5.167.70.72
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
# Intelligence Briefing: IP 5.167.70.72/32
## Executive Summary
IP 5.167.70.72 is a residential endpoint located in Cheboksary, Russia, operating under ER-Telecom Holding's ASN 57026 infrastructure. The IP carries a moderate risk score (49) and is flagged as a known attacker with one active blacklist listing. Neighborhood analysis reveals elevated abuse activity within the /24 subnet.
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **Location** | Cheboksary, Russia (RU) |
| **ASN** | 57026 |
| **Organization** | Network Operation Center CJSC ER-Telecom Holding Cheboksary branch |
| **Network Role** | Residential Endpoint |
| **Connection Type** | PPPoE (Dynamic Residential) |
| **DNS** | 5x167x70x72.dynamic.cheb.ertelecom.ru |
## Threat Indicators
- Known Attacker: Yes
- Blacklist Status: Listed on 1 threat feed (blocklist.de)
- Risk Score: 49 (Moderate)
- Provider/Authority Scores: 0 (Consumer/Residential classification)
- Abuse Confidence: Not quantified
- DNSBL Lists: 1 of 8 total
## Geographic & Network Context
- Geolocation Confidence: Validated via multiple sources
- Route Origin: BGP prefix 5.167.68.0/22
- Control Plane: Operator score 0.1304 (Minimal)
- DNSSEC: Valid
## Neighborhood Analysis (5.167.70.0/24)
- Total Siblings: 256
- Active Siblings: 147
- Risk Distribution: 72 medium-risk, 28 low-risk (0 high-risk)
- Abuse Density: Elevated within subnet
- Inherited Risk Score: 40
- Threat Siblings: All 256 flagged as threats
## Observation History
- Total Observations: 48 signal observations recorded
- Recent Trend: Stable with minimal operator scores (0) across multiple 2026-06-24 timestamps
- Threat Persistence: Not persistently malicious
- Ownership Changes: None detected
## Related Entities
- Network Relationships: 335 relationships identified, predominantly same-network associations with ERTH-CHEB-PPPOE-22-NET
- No Campaign Correlation: No known campaigns linked to this IP
## Recommended Security Actions
Immediate Actions
| System | Recommended Action |
|---|---|
| **Firewall** | Block or rate-limit at network edge |
| **iptables** | `iptables -A INPUT -s 5.167.70.72 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 5.167.70.72 drop` |
| **nginx** | `deny 5.167.70.72;` |
| **Cloudflare WAF** | Block with expression `ip.src eq 5.167.70.72` |
| **AWS WAF** | Add IP 5.167.70.72/32 to block list |
Rationale
The IP exhibits suspicious activity indicators warranting blocking or rate-limiting. While classified as residential, the known attacker flag and blacklist presence suggest malicious use. The subnet context shows elevated abuse density, supporting defensive measures.
## Analyst Notes
- Classification: Residential endpoint with malicious activity
- Geographic Risk: Russia-based, moderate threat level
- Recommended Priority: Medium (monitor and block as needed)
- Context: Part of larger ER-Telecom residential infrastructure; consider subnet-level blocking if threat persists across multiple IPs
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Network Operation Center CJSC ER-Telecom Holding Cheboksary branch |
| ASN | AS57026 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 5x167x70x72.dynamic.cheb.ertelecom.ru |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 5x167x70x72.dynamic.cheb.ertelecom.ru |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Residential Endpoint |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 20% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 33% | 1 | 3 |
| geolocation | 24% | 2 | 3 |
| Overall | 24% | 10 | 16 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:05:27 UTC |
| Last Seen | 2026-06-26 18:12:17 UTC |
| Profile Built | 2026-06-27 11:54:38 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 52 |
๐ 23 signal types ยท 52 observations collected
This report is generated from 23+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.