | Value |
|---|---|
| **Subnet Abuse Density** | 0.4894 (48.94%) |
| **Classification** | Mixed |
| **Total Siblings** | 47 |
| **Active Siblings** | 32 |
| **Threat Siblings** | 23 |
| **Inherited Risk** | 19 |
Neighbor Risk Distribution: 29 low-risk, 17 medium-risk, 0 high-risk IPs observed in the neighborhood.
---
## Historical Signal Analysis
Observation history reveals temporal risk variations:
Recent Signal (2026-06-21):
- ASN: AS396982
- City: London, England
- Risk Score: 66 (elevated)
- Signal Type: Compromised Server Proxy
- Confidence: 0.85
This historical signal indicates the IP was previously observed proxying with elevated risk, though current profile shows low-risk characteristics.
Earlier Observations:
- Geolocation validation confirmed (plausible, 471.1 km from reference point)
- No persistent malicious activity detected
- Average ownership duration: N/A
---
## Control Plane Data
- Route Stability: False
- DNSBL Listed: 1 of 8 total lists
- Operator Score: 0.3478 (Basic)
- RPKI State: Not validated
- Minimum Possible RTT: 9.4 ms
- Average RTT: 92.2 ms
---
## Recommended Actions
Firewall Policy:
- No specific blocking recommended given current low-risk profile
- Monitor for proxy activity or compromised server signals
SOC Monitoring:
- Alert on any reverse DNS changes to non-`googleusercontent.com` domains
- Monitor subnet 35.203.211.0/24 for abuse density changes
- Watch for emergence of open ports or service banners
Investigation Priority: Medium
- Historical proxy signal warrants monitoring
- Subnet abuse density (48.94%) suggests elevated neighborhood risk
---
Intelligence Source: IPDebrief
Status: Active Monitoring Recommended
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | GOOGLE-CLOUD |
| CIDR Block | 35.192.0.0/12 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 187.211.203.35.bc.googleusercontent.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 187.211.203.35.bc.googleusercontent.com |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 20% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-26 12:51:55 UTC |
| Last Seen | 2026-06-29 03:07:30 UTC |
| Profile Built | 2026-06-29 03:12:45 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 25 |
Full dossier details are available via our API.