# IP Intelligence Briefing: 190.89.137.151/32
Date: 2026-06-23
Classification: High Risk
Source: IPDebrief Intelligence Platform
---
## Executive Summary
IP 190.89.137.151 is a high-risk residential endpoint located in Votuporanga, São Paulo, Brazil, operating within a moderately abused subnet. The IP presents an elevated threat profile (Risk Score: 80/100) with multiple blacklist listings and is recommended for immediate blocking.
---
## Threat Profile
| Attribute | Value |
|---|---|
| **Risk Score** | 80 (High Risk) |
| **Reputation** | High Risk |
| **Abuse Density** | 14% (0.14) |
| **Blacklist Count** | 4 / 8 DNSBL lists |
| **Network Role** | Residential Web Server |
Ownership & Location:
- ASN: 270368 (T. R. TELECOMUNICACOES LTDA)
- CIDR Block: 190.89.136.0/23
- Country/Region: Brazil / São Paulo
- City: Votuporanga
- Registrar: LACNIC
Network Services:
- HTTP (80/tcp): Active
- HTTPS (443/tcp): Active
- Server Fingerprint: lighttpd/1.4.39
---
## Neighborhood Analysis
Subnet: 190.89.137.151/24
Total Siblings: 168 IPs
Active Siblings: 86
Threat Siblings: 69
Risk Distribution:
- High Risk: 14 IPs
- Medium Risk: 79 IPs
- Low Risk: 6 IPs
The subnet exhibits mixed classification with 41.07% abuse density, indicating legitimate infrastructure mixed with malicious activity. This IP's risk score exceeds neighborhood average, correlating with elevated threat indicators.
---
## Historical Observations
Observation Count: 23 signals
Latest Activity: 2026-06-23
Recent signals indicate:
- Multiple blacklist listings with high severity ratings
- ASN 270368 prefix confirmed (190.89.137.0/24)
- Operator classification: Minimal (0.1304)
- No persistent malicious campaign correlation detected
---
## Relationship Network
Total Relationships: 36
Primary Association: Network 378879 (190.89.136.0/23)
No external relationships detected to hostnames, organizations, or SSL certificates beyond network infrastructure.
---
## Recommended Actions
Immediate: Block Traffic
```bash
# iptables
iptables -A INPUT -s 190.89.137.151 -j DROP
# nftables
nft add rule inet filter input ip saddr 190.89.137.151 drop
# nginx
deny 190.89.137.151;
# pfSense
190.89.137.151/32
```
Enhanced Monitoring
```json
// Cloudflare WAF
{
"description": "Block 190.89.137.151 โ IPDebrief risk score 80",
"action": "block",
"filter": {
"expression": "ip.src eq 190.89.137.151"
}
}
// AWS WAF
{
"Addresses": ["190.89.137.151/32"],
"Description": "IPDebrief risk 80"
}
```
Additional Recommendations
- Increase logging verbosity for all traffic from this IP
- Monitor for lateral movement within the 190.89.137.0/24 subnet
- Review historical activity logs for any prior interactions
---
## Assessment
This IP represents a confirmed high-risk endpoint with residential infrastructure characteristics. The combination of residential classification, elevated risk score (80/100), multiple DNSBL listings, and location within a moderately abused subnet warrants immediate blocking and ongoing monitoring. The subnet's mixed risk profile suggests legitimate services coexist with malicious actors; however, this specific IP demonstrates clear threat indicators requiring defensive action.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | T. R. TELECOMUNICACOES LTDA |
| ASN | AS270368 |
| Network Name | 378879 |
| CIDR Block | 190.89.136.0/23 |
| RIR | LACNIC |
| Country | BR |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Web Server |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | lighttpd/1.4.39 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 17% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:03 UTC |
| Last Seen | 2026-06-23 02:19:34 UTC |
| Profile Built | 2026-06-23 02:30:10 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 24 |
Full dossier details are available via our API.