IP Threat Intelligence Briefing: 2.89.131.199
Date: 2026-06-08
---
**1. Core Profile**
- Risk Score: 55/100 (Moderate Risk)
- Ownership:
- ASN: 25019
- Organization: SAUDINET-STC (Saudi Telecom Company)
- CIDR: 2.89.0.0/16
- Geolocation:
- Country: Saudi Arabia (SA)
- Region: Eastern Province
- City: Dammam
- Coordinates: Unknown (null)
- Network Role:
- Mobile Carrier: STC (LTE/5G)
- Infrastructure: Firewalled / No Services
---
**2. Threat Indicators**
- Malicious Activity: None detected (no indicators, spam, or campaigns).
- DNS & Services:
- No open ports, TLS certs, or HTTP services identified.
- No SPF/DKIM email auth configured.
- BGP & Routing:
- AS Path: 25019 (SAUDINETSTC-AS)
- Route Stability: Unstable (route changes detected).
---
**3. Observation History**
- Recent Activity:
- Low-confidence geolocation inferred (Dammam, SA).
- Minimal operator risk score (0.13).
- No persistent threat observations.
- Temporal Trends: No significant changes in ownership or threat signals.
---
**4. Network Relationships**
- Subnet: 2.89.131.199/24 (clean, no abuse density).
- Neighbors: No active or malicious sibling IPs in the subnet.
- Links:
- Associated with SAUDINET_DSL_POOL (same network).
---
**5. Recommended Actions**
- Monitoring:
- Increase logging verbosity for this IP due to moderate risk.
- Validate geolocation context (Saudi Arabia, mobile carrier).
- Firewall Rules:
- iptables: `iptables -A INPUT -s 2.89.131.199 -j DROP`
- Cloudflare WAF: Block IP with rule: `ip.src eq 2.89.131.199`
- AWS WAF: Add `2.89.131.199/32` to IP set.
---
**6. Summary**
The IP 2.89.131.199 is associated with Saudi Telecom Company (STC) and operates as a mobile LTE/5G network. While no direct malicious activity is detected, its moderate risk score and lack of service visibility warrant monitoring. SOC teams should validate geolocation context and consider blocking the IP if it persists in traffic. No immediate action is required, but ongoing observation is advised.
Product: IPDebrief | Copyright: © 2026 Jason Alberino. All rights reserved.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | SAUDINET-STC |
| ASN | AS25019 |
| Network Name | SAUDINET_DSL_POOL |
| CIDR Block | 2.89.0.0/16 |
| RIR | RIPE |
| Country | SA |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 43% | 2 | 4 |
| routing | 17% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 20% | 1 | 2 |
| geolocation | 21% | 2 | 2 |
| Overall | 24% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-19 09:37:13 UTC |
| Last Seen | 2026-06-13 03:45:24 UTC |
| Profile Built | 2026-06-13 03:38:55 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 21 |
Full dossier details are available via our API.