View geolocation, threat activity, WHOIS, blacklist status, and supporting network context in one report.
8.8.8.8
Report created 2026-05-26 15:50:41 UTC
0
/ 100
Clean
No threat indicators found.
How is this score calculated?
Score is out of 100 and built from weighted signals: each malicious feed hit adds 15 pts, Tor exit adds 20 pts, URL feed listings add up to 60 pts (15 per feed), DNSBL listings add up to 25 pts (5 each), honeypot activity adds up to 20 pts, VPN adds 10 pts, proxy adds 8 pts. Thresholds: 0=Clean, 124=Low, 2549=Medium, 5074=High, 75+=Critical.
119 threat feeds checked5,214,886 total feed entries
AI Threat Assessment
The IP address 8.8.8.8 is a Clean asset owned by Google LLC (AS15169) and is globally recognized as Google's public DNS resolver. The risk score is 0 because it shows no indicators of compromise across 90 threat intelligence feeds, with no malicious, proxy, VPN, or TOR activity reported. The open ports (53/DNS and 443/HTTPS) are expected for this essential public service. Recommended action: no action; this IP is a legitimate infrastructure component and should not be blocked, as doing so would disrupt DNS resolution for users.
Location & Network
Where this IP address is physically located and which internet provider or organisation owns it. The map pin shows the approximate location IP geolocation is accurate to the city level at best.
The official registration record for the IP address block. It shows who was allocated this range of IPs, how to contact their abuse team, and when the record was last updated.
CIDR Block
8.8.8.0/24
IP Range
8.8.8.0 8.8.8.255
Net Name
GOGL
Organisation
GOOGLE - Google LLC, US
Country
United States Americas Northern America
Created
2023-12-28
Updated
2023-12-28
Abuse Email
network-abuse@google.com
Status
active
Threat Flags
Whether this IP appears in known Tor, proxy, or VPN databases. Click a True badge to see exactly which feeds flagged it.
Malicious
False
Tor Exit
False
Proxy
False
VPN / Anonymous
False
TLS Certificate
The security certificate this server presents when you connect over HTTPS. It proves the server's identity and enables encrypted communication. Click any row label to read a plain-English explanation of that field.
Common Name
This is the primary name the certificate is registered to usually the website's main domain. When you visit a site, your browser checks that this name matches the address you typed. A mismatch triggers a security warning.
dns.google
Issuer
The Certificate Authority (CA) that checked the applicant's identity and signed this certificate. Well-known CAs like Let's Encrypt, DigiCert, or Google Trust Services are trusted by all major browsers. A self-signed certificate means the server signed its own cert no third party vouched for it.
WR2 / Google Trust Services / US
Valid From
The exact date and time this certificate became active and started being accepted by browsers. Certificates presented before this date are considered invalid. This helps prevent certificates from being used before they were officially issued.
2026-05-07 15:54:00 UTC
Valid Until
The date and time this certificate stops being trusted. Browsers will show a security warning or block access when a certificate is expired. Certificates are typically issued for 90 days to 1 year and must be renewed before this date.
2026-07-30 15:53:59 UTC (64d left)
TLS Version
The version of the Transport Layer Security protocol used to encrypt traffic between you and the server. TLS 1.3 is the latest and most secure version, released in 2018. TLS 1.0 and 1.1 are outdated and considered insecure modern browsers no longer accept them.
TLSv1.3
Cipher
The specific mathematical algorithm used to scramble data during your connection. The number in brackets is the key size in bits a larger number means it is harder to crack. AES-256 with GCM is considered military-grade encryption and is the current gold standard.
TLS_AES_256_GCM_SHA384 (256-bit)
Serial
A unique number the Certificate Authority assigns to this specific certificate, like a serial number on a product. It is used to track and, if needed, revoke the certificate. No two valid certificates from the same CA should share the same serial number.
117271883940293663130581390138217699186
SHA-256
A unique digital fingerprint of the entire certificate, calculated using the SHA-256 hashing algorithm. If even one character in the certificate changes, this fingerprint changes completely. You can share this value with someone else to confirm you are both looking at the exact same certificate.
Subject Alternative Names the full list of domain names this single certificate covers. A wildcard entry like *.example.com covers all subdomains. This lets one certificate protect many domains at once.
IP addresses that are explicitly listed as valid in this certificate. Normally certificates use domain names, but some internal or infrastructure certs list IP addresses directly. Your browser will accept the cert as valid when connecting to any of these IPs.
