191.53.9.7
Intelligence Briefing for IP 191.53.9.7/32
1. Overview
- Risk Score: 55/100 (Moderate Risk)
- Ownership: Owned by MASTER S/A (AS28202), a Brazilian ISP.
- Geolocation: Located in Lorena, São Paulo, Brazil (latitude: -22.738, longitude: -45.1252).
- Network Role: Firewalled with no services open; classified as a residential IP.
- Threat Indicators: No malicious activity detected (no indicators, abuse confidence score, or campaign links).
2. Observation History
- First observed on May 29, 2026, with consistent geolocation and network data.
- Subnet 191.53.9.0/24 shows a 34.21% abuse density, with 13 active siblings (neighbors) and 13 threat siblings.
- No persistent malicious activity or ownership changes noted.
3. Relationships
- DNS Associations: Linked to hostname `191-53-9-7.lna-wr.soumaster.com.br`.
- Network Connections: Same network as AS28202 (MASTER S/A).
- No Known Campaigns or Malware Signatures: No correlations to known threats, honeypots, or WAF violations.
4. Neighborhood Analysis
- Subnet: 191.53.9.0/24 (37 total IPs).
- Risk Distribution:
- High Risk: 4 IPs (e.g., 191.53.9.34, 191.53.9.112, 191.53.9.182).
- Medium Risk: 31 IPs.
- Low Risk: 2 IPs.
- Abuse Density: 10.8% (mixed classification).
5. Security Recommendations
- Monitoring: Increase logging verbosity and review activity from this IP due to elevated risk score.
- Firewall Actions:
- iptables: `iptables -A INPUT -s 191.53.9.7 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 191.53.9.7 drop`
- Cloudflare/WAF: Block IP with rule `{ "action": "block", "expression": "ip.src eq 191.53.9.7" }`.
- AWS WAF: Add `191.53.9.7/32` to a rule with description "IPDebrief risk 55".
6. Conclusion
The IP is part of a subnet with mixed risk, though no direct malicious activity is detected. However, neighboring IPs exhibit higher risk scores, warranting closer monitoring. Block the IP to mitigate potential threats from the subnet.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | MASTER S/A |
| ASN | AS28202 |
| Network Name | 227148 |
| CIDR Block | 191.53.0.0/16 |
| RIR | LACNIC |
| Country | BR |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | 191-53-9-7.lna-wr.soumaster.com.br |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 191-53-9-7.lna-wr.soumaster.com.br |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 21% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 06:37:57 UTC |
| Last Seen | 2026-06-19 11:33:44 UTC |
| Profile Built | 2026-06-06 18:50:02 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 21 |
Full dossier details are available via our API.