# IP Intelligence Briefing: 35.204.188.255/32
## Executive Summary
Target IP 35.204.188.255 is a Google Cloud infrastructure endpoint located in Eemshaven, Netherlands. The IP demonstrates low-risk characteristics with a risk score of 25/100. No active threat indicators were observed across all intelligence sources. The IP serves as a cloud compute resource running Kubernetes services.
## Ownership & Infrastructure
- Organization: Google LLC (ASN: 396982)
- Network: 35.192.0.0/12 (GOOGLE-CLOUD)
- Infrastructure Type: CloudCompute, Cloud Provider
- Geolocation: Eemshaven, Netherlands (NL)
- Registration: ARIN registry
## Network Classification
- Primary Role: Web Server / Hosting
- Is Cloud Infrastructure: Yes
- Connection Type: Standard internet access
- Port 443 (HTTPS): Open and operational
- DNS Resolution: 255.188.204.35.bc.googleusercontent.com
## Threat Intelligence Assessment
- Risk Score: 25 (Low Risk)
- Abuse Confidence: Not elevated
- Blacklist Status: 1 DNSBL listing out of 8 total lists scanned
- Known Campaigns: None identified
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
## TLS/SSL Analysis
- Certificate Type: Self-signed certificate
- Certificate Subject: CN=35.204.188.255
- SANS (Subject Alternative Names):
- kubernetes
- kubernetes.default
- kubernetes.default.svc
- kubernetes.default.svc.cluster.local
- Certificate Status: Valid infrastructure certificate for Kubernetes cluster
## Observation History (27 total signals)
Recent observations indicate the IP resolves to various Kubernetes service endpoints:
- cluster.local
- default.svc
- kubernetes.default
- googleusercontent.com (with SPF/DMARC configured)
A subnet-level observation from 2026-06-21 classified the 35.204.188.0/24 subnet as "mostly_clean" with an abuse density score of 1.
## Network Neighborhood Analysis
- Subnet: 35.204.188.0/24
- Abuse Density: 1 (low)
- Subnet Classification: mostly_clean
- Threat Siblings: 1 identified within subnet
- Active Siblings: 1
- Risk Distribution: No high or medium risk neighbors detected
## Relationship Graph
38 relationships identified, primarily:
- Same Network associations (GOOGLE-CLOUD)
- DNS associations to bc.googleusercontent.com hostnames
## Security Recommendations
Based on the low-risk profile and legitimate cloud infrastructure classification:
- No blocking recommended โ IP is authorized Google Cloud infrastructure
- Monitor for anomalies in traffic patterns rather than IP reputation
- DNSBL listing: Investigate the single DNSBL listing to determine source and relevance
- Traffic analysis: Focus on payload inspection rather than IP-based filtering
## SOC Analyst Notes
This IP represents standard Google Cloud Kubernetes infrastructure. The certificate subject alternative names confirm deployment in a Kubernetes service mesh environment. The low-risk score and cloud provider classification indicate this is legitimate infrastructure rather than malicious hosting. No immediate threat action required.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | GOOGLE-CLOUD |
| CIDR Block | 35.192.0.0/12 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 255.188.204.35.bc.googleusercontent.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 255.188.204.35.bc.googleusercontent.com |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | 1/4 domains |
| DMARC | 1/4 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
| Domains Checked | 4 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | kuberneteskubernetes.defaultkubernetes.default.svckubernetes.default.svc.cluster.local |
| Valid From | 2026-06-10T15:18:32+00:00 |
| Valid Until | 2031-06-09T15:20:32+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_128_GCM_SHA256 |
| Signature Algorithm | sha256RSA |
| Validity Period | 1825 days |
| Serial Number | 00CCE8EE307D166A2DECA074C69CD851F0 |
| Thumbprint | C1483DE8FD06F8B61F0209EFA0654F804F081F83 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 27% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-28 18:34:55 UTC |
| Last Seen | 2026-06-29 05:51:15 UTC |
| Profile Built | 2026-06-29 05:52:58 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 29 |
Full dossier details are available via our API.