34.138.143.95

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP INTELLIGENCE BRIEFING: 34.138.143.95/32

Classification: Moderate Risk Cloud Infrastructure Asset

Date of Analysis: Current

Analyst: IPDebrief Intelligence Team

---

EXECUTIVE SUMMARY

IP address 34.138.143.95 was identified as a Google Cloud infrastructure endpoint with a moderate risk classification (Risk Score: 40). The asset operates within legitimate cloud infrastructure but exhibited minor abuse indicators and geolocation validation anomalies. No active threat campaigns or malicious behavior indicators were observed.

---

INFRASTRUCTURE PROFILE

Ownership & Network:

Organization: Google LLC (ASN: 396982)
Network Name: GOOGL-2
CIDR Block: 34.128.0.0/10
RIR: ARIN
Registration: Unavailable via RDAP

Geolocation:

Country: United States
State: South Carolina
City: Moncks Corner
Coordinates: 33.21°N, -80.17°W
Timezone: America/New_York
Accuracy Radius: 150km

Infrastructure Classification:

Provider: Google Cloud
Infrastructure Type: CloudCompute
Connection Type: Cloud
Hosting Provider: Yes
CDN/VPN/Proxy: No
Anycast: No

---

THREAT INDICATORS & OBSERVATIONS

Risk Assessment:

Risk Score: 40/100 (Moderate Risk)
Abuse Confidence Score: Not available
Threat Persistence Days: 0
Persistently Malicious: No

Threat Indicators:

Tor Exit Node: No
Known Attacker: No
Spam Source: No
Blacklist Count: 0
Pulsedive Risk: Not available
Known Campaigns: None
Threat Feeds: Empty

DNS Reputation:

DNSBL Listed: 2 of 8 total lists
PTR Hostname: 95.143.138.34.bc.googleusercontent.com
Forward Resolution: Confirmed
Email Auth: SPF and DMARC configured

Service Exposure:

Open Ports: None (Firewalled)
TLS Certificate: Not detected
HTTP Title: Not detected
Server Banner: Not detected

---

TEMPORAL ANALYSIS

Observation History:

Total Observations: 28
Recent Activity: June 2026 (within 28-day window)
Ownership Changes: 0
Threat Observation Count: 1
Threat Persistence: Not persistent

Stability Metrics:

Average Ownership Days: Not applicable (cloud infrastructure)
Route Stability: Stable
Route Changes (30d): 0
Is MOAS: No
RPKI State: Not evaluated
IRR Consistency: Not evaluated

---

NETWORK NEIGHBORHOOD ANALYSIS

Subnet Profile:

Subnet: 34.138.143.95/24
Abuse Density: 1 (Low)
Classification: Mostly Clean
Inherited Risk: 2

Sibling Analysis:

Total Siblings: 1
Active Siblings: 1
Threat Siblings: 1

The immediate /24 neighborhood shows minimal abuse density with one identified threat sibling, suggesting this is not part of a coordinated malicious network.

---

RELATIONSHIP ANALYSIS

DNS Associations:

Primary Hostname: 95.143.138.34.bc.googleusercontent.com
Forward Resolution: Confirmed
Hosted Domains: 0

Network Relationships:

Same Network: GOOGL-2
Multiple redundant DNS and network associations detected

The relationship graph shows standard cloud infrastructure patterns with consistent DNS and network associations to Google-owned infrastructure.

---

GELOCATION VALIDATION

Validation Status:

GeoPlausible: False
Distance: 6,958km (from probe origin)
Minimum Possible RTT: 139.2ms
Observed RTT: 39ms (Violation)
Probe Count: 5

Assessment: The geolocation data shows a significant RTT violation, indicating the IP's reported location may not match actual routing paths. This is common in cloud infrastructure where routing paths diverge from geographic expectations.

---

CONTROL PLANE ANALYSIS

BGP Routing:

Origin ASN: 396982
BGP Prefix: 34.138.128.0/20
AS Path: 57866, 15169, 396982
Is Route Stable: Yes
Is MOAS: No

DNS Security:

DNSSEC Valid: Yes
Has CAA: Yes
Delegation Age: 2,857 days

---

RECOMMENDED ACTIONS

Firewall Rules:

Platform	Recommended Rule
iptables	`iptables -A INPUT -s 34.138.143.95 -j DROP`
nftables	`nft add rule inet filter input ip saddr 34.138.143.95 drop`
nginx	`deny 34.138.143.95;`
pfSense	`34.138.143.95/32`
Cloudflare WAF	Block with expression `ip.src eq 34.138.143.95`
AWS WAF	Add to blocklist: `34.138.143.95/32`

Assessment: The moderate risk score and presence of DNSBL listings warrant consideration for blocking, though this is Google Cloud infrastructure. Investigation recommended to confirm if traffic patterns align with expected legitimate cloud behavior or indicate compromised resources.

---

INTELLIGENCE CONCLUSION

IP 34.138.143.95 is classified as a Google Cloud infrastructure endpoint with moderate risk indicators. The asset demonstrates legitimate cloud infrastructure characteristics but maintains DNSBL listings that warrant monitoring. No active threat campaigns or malicious behavior were observed in the analysis window. The single threat sibling in the /24 neighborhood suggests potential localized abuse but not coordinated activity.

SOC Analyst Guidance:

Monitor traffic patterns for anomalies
Verify if IP traffic originates from expected Google Cloud services
Consider blocking if traffic does not align with organizational use cases
Maintain awareness of the 1 threat sibling in the neighborhood
No immediate threat escalation required

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	SC
City	Moncks Corner
Timezone	America/New_York
Latitude	33.21
Longitude	-80.17

🏢 Ownership & Registration

Organization	Google LLC
ASN	AS396982
Network Name	GOOGL-2
CIDR Block	34.128.0.0/10
RIR	ARIN
Country	United States
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	95.143.138.34.bc.googleusercontent.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`95.143.138.34.bc.googleusercontent.com`

🔐 DNS Hygiene

Hygiene Score	100% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	4
routing	24%	2	3
services	15%	2	2
ownership	30%	3	4
reputation	26%	1	3
geolocation	34%	2	3
Overall	26%	12	19

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mixed Signals (65%) — 2 contradiction(s)
Attribution	Moderate (55%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement
⚠ High authority score (90) but appears on threat lists (risk 40)

📅 Observation Timeline 🔄 Live

First Seen	2026-05-26 06:51:11 UTC
Last Seen	2026-06-29 02:47:44 UTC
Profile Built	2026-06-29 08:50:35 UTC
Data Freshness	Live
Signal Types	26
Total Observations	27

🔍 26 signal types · 27 observations collected

This report is generated from 26+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

34.138.143.95📋 Copy