177.189.14.105
# INTELLIGENCE BRIEFING: IP 177.189.14.105
## EXECUTIVE SUMMARY
IP address 177.189.14.105 is a low-risk residential telecommunications endpoint located in São Paulo, Brazil, operated by TELEFÔNICA BRASIL S.A. (ASN 27699). The IP is firewalled with no active services, presents minimal threat indicators, and exhibits stable operational characteristics typical of residential broadband infrastructure.
## NETWORK OWNERSHIP & GEOSPIES
Organization: TELEFÔNICA BRASIL S.A
ASN: 27699
CIDR Block: 177.188.0.0/15
Location: São Paulo, SP, Brazil (BR)
Registration: RIR: LACNIC
The IP resolves to a residential DSL hostname (177-189-14-105.dsl.telesp.net.br), indicating a consumer-grade telecommunications connection rather than infrastructure hosting.
## THREAT ASSESSMENT
Risk Score: 25 / 100 (Low Risk)
Abuse Confidence: Not scored
Threat Indicators: None detected
Blacklist Status: Listed on 1 DNSBL out of 8 queried lists
Campaign Association: None
Campaign Likelihood: None
No threat feed matches, known attacker indicators, spam source flags, or Tor exit node characteristics observed.
## NETWORK ROLE & SERVICES
Connection Type: Firewalled / No Services
Open Ports: None detected
Active Services: None
Infrastructure Classification: Residential ISP endpoint
Cloud/CDN/Proxy: Not detected
The endpoint does not host public-facing services and appears configured for inbound traffic filtering.
## OBSERVATION HISTORY
Total Observations: 22
Recent Activity: Signals observed as recent as 2026-06-26
Geolocation Confidence: Moderate (0.52) - Brazil coordinates inferred
Routing Validation: ICMP blocked; geolocation validation unable to complete
Threat Persistence: Zero days of persistent malicious behavior
Classification Stability: Subnet classified as "mostly_clean" with inherited risk score of 2
Historical signals show consistent geolocation to Brazil and stable operational patterns with no escalation in threat signals over the observation period.
## NEIGHBORHOOD ANALYSIS
Subnet: 177.189.14.105/24
Abuse Density: 1 (Low)
Classification: Mostly Clean
Total Siblings: 1
Active Siblings: 1
Threat Siblings: 1
The /24 subnet exhibits minimal abuse density with a single active sibling IP. One threat-related sibling detected within the subnet, suggesting potential localized abuse activity that may warrant contextual awareness.
## RELATIONSHIP GRAPH
Total Relationships: 31
Primary Associations:
- Network: 189195 (multiple same-network relationships)
- DNS Hostname: 177-189-14-105.dsl.telesp.net.br (15 DNS associations)
Relationships indicate standard telecommunications network topology with DNS reverse resolution associations.
## RECOMMENDED ACTIONS
Firewall Rules: No restrictive rules required for this IP based on current risk profile
Monitoring Priority: Standard - No elevated threat activity detected
Block List: Not recommended for blocking; low-risk telecommunications endpoint
## SOC ANALYST NOTES
This IP represents a standard residential broadband connection from a major Brazilian telecommunications provider. The low risk score (25/100), absence of threat indicators, and residential service classification indicate this is not a threat actor endpoint. However, the presence of one threat sibling in the /24 subnet suggests SOC teams should monitor for potential lateral abuse activity within the broader 177.189.14.0/24 subnet. No immediate defensive action required; maintain standard monitoring protocols.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | TELEFÔNICA BRASIL S.A |
| ASN | AS27699 |
| Network Name | 189195 |
| CIDR Block | 177.188.0.0/15 |
| RIR | LACNIC |
| Country | BR |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | 177-189-14-105.dsl.telesp.net.br |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 177-189-14-105.dsl.telesp.net.br |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 20% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 03:43:02 UTC |
| Last Seen | 2026-06-26 14:50:01 UTC |
| Profile Built | 2026-06-26 14:57:03 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 20 |
Full dossier details are available via our API.