Security Advisors · OSINT Screening Report
google.com
Perimeter-focused OSINT screening of the apex domain (google.com) and correlated public-registration/DNS/route signals. Pack en-httpgooglecomgoog-1; entity token from intake: “en google.com”.
Data access: 2026-05-20
Type: Public domain · internet-facing asset
Jurisdiction: United States — Google LLC (RDAP registrant organization)
Infrastructure: Google authoritative DNS · routed under AS15169 (RIPEstat)
Final verdict · section 13 (methodology alignment)
✅ Clear to proceed
18 / 100
Low band (0–20 · Low risk): technical signals align with legitimate operation of Google’s global edge/anycast naming and DNS delegation; registrar and registrant-role organization read as enterprise-grade protections. Institutional compliance teams should still map the domain to the exact contracting subsidiary and rerun sanctions screening at transaction time.
📋 Request data
FieldContent
Namegoogle.com (apex)
CorrelationGoogle LLC (organization field in Registrar RDAP, redacted WHOIS-grade details)
CountryUnited States (registration context per RDAP indicators)
Websitehttps://google.com
PurposePrimary OSINT / counterparty perimeter screening against open sources · no subpoena-scope claims
Data collected2026-05-20 (timezone of query environment: coordinated universal sample timestamps in APIs)
Open questionsWhich Alphabet/Google contracting entity executes your agreement; geopolitical exposure not exhaustively enumerated in this domain-only pass.
📋 OSINT Screening Report · Sections 1–13
1. Subject of review

Object: Internet domain name google.com (apex). Associated organization (technical registration layer): Google LLC appears as the RDAP registrant organization MarkMonitor publishes with privacy redaction.

Identifiers: IANA Registrar ID 292 (MarkMonitor Inc.); RDAP handles include 2138514_DOMAIN_COM-VRSN via Verisign COM RDAP bootstrap.

Operational note: This review is perimeter-level; Alphabet Inc. subsidiaries outside Google LLC are excluded unless public sources tie them to this domain delegation.

2. Summary

Across DNS, Registrar RDAP, and Verisign registry RDAP, google.com behaves like Google’s authoritative production apex: delegated to NS1–NS4.GOOGLE.COM, resolves to IPv4 endpoints inside Google’s routed address space (ASN 15169 per RIPEstat for the queried /24 enclosure), publishes enterprise-style SPF delegation to Google’s SMTP policy, and is locked with standard ICANN transfer/update prohibitions typical of marquee brands.

3. Risk Score

18 / 100 — low band on the methodology scale: 0–20 · Low risk.

Rationale: No spoofed DNS patterns or obvious typo-squatter footprint were evident in sampled technical channels; reputational/policy exposure exists at the global regulatory level for Alphabet generally, but nothing in these technical registries independently elevates transactional risk comparable to sanctioned, insolvent, or anonymous high-risk hosting clusters.

4. Main red flags

confirmed fact No materially adverse technical red flags surfaced in Registrar/Registry RDAP status codes sampled on 2026-05-20 (multi-year registration horizon, registrar locks consistent with theft protection).

requires manual check Policy/compliance narratives (competition remedies, privacy orders, geopolitical localization) evolve quickly; correlate with counsel if your use-case imposes sectoral restrictions irrespective of benign DNS fingerprints.

5. Registration data

confirmed fact Registry RDAP (Verisign COM RDAP) lists creation 1997-09-15, expiration 2028-09-14 (timezone-normalized timestamps differ slightly vs MarkMonitor mirror), authoritative NS NS1–NS4.GOOGLE.COM, and delegationSigned: false at COM delegation.

confirmed fact Registrar RDAP (MarkMonitor) discloses organizational registrant handle Google LLC; personal/registrant contact fields are GDPR-style redacted with a registrar contact pathway.

probable link Brand-consistency strongly indicates operational control rests with Alphabet’s Google naming operations; further corporate-tree mapping requires SEC filings rather than WHOIS alone.

6. Owners / UBO

confirmed fact Public RDAP publishes organization “Google LLC” for the registrant role; natural-person UBO is not surfaced (redacted).

requires manual check Ultimate shareholders of Alphabet publicly trade under NASDAQ:GOOGL/GOOG — reconcile with equities disclosure rather than WHOIS proxies when UBO granularity is mandated.

7. Related persons & companies

probable link Organizational ecosystem includes Alphabet subsidiaries and regional affiliates; domain DNS alone cannot enumerate them.

hypothesis Numerous third-party vendor TXT proofs (Adobe, Cisco, DocuSign, Facebook, GlobalSign cues, Apple domain verification tokens) coexist on the apex — consistent with a heavily integrated digital brand perimeter; each token asserts a relationship only with vendor-side verification workflows.

8. Sanctions risks

requires manual check This automated perimeter pass did not replace official screening in OFAC Sanctions Search, consolidated EU listings, UN lists, HM Treasury sanctions, or NSDC-derived Ukraine instruments when your policy demands them.

confirmed fact The subject is universally recognized Silicon Valley-origin infrastructure; notwithstanding, deterministic negatives must be queried in your sanctioned-party workflow naming the concrete legal entity of contract.

9. Litigation risks

probable link Alphabet/Google participates in voluminous litigation and regulatory proceedings globally.

requires manual check No case-level docket review was attempted here; escalate with counsel/PACER or national court APIs if filings affect your contractual theory.

10. Debts / enforcement proceedings

requires manual check Domain/WHOIS data do not reveal tax delinquencies or judgments; verifying corporate treasury health is beyond OSINT registrar channels.

11. Reputational background

probable link Persistent public discourse covers privacy practices, ads policy, geopolitical moderation, AI safety, labor relations, competition — standard major-tech profile.

confirmed fact No reliance was placed here on scraped forums/leaks/off-channel datasets.

