199.168.89.92
IP Intelligence Briefing: 199.168.89.92
Date: 2026-06-08
---
**1. Core Profile**
- Risk Score: 0 (Low Risk)
- Provider: Deteque (ARIN-registered)
- Geolocation: United States (latitude 37.75, longitude -97.82)
- Network Role: Firewalled / No Services (no open ports, TLS, or HTTP detected)
- Threat Indicators: No malicious campaigns, blacklists, or known attackers linked.
---
**2. Observation History**
- Recent Activity (2026-06-08):
- DNS Associations: Timed-out queries to `192.168.2.108` (likely internal/ misconfigured DNS).
- Spamhaus.net Listings: Confirmed via SPF record (`v=spf1 a:mail-out.spamhaus.org ~all`), but no active abuse detected.
- Network Prefix: Assigned to Deteque (AS 54054), with no recent route changes.
---
**3. Relationships**
- Network Affiliation:
- Same network as Deteque (AS 54054).
- DNS/Email Security:
- SPF record present but no DMARC or CAA records.
- No email reputation violations.
- DNS Issues:
- Multiple failed DNS resolution attempts to internal IPs (e.g., `192.168.2.108`).
---
**4. Neighborhood Analysis**
- Subnet: `199.168.89.92/24`
- Neighbor Risk Scores:
- 3 IPs (199.168.89.88, 199.168.89.89, 199.168.89.90): Low risk (score 0).
- 1 IP (199.168.89.101): Medium risk (score 25).
- Subnet Abuse Density: 0 (no malicious activity detected).
---
**5. Recommendations**
- Monitor DNS Configuration: Investigate timed-out DNS queries to internal IPs (e.g., `192.168.2.108`) for potential misconfigurations or internal network leaks.
- Check Neighbor 199.168.89.101: Review its risk profile and network activity, as it shows elevated risk.
- Email Security: Ensure DMARC and CAA records are implemented to strengthen email security.
- Network Segmentation: Confirm firewalled subnets (e.g., `199.168.89.0/24`) are isolated from public-facing infrastructure.
Conclusion: The IP itself is low risk, but DNS anomalies and a neighboring IP with medium risk suggest further investigation into network hygiene and internal DNS health.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Deteque |
| ASN | AS54054 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | dbl-dqs.blt.spamhaus.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | dbl-dqs.blt.spamhaus.net |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 2 |
| routing | 19% | 1 | 2 |
| services | 19% | 1 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 13% | 1 | 1 |
| Overall | 20% | 8 | 12 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-17 15:12:42 UTC |
| Last Seen | 2026-06-08 08:08:42 UTC |
| Profile Built | 2026-06-08 08:18:34 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 20 |
Full dossier details are available via our API.