177.11.203.9
IP Intelligence Briefing: 177.11.203.9
Date: 2026-06-06
---
**Risk Overview**
- Risk Score: 80/100 (High Risk)
- Threat Indicators: No direct malicious activity detected (no known campaigns, spam, or blacklists).
- Network Role: Firewalled with no open services (ports, TLS, or HTTP).
- Geolocation: Brazil (RS state), Sao Sebastiao do Cai.
---
**Ownership & Network**
- ASN: AS262907 (BRASIL TECPAR | AMIGO | AVATO)
- Subnet: 177.11.203.9/24 (no active neighbors detected).
- DNS: PTR hostname `177-11-203-9.avato.com.br` (local domain, no public resolution).
---
**Threat Context**
- Historical Observations:
- 19 signals recorded (DNS, network, and reputation data).
- No malicious indicators (no spam, attacks, or abuse reports).
- DNSSEC valid, but 4 DNSBL listings (low-severity).
---
**Recommended Actions**
1. Block the IP using firewall rules:
- iptables: `iptables -A INPUT -s 177.11.203.9 -j DROP`
- Cloudflare WAF: Block IP with description "IPDebrief risk 80".
- AWS WAF: Add `177.11.203.9/32` to a rule.
2. Monitor Network Behavior:
- Investigate firewalled host behavior (no services detected).
- Validate DNS associations (`avato.com.br`) for potential misconfigurations.
3. Contextual Analysis:
- Cross-reference with BRASIL TECPARβs network (AS262907) for legitimacy.
- Check for upstream routing anomalies (BGP prefix `177.11.202.0/23`).
---
**Summary**
The IP exhibits a high risk score but lacks direct malicious indicators. It is associated with a Brazilian organization and appears to be a firewalled host. While no immediate threats are confirmed, the elevated risk warrants blocking and further investigation into its network context.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | BRASIL TECPAR | AMIGO | AVATO |
| ASN | AS262907 |
| Network Name | 407880 |
| CIDR Block | 177.11.200.0/21 |
| RIR | LACNIC |
| Country | BR |
| Abuse Contact | β |
π DNS Intelligence
| PTR | 177-11-203-9.avato.com.br |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 177-11-203-9.avato.com.br |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 19% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-12 09:40:33 UTC |
| Last Seen | 2026-06-26 16:24:58 UTC |
| Profile Built | 2026-06-26 16:40:52 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 27 |
Full dossier details are available via our API.