# IP Intelligence Briefing: 34.56.229.114/32
## Executive Summary
IP address 34.56.229.114 operates within Google Cloud infrastructure with an overall low-risk profile (risk score: 25). The IP is associated with Google LLC (ASN 396982) and functions as a web server/hosting service. While the IP shows minimal malicious activity, it is listed on 1 of 8 DNS blacklists and is linked to a single threat sibling in its /24 neighborhood.
## Risk Assessment
Risk Score: 25 (Low Risk)
Reputation: Low Risk
Abuse Confidence: Not elevated
Blacklist Status: 1/8 DNSBL entries
Classification: CloudCompute / Web Server
## Infrastructure Profile
- Organization: Google LLC
- ASN: 396982
- Network: GOOGL-2
- BGP Prefix: 34.56.0.0/16
- Geolocation: Council Bluffs, IA, US
- Infrastructure Type: Google Cloud Platform
- Status: Active cloud compute host
## Network Services
| Port | Protocol | Service | Status |
|---|---|---|---|
| 80 | TCP | HTTP | Open |
| 443 | TCP | HTTPS | Open |
| 22 | TCP | SSH | Open |
TLS Certificate: Let's Encrypt (CN=demos.biwares.com)
Server Banner: Apache/2.4.67 (Debian)
DNS Records: googleusercontent.com ptr hostname
## Threat Indicators
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Campaign Association: None detected
- Threat Observation Count: 1
- Threat Persistence: 0 days (not persistent)
- Persistently Malicious: No
## Neighborhood Analysis
Subnet: 34.56.229.114/24
- Abuse Density: 1 (low)
- Classification: Mostly clean
- Threat Siblings: 1
- Active Siblings: 1
- Total Siblings: 1
## Historical Observations (27 records)
Recent observations (2026-06-21) confirm:
- Subnet abuse density: 1
- Classification: mostly_clean
- Inherited risk: 2
- No ownership changes detected
- Not persistently malicious
## Relationships
- DNS Associations: 114.229.56.34.bc.googleusercontent.com
- Network Associations: GOOGL-2 (multiple)
- Total Relationships: 52
## Recommended Actions
1. Monitoring: Continue monitoring for changes in blacklist status or new threat indicators.
2. SSH Exposure: The open SSH port (22) on a public-facing cloud instance warrants review for unauthorized access attempts.
3. DNSBL Investigation: Investigate the single DNSBL listing to understand the listing reason and determine if action is required.
4. Geolocation Validation: Note RTT/geo discrepancy (7218.7km vs minimum possible 144.4ms) indicates potential geolocation inaccuracy.
5. Certificate Review: TLS certificate subject (demos.biwares.com) may warrant validation against legitimate business use.
## Conclusion
This IP represents a standard Google Cloud web hosting instance with minimal threat indicators. While not actively malicious, the open SSH port and DNSBL listing warrant standard defensive monitoring. No immediate blocking is recommended; however, the SSH exposure should be evaluated for necessity on a publicly accessible cloud instance.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | GOOGL-2 |
| CIDR Block | 34.4.5.0/24 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 114.229.56.34.bc.googleusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 114.229.56.34.bc.googleusercontent.com |
π DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | 2/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
| Domains Checked | 2 domains |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache/2.4.67 (Debian) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.2 |
π TLS Certificate
| SANs | demos.biwares.com |
| Valid From | 2026-05-17T05:34:37+00:00 |
| Valid Until | 2026-08-15T05:34:36+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 06A83B78A61CD7FADD2B81A1774413485947 |
| Thumbprint | EE8F75007C2B927BA4C4242F927EF08AA16A49AF |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 27% | 2 | 3 |
| services | 27% | 2 | 3 |
| ownership | 30% | 3 | 4 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 27% | 12 | 19 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-30 17:03:40 UTC |
| Last Seen | 2026-06-29 07:56:49 UTC |
| Profile Built | 2026-06-29 08:04:57 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 28 |
Full dossier details are available via our API.