190.89.136.187
IP INTELLIGENCE BRIEFING: 190.89.136.187
Executive Summary
IP 190.89.136.187 is classified as High Risk (80/100) with a residential endpoint profile. The IP operates within a Brazilian ISP network (AS270368 - T. R. TELECOMUNICACOES LTDA) in Votuporanga, São Paulo. Despite lacking specific known attacker indicators, the IP shows concerning blacklist presence (4/8 DNSBL listings) and operates in a subnet with mixed abuse characteristics (34.34% abuse density).
---
Network Classification
- ASN: 270368 (T. R. TELECOMUNICACOES LTDA)
- CIDR Block: 190.89.136.0/23
- Network Role: Residential Endpoint
- Geolocation: Brazil (BR), São Paulo (SP), Votuporanga
- IP Classification: Residential, Non-Infrastructure
---
Threat Profile
- Risk Score: 80/100 (High Risk)
- Threat Indicators: No confirmed known campaigns or attacker signatures
- Blacklist Status: Listed on 4 of 8 DNSBL feeds
- Tor/Proxy: Negative (not a Tor exit node, proxy, or CDN)
- Abuse Confidence: Not scored; no specific abuse confidence data available
- Control Plane Issues: Route stability flagged as unstable; operator score minimal (0.1304)
---
Neighborhood Analysis
The parent subnet 190.89.136.0/24 exhibits mixed classification with elevated abuse activity:
- Total Siblings: 99
- Active Siblings: 35
- Threat Siblings: 34 (34.34% abuse density)
- Risk Distribution: High: 24, Medium: 71, Low: 5
- Inherited Risk Score: 13
The subnet demonstrates significant threat concentration with 34 IPs flagged as threats, indicating compromised or misused residential addresses within the same network block.
---
Observation History
14 observation signals tracked from June 2026. Key observations include:
- June 26, 2026: Multiple blacklist listings detected (3/8 total), high severity
- June 24, 2026: ASN routing confirmed (AS270368 - T. R. TELECOMUNICACOES LTDA, BR)
- June 6, 2026: Subnet analysis performed with 34 threat siblings identified; geolocation inference placed IP in Brazil with 2500km accuracy radius
Recent activity shows persistent listing activity with 3 of 8 DNSBL feeds flagging the IP.
---
Relationships
Limited relationship graph (11 connections) primarily linked to network identifier 378879. No certificate associations, hostname resolutions, or organizational links detected.
---
Recommended Actions
Based on risk profile and blacklist presence, the following security measures are recommended:
1. Monitor Traffic: Implement monitoring for outbound/inbound traffic patterns from this IP
2. DNSBL Verification: Confirm active blacklist listings and evaluate impact on reputation
3. Subnet Awareness: Consider blocking or rate-limiting the entire /24 subnet (190.89.136.0/24) due to 34.34% abuse density
4. Geolocation Validation: Verify the Brazilian geolocation claim through alternative means
5. Residential Endpoint Policy: Apply residential endpoint policies (potential for compromised home network, P2P activity, or botnet usage)
---
Intelligence Conclusion
This IP represents a residential endpoint in a moderately abused subnet with confirmed DNSBL presence. While lacking specific attack signatures, the combination of high risk score, blacklist listings, and neighborhood abuse density warrants defensive monitoring. The IP should be flagged for potential residential endpoint threat indicators (compromised device, malware distribution, or P2P activity).
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | T. R. TELECOMUNICACOES LTDA |
| ASN | AS270368 |
| Network Name | 378879 |
| CIDR Block | 190.89.136.0/23 |
| RIR | LACNIC |
| Country | BR |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Residential Endpoint |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 20% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 20% | 9 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 08:58:13 UTC |
| Last Seen | 2026-06-26 08:31:24 UTC |
| Profile Built | 2026-06-26 08:46:59 UTC |
| Data Freshness | Live |
| Signal Types | 15 |
| Total Observations | 21 |
Full dossier details are available via our API.