5.167.65.192
## IP Intelligence Briefing: 5.167.65.192/32
Date: 2026-06-24
Classification: Moderate Risk (Score: 40/100)
Data Sources: IPDebrief Intelligence Platform
---
Executive Summary
IP 5.167.65.192 is a residential address allocated to ER-Telecom Holding's Cheboksary branch (AS57026) in the Chuvash Republic, Russia. The address exhibits moderate risk characteristics consistent with residential ISP infrastructure. No active threat indicators or malicious campaigns were identified. The IP resolves to a dynamic residential PPPoE network block.
---
Network Attribution & Ownership
| Attribute | Value |
|---|---|
| **ASN** | 57026 |
| **Organization** | Network Operation Center CJSC ER-Telecom Holding Cheboksary branch |
| **Network Name** | ERTH-CHEB-PPPOE-22-NET |
| **Country** | RU (Russia) |
| **Region** | Chuvash Republic |
| **City** | Cheboksary |
| **BGP Prefix** | 5.167.64.0/22 |
| **Route Status** | Stable |
The IP belongs to ER-Telecom Holding's residential ISP infrastructure. The BGP path shows transit through AS6939 (NTT) and AS9049 (Lumen) before reaching the origin AS57026.
---
Risk Assessment
Current Risk Score: 40/100 (Moderate Risk)
Risk Components:
- Provider Score: 0 (ISP classification)
- Authority Score: 0
- Abuse Confidence: Not elevated
- DNSBL Listings: 1 of 8 total blacklists
- Known Attacker Status: Not flagged
- Tor Exit Node: No
- Spam Source: No
Key Observations:
- Network role classified as "Firewalled / No Services"
- No open ports detected
- No TLS certificates or HTTP services
- Residential connection type confirmed via multiple observations
---
Service & DNS Analysis
DNS Configuration:
- PTR Hostname: `5x167x65x192.dynamic.cheb.ertelecom.ru`
- Domain: ertelecom.ru
- SPF Record: Present
- DMARC Record: Present
- Forward Resolution: 1 hostname
Services:
- Open Ports: None detected
- HTTP Title: None
- TLS Certificate: None
- Connection Type: Residential
---
Threat Intelligence Indicators
Active Threats: None
Campaigns: No associated campaigns identified
Known Malicious Activity: Not observed
Historical Signals (54 observations):
- Recent observations confirm residential infrastructure
- Multiple signals indicate stable ISP infrastructure
- No escalation in threat posture observed
---
Neighborhood Analysis (Subnet: 5.167.65.0/24)
Subnet Profile:
- Total IPs: 256
- Active Siblings: 124
- Risk Distribution:
- High Risk: 0 (0%)
- Medium Risk: 37 (37%)
- Low Risk: 63 (63%)
- Abuse Density: 0.3043 (operator score)
Sample Neighbor Risk Scores:
- 5.167.65.0: 25
- 5.167.65.1: 0
- 5.167.65.2: 25
- 5.167.65.3: 25
- 5.167.65.4: 40
The subnet shows typical residential ISP risk distribution with no concentrated abuse patterns.
---
Relationship Graph
Total Relationships: 450
Network Associations: ERTH-CHEB-PPPOE-22-NET (450 instances)
- All relationships confirm membership in the same PPPoE network block
---
Recommended Security Actions
Based on the risk profile, the following firewall rules are recommended:
iptables:
```
iptables -A INPUT -s 5.167.65.192 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 5.167.65.192 drop
```
nginx:
```
deny 5.167.65.192;
```
pfSense:
```
5.167.65.192/32
```
Cloudflare WAF:
```json
{
"description": "Block 5.167.65.192 โ IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 5.167.65.192"
}
}
```
AWS WAF:
```json
{
"Addresses": ["5.167.65.192/32"],
"Description": "IPDebrief risk 40"
}
```
Note: These recommendations are probabilistic and should be combined with other signals before taking action.
---
Conclusion
IP 5.167.65.192 represents standard residential ISP infrastructure with moderate risk characteristics. No active threat indicators, campaigns, or known malicious activity were identified. The IP is part of a residential PPPoE network block with typical risk distribution for ISP-allocated addresses. Monitor for changes in threat posture over time.
Analyst Notes: This IP should be treated with standard residential IP caution. No immediate blocking is required unless specific abuse is observed.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Network Operation Center CJSC ER-Telecom Holding Cheboksary branch |
| ASN | AS57026 |
| Network Name | โ |
| CIDR Block | 5.167.64.0/22 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 5x167x65x192.dynamic.cheb.ertelecom.ru |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 5x167x65x192.dynamic.cheb.ertelecom.ru |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Residential Endpoint |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 23% | 2 | 4 |
| routing | 25% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 22% | 3 | 4 |
| reputation | 27% | 1 | 3 |
| geolocation | 28% | 2 | 3 |
| Overall | 23% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:05:22 UTC |
| Last Seen | 2026-06-26 18:12:12 UTC |
| Profile Built | 2026-06-27 06:13:20 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 55 |
Full dossier details are available via our API.