12. Tender history

confirmed fact Not materially applicable at domain-only scope; procurements referencing Google identifiers would require discrete Prozorro / SAM / national tender registry searches keyed to awarding entity taxonomy.

13. Conclusion

✅ Clear to proceed — for benign technical counterparty onboarding where the apex domain legitimacy is decisive. Continue with transactional mapping to the contracting legal entity, refreshed sanctions screenings, and contract-specific DPIA/policy checks where warranted.

⚠️ Main red flags · operational watch-items
1 DNSSEC off at COM delegation

probable link Lack of delegated DNSSEC (per RDAP secureDNS.delegationSigned = false) is noteworthy for spoofing-conscious architectures but commonplace among major consumer brands weighing operational complexity vs protocol adoption.

2 WHOIS/UWHOIS-grade redaction limits UBO granularity

requires manual check Natural-person beneficiaries are inaccessible through RDAP; rely on equities filings, contractual reps, or national corporate registers keyed to signer entities.

📊 Risk assessment (rubric cues)
CriterionTriggeredFactual basis (snapshot)
Sanctions (official lists)no (not exhaustively enumerated)Requires your formal workflow requires manual check
Connection to RF / RB / occupied territoriesn/aNot assessed geopolitically in this perimeter pass · requires manual check if mandated by policy.
Bankruptcy / insolvencynoNo insolvency cues drawn from Registrar/Registry technical objects.
High litigation activitycontextual onlyQualitatively plausible for marquee tech — probable link; no tally.
Media negativenot scoredAmbient policy debates exist globally — not scored numerically herein.
Final risk score · Range18 / 100 — 0–20 · Low risk
🛡️ Sanctions & registries (summary)
OFAC SDN snapshot (automated perimeter)Not enumerated here
EU Financial Sanctions / UK OFSI snapshotNot enumerated here
Ukraine · State Register of Sanctions (NSDC)Not enumerated here · use drs.nsdc.gov.ua in production checks
ICANN Registrar accreditation (reference)MarkMonitor (IANA ID 292) visible in RDAP
Brand / DNS alignmentInternal Google NS delegation + routed AS footprint
⚙️ Technical infrastructure · OSINT-derived
Technical summary
DNS · A samples (Cloudflare DoH)
142.250.9.100–113, · · ·138–139 (TTL ~244)
DNS · NS
ns1–ns4.google.com
DNS · MX
10 smtp.google.com.
DNS · SPF (TXT)
v=spf1 include:_spf.google.com ~all
BGP / Routing (RIPEstat)
AS15169 — GOOGLE - Google LLC (prefix enclosure 142.250.9.0/24 → 142.250.0.0/15)
Registrar / Registry RDAP freshness
DB sync ping 2026-05-20 (Verisign + MarkMonitor)
Domain lifecycle
Created 1997-09-15 · Expires 2028-09-14 (± timezone strings)
Registrar locks
client/server delete+transfer+update prohibited
DNSSEC (COM delegation)
delegationSigned: false
Certificate Transparency · crt.sh
Query timed out / incomplete during collection window
Internet Archive · CDX
Network timeout during collection window
📚 Sources
What to do next · Recommended next steps
  • 🧭Legal entity handshake: align counterparty onboarding forms with Alphabet’s executing subsidiary (quotes, invoicing).
  • 🛂Rerun sanctions / export-control screening listing the specific signatory LEI/EIN equivalents in platforms like OFAC Sanctions List Search (manual policy requirement).
  • 🔒For phishing-sensitive counterparties: monitor lookalikes / cousin domains commercially; apex fingerprint here is benign but does not mitigate homoglyphs elsewhere.
  • 🧾If EU/Ukraine public-procurement exposure matters, launch parallel Prozorro / TED searches keyed by supplier IDs independent of apex DNS telemetry.
⚖️ Limitations of this review

Perimeter completeness & access constraints snapshot

  • Passive OSINT limited to Registrar/Registry/DNS/route intelligence; excludes authenticated corporate records, ticketing data, subpoena-bound facts.
  • Certificate Transparency and Internet Archive probes failed/time-boxed — retry later for historical issuance & content drift.
  • Sanctions & court outcomes require primary-list confirmation; aggregator mirrors alone are inadequate for final compliance sign-off.
  • Language & geofencing: collection tools ran from a cloud egress; censorship or split-horizon DNS elsewhere may diverge slightly.

Brief report

Subject
google.com — apex domain aligning with authoritative Google nameservers & MarkMonitor stewardship; RDAP publishes Google LLC as organizational registrant with privacy redactions.
Risk Score
18 / 100 — 0–20 · Low risk
Technical integrity & global brand consistency dominate; geopolitical/policy narratives intentionally not numerically amplified without fresh legal briefings.
License
n/a — domain asset not itself “licensed” like FI; sectoral licenses reside with Alphabet affiliates per activities.
Regulator
No single registrar “regulates” apex brands; Alphabet faces multi-jurisdictional supervision (cite counsel for sector-specific matrices).
Infrastructure
Confirmed Google NS · Google IPv4 anycast enclosures (ASN15169 per RIPEstat) · enterprise SPF delegation.
Similar entities
requires manual check — distinguish Alphabet subsidiaries (GCP vs consumer Google vs Devices) transactionally.
Verdict
✅ Clear to proceed contingent on customary entity-level AML/sanctions refresh.
Actions
Perform entity-level screenings; reconcile invoices to LEI/legal name; rerun CT & archive passes if historical TLS ownership is mandated.
This report is a preliminary OSINT screening based on publicly available sources and does not constitute a legal opinion, accusation, or final compliance assessment. Critical findings require manual verification and confirmation from official sources. | 2026-05-20 | Security Advisors · OSINT Due Diligence Agent