94.181.229.245
# IP INTELLIGENCE BRIEFING: 94.181.229.245/32
## Executive Summary
IP address 94.181.229.245 is registered to JSC "ER-Telecom Holding" Kirov Branch (ASN 41727) and is classified as a Residential Endpoint with a moderate risk score of 40. The IP is located in Kirov, Russia, within the Kaluga Oblast region. While no active threat campaigns or known attacker indicators were detected, the IP maintains a moderate risk posture due to DNSBL listings and should be monitored or blocked based on organizational threat tolerance.
## Ownership and Network Attribution
| Attribute | Value |
|---|---|
| ASN | 41727 |
| Organization | JSC "ER-Telecom Holding" Kirov Branch |
| RIR | RIPE |
| BGP Prefix | 94.181.228.0/22 |
| Network Classification | Residential Endpoint |
| ISP Type | Telecom Provider |
## Geolocation Data
| Attribute | Value |
|---|---|
| Country | Russia (RU) |
| Region | Kaluga Oblast |
| City | Kirov |
| Geolocation Method | Multi-signal inference |
| Accuracy Radius | 5,000 km |
| Confidence | 0.52 |
## Network Behavior and Services
- Open Ports: None detected
- DNS Resolution: PTR hostname `94x181x229x245.datakirov.com`
- Forward Resolution: Confirmed to `94x181x229x245.datakirov.com`
- Services: No active open services detected
- TLS/Certificates: None detected
## Threat Indicators
| Indicator | Status |
|---|---|
| Known Attacker | No |
| Tor Exit Node | No |
| Proxy/VPN | No |
| Spam Source | No |
| Blacklist Count | 0 |
| Campaign Matches | 0 |
| DNSBL Listed | 2 of 8 lists |
| Threat Persistence | Not persistently malicious |
## Risk Assessment
- Overall Risk Score: 40 (Moderate Risk)
- Provider Score: 0
- Authority Score: 0
- Stability: Moderate
- Abuse Density (Subnet): 1 (mostly clean)
- Inherited Risk: 2
- Neighborhood Status: 1 threat sibling detected in /24 subnet
## Relationship Graph Analysis
The IP maintains 52 identified relationships, primarily categorized as "Same Network" connections to the ERTH-KIROV network infrastructure. No certificate-based or hostname-based relationships were identified that would indicate association with known malicious infrastructure.
## Observation History
Signal observation history indicates consistent network infrastructure attribution to ASN 41727 since at least June 2026. Geolocation data has remained stable, with multi-signal inference consistently placing the IP in Russia. No significant threat signal escalations have been observed.
## Recommended Security Actions
Based on the IP's risk profile, the following firewall rules are recommended:
iptables
```bash
iptables -A INPUT -s 94.181.229.245 -j DROP
```
nftables
```bash
nft add rule inet filter input ip saddr 94.181.229.245 drop
```
nginx
```nginx
deny 94.181.229.245;
```
pfSense
```
94.181.229.245/32
```
Cloudflare WAF
```json
{"description":"Block 94.181.229.245 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 94.181.229.245"}}
```
AWS WAF
```json
{"Addresses":["94.181.229.245/32"],"Description":"IPDebrief risk 40"}
```
## Analyst Notes
The IP address 94.181.229.245 presents a moderate risk profile typical of residential endpoints associated with legitimate telecom infrastructure. The absence of open ports and known threat indicators suggests this IP may be monitoring residential traffic rather than actively hosting malicious services. However, the presence of DNSBL listings and the inherited risk score from the /24 subnet warrant defensive blocking or rate-limiting policies.
Organizations should consider:
1. Implementing the recommended firewall rules if the IP is not an expected business partner
2. Monitoring for any behavioral changes that might indicate compromise
3. Reviewing connection logs for anomalous activity patterns from this address
---
*This briefing was generated using IPDebrief intelligence platform data. All findings are based on observed network intelligence and should be correlated with additional threat indicators before operational action.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | JSC "ER-Telecom Holding" Kirov Branch |
| ASN | AS41727 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 94x181x229x245.datakirov.com |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 94x181x229x245.datakirov.com |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Residential Endpoint |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 20% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 02:52:10 UTC |
| Last Seen | 2026-06-26 07:35:58 UTC |
| Profile Built | 2026-06-26 07:42:49 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.