177.8.252.89
IP INTELLIGENCE BRIEFING: 177.8.252.89/32
SUBJECT: Threat Assessment and Security Recommendations
DATE: Current
SOURCE: IPDebrief Intelligence Platform
---
## EXECUTIVE SUMMARY
IP 177.8.252.89 has been assessed as HIGH RISK with an overall risk score of 80/100. The IP is registered to ISUPER TELECOMUNICACOES INFO LTDA (ASN 263579) in Marialva, Paraná, Brazil. The address is classified as firewalled with no active services, though it exhibits significant threat indicators including multiple DNSBL listings and elevated neighborhood abuse density.
---
## RISK PROFILE
| Metric | Value |
|---|---|
| **Overall Risk Score** | 80/100 (High Risk) |
| **Reputation** | High Risk |
| **Country** | Brazil (BR) |
| **City** | Marialva, Paraná |
| **ASN** | 263579 |
| **Organization** | ISUPER TELECOMUNICACOES INFO LTDA |
| **CIDR Block** | 177.8.252.0/22 |
| **DNSBL Listings** | 4 of 8 total lists |
| **Network Classification** | Firewalled / No Services |
| **Operator Score** | 0.1304 (Minimal) |
---
## THREAT INDICATORS
The IP presents multiple threat signals despite being registered as residential:
- DNSBL Presence: Listed on 4 blacklists with 8 total evaluations
- Abuse Density: The /24 subnet (177.8.252.0/24) shows 14.29% abuse density
- Risk Propagation: Inherited risk score of 2 from subnet context
- Control Plane: Route stability flagged as unstable
- Historical Context: 21 observations recorded; recent activity detected as of June 25, 2026
Notable network associations include 19 DNS entries mapping to hostname 252-089.isuper.com.br, indicating reverse DNS resolution is active despite the IP being classified as residential.
---
## NEIGHBORHOOD ANALYSIS
The /24 subnet contains 6 neighboring IPs with the following risk distribution:
| IP Address | Risk Score | Classification |
|---|---|---|
| 177.8.252.40 | 40 | Medium |
| 177.8.252.41 | 55 | Medium |
| 177.8.252.88 | 55 | Medium |
| 177.8.252.91 | 55 | Medium |
| 177.8.252.109 | 0 | Low |
| 177.8.252.236 | 0 | Low |
Subnet Summary: 4 medium-risk, 2 low-risk neighbors. The elevated density suggests coordinated activity within the block.
---
## OBSERVATION HISTORY
Analysis of 21 historical observations reveals:
- Recent Activity: Multiple signals detected on June 25, 2026, including blacklist listings with "high" severity
- Classification Variance: Historical records show conflicting residential/infrastructure classifications
- Persistence: No persistent malicious behavior pattern identified, but threat observation count remains at 1
- Ownership Stability: No ownership changes recorded
---
## RECOMMENDED ACTIONS
Based on the risk profile (80/100), the following security measures are recommended:
IMMEDIATE (Priority: Critical)
Block at Perimeter:
```bash
# iptables
iptables -A INPUT -s 177.8.252.89 -j DROP
# nftables
nft add rule inet filter input ip saddr 177.8.252.89 drop
# nginx
deny 177.8.252.89;
# Cloudflare WAF
{"description": "Block 177.8.252.89 โ IPDebrief risk score 80", "action": "block", "filter": {"expression": "ip.src eq 177.8.252.89"}}
# AWS WAF
{"Addresses": ["177.8.252.89/32"], "Description": "IPDebrief risk 80"}
```
MONITORING (Priority: High)
- Increase logging verbosity for all traffic from this IP range
- Review recent activity logs from the past 7 days
- Correlate with any blocked or denied traffic events
- Monitor for additional IPs from the 177.8.252.0/24 subnet
---
## INTELLIGENCE CONTEXT
The IP resides in a subnet with moderate abuse density (14.29%). While the specific address shows no active service banners or open ports, its reputation score and DNSBL presence indicate prior abuse activity. The relationship graph shows 33 associations, predominantly network-level and DNS-based, with no direct organizational or certificate links identified.
Threat Level: HIGH โ Block and monitor. Review historical logs for correlated incidents.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ISUPER TELECOMUNICACOES INFO LTDA |
| ASN | AS263579 |
| Network Name | 213710 |
| CIDR Block | 177.8.252.0/22 |
| RIR | LACNIC |
| Country | BR |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | 252-089.isuper.com.br |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 252-089.isuper.com.br |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Residential Endpoint |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 19% | 1 | 2 |
| services | 8% | 1 | 1 |
| ownership | 15% | 2 | 2 |
| reputation | 25% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 20% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 05:01:51 UTC |
| Last Seen | 2026-06-25 02:24:11 UTC |
| Profile Built | 2026-06-25 02:45:18 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.