Online Certificate Status Protocol a web address your browser can contact to check in real-time whether this certificate has been revoked. If the CA discovers a certificate was mis-issued or the private key was stolen, they can revoke it and OCSP will report it as invalid. Browsers use this to protect you even before the certificate's expiry date.
Certificate Revocation List a downloadable file published by the CA that lists every certificate they have cancelled before its expiry date. Software can download this list and check whether a certificate appears on it. OCSP is the faster modern alternative, but CRL is still included for compatibility.
Whether this IP has been seen attacking honeypots decoy systems set up to attract and log malicious traffic. Hits here are a strong indicator of scanning or attack activity.
Count
0
Found
False
Ip
8.8.8.8
Time Range
48h
Open Ports
Ports that are actively accepting connections on this IP right now. Each open port corresponds to a service or application. Unexpected open ports can indicate misconfiguration or malicious software.
Port
Service
Banner
53
DNS
443
HTTPS
Traceroute
The network path packets travel from this server to the target IP, hop by hop. Each row is a router along the way. The map shows the geographic path the traffic takes across the internet.
#
Address
Country
ASN / Org
Type
RTT
10
8.8.8.8 dest
United States
AS15169 Google LLC
Public
World Region: Americas Northern America Coords: 37.751, -97.822 ASN: AS15169 Org: Google LLC
This IP was checked against hundreds of threat intelligence feeds and DNS blacklists maintained by security organisations worldwide. A Listed result means the IP appears in that feed, which may indicate malicious activity, spam, or abuse. Not every listing means active danger some feeds are conservative and flag IPs for minor or historical reasons.
URL Feed Checks
Feed
URL
Entries
Status
EmergingThreats
http://rules.emergingthreats.net/blockrules/compromised-ips.txt IPs known to host malware, botnets, or other malicious content, compiled by the Proofpoint Emerging Threats research team.
516
Not Listed
AlienVault
http://reputation.alienvault.com/reputation.data Community-driven feed aggregating IPs reported for malicious activity from security researchers worldwide.
609
Not Listed
BlocklistDE
http://www.blocklist.de/lists/bruteforcelogin.txt IPs caught brute-forcing login pages, auto-reported by servers running the blocklist.de honeypot agent.
647
Not Listed
Feodo
http://rules.emergingthreats.net/blockrules/compromised-ips.txt IPs associated with Feodo/Emotet banking trojan infrastructure.
516
Not Listed
Abuse.ch Feodo Tracker
https://feodotracker.abuse.ch/downloads/ipblocklist.txt Command-and-control servers for the Feodo/Emotet banking trojan family, tracked by abuse.ch.
5
Not Listed
Abuse.ch SSLBL
https://sslbl.abuse.ch/blacklist/sslipblacklist.txt IPs communicating with malware over SSL, identified by abuse.ch via SSL certificate fingerprints.
0
Not Listed
CINS Army
https://cinsscore.com/list/ci-badguys.txt IPs scoring poorly on the CINS (Collective Intelligence Network Security) reputation system based on internet background noise.
15000
Not Listed
Spamhaus DROP
https://www.spamhaus.org/drop/drop.txt Netblocks Spamhaus recommends blocking entirely hijacked or leased IP space used exclusively for criminal activity.
1610
Not Listed
Spamhaus EDROP
https://www.spamhaus.org/drop/edrop.txt Extended DROP: suballocated netblocks controlled by spam gangs or criminal organisations not yet in DROP.
0
Not Listed
FireHOL Level 1
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset The strictest FireHOL blocklist IPs that are almost certainly hostile with very few false positives. Suitable for all networks.
4452
Not Listed
Emerging Threats botcc
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt Known botnet command-and-control IPs actively instructing malware, from Emerging Threats rule sets.
1651
Not Listed
Greensnow
https://blocklist.greensnow.co/greensnow.txt IPs attacking SSH servers, reported by a globally distributed network of honeypots run by greensnow.co.
5982
Not Listed
FireHOL Level 2
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset A broader known-bad IP set aggregated from multiple reputable threat intelligence feeds.
17849
Not Listed
FireHOL Level 3
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset Extended threat coverage including lower-confidence but still significant threat sources.
13654
Not Listed
FireHOL Level 4
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset Widest FireHOL coverage; includes IPs flagged across numerous historical and current threat datasets.
