177.174.125.183

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 177.174.125.183/32

## EXECUTIVE SUMMARY

IP 177.174.125.183 is classified as HIGH RISK (Score: 80/100) with elevated threat indicators. The IP is associated with mobile carrier infrastructure in Brazil and presents multiple security concerns requiring immediate monitoring and potential blocking.

## OWNERSHIP & INFRASTRUCTURE

Organization: TELEFÔNICA BRASIL S.A. (TELEFÔNICA S.A.)
ASN: 26599
CIDR Block: 177.172.0.0/14
Geolocation: Brazil (BR), Region MG, City: Crucilandia
Mobile Carrier: Vivo (Telefonica Brasil S.A.)
Connection Type: LTE/5G Mobile Network
RIR: LACNIC

## THREAT INDICATORS

Risk Score: 80/100 (High Risk)
DNSBL Listings: 6 out of 8 total blacklists
Operator Score: 0.1304 (Minimal)
Abuse Confidence: No explicit confidence score provided
Control Plane Risk: Elevated DNSBL presence indicates prior abuse history

## NETWORK FINGERPRINT & SERVICES

Open Ports: TCP/22 (SSH) - OpenSSH_6.7
PTR Hostname: 177-174-125-183.user.vivozap.com.br
Forward Resolution: 177-174-125-183.user.vivozap.com.br
Infrastructure Type: Single-Service Host
TLS Certificate: None detected

## GEOLOCATION VALIDATION ANOMALIES

Critical geolocation inconsistency detected:

Claimed Distance: 9,903.9 km
Minimum Possible RTT: 198.1ms (based on distance)
Observed RTT: 152.0ms (violates physical distance constraints)
Geo Validation: FAILED - Distance data implausible

## OBSERVATION HISTORY ANALYSIS

Total Observations: 22 signal events recorded
Temporal Activity: Recent observations from June 2026
Geolocation Signals: Consistent RTT violations indicating potential spoofing or misconfiguration
Threat Persistence: No persistent malicious activity pattern detected (0 threat persistence days)

## NEIGHBORHOOD ANALYSIS

Subnet: 177.174.125.183/24
Abuse Density: Low (0-1 scale)
Classification: Mostly Clean
Threat Siblings: 1 identified within subnet
Total Siblings: 1 active IP in subnet

## NETWORK RELATIONSHIPS

Total Relationships: 38 detected
Primary Association: Network 184581 (TELEFÔNICA BRASIL S.A.)
Relationship Type: Network-based associations

## RECOMMENDED ACTIONS

Immediate (Critical Severity)

1. Block at Firewall: Implement blocking rules across all security layers

2. Increase Logging: Monitor all traffic from this IP address with enhanced verbosity

3. Review Recent Activity: Analyze any established connections for malicious patterns

Firewall Rules (Ready for Deployment)

iptables: `iptables -A INPUT -s 177.174.125.183 -j DROP`
nftables: `nft add rule inet filter input ip saddr 177.174.125.183 drop`
nginx: `deny 177.174.125.183;`
pfSense: `177.174.125.183/32`
Cloudflare WAF: Block with filter `ip.src eq 177.174.125.183`
AWS WAF: Include `177.174.125.183/32` in IP set

## INTELLIGENCE CONTEXT

This IP represents a high-risk endpoint within a legitimate Brazilian mobile carrier infrastructure. The elevated risk score, combined with multiple DNSBL listings and geolocation validation failures, suggests the IP may be compromised or misconfigured. The SSH service running on an older OpenSSH version (6.7) represents an additional security concern. The IP appears to be part of a residential or single-service host configuration rather than typical datacenter infrastructure.

Recommendation: Treat as confirmed threat requiring immediate blocking. Monitor for associated IPs in the 177.172.0.0/14 block showing similar patterns.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇧🇷 Brazil
Region	MG
City	Crucilandia
Timezone	—
Latitude	-23.63
Longitude	-46.64

🏢 Ownership & Registration

Organization	TELEFÔNICA BRASIL S.A
ASN	AS26599
Network Name	184581
CIDR Block	177.172.0.0/14
RIR	LACNIC
Country	BR
Abuse Contact	—

🌐 DNS Intelligence

PTR	177-174-125-183.user.vivozap.com.br
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`177-174-125-183.user.vivozap.com.br`

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Single-Service Host
Network Tier	Unknown — Insufficient routing data to classify

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_6.7
Closed Ports	25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_6.7

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	29%	2	4
routing	13%	1	1
services	15%	2	2
ownership	19%	2	2
reputation	24%	1	3
geolocation	32%	2	3
Overall	22%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:03:56 UTC
Last Seen	2026-06-26 14:31:14 UTC
Profile Built	2026-06-22 22:17:18 UTC
Data Freshness	Live
Signal Types	21
Total Observations	22

🔍 21 signal types · 22 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

177.174.125.183📋 Copy