35.243.242.201
# IP INTELLIGENCE BRIEFING
Target: 35.243.242.201/32
Classification: Google Cloud Infrastructure
Report Date: 2026-06-16
---
## EXECUTIVE SUMMARY
IP address 35.243.242.201 belongs to Google LLC's cloud infrastructure (ASN 396982) and presents a low-risk profile (Score: 25/100). The address resolves to a firewalled Google Cloud Compute endpoint with no publicly accessible services. No active threat indicators, blacklist entries, or malicious campaigns were detected. Geolocation data indicates a reporting anomaly requiring validation.
---
## OWNERSHIP & NETWORK ATTRIBUTES
| Attribute | Value |
|---|---|
| Organization | Google LLC |
| Netname | GOOGLE-CLOUD |
| ASN | 396982 |
| CIDR Block | 35.208.0.0/12 |
| RIR | ARIN |
| Infrastructure Type | Cloud Compute / Hosting |
Network Role: Cloud provider infrastructure with firewalled/no-service exposure. No residential, proxy, Tor, or VPN characteristics detected.
---
## GEOLOCATION VALIDATION
Reported Location: Moncks Corner, SC, US (33.21°N, -80.17°W)
Validation Status: ANOMALY DETECTED
| Metric | Observed | Threshold | Status |
|---|---|---|---|
| Distance (km) | 6,958 | N/A | Flagged |
| RTT (ms) | 36 | Min 139.2 | **VIOLATION** |
| Geo Plausibility | False | N/A | Invalid |
| Probe Count | 5 | N/A | Sufficient |
The observed RTT of 36ms is significantly below the minimum physically possible RTT of 139.2ms for the claimed distance to 6,958km. This indicates geolocation data may be inaccurate or spoofed.
---
## THREAT INDICATORS
| Indicator | Status | Details |
|---|---|---|
| Abuse Confidence Score | Not Available | N/A |
| Blacklist Count | 0 | No blacklist entries |
| Is Tor Exit Node | No | Not a Tor exit |
| Is Known Attacker | No | Not flagged |
| Is Spam Source | No | Not a spam source |
| Pulsedive Risk | N/A | Not scored |
| Known Campaigns | None | No campaign matches |
| Threat Persistence Days | 0 | No persistent threat activity |
Risk Assessment: No active threat indicators present. Threat observation count: 1 (isolated). Not classified as persistently malicious.
---
## SERVICES & EXPOSURE
| Category | Status | Details |
|---|---|---|
| Open Ports | None | No services detected |
| TLS Certificate | None | No TLS exposure |
| HTTP Banner | None | No web service |
| Server Fingerprint | None | No identifiable server |
| DNS Resolution | Confirmed | 201.242.243.35.bc.googleusercontent.com |
| Email Auth (SPF/DMARC) | N/A | No email service detected |
Assessment: IP is firewalled with no publicly accessible services. Typical of Google Cloud Compute instances with restricted access.
---
## NEIGHBORHOOD ANALYSIS
Subnet: 35.243.242.201/24
| Metric | Value |
|---|---|
| Abuse Density | 0 (Low) |
| Classification | Mostly Clean |
| Total Siblings | 1 |
| Active Siblings | 1 |
| Threat Siblings | 1 |
| High-Risk Neighbors | 0 |
| Medium-Risk Neighbors | 0 |
Context: Minimal neighborhood activity. One threat sibling detected in the /24 subnet, though overall abuse density remains low.
---
## RELATIONSHIP GRAPH
Total Relationships: 34
Key associations:
- Network: Multiple "Same Network" relationships to GOOGLE-CLOUD
- DNS: Associated with hostname 201.242.243.35.bc.googleusercontent.com
- Infrastructure: Primarily cloud provider network relationships
No certificate-based or organization-level threat links detected.
---
## OBSERVATION HISTORY
Total Observations: 26 signals
Recent Activity (2026-06-16):
- 07:25:18 UTC: Subnet classification "mostly_clean" (Abuse density: 1)
- 07:22:44 UTC: No ownership changes, no persistent malicious activity
- 07:22:10 UTC: Not listed on threat feeds, not a spam source
- 07:20:50 UTC: Geolocation validation violation (RTT discrepancy)
- 07:19:47 UTC: Operator score 0.3478 (Basic operator classification)
Temporal Analysis: No ownership changes. Threat persistence days: 0. Not classified as a persistently malicious endpoint.
---
## CONTROL PLANE & ROUTING
| Attribute | Status |
|---|---|
| Origin ASN | 396982 |
| BGP Prefix | 35.243.240.0/20 |
| Route Stability | Not Stable |
| Route Changes (30d) | 0 |
| MoAS | No |
| DNSSEC Valid | Yes |
| DNSBL Listed | 1 of 8 lists |
Note: Route stability flag indicates potential transient BGP configuration changes.
---
## RECOMMENDED ACTIONS
Risk Score: 25/100 (Low Risk)
Recommended Actions: None at this time
Justification:
- IP belongs to reputable cloud provider (Google LLC)
- No active threat indicators or blacklist entries
- No open ports or services exposed
- Low neighborhood abuse density
- Not classified as malicious or persistent threat
Suggested Monitoring:
1. Validate geolocation claims due to RTT violation
2. Monitor for service exposure changes (new open ports)
3. Watch for any blacklist additions
4. Consider traffic pattern analysis if this IP is in inbound/outbound flows
---
## CONCLUSION
IP 35.243.242.201 is a low-risk Google Cloud infrastructure address with no detectable malicious activity. The geolocation data contains a technical anomaly requiring validation. No immediate action is required for defensive security operations. Continue monitoring for changes in service exposure or threat indicators.
Final Classification: LOW RISK β Google Cloud Infrastructure
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | GOOGLE-CLOUD |
| CIDR Block | 35.208.0.0/12 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 201.242.243.35.bc.googleusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 201.242.243.35.bc.googleusercontent.com |
π DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 30% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 25% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-01 05:38:57 UTC |
| Last Seen | 2026-06-21 07:17:28 UTC |
| Profile Built | 2026-06-21 07:22:15 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 27 |
Full dossier details are available via our API.