81359
Not Listed
FireHOL Abusers 1d
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_abusers_1d.netset IPs that performed abusive scanning or attack activity within the last 24 hours.
4087
Not Listed
FireHOL Abusers 30d
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_abusers_30d.netset IPs with confirmed abusive behaviour in the past 30 days.
136663
Not Listed
FireHOL Anonymous
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_anonymous.netset Aggregated Tor exit nodes, VPNs, and open proxies sources used to mask the true origin of traffic.
2246409
Not Listed
FireHOL Webclient
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_webclient.netset IPs known to originate malicious web-based attacks including drive-by exploits and web scraping campaigns.
334
Not Listed
Tor Exit Nodes
https://check.torproject.org/torbulkexitlist Official Tor Project list of active exit nodes IPs that relay anonymous Tor traffic onto the public internet.
1278
Not Listed
Tor Exit Nodes Fallback
https://check.torproject.org/cgi-bin/TorBulkExitList.py Official Tor Project bulk exit list script endpoint used as a fallback source when the primary Tor feed is unavailable.
1278
Not Listed
Blocklist.de SSH
http://www.blocklist.de/lists/ssh.txt IPs that have attempted brute-force attacks against SSH servers, reported via blocklist.de.
4890
Not Listed
Blocklist.de SMTP
http://www.blocklist.de/lists/mail.txt IPs caught sending spam or attacking mail servers, reported via blocklist.de.
13572
Not Listed
IPsum
https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt Aggregated threat intelligence scoring IPs by how many independent blacklists they appear on higher scores mean more sources agree.
122699
Not Listed
Abuse.ch Feodo Tracker Aggressive
https://feodotracker.abuse.ch/downloads/ipblocklist_aggressive.txt Strict version of Feodo Tracker including suspected as well as confirmed C2 hosts.
7607
Not Listed
Team Cymru Full Bogons
https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt IP ranges that should never appear on the public internet unallocated, reserved, or private address space.
2939
Not Listed
Blocklist.de All
http://www.blocklist.de/lists/all.txt Combined blocklist.de feed covering all attack types reported across all of their sensors.
23849
Not Listed
Blocklist.de Apache
http://www.blocklist.de/lists/apache.txt IPs attacking Apache web servers with exploits or brute-force attempts.
8760
Not Listed
Blocklist.de Bots
http://www.blocklist.de/lists/bots.txt Automated bot IPs scraping, scanning, or attacking web services.
2680
Not Listed
Blocklist.de SIP
http://www.blocklist.de/lists/sip.txt IPs attempting to abuse or brute-force SIP/VoIP telephone systems.
40
Not Listed
Blocklist.de StrongIPs
http://www.blocklist.de/lists/strongips.txt IPs with repeated, severe violations across multiple blocklist.de categories.
https://www.stopforumspam.com/downloads/toxic_ip_cidr.txt CIDR ranges that are prolific sources of spam forum registrations and automated abuse.
56
Not Listed
VoIPBL
http://www.voipbl.org/update/ IPs targeting VoIP infrastructure with toll fraud, SIP scanning, and brute-force attacks.
90545
Not Listed
DShield 1d
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/dshield_1d.netset Top attacking IPs from the last 24 hours compiled by the SANS Internet Storm Center from global firewall logs.
28
Not Listed
Etnetera Aggressive
https://security.etnetera.cz/feeds/etn_aggressive.txt IPs performing active attacks on infrastructure, maintained by the Czech security firm Etnetera.
452
Not Listed
Blocklist.de Postfix
http://www.blocklist.de/lists/postfix.txt IPs attacking Postfix mail servers, reported via blocklist.de.
13572
Not Listed
Mirai Tracker
https://mirai.security.gives/data/ip_list.txt IPs actively running or previously running the Mirai IoT botnet, tracked by security researchers.
0
Not Listed
FireHOL Proxies
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_proxies.netset Open and anonymous proxies aggregated from multiple sources, used to relay or anonymise traffic.
2240581
Not Listed
Total indicators checked across source URLs: 5067667
DNSBL Results
DNS Blacklists work differently from the URL feeds above. Instead of downloading a file of bad IPs, your system does a live DNS query the same technology used to look up website addresses and asks the blacklist operator in real-time whether this IP is listed. It is faster and always up to date, but it only returns a yes or no with no entry count. The feeds above are bulk lists you download and search locally; DNSBLs are live lookups against someone else's database.
United States (US)
