5.167.71.28
# IP INTELLIGENCE BRIEFING: 5.167.71.28/32
Date: 2026-06-25
Classification: Moderate Risk - Residential Endpoint
Intel Confidence: 85%
---
## EXECUTIVE SUMMARY
IP 5.167.71.28 is a residential endpoint associated with ER-Telecom Holding's Cheboksary infrastructure in Russia. The address carries a risk score of 40, indicating moderate risk. While no active threat indicators or malicious campaigns were detected, the IP belongs to a /24 subnet classified as high abuse with 107 active sibling addresses. No immediate blocking required unless specific threat behavior is observed.
---
## NETWORK IDENTIFICATION
| Attribute | Value |
|---|---|
| **IP Address** | 5.167.71.28/32 |
| **ASN** | 57026 |
| **Organization** | Network Operation Center CJSC ER-Telecom Holding Cheboksary branch |
| **Country** | Russia (RU) |
| **Region** | Chuvash Republic |
| **City** | Cheboksary |
| **Network Type** | Residential Endpoint (PPPoE) |
| **CIDR Block** | 5.167.64.0/20 |
---
## THREAT ASSESSMENT
Current Risk Score: 40 (Moderate)
Operator Score: 0.1304 (Minimal)
Abuse Confidence Score: Not available
Threat Indicators: None detected
Blacklist Status: 0 blacklist hits (1 DNSBL listing out of 8 total lists)
Known Campaigns: None
Tor Exit Node: No
Known Attacker: No
Spam Source: No
---
## NETWORK BEHAVIOR & CLASSIFICATION
- Infrastructure Type: Residential
- Connection Type: Residential
- Cloud/CDN/Proxy: No
- Mobile Carrier: No
- Open Ports: None detected
- TLS/HTTP Services: None detected
- DNS PTR Hostname: 5x167x71x28.dynamic.cheb.ertelecom.ru
- DNS Forward Resolution: 5x167x71x28.dynamic.cheb.ertelecom.ru (ertelecom.ru domain)
---
## SUBNET ANALYSIS (5.167.71.0/24)
| Metric | Value |
|---|---|
| **Total Siblings** | 256 |
| **Active Siblings** | 107 |
| **Abuse Density** | 1 (High Abuse) |
| **Risk Distribution** | 100 Medium, 0 High, 0 Low |
| **Subnet Classification** | high_abuse |
| **Inherited Risk** | 40 |
Assessment: The /24 subnet shows elevated abuse density with 107 active endpoints. Consistent risk scores of 40 across sibling addresses indicate systematic network-level risk rather than isolated endpoint behavior.
---
## OBSERVATION HISTORY (48 Total Signals)
Recent Activity Timeline:
- 2026-06-25 00:03:51 UTC: ASN 57026 confirmed (CHEB-AS - JSC _ER-Telecom Holding_)
- 2026-06-25 00:02:33 UTC: Geolocation inferred (RU, confidence 0.52)
- 2026-06-24 21:22:41 UTC: Operator score 0 (Minimal)
- 2026-06-24 15:20:52 UTC: Operator score 0 (Minimal)
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence: 0 days
- Threat Observation Count: 1
- Persistently Malicious: No
- Route Stability: Not stable
---
## RELATIONSHIP GRAPH
Total Relationships: 315
Primary Association: ERT-H-CHEB-PPPOE-22-NET (Same Network)
The IP maintains extensive relationships within the ER-Telecom Cheboksary PPPoE network infrastructure.
---
## RECOMMENDED ACTIONS
Current Risk Level: Moderate (40)
Recommended Action: Monitor - No immediate block required
Firewall Rules (if blocking warranted):
```bash
# iptables
iptables -A INPUT -s 5.167.71.28 -j DROP
# nftables
nft add rule inet filter input ip saddr 5.167.71.28 drop
# nginx
deny 5.167.71.28;
# pfSense
5.167.71.28/32
# Cloudflare WAF
{"description":"Block 5.167.71.28 โ IPDebrief risk score 40","action":"block"}
# AWS WAF
{"Addresses":["5.167.71.28/32"],"Description":"IPDebrief risk 40"}
```
---
## INTELLIGENCE NOTES FOR SOC ANALYSTS
1. Residential Nature: This is a standard residential PPPoE endpoint from a major Russian ISP. False positive risk is elevated without additional threat signals.
2. Subnet Context: The /24 subnet shows high abuse density. If this IP exhibits malicious behavior, related IPs in the same subnet may warrant investigation.
3. No Active Threats: No malware, scanning, or abuse indicators detected in current profile.
4. Geolocation Verification: Geo validation showed ICMP blocked (unable to validate). Distance calculated: 2631.2 km from probe location.
5. Monitoring Recommendation: Track for any emergence of threat indicators. If abuse is observed, consider blocking the /24 or /20 prefix rather than individual IPs.
---
Source: IPDebrief Intelligence Platform
Data Freshness: 2026-06-25
Analysis Status: Complete
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Network Operation Center CJSC ER-Telecom Holding Cheboksary branch |
| ASN | AS57026 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 5x167x71x28.dynamic.cheb.ertelecom.ru |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 5x167x71x28.dynamic.cheb.ertelecom.ru |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Residential Endpoint |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 3 |
| routing | 20% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 30% | 1 | 3 |
| geolocation | 28% | 2 | 3 |
| Overall | 22% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:05:28 UTC |
| Last Seen | 2026-06-26 18:12:18 UTC |
| Profile Built | 2026-06-27 11:34:11 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 50 |
Full dossier details are available via our API.