5.167.65.123

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 5.167.65.123/32

Classification: Low Risk / Residential Endpoint

Date: Current Intelligence

Data Sources: IPDebrief Intelligence Platform

---

## EXECUTIVE SUMMARY

IP address 5.167.65.123 is a residential endpoint operated by ER-Telecom Holding (ASN: 57026), located in Cheboksary, Russia. The IP presents a low-risk profile with a reputation score of 25/100. No active threat indicators, malware, or malicious activity were detected. The address operates within a standard residential PPPoE network infrastructure.

---

## NETWORK OWNERSHIP & GEOLOCATION

Field	Value
ASN	57026
Organization	Network Operation Center CJSC ER-Telecom Holding Cheboksary branch
RIR	RIPE
Country	Russia (RU)
City	Cheboksary
CIDR Block	5.167.64.0/22
Network Classification	Residential Endpoint

---

## THREAT ASSESSMENT

Risk Score: 25/100 (Low)

Abuse Confidence: Not elevated

Known Attacker Status: Negative

Spam Source Status: Negative

Tor Exit Node: Negative

Threat Indicators: None detected

Blacklist Presence: 0/8 DNSBL lists

Threat Persistence: No persistent malicious activity observed

---

## NETWORK BEHAVIOR

Open Ports: None detected

Active Services: None

TLS Certificates: None

DNS Records: Dynamic hostname (5x167x65x123.dynamic.cheb.ertelecom.ru)

Reverse DNS Confirmed: Yes

Email Authentication: SPF and DMARC records present

Network Role: Residential residential endpoint (not cloud, CDN, VPN, proxy, hosting, or mobile carrier infrastructure)

---

## SUBNET CONTEXT

Subnet: 5.167.65.123/24

Total Siblings: 256

Active Siblings: 138

Threat Siblings: 101

Abuse Density: 0.3945 (moderate)

Classification: Mixed

Risk Distribution in /24:

High Risk: 0 (0%)
Medium Risk: 65 (65%)
Low Risk: 35 (35%)

The subnet demonstrates mixed usage with 101 threat-identified sibling IPs, though the target IP itself maintains a low-risk profile.

---

## OBSERVATION HISTORY

Total Observations: 54 signals tracked

Most Recent: 2026-06-24T20:01:30 UTC

Threat Persistence Days: 0

Is Persistently Malicious: No

Recent observations indicate stable behavior with no significant changes in geolocation, DNS, or threat profile. The IP has demonstrated consistent residential endpoint characteristics throughout the observation period.

---

## RELATIONSHIP ANALYSIS

Total Relationships: 397

Primary Network: ERTH-CHEB-PPPOE-22-NET

The IP is associated with a large residential PPPoE network. All relationships point to the same network infrastructure, confirming the IP's residential nature and lack of association with command-and-control infrastructure or malicious networks.

---

## RECOMMENDED ACTIONS

Firewall Rules: No blocking required. Standard residential traffic monitoring applies.

Monitoring Level: Routine

Threat Response: No action required

This IP represents normal residential internet usage. No defensive actions are recommended beyond standard logging and monitoring practices.

---

END OF BRIEFING

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇷🇺 Russia
Region	CU
City	Cheboksary
Timezone	—
Latitude	55.74
Longitude	37.61

🏢 Ownership & Registration

Organization	Network Operation Center CJSC ER-Telecom Holding Cheboksary branch
ASN	AS57026
Network Name	—
CIDR Block	5.167.64.0/22
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	5x167x65x123.dynamic.cheb.ertelecom.ru
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`5x167x65x123.dynamic.cheb.ertelecom.ru`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Present
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Residential
Service Purpose	Residential Endpoint
Network Tier	End-User — Residential ISP endpoint

Residential

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	23%	2	4
routing	25%	2	3
services	17%	2	3
ownership	22%	3	4
reputation	27%	1	3
geolocation	31%	2	3
Overall	24%	12	20

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:05:22 UTC
Last Seen	2026-06-26 18:12:12 UTC
Profile Built	2026-06-27 06:19:20 UTC
Data Freshness	Live
Signal Types	27
Total Observations	57

🔍 27 signal types · 57 observations collected

This report is generated from 27+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

5.167.65.123📋 Copy