104.155.20.12
INTELLIGENCE BRIEFING: IP 104.155.20.12/32
---
**SUMMARY**
IP 104.155.20.12 is a Google Cloud Platform (GCP) infrastructure address operating with a low-risk profile (Risk Score: 25). The IP is classified as cloud-hosted infrastructure with no active threat indicators and minimal abuse footprint.
---
**OWNERSHIP & CLASSIFICATION**
- Organization: Google LLC
- ASN: 396982 (GOOGLE-CLOUD-PLATFORM)
- BGP Prefix: 104.155.16.0/20
- Infrastructure Type: CloudCompute
- Geolocation: Belgium (St. Ghislain, BE) via ARIN registry
- Network Role: Provider / Cloud Infrastructure
- Status: Cloud-hosted, not residential, not a proxy/VPN/Tor exit
---
**THREAT ASSESSMENT**
- Overall Risk Score: 25 (Low Risk)
- Abuse Confidence Score: Not applicable
- Blacklist Count: 0
- Pulsedive Risk: Not applicable
- Campaign Matches: None detected
- Tor Exit Node: False
- Known Attacker: False
- Spam Source: False
Threat Indicators: None observed. The IP shows no evidence of being used for malicious activity, scanning, or command-and-control operations.
---
**SERVICE & PORT ANALYSIS**
- Open Ports: None detected
- HTTP/S Services: Inactive (Firewalled)
- TLS Certificate: None
- Service Banner: No active services exposed
- Network Exposure: Minimal / Cloud-based with restricted access
---
**DNS & REPUTATION DATA**
- PTR Hostname: 12.20.155.104.bc.googleusercontent.com
- Domain: googleusercontent.com
- DNS Resolution: Forward confirmed
- DNSBL Listings: 1 of 8 total lists (minor listing)
- Email Authentication: SPF record present
- DNSSEC: Valid
---
**NEIGHBORHOOD ANALYSIS**
- Subnet: 104.155.20.0/24
- Abuse Density: 0 (Clean subnet)
- Classification: Mostly Clean
- Threat Siblings: 0
- Risk Distribution: No high or medium-risk neighbors identified
---
**OBSERVATION HISTORY**
Total Observations: 24 signals tracked
Recent Activity:
- 2026-06-25: Cloud infrastructure detected with minimal threat signals (Operator Score: 0)
- 2026-06-19: ASN 396982 confirmed, US origin routing, Basic operator classification
Temporal Analysis:
- Persistence: No persistent malicious behavior detected
- Ownership Changes: 0 changes observed
- Threat Observation Count: 1 (historical, now cleared)
- Is Persistently Malicious: False
---
**RELATIONSHIP GRAPH**
- Total Relationships: 92
- Primary Associations: DNS hostname associations to googleusercontent.com endpoints
- Network Relations: Linked to GOOGLE-CLOUD network segment
- Certificate/SSL: No associated certificates
---
**SECURITY RECOMMENDATIONS**
Based on the risk profile, the following actions are recommended for SOC operations:
1. Action Level: Monitor / Low Priority
2. Firewall Rules: No blocking required; allow traffic per standard cloud provider policies
3. WAF Rules: Not applicable for blocking; consider allow-listing if traffic is expected
4. Threat Hunting: No active indicators requiring investigation
5. Geographic Filtering: Belgium-based routing; no geographic restrictions needed unless policy requires
---
**INTEL CONCLUSION**
IP 104.155.20.12 represents legitimate Google Cloud Platform infrastructure with no current threat indicators. The IP operates within a clean subnet neighborhood and shows stable cloud hosting behavior. No blocking or escalation actions are recommended. Traffic may be observed from Google's CDN infrastructure (googleusercontent.com), which is consistent with normal cloud provider operations.
Classification: LOW RISK - Cloud Infrastructure
SOC Action: MONITOR (No intervention required)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 12.20.155.104.bc.googleusercontent.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 12.20.155.104.bc.googleusercontent.com |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 22% | 2 | 4 |
| routing | 22% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-09 17:40:56 UTC |
| Last Seen | 2026-06-27 15:54:10 UTC |
| Profile Built | 2026-06-28 09:58:58 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.