5.167.71.249
# IP INTELLIGENCE BRIEFING
Subject: 5.167.71.249/32
Classification: Moderate Risk Residential Endpoint
Date: Current Analysis Cycle
---
## EXECUTIVE SUMMARY
IP 5.167.71.249 is a residential endpoint assigned to ER-Telecom Holding's Cheboksary branch infrastructure in Russia (AS57026). The IP presents moderate risk (score: 40) with residential network classification and DNSBL listing on 1 of 8 threat feeds. While the endpoint itself shows no active malicious indicators, it operates within a subnet exhibiting elevated abuse characteristics.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Data |
|---|---|
| **ASN** | 57026 |
| **Organization** | Network Operation Center CJSC ER-Telecom Holding Cheboksary branch |
| **Geolocation** | Cheboksary, Chuvash Republic, RU |
| **Network Role** | Residential Endpoint |
| **DNS Record** | 5x167x71x249.dynamic.cheb.ertelecom.ru |
| **BGP Prefix** | 5.167.68.0/22 |
| **Route Stability** | Unstable (isRouteStable: false) |
The IP is part of the ERTH-CHEB-PPPOE-22-NET network segment, indicating dynamic residential broadband infrastructure with 352 documented relationships primarily within the same network block.
---
## THREAT ASSESSMENT
Current Risk Score: 40 (Moderate Risk)
Threat Indicators:
- DNSBL Listings: 1 of 8 feeds (dnsblListedCount: 1)
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Campaign Associations: None detected
Abuse Context:
- Control plane data shows minimal operator classification (operatorScore: 0.1304)
- No active threat persistence or malicious campaign correlates
- 49 historical observations recorded across the monitoring period
---
## TEMPORAL ANALYSIS
Observation History (49 signals):
Recent observations (June 24, 2026) indicate consistent "Minimal" operator scores across multiple time windows (03:04, 09:12, 15:14, 21:16 UTC). The IP demonstrates no escalating threat behavior, with threat persistence days at zero and no persistent malicious classification.
Stability Metrics:
- Ownership changes: 0
- Threat observation count: 1
- Is persistently malicious: False
---
## NEIGHBORHOOD ANALYSIS
Subnet: 5.167.71.249/24
Abuse Density: 0.6641 (High Abuse Classification)
Sibling Statistics:
- Total siblings: 256
- Active siblings: 188
- Threat siblings: 170
Risk Distribution (100 sampled neighbors):
- Low Risk: 59 (59%)
- Medium Risk: 41 (41%)
- High Risk: 0 (0%)
Sample neighbor risk scores include 40, 25, 25, 25, 25 (authority scores: 50 across sampled neighbors).
Context: The target IP exists within a subnet exhibiting elevated abuse density. While the endpoint itself shows no active malicious indicators, 66.4% of the subnet demonstrates abuse characteristics, suggesting potential collateral risk from adjacent addresses.
---
## ACTIONABLE INTELLIGENCE
Security Recommendations:
1. Allow with Monitoring: Current data indicates residential use with no active malicious indicators. Permit traffic but monitor for behavioral anomalies.
2. Subnet Context: Be aware of elevated abuse density in 5.167.71.0/24. Consider segment-level policies if traffic patterns suggest abuse correlation.
3. DNSBL Review: Investigate which specific feed lists this IP to determine if the listing is justified or requires appeal.
4. Geographic Context: All traffic originates from Cheboksary, Russia. Consider geographic filtering policies based on organizational risk posture.
No Immediate Blocking Required: The IP demonstrates residential endpoint characteristics with no active threat indicators. Blocking would impact legitimate residential connectivity.
---
## CONCLUSION
IP 5.167.71.249/32 is classified as a moderate-risk residential endpoint operating within ER-Telecom's Cheboksary infrastructure. While the endpoint itself presents no immediate threat, the subnet context requires awareness of elevated abuse density. SOC teams should maintain monitoring rather than blocking, with attention to geographic and subnet-level risk factors.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Network Operation Center CJSC ER-Telecom Holding Cheboksary branch |
| ASN | AS57026 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 5x167x71x249.dynamic.cheb.ertelecom.ru |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 5x167x71x249.dynamic.cheb.ertelecom.ru |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Residential Endpoint |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 22% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 27% | 1 | 3 |
| geolocation | 26% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:05:29 UTC |
| Last Seen | 2026-06-26 18:12:19 UTC |
| Profile Built | 2026-06-27 11:18:15 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 52 |
Full dossier details are available via our API.