89.251.0.187

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IP Intelligence Briefing: 89.251.0.187

Classification: LOW RISK / MINIMAL THREAT PROFILE

---

Executive Summary

IP address 89.251.0.187 is associated with AS41564 (VPN Consumer Toronto, Canada) and presents a low-risk profile (risk score: 25). The IP is currently firewalled with no open services, no active DNS resolution, and no known threat indicators. While historical data indicates some geolocation inconsistencies and transient blacklist activity, current operational state shows minimal threat exposure.

---

Network Attribution

ASN: AS41564
Organization: VPN Consumer Toronto, Canada
BGP Prefix: 89.251.0.0/24
Geolocation: Toronto, Ontario, Canada (consensus: true)
Route Stability: False (route changes detected in past 30 days)

Threat Indicators

Risk Score: 25 (Low Risk)
Known Campaigns: None
Blacklist Status: Currently unlisted
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Threat Feeds: No active indicators

Operational State

Infrastructure Type: Unknown (not classified as cloud, CDN, VPN, proxy, or hosting)
Services: Firewalled / No services detected
Open Ports: None
DNS Resolution: No forward resolution, no PTR records
Email Reputation: No email services detected

Neighborhood Analysis (89.251.0.0/24)

Subnet Size: 43 active sibling IPs
Abuse Density: 13.95% (0.1395)
Risk Distribution: 46 low-risk, 1 medium-risk, 0 high-risk
Threat Siblings: 6 identified threat IPs within subnet
Classification: Mostly clean subnet

Historical Observations

Analysis of 18 historical observations reveals:

Most Recent (2026-06-24): Minimal risk score (0), operator score (0)
Geolocation Consistency: Mixed signals—Toronto, CA (current) vs. Auckland, NZ (historical)
Blacklisting Activity: One observation on 2026-06-03 showed listing across 8 blacklists (categories omitted), but current status is clean
Signal Confidence: Varied between 0.19–0.85 across observations
Threat Persistence: Single threat observation; not persistently malicious

Relationship Graph

13 relationship entries all link to network identifier TORONTO-CA-89-251-0-0, indicating consistent network attribution.

---

Recommended Actions

Firewall Rule: No immediate blocking recommended
Monitoring: Continue passive observation
Investigation Priority: LOW
Context: IP is part of a mostly clean subnet with low abuse density; current firewalled state suggests no active malicious service

---

Conclusion

IP 89.251.0.187 is a low-risk address with no current threat indicators. The subnet shows moderate abuse density (13.95%), but the target IP is not among the identified threat siblings. Historical transient blacklist activity appears resolved. Recommend standard monitoring without additional investigative action.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇨🇦 Canada
Region	AUK
City	Auckland
Timezone	—
Latitude	43.71
Longitude	-79.41

🏢 Ownership & Registration

Organization	VPN Consumer Toronto, Canada
ASN	AS41564
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	3
routing	13%	1	1
services	8%	1	1
ownership	24%	2	3
reputation	22%	1	3
geolocation	19%	2	2
Overall	19%	9	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:41 UTC
Last Seen	2026-06-24 00:34:46 UTC
Profile Built	2026-06-24 01:20:10 UTC
Data Freshness	Live
Signal Types	19
Total Observations	19

🔍 19 signal types · 19 observations collected

This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

89.251.0.187📋 Copy