35.220.158.192

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# THREAT INTELLIGENCE BRIEFING: 35.220.158.192/32

Classification: LOW RISK – Legitimate Cloud Infrastructure

Risk Score: 25/100

Analysis Date: 2026-06-16

---

## OWNERSHIP & INFRASTRUCTURE

The IP address 35.220.158.192 is owned by Google LLC (AS396982) under the GOOGLE-CLOUD network block (35.208.0.0/12). The address is allocated from the ARIN RIR and registered to Hong Kong.

Key Infrastructure Attributes:

Provider: Google Cloud Platform
Geolocation: Hong Kong (22.31°N, 113.91°E)
Infrastructure Type: Cloud hosting service
Connection Type: Firewalled / No services exposed
Certificate Status: No TLS certificates detected

---

## THREAT ASSESSMENT

Current Risk Profile: LOW RISK

Threat Indicators:

Known Attacker: No
Spam Source: No
Tor Exit Node: No
Blacklist Count: 0
DNSBL Listings: 1 (minor listing, not significant)
Threat Persistence: 0 days (not persistently malicious)
Campaign Association: None detected

Network Role: Google Cloud provider infrastructure with no open ports or active services exposed. The IP shows no evidence of being used for malicious activity.

---

## OBSERVATION HISTORY

Monitoring Period: 20 observations collected (most recent: 2026-06-16 17:17 UTC)

Historical Trends:

Geolocation: Consistently resolved to Hong Kong with moderate confidence (0.56)
Port Scanning: Multiple port scan events recorded, but no open ports discovered
Subnet Classification: Classified as "clean" with 0 abuse density in /24
Risk Evolution: No upward trend in risk indicators; stable low-risk profile

Signal Confidence: 0.30–0.70 (moderate confidence across signals)

---

## RELATIONSHIPS & ASSOCIATIONS

DNS Associations:

PTR Record: 192.158.220.35.bc.googleusercontent.com
Forward Resolved: 192.158.220.35.bc.googleusercontent.com
Domain: googleusercontent.com

Network Relationships:

Same Network: GOOGLE-CLOUD (multiple associations)
No cross-network threat correlations detected

---

## NEIGHBORHOOD ANALYSIS

Subnet: 35.220.158.192/24

Abuse Density: 0 (clean)
Active Siblings: 0
Threat Siblings: 0
Classification: Clean
Inherited Risk: 0

The /24 subnet shows no neighboring threat activity, indicating this IP operates in a trusted Google Cloud environment.

---

## RECOMMENDED ACTIONS

Security Action: No firewall rules or blocking recommended.

Rationale: The IP exhibits characteristics of legitimate Google Cloud infrastructure with no malicious indicators. No security actions recommended.

Firewall Rules: None generated (low-risk profile)

---

## SOC OPERATOR NOTES

This IP address represents legitimate Google Cloud Platform infrastructure located in Hong Kong. No threat indicators, blacklist entries, or malicious activity detected. The IP should be treated as trusted infrastructure. Monitor for any unexpected behavior or service exposure, but no immediate action required.

Confidence Level: High (based on provider reputation, clean neighborhood, and absence of threat indicators)

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇭🇰 Hong Kong
Region	HK
City	Hong Kong
Timezone	Asia/Hong_Kong
Latitude	22.31
Longitude	113.91

🏢 Ownership & Registration

Organization	Google LLC
ASN	AS396982
Network Name	GOOGLE-CLOUD
CIDR Block	35.208.0.0/12
RIR	ARIN
Country	United States
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	192.158.220.35.bc.googleusercontent.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`192.158.220.35.bc.googleusercontent.com`

🔐 DNS Hygiene

Hygiene Score	100% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	35%	2	3
routing	17%	1	1
services	24%	2	2
ownership	35%	2	3
reputation	17%	1	2
geolocation	17%	1	1
Overall	24%	9	12

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-06-09 20:27:30 UTC
Last Seen	2026-06-21 16:49:13 UTC
Profile Built	2026-06-21 16:52:03 UTC
Data Freshness	Live
Signal Types	21
Total Observations	23

🔍 21 signal types · 23 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

35.220.158.192📋 Copy