187.120.72.87📋 Copy

# IP Intelligence Briefing: 187.120.72.87

Classification: Moderate Risk (Score: 55/100)

Date: Current analysis period

Origin: LACNIC (Brazil)

---

## Executive Summary

IP address 187.120.72.87 presents a moderate risk profile with a risk score of 55/100. The IP belongs to MASTER S/A (ASN 28202) within the 187.120.64.0/18 CIDR block, located in Delfim Moreira, Minas Gerais, Brazil. The network role is classified as "Firewalled / No Services" with no open ports detected. The IP shows elevated risk due to DNSBL listings on 3 of 8 total lists and operates within a subnet exhibiting moderate abuse density (0.425).

---

## Ownership and Geolocation

• Organization: MASTER S/A
• ASN: 28202
• Network Block: 187.120.64.0/18
• Country: Brazil (BR)
• Region: Minas Gerais
• City: Delfim Moreira
• RIR: LACNIC
• Registration Date: Not available in current data
• Control Plane: Origin ASN 28202, BGP prefix 187.120.72.0/24, 1 route change in past 30 days, route stability flagged as false

---

## Network and DNS Analysis

• DNS PTR: 187-120-72-87.pso-fb.mastercabo.com.br
• Forward Resolution: Confirmed to 187-120-72-87.pso-fb.mastercabo.com.br
• Services: No open ports detected, no TLS certificates, no HTTP services
• Email Authentication: SPF and DMARC records not configured
• Fingerprinting: No HTTP/2, HSTS, or CSP headers detected
• Traceroute: 19 hops to final destination, 139.6ms RTT at last hop

---

## Threat Intelligence

• Abuse Confidence Score: Not available
• Blacklist Status: 0 blacklist entries
• Known Attacker: No
• Tor Exit Node: No
• Known Campaigns: None detected
• DNSBL Listings: 3 lists (of 8 total)
• Campaign Likelihood: None
• Threat Persistence: 0 days observed, not persistently malicious
• Threat Observation Count: 1

---

## Neighborhood Analysis (187.120.72.0/24)

The /24 subnet contains 40 sibling IPs with an abuse density of 0.425:

• High Risk (80): 11 IPs
• Medium Risk (55): 28 IPs
• Low Risk (40): 1 IP

Notable high-risk neighbors include 187.120.72.59, 187.120.72.65, 187.120.72.72, 187.120.72.80, 187.120.72.97, 187.120.72.101, 187.120.72.111, 187.120.72.123, 187.120.72.136, 187.120.72.139, 187.120.72.188, 187.120.72.223, and 187.120.72.229, all with risk scores of 80.

---

## Historical Observations

26 observations tracked across the analysis period. The most recent observations from June 2026 show:

• Operator score: Minimal (0/0)
• Routing, services, ownership, reputation, and geolocation dimensions covered
• No service banners or TLS certificates detected
• No port scanning activity observed in most recent probes

---

## Relationship Graph

34 relationships identified, primarily same-network associations (139887). No external relationships to organizations, hostnames, or certificates detected beyond network-level connections.

---

## Recommended Actions

Monitoring:

• Increase logging verbosity and review recent activity from this IP
• Severity: High (due to risk score of 55)

Blocking Rules (if required):

• iptables: `iptables -A INPUT -s 187.120.72.87 -j DROP`
• nftables: `nft add rule inet filter input ip saddr 187.120.72.87 drop`
• nginx: `deny 187.120.72.87;`
• pfSense: `187.120.72.87/32`
• Cloudflare WAF: Block with filter expression `ip.src eq 187.120.72.87`
• AWS WAF: Address `187.120.72.87/32`

---

## Analyst Notes

The IP address operates within a subnet exhibiting moderate to high abuse activity. While 187.120.72.87 itself shows no active malicious indicators, the neighborhood context suggests correlated risk. The subnet's abuse density of 0.425 indicates a mixed-use environment with significant malicious activity. Monitoring is recommended rather than immediate blocking, unless additional context indicates active exploitation attempts.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.