94.134.104.191
# IP INTELLIGENCE BRIEFING: 94.134.104.191
Date: Current Intelligence Cycle
Classification: Defensive Intelligence
Status: Low Risk โ Monitor
---
## EXECUTIVE SUMMARY
IP address 94.134.104.191 is a low-risk residential/infrastructure endpoint associated with 1&1 Versatel GmbH. The IP demonstrates minimal threat activity with a risk score of 25/100 and no active threat indicators. No immediate defensive action required, but neighborhood context warrants awareness of mixed-abuse subnet environment.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **Organization** | 1&1 Versatel GmbH |
| **ASN** | 8881 |
| **Network Block** | 94.134.104.0/24 |
| **Geolocation** | Rostock, Mecklenburg-Vorpommern, Germany (DE) |
| **RIR** | RIPE |
| **DNS PTR** | i5E8668BF.versanet.de |
| **Forward Resolution** | versanet.de |
Network Classification: Firewalled/No services detected. No CDN, proxy, Tor, or hosting infrastructure indicators.
---
## THREAT POSTURE
| Indicator | Status |
|---|---|
| Risk Score | 25/100 (Low) |
| Abuse Confidence | N/A |
| Blacklist Count | 0 |
| Is Known Attacker | No |
| Is Spam Source | No |
| Is Tor Exit | No |
| Threat Persistence | N/A (1 threat observation) |
| DNSBL Listings | 1 of 8 lists |
Threat Indicators: None detected. No active campaigns, threat feeds, or reputation sources flagged.
---
## OBSERVATION HISTORY
Total Observations: 19 signals tracked
Recent Activity:
- 2026-06-24: Subnet classification confirmed (mixed), geolocation validated (DE), minimal threat signals
- 2026-06-03: Initial classification scan (not CDN/Tor/proxy/residential)
Temporal Analysis: No persistent malicious behavior detected. Ownership changes: 0. Threat observation count: 1.
---
## NEIGHBORHOOD CONTEXT
Subnet: 94.134.104.0/24
Abuse Density: 0.3333 (Mixed classification)
Sibling IPs Analyzed: 6 total
| Neighbor IP | Risk Score | Authority Score |
|---|---|---|
| 94.134.104.29 | 25 | 60 |
| 94.134.104.63 | 25 | 60 |
| 94.134.104.137 | 25 | 60 |
| 94.134.104.155 | 25 | 60 |
| 94.134.104.159 | 25 | 60 |
Assessment: All 5 analyzed neighbors show low-risk profiles consistent with the target IP. Subnet exhibits mixed classification with inherited risk score of 5.
---
## NETWORK RELATIONSHIPS
Total Relationships: 23
Primary Associations:
- Network: DE-VERSATEL-20080807 (Multiple same-network links)
- DNS: i5E8668BF.versanet.de (Multiple hostname associations)
Network Stability: Route stable (0 changes in 30 days). BGP prefix: 94.134.96.0/20.
---
## SECURITY RECOMMENDATIONS
Immediate Actions: None required
Monitoring: Standard traffic monitoring recommended due to mixed-abuse subnet context
Firewall Rules: No specific rules generated (low risk profile)
---
## ANALYST NOTES
The target IP is part of a residential/ISP network infrastructure with low-risk characteristics. While the immediate threat posture is benign, the subnet's 33% abuse density suggests defensive teams should monitor for lateral movement or compromise indicators. The 1&1 Versatel infrastructure is legitimate but should be treated with standard ISP traffic expectations.
Confidence Level: High โ Based on 19 observations and comprehensive profile analysis.
Recommended Actions: Continue monitoring. No blocking or alerting required at this time.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | 1&1 Versatel GmbH |
| ASN | AS8881 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | i5E8668BF.versanet.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | i5E8668BF.versanet.de |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 4 |
| geolocation | 30% | 2 | 4 |
| Overall | 22% | 9 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:43 UTC |
| Last Seen | 2026-06-24 01:45:01 UTC |
| Profile Built | 2026-06-24 02:18:48 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 21 |
Full dossier details are available via our API.