91.8.95.209
IP Intelligence Briefing: 91.8.95.209
Date: 2026-06-13
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Geolocation: New York, NY, US (Residential)
- Ownership: Unregistered ASN/org (ASN: null, Org: null)
- Threat Indicators: No malicious activity detected (no spam, attacks, or known campaigns).
- Network Role: Firewalled system with no open ports/services.
- DNS: Resolves to `p5b085fd1.dip0.t-ipconnect.de` (PTR confirmed).
- BGP: Origin ASN 3320 (Deutsche Telekom), route stable.
- DNSSEC: Valid, no CAA records.
---
**2. Observation History**
- Latest Signals (30d):
- DNSSEC validity (0.5 confidence).
- 1 DNSBL listing (low severity).
- No persistent threats or ownership changes.
- Trend: Stable low-risk profile; no escalation detected.
---
**3. Relationships**
- DNS: Linked to `t-ipconnect.de` (PTR hostname).
- No other relationships (no subnets, organizations, or certificates tied).
---
**4. Neighborhood Analysis**
- Subnet: 91.8.95.0/24 (no active neighbors reported).
- Abuse Density: 0% (isolated IP).
- Potential Concern: Missing subnet siblings may indicate incomplete data or a highly restricted network.
---
**5. Security Actions**
- Recommendations:
- No immediate firewall rules required.
- Monitor DNS resolution for `t-ipconnect.de` for anomalies.
- Verify ownership details (missing ASN/org may indicate residential or unregistered IP).
---
**6. Summary**
The IP 91.8.95.209 is a low-risk residential address with no active threats. While DNSSEC is valid and no malicious activity is detected, the lack of subnet neighbors and unregistered ownership warrants further investigation. SOC teams should monitor for unexpected DNS changes or new threat indicators.
Next Steps:
- Validate ownership via WHOIS or network provider.
- Check `t-ipconnect.de` for potential DNS-based threats.
- Ensure DNS monitoring for unusual resolution patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | DTAG-NIC |
| ASN | AS3320 |
| Network Name | DTAG-DIAL22 |
| CIDR Block | 91.0.0.0/12 |
| RIR | RIPE |
| Country | DE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | p5b085fd1.dip0.t-ipconnect.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | p5b085fd1.dip0.t-ipconnect.de |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 1 | 1 |
| routing | 25% | 1 | 1 |
| services | 25% | 1 | 1 |
| ownership | 0% | 0 | 0 |
| reputation | 0% | 0 | 0 |
| geolocation | 0% | 0 | 0 |
| Overall | 12% | 3 | 3 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-07 01:47:35 UTC |
| Last Seen | 2026-06-13 18:09:56 UTC |
| Profile Built | 2026-06-13 18:18:29 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 17 |
Full dossier details are available via our API.