35.189.238.138
IP Intelligence Briefing: 35.189.238.138
Date: 2026-06-14
---
**1. Core Profile**
- Risk Score: Low (25/100) | Provider: Google Cloud (ASN 396982)
- Geolocation: Registered to the U.S., but geolocation data suggests Brussels, Belgium (potential inconsistency).
- Ownership: Owned by Google LLC (ARIN-registered).
- Network Role: Cloud infrastructure (firewalled, no public services).
- Threat Indicators: No malicious activity detected (no abuse confidence, blacklist, or campaign ties).
---
**2. Observation History**
- Recent Activity:
- Routinely observed in BGP routes (prefix: 35.189.224.0/20) with stable routing.
- DNS records linked to `googleusercontent.com` (PTR: `138.238.189.35.bc.googleusercontent.com`).
- No spikes in threat signals or anomalous behavior.
- Temporal Trends:
- Consistent ownership since 2016.
- No persistent malicious activity (threat persistence: 0 days).
---
**3. Relationships**
- Linked Entities:
- Google Cloud Network: Directly tied to Google's infrastructure (ASN 396982).
- DNS: Resolves to `googleusercontent.com` (SPF/DKIM email authentication enabled).
- BGP: Route originates from ASN 396982, with AS path: `57866 15169 396982`.
- No Known Malicious Associations: No correlated IPs, certificates, or campaigns.
---
**4. Neighborhood Analysis**
- Subnet: 35.189.238.138/24
- Neighbor Risk: No active neighbors reported; subnet abuse density: 0% (clean).
- Isolation: IP appears isolated within its subnet, with no risky siblings.
---
**5. Actionable Insights**
- No Immediate Threat: Low-risk, legitimate cloud IP with no malicious indicators.
- Geolocation Discrepancy: Investigate potential geolocation inaccuracies (Brussels vs. U.S. registration).
- Monitor for Anomalies: Track routing changes or unexpected DNS activity, though current data shows stability.
- Firewall Rules: No restrictive actions required; IP is part of a trusted cloud provider.
---
Conclusion: 35.189.238.138 is a benign Google Cloud IP with no signs of compromise. While geolocation data shows inconsistencies, the IPโs low risk score and stable network behavior suggest it is legitimate. No further action is required unless new threats emerge.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | โ |
| CIDR Block | 35.189.224.0/20 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 138.238.189.35.bc.googleusercontent.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 138.238.189.35.bc.googleusercontent.com |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.9 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 58% | 2 | 10 |
| services | 15% | 2 | 2 |
| ownership | 22% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 29% | 12 | 25 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-17 09:10:49 UTC |
| Last Seen | 2026-06-28 04:56:07 UTC |
| Profile Built | 2026-06-28 23:01:22 UTC |
| Data Freshness | Live |
| Signal Types | 29 |
| Total Observations | 40 |
Full dossier details are available via our API.