190.89.137.139
# IP INTELLIGENCE BRIEFING: 190.89.137.139
Classification: Moderate Risk / Web Server
Generated: Current Intelligence Cycle
Status: Actionable Intelligence for SOC Review
---
## EXECUTIVE SUMMARY
IP 190.89.137.139 presents moderate risk (score: 55/100) as a web server infrastructure endpoint within the T. R. TELECOMUNICACOES LTDA network. The IP operates as a residential-classified web server with elevated neighborhood abuse density, warranting enhanced monitoring and defensive controls.
---
## OWNERSHIP & GEOLOCATION
- Organization: T. R. TELECOMUNICACOES LTDA (ASN 270368)
- CIDR Block: 190.89.136.0/23
- Geolocation: Brazil (SP), Votuporanga
- Classification: Residential, Web Server
- Open Services: HTTP (80), HTTPS (443)
- Server Banner: lighttpd/1.4.39
---
## THREAT ASSESSMENT
Current Risk Score: 55/100 (Moderate)
Threat Indicators:
- No active threat indicators or known campaigns
- Not flagged as Tor exit node, known attacker, or spam source
- Blacklist count: 0 (current)
- Control Plane Anomaly: 3 DNSBL listings detected (out of 8 total lists)
Control Plane Observations:
- Route stability: False (isRouteStable)
- BGP Prefix: 190.89.137.0/24
- Operator Score: 0.1304 (Minimal)
- RPKI State: Not evaluated
- DNSSEC Valid: True
---
## NEIGHBORHOOD ANALYSIS
Subnet: 190.89.137.0/24
- Abuse Density: 0.4348 (Moderate-High)
- Total Siblings: 161
- Active Siblings: 64
- Threat Siblings: 70
- Risk Distribution: 25 High (24.8%), 66 Medium (65.3%), 9 Low (8.9%)
Assessment: This IP operates within a subnet exhibiting mixed classification with significant abuse density. The 70 threat siblings indicate coordinated or related malicious activity in the immediate network environment.
---
## OBSERVATION HISTORY (18 Records)
Recent signal observations indicate:
- Geolocation: Country-level inference (Brazil) with 52% confidence; RTT validation failures detected (observed 143ms vs minimum possible 195.5ms for 9774km distance)
- Earlier Classification (2026-06-14): Flagged as residential infrastructure
- Threat Persistence: 0 days observed
- Ownership Changes: 0 recorded
Key Anomaly: Multiple RTT violations suggest either geolocation spoofing or measurement inconsistencies that warrant further validation.
---
## RECOMMENDED ACTIONS
Priority: HIGH
1. Immediate Monitoring: Increase logging verbosity and review recent activity from this IP due to elevated risk score (55/100)
2. Firewall Implementation:
```bash
# iptables
iptables -A INPUT -s 190.89.137.139 -j DROP
# nftables
nft add rule inet filter input ip saddr 190.89.137.139 drop
```
3. WAF/Cloud Rules: Implement blocking rules for Cloudflare WAF and AWS WAF with description: "IPDebrief risk 55"
4. Contextual Review: Evaluate activity against the 70 threat siblings in the 190.89.137.0/24 subnet for potential campaign correlation
---
## INTELLIGENCE CONTEXT
This IP represents infrastructure within a telecommunications operator's network (T. R. TELECOMUNICACOES LTDA). The moderate risk classification combined with the high abuse density in the immediate subnet suggests this endpoint may be part of a larger attack surface requiring defensive posture adjustment. The residential classification despite being a web server may indicate compromised consumer infrastructure or unsecured hosting arrangements.
Recommendation: Implement monitoring controls pending further correlation with threat intelligence feeds and neighborhood analysis.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | T. R. TELECOMUNICACOES LTDA |
| ASN | AS270368 |
| Network Name | 378879 |
| CIDR Block | 190.89.136.0/23 |
| RIR | LACNIC |
| Country | BR |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Web Server |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | lighttpd/1.4.39 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 13% | 1 | 2 |
| geolocation | 42% | 2 | 3 |
| Overall | 21% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 09:40:48 UTC |
| Last Seen | 2026-06-26 16:42:01 UTC |
| Profile Built | 2026-06-26 16:56:49 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 26 |
Full dossier details are available via our API.