89.181.112.232

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 89.181.112.232

## Executive Summary

IP address 89.181.112.232 presents moderate risk (score: 40) with classification as a firewalled endpoint showing no active services. The IP resolves to Portugal (PT) under ASN 2860 (IP-MNT) within the RIPE region. No active threat indicators or known malicious campaigns were identified.

## Technical Profile

Risk Score: 40 (Moderate Risk)
ASN: 2860 (IP-MNT)
Location: Portugal (39.4°N, -8.22°W)
Network Role: Firewalled / No Services Detected
DNS Resolution: 89-181-112-232.net.novis.pt (novis.pt)
PTR Record: Forward confirmed
DNSBL Status: Listed on 2 of 8 total blacklists

## Observations & History

Analysis retrieved 23 observation records. Recent monitoring from June 2026 captured routing stability signals with operator scores between 0.26-0.39. The IP demonstrated stable ownership (0 ownership changes) and consistent network routing. No persistent malicious behavior patterns emerged across the observation window.

## Network Context

Subnet: 89.181.112.232/24
Abuse Density: 0 (clean)
Threat Siblings: 0
Total Siblings: 1 (1 active)

The /24 subnet maintains a clean classification with no inherited risk signals. The IP operates within a stable BGP prefix (89.181.0.0/16) with 11,826 days of RIR registration.

## Threat Indicators

Tor Exit Node: No
Known Attacker: No
Spam Source: No
Campaign Correlations: 0
Certificate Matches: 0

## Network Relationships

36 relationship records identified, primarily showing same-network associations with NOS infrastructure. No cross-network or organizational relationships detected.

## Recommended Actions

Firewall rules provided for multiple platforms based on risk profile:

iptables: `iptables -A INPUT -s 89.181.112.232 -j DROP`
nftables: `nft add rule inet filter input ip saddr 89.181.112.232 drop`
nginx: `deny 89.181.112.232;`
pfSense: Block 89.181.112.232/32
Cloudflare WAF: Block with expression `ip.src eq 89.181.112.232`
AWS WAF: Block address 89.181.112.232/32

*Note: Recommendations should be combined with additional threat intelligence signals before implementation.*

## Assessment

The IP address demonstrates moderate risk characteristics primarily driven by DNSBL listings and operator scoring. The endpoint appears inactive (firewalled) with no evidence of active threat generation. Recommend monitoring for service activation or increased abuse density in the /24 subnet.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇵🇹 Portugal
Region	—
City	—
Timezone	Europe/Lisbon
Latitude	39.40
Longitude	-8.22

🏢 Ownership & Registration

Organization	IP-MNT
ASN	AS2860
Network Name	—
CIDR Block	89.181.0.0/16
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	89-181-112-232.net.novis.pt
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`89-181-112-232.net.novis.pt`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	4
routing	27%	2	3
services	24%	2	3
ownership	27%	3	4
reputation	24%	1	4
geolocation	19%	2	2
Overall	25%	12	20

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-08 11:10:54 UTC
Last Seen	2026-06-25 07:35:56 UTC
Profile Built	2026-06-25 07:50:59 UTC
Data Freshness	Live
Signal Types	23
Total Observations	28

🔍 23 signal types · 28 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

89.181.112.232📋 Copy