149.28.232.89
# IP INTELLIGENCE BRIEFING
Target IP: 149.28.232.89/32
Classification: Low Risk Infrastructure Asset
Date of Analysis: 2026-06-19
---
## EXECUTIVE SUMMARY
IP 149.28.232.89 is a low-risk cloud computing infrastructure address operated by Vultr Holdings, LLC (ASN 20473). The IP presents minimal threat characteristics with no active malicious indicators, blacklist presence, or attack campaign associations. The address operates as a firewalled cloud host with no open services detected.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **Risk Score** | 25 (Low Risk) |
| **Provider** | Vultr Holdings, LLC |
| **ASN** | 20473 |
| **Infrastructure Type** | CloudCompute / Hosting |
| **Geolocation** | US, NJ, Piscataway |
| **DNS Resolution** | 149.28.232.89.vultrusercontent.com |
| **Cloud Provider** | Vultr (Confirmed) |
Control Plane Data:
- BGP Prefix: 149.28.224.0/20
- Route Stability: False
- DNSBL Listed: 1 of 8 lists
- Operator Score: 0.1304 (Minimal)
---
## THREAT ASSESSMENT
Threat Indicators: None detected
- Not a Tor exit node
- Not a known attacker
- Not a spam source
- Blacklist count: 0
- No known campaign associations
Network Classification:
- Infrastructure Type: CloudCompute
- Hosting Service: Yes
- Proxy/VPN: No
- CDN: No
- Anycast: No
- Bogon: No
---
## OBSERVATION HISTORY
Signal History (23 observations):
- Most recent observation: 2026-06-19T12:46:48 UTC
- Risk assessment trend: Consistent "Minimal" classification
- Network role stability: Maintained as Vultr cloud infrastructure
- No persistent malicious behavior detected
Temporal Analysis:
- Ownership changes: 0
- Threat persistence days: 0
- Threat observation count: 1
- Persistently malicious: False
---
## GEOLOCATION ANALYSIS
Reported Location: US, New Jersey, Piscataway
Validation Status: β οΈ GEOLOCATION DISCREPANCY DETECTED
- geoPlausible: False
- Distance violation: 6,009 km reported vs. 25,000 km accuracy radius
- RTT violation: 23ms observed vs. minimum possible 120.2ms for reported distance
- Minimum RTT observed: 23ms
Implication: Reported geolocation appears inconsistent with network measurements. Actual origin location may differ from reported NJ/Piscataway coordinates.
---
## NEIGHBORHOOD ANALYSIS
Subnet: 149.28.232.0/24
Abuse Density: 0 (Clean)
Classification: mostly_clean
Threat Siblings: 0
Total Siblings: 1 active
The immediate /24 subnet shows no malicious activity. This IP is isolated from neighboring abuse indicators.
---
## RELATIONSHIP MAPPING
Relationships Identified: 38
- Primary associations: Same network (NET-149-28-232-0-23)
- Network relationships indicate clustering within Vultr's 149.28.0.0/16 allocation
---
## SERVICE ANALYSIS
Open Ports: None detected
TLS Certificates: None
HTTP Service: None (Firewalled / No Services)
Banner Detection: No response data available
---
## RECOMMENDATIONS
Security Actions: No immediate actions required
- Risk profile indicates legitimate cloud infrastructure
- No firewall rules necessary based on current threat indicators
- No blocking or rate-limiting recommendations
Monitoring Guidance:
- Monitor for service activation if this IP transitions from "Firewalled / No Services" state
- Track geolocation consistency if operational location changes
- Consider geo-validation in security tooling due to RTT/location discrepancy
---
## INTELLIGENCE CONCLUSION
IP 149.28.232.89 represents standard Vultr cloud infrastructure with no observed malicious activity. The IP is suitable for normal network operations but should be monitored for service activation. The geolocation discrepancy warrants awareness but does not indicate malicious behavior. No immediate defensive actions are required.
Confidence Level: High
Threat Classification: Low Risk
Action Required: None
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Vultr Holdings, LLC |
| ASN | AS20473 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 149.28.232.89.vultrusercontent.com |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 149.28.232.89.vultrusercontent.com |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 21% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-09 05:25:35 UTC |
| Last Seen | 2026-06-27 14:52:07 UTC |
| Profile Built | 2026-06-28 08:57:22 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 28 |
Full dossier details are available via our API.