191.240.37.217

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 191.240.37.217/32

## Executive Summary

The IP address 191.240.37.217 is a Brazilian-origin address operated by MASTER S/A (ASN 28202) with a moderate risk profile (55/100). The address shows firewalled status with no active services, but exhibits concerning DNS indicators and resides within a subnet with elevated abuse activity.

## Network Ownership & Geolocation

Organization: MASTER S/A (Master Cabo)
ASN: 28202
Country: Brazil (BR)
Region: Minas Gerais (MG)
City: Unai
CIDR Block: 191.240.0.0/17
RIR: LACNIC (Allocated: 2013-10-09)

## Risk Assessment

Overall Risk Score: 55/100 (Moderate Risk)

Key Risk Factors

DNSBL Listings: 3 active listings across 8 DNSBL lists
Operator Score: 0.1304 (Minimal classification)
Route Stability: BGP route showing instability (isRouteStable: false)
Service Purpose: Firewalled / No Services detected

Mitigating Factors

Not classified as Tor exit node, known attacker, or spam source
Zero blacklists from major threat feeds
No open ports detected on the address
No TLS certificates or HTTP services

## DNS Analysis

PTR Record: 191-240-37-217.mal-wr.mastercabo.com

Domain: mastercabo.com
SPF: Configured (true)
DMARC: Not configured (false)
Forward Resolution: Not confirmed

*Note: The "mal-wr" segment in the PTR hostname warrants attention as it may indicate malicious web routing.*

## Neighborhood Analysis (191.240.37.0/24)

Subnet Classification: Clean (Inherited Risk: 0)

Total Siblings: 15

Abuse Density: 20% (0.2)

Risk Distribution:

High Risk: 3 IPs
Medium Risk: 11 IPs
Low Risk: 1 IP

Notable High-Risk Neighbors:

IP Address	Risk Score
191.240.37.24	80
191.240.37.29	80
191.240.37.49	80
191.240.37.162	70

## Observation History

Total Observations: 19 signals tracked
Recent Activity: ASN and geolocation data observed as of 2026-06-17
Threat Persistence: 0 days (not persistently malicious)
Ownership Changes: 0 (stable ownership)

## Recommended Actions

Immediate

1. Increase Logging Verbosity: Monitor recent activity from this IP

2. Review DNSBL Listings: Investigate the 3 DNSBL listings and 8 total list entries

Firewall Rules (Recommended)

```bash

# iptables

iptables -A INPUT -s 191.240.37.217 -j DROP

# nftables

nft add rule inet filter input ip saddr 191.240.37.217 drop

# Cloudflare WAF

ip.src eq 191.240.37.217 → BLOCK

# AWS WAF

Addresses: 191.240.37.217/32

Description: IPDebrief risk 55

```

Monitoring Priority

Subnet-Wide: Consider blocking or rate-limiting the entire 191.240.37.0/24 subnet due to 20% abuse density
High-Risk Neighbors: Investigate the three IP addresses with risk scores of 80/100 in the same subnet
PTR Analysis: Verify the "mal-wr" hostname against internal threat intelligence

## Conclusion

While 191.240.37.217 shows no active services or direct threat indicators, the combination of DNSBL listings, firewalled status, and presence within an abuse-prone subnet warrants defensive blocking and enhanced monitoring. The subnet's 20% abuse density suggests potential infrastructure abuse or misconfiguration affecting multiple addresses.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇧🇷 Brazil
Region	MG
City	Unai
Timezone	—
Latitude	-20.02
Longitude	-44.43

🏢 Ownership & Registration

Organization	MASTER S/A
ASN	AS28202
Network Name	213404
CIDR Block	191.240.0.0/17
RIR	LACNIC
Country	BR
Abuse Contact	—

🌐 DNS Intelligence

PTR	191-240-37-217.mal-wr.mastercabo.com
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`191-240-37-217.mal-wr.mastercabo.com`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Present
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	29%	2	3
routing	17%	1	1
services	15%	2	2
ownership	19%	2	2
reputation	17%	1	2
geolocation	32%	2	3
Overall	21%	10	13

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:03 UTC
Last Seen	2026-06-23 02:27:48 UTC
Profile Built	2026-06-23 02:41:13 UTC
Data Freshness	Live
Signal Types	20
Total Observations	26

🔍 20 signal types · 26 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

191.240.37.217📋 Copy