191.53.18.15
# IP INTELLIGENCE BRIEFING
Target: 191.53.18.15/32
Date: 2026-06-23
Classification: High Risk
---
## EXECUTIVE SUMMARY
IP address 191.53.18.15 is classified as High Risk with a risk score of 70. The IP is associated with MASTER S/A (AS28202) in Divinópolis, Minas Gerais, Brazil. The address shows evidence of blacklist listings (8 DNSBL entries, 4 active listings with high severity) and operates within a subnet exhibiting 33.3% abuse density. The IP is currently firewalled with no active services.
---
## OWNERSHIP & REGISTRATION
- Organization: MASTER S/A
- Network Name: 227148
- CIDR Block: 191.53.0.0/16
- ASN: AS28202
- RIR: LACNIC
- Registration Date: Not available
- Abuse Contact: Not disclosed
---
## GEOLOCATION
- Country: Brazil (BR)
- Region: Minas Gerais
- City: Divinópolis
- Geographic Accuracy: 2,500 km radius
- Geo-Source Consensus: True (3 sources)
- Geo-Plausibility: False
---
## THREAT INDICATORS
- Reputation Sources: None reported
- Threat Feeds: No active threat feed matches
- Known Campaigns: None detected
- Is Known Attacker: False
- Is Spam Source: False
- Is Tor Exit Node: False
- Blacklist Count: 0
- DNSBL Listings: 4 of 8 total lists (high severity)
- Operator Score: 0.1304 (Minimal)
---
## NETWORK STATUS
- Network Role: Firewalled / No Services
- Open Ports: None detected
- HTTP Services: None
- TLS Certificates: None
- PTR Hostname: 191-53-18-15.vga-wr.soumaster.com.br
- Forward Resolution: Unconfirmed
- Reverse DNS: Confirmed
---
## CONTROL PLANE ANALYSIS
- Route Stability: False (non-stable)
- Route Changes (30 days): 0
- IR Consistency: Not evaluated
- RPKI State: Not evaluated
- DNSSEC Valid: True
- MOAS Status: False
---
## OBSERVATION HISTORY
Total Observations: 23 signals
Recent Activity (2026-06-23):
- Blacklist listings observed across 8 sources with 4 active listings at high severity (confidence: 0.85)
- Operator score assessed as "Minimal" with no threat signals (confidence: 0.30)
- Geolocation signals confirm Brazil/Minas Gerais/Divinópolis (confidence: 0.60)
- Threat indicators detected via Alienvault OTX (confidence: 0.75)
Historical Trend: One threat observation recorded on 2026-06-17 with reputation score of 0 and 2 threat pulses associated. No evidence of persistent malicious behavior (threat persistence days: 0).
---
## NEIGHBORHOOD ANALYSIS
Subnet: 191.53.18.15/24
Abuse Density: 33.3% (profile) / 15% (neighbor analysis)
Total Siblings: 18 active IPs
Threat Siblings: 6
High-Risk Neighbors (Risk Score โฅ70):
| IP Address | Risk Score | Authority Score |
|---|---|---|
| 191.53.18.36 | 80 | 50 |
| 191.53.18.39 | 80 | 50 |
| 191.53.18.8 | 70 | 50 |
| 191.53.18.111 | 70 | 50 |
| 191.53.18.113 | 70 | 50 |
| 191.53.18.129 | 70 | 50 |
| 191.53.18.137 | 70 | 50 |
| 191.53.18.184 | 70 | 50 |
| 191.53.18.216 | 70 | 50 |
Risk Distribution: 3 high, 14 medium, 3 low
---
## RELATIONSHIP GRAPH
Total Relationships: 35 entities
- Network Associations: Multiple "Same Network" relationships to network identifier 227148
- Subnet Classification: Mixed (combined abuse density indicates heterogeneous risk profile)
---
## RECOMMENDED ACTIONS
1. Block Traffic: Implement firewall rules to block inbound and outbound traffic from 191.53.18.15/32
2. Monitor Subnet: Apply enhanced monitoring to 191.53.18.0/24 subnet due to 33% abuse density and presence of multiple high-risk neighbors
3. DNSBL Verification: Review and block against 8 DNSBL lists where the IP is currently listed
4. Ingress Filtering: Consider RPF checks for traffic from AS28202
5. Log Correlation: Correlate with threat intelligence feeds for AS28202 and related network identifier 227148
---
## ASSESSMENT
The target IP demonstrates a moderate-high risk profile primarily driven by blacklist listings and subnet-level abuse patterns. While the IP itself shows no direct threat indicators (not a known attacker, spam source, or Tor exit node), its association with multiple high-risk neighbors and non-stable routing configuration warrants defensive blocking and continuous monitoring. The subnet's mixed classification suggests varied threat vectors requiring differentiated response policies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | MASTER S/A |
| ASN | AS28202 |
| Network Name | 227148 |
| CIDR Block | 191.53.0.0/16 |
| RIR | LACNIC |
| Country | BR |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | 191-53-18-15.vga-wr.soumaster.com.br |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 191-53-18-15.vga-wr.soumaster.com.br |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 22% | 2 | 4 |
| routing | 17% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 21% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 19% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:03 UTC |
| Last Seen | 2026-06-23 02:33:57 UTC |
| Profile Built | 2026-06-23 02:43:29 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.