# IP Intelligence Briefing: 128.65.104.94/32
## Executive Summary
IP address 128.65.104.94 is associated with BA-TELEMACH (Telemach BH d.o.o.) in Sarajevo, Bosnia and Herzegovina. Current risk assessment indicates Low Risk (Score: 25). The IP demonstrates stable ownership characteristics with no active malicious indicators, though it maintains a minimal DNSBL listing.
## Ownership and Infrastructure
- ASN: 42560 (BA-TELEMACH-AS)
- Organization: Telemach BH d.o.o.
- Location: Sarajevo, Federation of Bosnia and Herzegovina (BA)
- BGP Prefix: 128.65.104.0/21
- Registration: Allocated 2011-10-06 (RIR: RIPE NCC)
## Threat Assessment
The IP exhibits minimal threat characteristics:
- Risk Score: 25 (Low Risk)
- Abuse Confidence: Not elevated
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 1 DNSBL listing out of 8 total checked
The IP has no known campaigns, threat indicators, or correlated malicious activity. Control plane analysis shows the route is not stable (isRouteStable: false) but demonstrates minimal operator risk.
## Network Activity and Services
- Service Status: Firewalled / No Services
- Open Ports: None detected
- TLS Certificates: Not present
- DNS Resolution: Forward confirmed = false; no PTR records
- Email Authentication: No SPF or DMARC records configured
The absence of open services suggests this IP may be used for infrastructure purposes or is actively firewalled, which reduces exposure to direct attacks.
## Historical Observation
Fourteen observations recorded over the monitoring period show:
- Recent Activity: 2026-06-05 (multiple signals including ASN confirmation, operator scoring, and network scan data)
- Earlier Activity: 2026-05-30 (geolocation data)
- Ownership Changes: None (0)
- Threat Persistence Days: 0 (not persistently malicious)
- Threat Observation Count: 1
The IP demonstrates temporal stability with consistent ownership and geolocation attributes.
## Network Relationships and Neighborhood
- Relationships: 11 relationships identified, all linked to TELEMACH-BH network
- Subnet Analysis (128.65.104.0/24):
- Abuse Density: Minimal (0-1)
- Classification: Mostly clean
- Sibling Count: 1 threat sibling detected in neighborhood
- Risk Distribution: No high or medium risk neighbors detected
## Recommended Actions
Based on current risk profile, the IP does not require immediate blocking. However, SOC teams should:
1. Monitor for service activation (new open ports)
2. Verify any outbound traffic patterns against baseline
3. Track any changes to DNSBL status
4. Correlate with Telemach BH infrastructure for context
## Conclusion
IP 128.65.104.94 represents a legitimate infrastructure asset with minimal threat indicators. The absence of active services, combined with stable ownership history and low-risk classification, supports continued monitoring rather than restrictive action. No immediate security threats identified.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | BA-TELEMACH |
| ASN | AS42560 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 13% | 1 | 1 |
| Overall | 18% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 10:13:08 UTC |
| Last Seen | 2026-06-26 00:04:49 UTC |
| Profile Built | 2026-06-26 00:12:24 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 16 |
Full dossier details are available via our API.