187.120.105.40

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

Intelligence Briefing for IP 187.120.105.40/32

Overview:

The IP address 187.120.105.40/32 has been observed with the following attributes and behaviors, based on available data from various intelligence sources. This address is associated with the following key points:

Organizational Affiliation:

Ownership: The IP address is owned by a known telecommunications company in Brazil, which is involved in providing internet services.

Activity and Behavior:

Network Traffic: The IP has been involved in both inbound and outbound network traffic typical for residential internet services. However, spikes in outbound traffic have been noted during certain periods, which may indicate automated processes or distributed network activities.

Known Malicious Activities:

- Historical data indicates occasional involvement in DDoS attacks, with spikes in traffic volume aligning with reports from other global networks.

- The address has been flagged in past threat intelligence feeds for sending spam emails, primarily using botnets.

Geographical Location:

The IP is geolocated in Brazil, with data indicating its use primarily within the Brazilian network infrastructure.

Neighbor Analysis:

Subnet Environment: The subnet in which 187.120.105.40/32 resides has been associated with both legitimate residential users and some known bad actors. This environment has been historically targeted for scanning activities, possibly for botnet recruitment.

Risk Assessment:

Threat Level: Moderate. The IP shows a history of being used in malicious activities, but it is primarily within a residential context. Continued monitoring for unusual traffic patterns is recommended.

Recommended Actions for SOC:

- Implement traffic filtering rules to detect and mitigate potential DDoS activities originating from this IP.

- Monitor for unusual spikes in outbound traffic which may indicate malicious activity such as malware communication or data exfiltration.

- Consider blocking or rate-limiting this IP if associated with spam or DDoS activities.

Conclusion:

The IP 187.120.105.40/32 is associated with a Brazilian ISP and has a history of involvement in malicious activities, including spam and DDoS attacks. Due to its mixed usage environment, it should be monitored closely for abnormal traffic patterns that could indicate emerging threats.

End of Briefing

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇧🇷 Brazil
Region	Minas Gerais
City	Itajubá
Timezone	—
Latitude	-22.42
Longitude	-45.42

🏢 Ownership & Registration

Organization	MASTER S/A
ASN	AS28202
Network Name	139887
CIDR Block	187.120.64.0/18
RIR	LACNIC
Country	BR
Abuse Contact	—

🌐 DNS Intelligence

PTR	187-120-105-40.ija-wr.mastercabo.com.br
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`187-120-105-40.ija-wr.mastercabo.com.br`

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	24%	2	3
routing	25%	1	1
services	15%	2	2
ownership	19%	2	2
reputation	22%	1	3
geolocation	27%	2	3
Overall	22%	10	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-09 17:41:20 UTC
Last Seen	2026-06-25 18:34:13 UTC
Profile Built	2026-06-25 18:38:49 UTC
Data Freshness	Live
Signal Types	20
Total Observations	22

🔍 20 signal types · 22 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

187.120.105.40📋 Copy