IP Intelligence Briefing: 89.216.74.35
Date: 2026-06-07
---
**1. Core Profile**
- Risk Score: 70 (High Risk)
- Ownership: Registered to Petar Zivanovic (ASN 31042, Serbia).
- Geolocation: Sombor, Vojvodina, Serbia (45.78°N, 19.11°E).
- Network Role: Firewalled / No Services; no CDN, VPN, or mobile carrier associations.
- Threat Indicators:
- Listed in 4/8 DNS blacklists (DNSBL).
- No direct malware, phishing, or exploit indicators.
- No known attacker/campaign associations.
---
**2. Historical Observations**
- Recent Activity:
- DNSBL listings (5/8 total lists) observed within 30 days.
- Network prefix 89.216.0.0/17 linked to Yettel d.o.o. (Serbia).
- Operator risk score: 0.13 (Minimal).
- Stability: Subnet 89.216.74.0/24 shows no abuse density or active neighbors.
---
**3. Network Relationships**
- Shared Network: Linked to TELEDOT-NET (same owner, Petar Zivanovic).
- No Subnet Peers: No neighboring IPs in the /24 subnet reported.
---
**4. Threat Context**
- DNSBL Listings: 4/8 DNS blacklists (e.g., Spamhaus, OpenDNS) suggest potential spam or malicious activity.
- Geolocation Plausibility: IP is geolocated to Serbia, aligning with ownership.
- No Active Scans: No open ports, TLS certs, or HTTP services detected.
---
**5. Recommended Actions**
1. Monitor DNSBL Listings: Investigate why the IP is listed in 4 DNS blacklists.
2. Check Email Headers: Verify SPF/DKIM alignment for domains associated with this IP.
3. Isolate Network: Consider blocking the IP in firewalls due to high risk score and DNSBL history.
4. Verify Ownership: Confirm Petar Zivanovicβs legitimacy and check for abuse reports via RDAP.
---
Conclusion: This IP is registered to a Serbian individual and flagged in multiple DNS blacklists, suggesting potential spam or malicious use. While no direct threats are detected, the DNSBL listings warrant further investigation. SOC teams should monitor for unusual activity and consider blocking the IP to mitigate risk.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Petar Zivanovic |
| ASN | AS31042 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 30% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 13% | 1 | 1 |
| Overall | 17% | 8 | 10 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-15 20:48:40 UTC |
| Last Seen | 2026-06-19 11:34:23 UTC |
| Profile Built | 2026-06-07 18:17:42 UTC |
| Data Freshness | Live |
| Signal Types | 13 |
| Total Observations | 13 |
Full dossier details are available via our API.