35.205.138.113
# IP Intelligence Briefing: 35.205.138.113/32
Classification: Google Cloud Infrastructure
Risk Assessment: Low Risk
Report Date: Current
## Executive Summary
IP 35.205.138.113 is a low-risk (Risk Score: 25) Google Cloud infrastructure endpoint. The address resolves to googleusercontent.com and operates as a web server (443/HTTPS). No active threat indicators or malicious campaign associations were identified.
## Infrastructure Profile
- Organization: Google LLC (ASN: 396982)
- Network Block: 35.192.0.0/12 (GOOGLE-CLOUD)
- Geolocation: Belgium (BE), St. Ghislain, Walloon Region
- Service Role: Web Server / Cloud Infrastructure
- Infrastructure Type: Cloud Provider (not CDN, proxy, or VPN)
## Technical Services
- Open Ports: TCP/443 (HTTPS)
- TLS Certificate: Self-signed certificate with Kubernetes service name SANs (kubernetes.default, kubernetes.default.svc)
- HTTP Status: 403 (Forbidden)
- DNS Resolution: 113.138.205.35.bc.googleusercontent.com (confirmed)
- DNSSEC: Valid
- CAA Records: Present
## Threat Intelligence Indicators
- Blacklist Status: 0 active blacklists; 1 DNSBL listing out of 8 total lists
- Threat Indicators: None detected
- Abuse Confidence Score: Not elevated
- Known Campaigns: No associations
- Tor/Proxy: Not identified as Tor exit node, proxy, or hosting service
- Risk Breakdown: Low Risk reputation with minimal operational concerns
## Control Plane Analysis
- Route Stability: Not stable (isRouteStable: false)
- Operator Score: 0.3478 (Basic classification)
- RPKI State: Not assessed
- BGP Prefix: 35.205.128.0/20
## Observation History
Total observations recorded: 25
- Recent Activity: Observations from June 2026
- Signal Confidence: Ranges 0.23โ0.60
- Coverage: Geolocation, routing, services, ownership, reputation, and geolocation dimensions assessed
- Threat Persistence: No persistent malicious behavior observed (0 threat persistence days)
## Neighborhood Assessment
- Subnet: 35.205.138.113/24
- Abuse Density: 0 (no abuse detected in neighborhood)
- Risk Classification: mostly_clean
- Active Siblings: 1
- Threat Siblings: 1
## Relationship Graph
- DNS Associations: 37 total relationships, primarily DNS hostname associations to 113.138.205.35.bc.googleusercontent.com
- Organizational Links: None beyond Google Cloud infrastructure
- Certificate Subjects: Kubernetes-related service principals
## Recommended Actions
Based on the low-risk profile and legitimate cloud infrastructure classification:
- Firewall Rules: No blocking required; standard cloud egress/ingress policies apply
- Monitoring: Routine traffic monitoring appropriate; no elevated alerting recommended
- Threat Hunting: No immediate threat hunting required
## Conclusion
IP 35.205.138.113 represents legitimate Google Cloud infrastructure hosting web services. The low risk score, absence of threat indicators, and cloud provider context indicate this is not a malicious endpoint. Routine defensive monitoring is appropriate; no blocking or restrictive firewall rules are warranted.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Google LLC |
| ASN | AS396982 |
| Network Name | GOOGLE-CLOUD |
| CIDR Block | 35.192.0.0/12 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 113.138.205.35.bc.googleusercontent.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 113.138.205.35.bc.googleusercontent.com |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | 1/4 domains |
| DMARC | 1/4 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
| Domains Checked | 4 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | kuberneteskubernetes.defaultkubernetes.default.svckubernetes.default.svc.cluster.local |
| Valid From | 2026-06-09T10:28:26+00:00 |
| Valid Until | 2031-06-08T10:30:26+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_128_GCM_SHA256 |
| Signature Algorithm | sha256RSA |
| Validity Period | 1825 days |
| Serial Number | 00D71835BAE8F06A019B75A22280F97C36 |
| Thumbprint | 019F07778ECE9183190B5D0E06C8D6325E0D2C85 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-25 06:42:12 UTC |
| Last Seen | 2026-06-29 01:21:03 UTC |
| Profile Built | 2026-06-29 07:22:52 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.