# INTELLIGENCE BRIEFING: 27.79.40.45/32
## Executive Summary
Target IP 27.79.40.45 was classified as Low Risk with an overall risk score of 15/100. The address is registered to IRT-VNNIC-AP (ASN 7552) under APNIC jurisdiction. Current threat indicators are minimal, though the associated /24 subnet demonstrates moderate abuse density (29.41%). No active malicious campaigns or correlated threats were identified.
## Technical Profile
Ownership & Registration
- ASN: 7552 (IRT-VNNIC-AP)
- RIR: APNIC
- Country: VN (Vietnam)
- Region/City: Da Nang
- DNSSEC: Valid
Network Services
- Service Purpose: Firewalled / No Services
- Open Ports: None detected
- TLS Certificate: None
- HTTP Title/Server Banner: None
- PTR Record: localhost
DNS Analysis
- Forward Resolution: localhost (1 record)
- Forward Confirmation: Failed
- Email Authentication: SPF/DMARC not configured
- Hosted Domains: 0
## Threat Indicators
Current Risk Assessment
- Risk Score: 15/100 (Low Risk)
- Blacklist Count: 0
- DNSBL Listings: 1 of 8 total lists
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Control Plane
- BGP Prefix: 27.79.40.0/21
- Origin ASN: 7552
- DNSBL Listed: Yes (1 listing)
- Operator Score: 0.1304 (Minimal)
- Route Stability: False
## Temporal Analysis
Observation History
- Total Observations: 18
- Threat Persistence Days: 0
- Is Persistently Malicious: No
- Last Observation: 2026-06-23
- Threat Signal Count: 1
Recent Signals Include:
- DNSBL listings (multiple sources)
- Operator classification assessments
- Geolocation inference (Vietnam, 600km accuracy radius)
- Network dimension coverage: 6/6
## Neighborhood Analysis (27.79.40.0/24)
Subnet Risk Profile
- Total Siblings: 17
- Active Siblings: 9
- Threat Siblings: 5
- Abuse Density: 29.41%
- Classification: Mixed
Risk Distribution in /24
- High Risk (40+): 0 IPs
- Medium Risk (25-39): 6 IPs
- Low Risk (0-24): 10 IPs
Notable High-Risk Neighbors:
- 27.79.40.53 (Risk: 59)
- 27.79.40.140 (Risk: 55)
- 27.79.40.12, 27.79.40.33, 27.79.40.139, 27.79.40.244 (Risk: 40)
## Security Recommendations
No automated firewall rules or blocking actions were recommended based on current risk assessment. The following considerations apply:
1. Monitor Neighboring IPs: The /24 subnet contains 5 threat-classified siblings. Consider enhanced monitoring of the following high-risk addresses:
- 27.79.40.53 (Risk: 59)
- 27.79.40.140 (Risk: 55)
2. DNSBL Awareness: Target IP is listed on 1 of 8 DNSBL feeds. Review listing sources if inbound email filtering is affected.
3. Geographic Context: Vietnam-based infrastructure with moderate subnet abuse density. Contextualize against organization's geographic risk tolerance.
4. Service Verification: No services detected; verify if firewall rules are intentional or misconfigured.
## Assessment
Target 27.79.40.45 presents minimal immediate threat. The address appears to be a passive infrastructure endpoint with no active service exposure. While the parent /24 subnet shows moderate abuse density, the target itself lacks direct malicious indicators. SOC teams should monitor the address for service activation and maintain awareness of neighboring IP threats within the same subnet block.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-VNNIC-AP |
| ASN | AS7552 |
| Network Name | โ |
| CIDR Block | 27.79.40.0/21 |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | localhost |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | localhost |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:15 UTC |
| Last Seen | 2026-06-23 09:39:40 UTC |
| Profile Built | 2026-06-23 09:46:59 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.