177.44.71.3
# IPDebrief Intelligence Briefing: 177.44.71.3/32
## Executive Summary
IP address 177.44.71.3/32 is classified as Moderate Risk (risk score: 55/100) with evidence of malicious activity. The IP belongs to MASTER S/A (ASN 28202) within the 177.44.0.0/17 block in Brazil. While the IP itself is firewalled with no active services, it is listed on 3 of 8 DNSBLs and exists within a subnet showing elevated abuse density.
---
## Ownership & Infrastructure
- Organization: MASTER S/A
- ASN: 28202
- CIDR Block: 177.44.0.0/17
- RIR: LACNIC
- PTR Record: 177-44-71-3.ija-wr.mastercabo.com.br
- Forward Resolution: 177-44-71-3.ija-wr.mastercabo.com.br (unconfirmed)
- Service Status: Firewalled / No Services
---
## Threat Indicators
- DNSBL Listings: 3/8 total lists (moderate listing rate)
- Abuse Confidence: Listed on threat feeds
- Campaign Association: None detected
- Known Attacker/Spam Source: Not flagged
- Tor Exit Node: No
- Blacklist Count: 0 (traditional blacklists)
---
## Geolocation Data
- Country: Brazil (BR)
- Region: Minas Gerais (MG)
- City: Itajuba
- Accuracy Radius: 2500km
- Geolocation Validity: Unreliable (distance validation failure: 9476km vs plausible minimum RTT)
---
## Neighborhood Analysis
The /24 subnet (177.44.71.3/24) shows concerning patterns:
- Total Siblings: 97 IPs
- Active Siblings: 54
- Threat Siblings: 44
- Abuse Density: 0.4536 (high)
- Classification: Mixed
- Risk Distribution: 15 high-risk, 71 medium-risk, 10 low-risk IPs
Notable high-risk neighbors include:
- 177.44.71.6 (risk: 80/100)
- 177.44.71.7 (risk: 80/100)
- 177.44.71.10 (risk: 80/100)
---
## Control Plane & Routing
- BGP Prefix: 177.44.0.0/17
- Route Stability: Unstable
- 30-Day Route Changes: 0
- RPKI State: Not verified
- DNSSEC Valid: Yes
- Operator Score: 0.1304 (Minimal)
---
## Service & Network Role
- Infrastructure Type: Not CDN, VPN, proxy, or hosting
- Cloud Provider: No
- Mobile Carrier: No
- Open Ports: None detected
- TLS Certificate: None
- HTTP Response: None
---
## Observed Signals (21 Observations)
Recent observations indicate:
- 2026-06-22: DNSBL listings detected (8 total lists, 3 active, high severity)
- 2026-06-22: Operator score evaluated as "Minimal"
- 2026-06-17: Subnet abuse density flagged at 0.4536 with mixed classification
---
## Recommended Actions
Monitoring
- Increase logging verbosity and review recent activity from this IP
- Severity: High (elevated risk score 55/100)
Firewall Rules
iptables:
```bash
iptables -A INPUT -s 177.44.71.3 -j DROP
```
nftables:
```bash
nft add rule inet filter input ip saddr 177.44.71.3 drop
```
nginx:
```nginx
deny 177.44.71.3;
```
pfSense:
```
177.44.71.3/32
```
Cloudflare WAF:
```json
{
"description": "Block 177.44.71.3 โ IPDebrief risk score 55",
"action": "block",
"filter": {
"expression": "ip.src eq 177.44.71.3"
}
}
```
AWS WAF:
```json
{
"Addresses": ["177.44.71.3/32"],
"Description": "IPDebrief risk 55"
}
```
---
## Intelligence Assessment
This IP is not actively serving web services but maintains a threat profile through DNSBL listings. The subnet environment shows significant abuse activity with nearly half of active siblings flagged as threats. The IP should be considered for blocking due to its moderate risk classification and neighborhood correlation. Further investigation of the /24 subnet is recommended to identify additional threat actors.
Classification: Moderate Risk โ Monitor/Block
Priority: Medium
Status: Active Threat Indicator
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | MASTER S/A |
| ASN | AS28202 |
| Network Name | 160458 |
| CIDR Block | 177.44.0.0/17 |
| RIR | LACNIC |
| Country | BR |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | 177-44-71-3.ija-wr.mastercabo.com.br |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 177-44-71-3.ija-wr.mastercabo.com.br |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 23% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:56 UTC |
| Last Seen | 2026-06-26 18:10:49 UTC |
| Profile Built | 2026-06-22 22:26:03 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.