5.167.65.49

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 5.167.65.49/32

Date: 2026-06-24

Risk Level: MODERATE (Score: 40)

---

## EXECUTIVE SUMMARY

IP 5.167.65.49 is a residential endpoint assigned to ER-Telecom Holding's Cheboksary branch in Russia (ASN 57026). The IP resides within a high-abuse density /24 subnet (5.167.65.0/24) containing 124 active residential IPs. Despite the subnet-level abuse classification, this specific IP shows no active threat indicators and maintains a stable "Minimal" risk profile across recent observations.

---

## NETWORK ATTRIBUTES

Attribute	Value
Organization	Network Operation Center CJSC ER-Telecom Holding Cheboksary branch
ASN	57026
Location	Cheboksary, Chuvash Republic, RU
Network Type	Residential (PPPOE)
CIDR Block	5.167.64.0/22
DNS PTR	5x167x65x49.dynamic.cheb.ertelecom.ru
Service Purpose	Residential Endpoint

---

## THREAT ASSESSMENT

Risk Score: 40 (Moderate)
Abuse Confidence Score: Not available
Blacklist Count: 0
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Active Threats: None detected

Control Plane:

Route Status: Unstable (0 changes in 30 days)
DNSBL Listed: 1 of 8 lists
Operator Score: 0.1304 (Minimal)
RPKI State: Not available

---

## NEIGHBORHOOD ANALYSIS

Subnet: 5.167.65.0/24

Total Siblings: 256
Active Siblings: 124
Abuse Density: High
Risk Distribution: 96 Medium | 4 Low | 0 High
Inherited Risk Score: 40

Multiple neighboring IPs (5.167.65.0, 5.167.65.4) show identical risk scores of 25-40, indicating consistent residential assignment across the subnet.

---

## OBSERVATION HISTORY

Recent signal history (past 48 hours) shows consistent "Minimal" risk classifications with operator scores of 0. Five observations recorded:

2026-06-24 17:28 UTC: Minimal risk, 0 operator score
2026-06-24 11:27 UTC: Minimal risk, 0 operator score
2026-06-24 05:19 UTC: Minimal risk, 0 operator score
2026-06-23 23:10 UTC: Minimal risk, 0 operator score

No evidence of escalating threat activity or changing classification patterns.

---

## NETWORK RELATIONSHIPS

Primary Network: ERTH-CHEB-PPPOE-22-NET (297+ related entries)
Relationship Type: Same Network (PPPOE residential block)
Correlated IPs: 0 confirmed malicious correlations

---

## SERVICES & OPEN PORTS

Open Ports: None detected
HTTPS/TLS: None detected
HTTP Banner: None detected
Certificates: None detected

---

## RECOMMENDED ACTIONS

Current Risk: Moderate (40) – No immediate blocking required based on this profile alone.

Firewall Rules (if blocking deemed necessary):

```

iptables: iptables -A INPUT -s 5.167.65.49 -j DROP

nftables: nft add rule inet filter input ip saddr 5.167.65.49 drop

nginx: deny 5.167.65.49;

```

Monitoring Priority: LOW-MEDIUM

Monitor for service activation
Track for blacklist additions
Correlate with observed malicious activity from same subnet

---

## INTELLIGENCE NOTES

The /24 subnet is classified as high-abuse, but this IP shows no active malicious indicators
Residential PPPOE assignment suggests legitimate end-user traffic
DNSBL listing (1 of 8) may indicate historical reputation issues
Route instability (false) warrants periodic re-verification
No open services detected; IP appears dormant from network scanning perspective

Conclusion: Monitor but do not proactively block. If incident activity originates from this IP, correlation with other threat signals would be required before taking action.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇷🇺 Russia
Region	Chuvash Republic
City	Cheboksary
Timezone	—
Latitude	55.74
Longitude	37.61

🏢 Ownership & Registration

Organization	Network Operation Center CJSC ER-Telecom Holding Cheboksary branch
ASN	AS57026
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	5x167x65x49.dynamic.cheb.ertelecom.ru
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`5x167x65x49.dynamic.cheb.ertelecom.ru`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Present
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Residential
Service Purpose	Residential Endpoint
Network Tier	End-User — Residential ISP endpoint

Residential

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	25%	2	4
routing	20%	1	1
services	20%	2	3
ownership	20%	2	3
reputation	27%	1	3
geolocation	28%	2	3
Overall	23%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:05:21 UTC
Last Seen	2026-06-26 18:12:12 UTC
Profile Built	2026-06-27 06:25:22 UTC
Data Freshness	Live
Signal Types	22
Total Observations	52

🔍 22 signal types · 52 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

5.167.65.49📋 Copy