104.199.85.216
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
Threat Intelligence Briefing: IP 104.199.85.216/32
Overview:
The IP address 104.199.85.216/32 is a publicly routable address associated with Google Cloud Platform (GCP). This address is part of the IP range allocated to Google for their cloud services.
Observation History:
- Service Type: The IP address is linked to Google Cloud services, which include a variety of cloud-based applications and infrastructure components.
- Usage Pattern: The IP has been observed in legitimate traffic patterns consistent with cloud service operations, such as data storage, processing, and web hosting.
Relationships:
- Parent Organization: Google LLC, a major global technology company providing internet-related services and products.
- Associated Domains: The IP address is associated with numerous Google domains, including those related to Google Cloud services like `cloud.google.com`, `storage.googleapis.com`, and `appspot.com`.
Neighborhood Data:
- IP Range Context: The IP is part of a broader range allocated to Google, which includes other cloud service infrastructure. Neighboring IP addresses are similarly used for cloud services.
- Geolocation: The IP is hosted in the United States, specifically in regions where Google maintains its data centers.
Security Considerations:
- Legitimate Use: Traffic from this IP is generally legitimate and associated with Google's cloud services. It is crucial to distinguish between normal cloud operations and potential misuse.
- Threat Potential: While the IP itself is not a known threat vector, any unusual or unauthorized activity originating from this IP should be investigated further. This could include unexpected traffic patterns or connections to known malicious domains.
Actionable Insights:
- Monitoring: Continuously monitor traffic associated with this IP for anomalies that deviate from expected cloud service behavior.
- Incident Response: If unusual activity is detected, correlate with known threat intelligence to determine if it is part of a broader campaign or isolated incident.
- Access Control: Ensure proper access controls and authentication mechanisms are in place for interactions with Google Cloud services to prevent unauthorized use.
This intelligence briefing provides a foundational understanding of the IP address 104.199.85.216/32, emphasizing its legitimate use within Google Cloud services and the importance of monitoring for anomalies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | โ |
| CIDR Block | 104.199.80.0/20 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 216.85.199.104.bc.googleusercontent.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 216.85.199.104.bc.googleusercontent.com |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 44% | 2 | 6 |
| services | 12% | 2 | 2 |
| ownership | 36% | 3 | 7 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 30% | 12 | 25 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:27 UTC |
| Last Seen | 2026-06-26 21:57:59 UTC |
| Profile Built | 2026-06-27 18:17:46 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 39 |
๐ 27 signal types ยท 39 observations collected
This report is generated from 27+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.