35.254.159.27

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 35.254.159.27/32

Classification: LOW RISK - GOOGLE CLOUD INFRASTRUCTURE

Report Date: 2026-06-20

---

## EXECUTIVE SUMMARY

IP address 35.254.159.27 is identified as Google Cloud infrastructure with a low-risk profile (Risk Score: 25). The IP is properly associated with Google LLC (AS396982) and operates within the Google Cloud Platform's Council Bluffs, IA data center footprint. No active threat indicators, malicious activity, or attack campaigns were detected.

---

## TECHNICAL PROFILE

Attribute	Value
Risk Score	25 (Low Risk)
Provider	Google LLC (AS396982)
Infrastructure	Google Cloud Platform
Geolocation	Council Bluffs, IA, US
CIDR Block	35.254.0.0/16
Service Classification	Firewalled / No Services
DNS Reputation	SPF: Yes, DMARC: Yes

---

## THREAT ASSESSMENT

Threat Indicators: None detected

No known attacker activity
No spam source designation
No Tor exit node functionality
No proxy services
No hosting services

Blacklist Status: Minimal exposure (1 of 8 DNSBL lists)

Campaign Association: None identified

Correlated Malicious IPs: 0

---

## INFRASTRUCTURE ANALYSIS

The IP resolves to `27.159.254.35.bc.googleusercontent.com`, confirming legitimate Google Cloud usage. Control plane analysis indicates:

Operator Score: 0.3478 (Basic)
Route Stability: Unstable (route changes observed)
DNSSEC: Valid
RPKI State: Available via RDAP

Network Role: Google Cloud compute infrastructure with standard security controls. The IP is not classified as a CDN, VPN, proxy, or Tor exit node.

---

## HISTORICAL OBSERVATIONS

Twenty-one signal observations tracked between 2026-06-10 and 2026-06-20 demonstrate consistent operational characteristics:

Cloud Classification: Consistent Google Cloud identification across all observations
Geographic Consistency: Council Bluffs, IA location maintained throughout observation period
Risk Trend: No degradation in risk profile over time
Persistence: Zero threat persistence days (no persistent malicious activity)

---

## NEIGHBORHOOD CONTEXT

Subnet: 35.254.159.27/24

Abuse Density: 0.0 (Clean)

Classification: Mostly Clean

Inherited Risk: 2 (Minimal)

No neighboring IPs in the /24 subnet returned for analysis, suggesting either subnet isolation or data collection limitations. The subnet shows no concentration of malicious activity.

---

## RELATIONSHIP MAPPING

Thirty-three relationship entities identified:

DNS Associations: Multiple googleusercontent.com hostnames
Network Relationships: GOOGL-2 network designation
Organizational Links: Google LLC infrastructure

---

## SOC ANALYST RECOMMENDATIONS

Action Required: None

Firewall Policy: Permit traffic (legitimate Google Cloud infrastructure)

Monitoring Level: Standard (no elevated threat indicators)

Threat Intelligence: No enrichment required

Note: The single DNSBL listing appears to be a false positive or historical artifact given the consistent Google Cloud classification across all observations. No blocking action recommended.

---

END OF BRIEFING

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	IA
City	Council Bluffs
Timezone	America/Chicago
Latitude	41.26
Longitude	-95.85

🏢 Ownership & Registration

Organization	Google LLC
ASN	AS396982
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	27.159.254.35.bc.googleusercontent.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`27.159.254.35.bc.googleusercontent.com`

🔐 DNS Hygiene

Hygiene Score	100% (Excellent)
SPF	1/4 domains
DMARC	1/4 domains
FCrDNS	Verified
DNSSEC	Valid
CAA	Present
Domains Checked	4 domains

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
443	https	tcp	—
Closed Ports	22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

CN=34.121.31.114

Issued by CN=332f6472-c5d3-45ab-aa16-20f076b666a4

Self-signed: No

SANs	kuberneteskubernetes.defaultkubernetes.default.svckubernetes.default.svc.cluster.local
Valid From	2026-06-13T20:18:35+00:00
Valid Until	2027-06-13T20:20:35+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_128_GCM_SHA256
Signature Algorithm	sha256RSA
Validity Period	365 days
Serial Number	00B730CC9156BEA6A730C000E034457EEF
Thumbprint	D2B14E6045845AB9A5DD0CD88A0D2FAE0711170E

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	4
routing	22%	1	1
services	24%	2	3
ownership	24%	2	3
reputation	26%	1	3
geolocation	33%	2	3
Overall	26%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-23 00:20:31 UTC
Last Seen	2026-06-28 20:18:45 UTC
Profile Built	2026-06-29 02:22:39 UTC
Data Freshness	Live
Signal Types	22
Total Observations	26

🔍 22 signal types · 26 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

35.254.159.27📋 Copy