104.155.154.215

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 104.155.154.215

## Executive Summary

IP address 104.155.154.215 presents as a low-risk Google Cloud infrastructure asset. The IP operates as a web hosting service with no active threat indicators. No immediate blocking action recommended; standard monitoring advised.

## Risk Profile

Risk Score: 25/100 (Low Risk)
Reputation: Low Risk
Classification: CloudCompute infrastructure
Provider: Google LLC (ASN: 396982)
Network: 104.154.0.0/15 (GOOGLE-CLOUD)

## Infrastructure Details

Service Purpose: Web Server
DNS Resolution: webhost.onesupport.cloud
Open Ports: TCP/80 (HTTP), TCP/443 (HTTPS), TCP/22 (SSH)
Web Server: Apache
TLS Certificate: Let's Encrypt (CN=*.onesupport.cloud)
Server Banner: Apache

## Geolocation Data

Country: United States (US)
Region: Iowa (IA)
City: Council Bluffs
Timezone: America/Chicago
Note: Geo validation shows RTT anomalies (55ms observed vs. 144.4ms minimum expected for 7,219km distance)

## Neighborhood Analysis

Subnet: 104.155.154.0/24
Abuse Density: 1 (minimal)
Classification: Mostly clean
Threat Siblings: 1 identified in subnet
Inherited Risk: 2

## Threat Indicators

Blacklist Count: 0
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Active Campaigns: None detected

## Observation History

Total Observations: 21
Latest Activity: 2026-06-21
Threat Persistence: 0 days
Status: No persistent malicious behavior detected
Notable: Single threat observation recorded in history

## Relationship Graph

DNS Associations: 3 instances mapping to webhost.onesupport.cloud
Network Associations: Google Cloud Platform
Total Relationships: 66 entities

## Recommended Actions

Current Risk Assessment: Monitor but do not block

Firewall Configuration: No specific firewall rules generated. Standard allow rules for HTTP/HTTPS ports may be applied if traffic is expected.

SOC Guidance:

1. Monitor for unusual traffic patterns from this IP

2. No immediate blocking action required

3. Note: SSH port (22) is open; consider evaluating if SSH access is expected from external sources

4. Certificate validity should be verified periodically

## Conclusion

The IP address 104.155.154.215 is a legitimate Google Cloud web hosting endpoint with low-risk characteristics. The infrastructure shows standard web server behavior with no threat indicators. Continue standard monitoring procedures.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	IA
City	Council Bluffs
Timezone	America/Chicago
Latitude	41.26
Longitude	-95.85

🏢 Ownership & Registration

Organization	Google LLC
ASN	AS396982
Network Name	GOOGLE-CLOUD
CIDR Block	104.154.0.0/15
RIR	ARIN
Country	United States
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	webhost.onesupport.cloud
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`webhost.onesupport.cloud`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_7.4
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	Apache
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_7.4

🔐 TLS Certificate

An expired certificate for CN=*.onesupport.cloud was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.

🔒

CN=*.onesupport.cloud

Issued by CN=R10, O=Let's Encrypt, C=US

Self-signed: No

SANs	*.onesupport.cloudonesupport.cloud
Valid From	2024-10-12T11:08:50+00:00
Valid Until	2025-01-10T11:08:49+00:00 (expired)
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	89 days
Serial Number	03E0C5285A330F6028B7741979B3D0DDCD09
Thumbprint	7F6D78C9563148E58A8CAAA0005DE259EE66CFB9

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	40%	2	4
routing	42%	1	6
services	30%	2	3
ownership	27%	2	3
reputation	31%	1	3
geolocation	33%	2	3
Overall	34%	10	22

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mixed Signals (65%) — 2 contradiction(s)
Attribution	Moderate (55%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement
⚠ High authority score (90) but appears on threat lists (risk 50)

📅 Observation Timeline 🔄 Live

First Seen	2026-05-27 13:16:23 UTC
Last Seen	2026-06-29 04:11:26 UTC
Profile Built	2026-06-29 16:13:12 UTC
Data Freshness	Live
Signal Types	23
Total Observations	32

🔍 23 signal types · 32 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

104.155.154.215📋 Copy