102.64.41.67
# IP Intelligence Briefing: 102.64.41.67/32
Classification: Moderate Risk | Date: 2026-06-26
## Executive Summary
IP address 102.64.41.67 presents a moderate risk profile with an overall risk score of 40. The IP is classified as a residential/ISP endpoint associated with Jacobus De Beer in Vanderbijlpark, South Africa. The address exhibits firewalled behavior with no active services detected. Neighborhood analysis indicates elevated abuse density (22.45%) within the /24 subnet, with 11 of 49 sibling IPs flagged as threats.
## Ownership and Geolocation
- Organization: Jacobus De Beer (ASN 327991)
- Network Block: 102.64.41.0 - 102.64.41.255
- Registry: AFRINIC
- Geolocation: South Africa (ZA), Gauteng Province, Vanderbijlpark
- DNS PTR: ms-41-67.megasurf.co.za
- Forward Resolution: Confirmed to ms-41-67.megasurf.co.za
- IP Purpose: Firewalled / No Services
## Network Classification and Services
- Open Ports: None detected
- TLS Certificate: None
- HTTP Service: None
- Network Role: Residential/ISP endpoint
- Cloud/CDN/Proxy: Negative indicators
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
## Threat Indicators
- Risk Score: 40 (Moderate)
- Blacklist Count: 0
- DNSBL Listed: 2 of 8 total lists
- Threat Feeds: No active matches
- Known Campaigns: None correlated
- Tor Exit Node: False
- Abuse Confidence Score: Not calculated
## Neighborhood Context (102.64.41.0/24)
- Abuse Density: 22.45%
- Subnet Classification: Mixed
- Total Sibling IPs: 49
- Active Sibling IPs: 8
- Threat Sibling IPs: 11
- Inherited Risk Score: 8
- Risk Distribution: 4 high, 41 medium, 14 low risk neighbors
## Relationship Graph
The IP maintains 23 recorded relationships, primarily DNS associations to ms-41-67.megasurf.co.za and network affiliations to the 102.64.41.0/24 subnet block.
## Historical Analysis
Analysis revealed 18 signal observations since first detection. Key temporal indicators include:
- Most Recent Activity: 2026-06-26
- Geolocation Stability: Consistent South African attribution across observations
- Ownership Changes: Zero recorded changes
- Threat Persistence: 0 days
- Signal Types Observed: Network classification, DNSSEC validation, threat indicators, and geolocation signals
The IP demonstrates stable ownership with no persistent malicious activity detected in the observation history.
## Recommended Security Actions
Based on the elevated risk score of 55 and neighborhood context, the following remediation steps are recommended:
1. Firewall Rules: Implement blocking at perimeter:
- iptables: `iptables -A INPUT -s 102.64.41.67 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 102.64.41.67 drop`
- nginx: `deny 102.64.41.67;`
2. Cloud Platform Controls:
- Cloudflare WAF: Block with expression `ip.src eq 102.64.41.67`
- AWS WAF: Add IP to deny list with description "IPDebrief risk 55"
3. Monitoring Enhancements: Increase logging verbosity and review recent activity from this IP source due to elevated risk classification.
## Intelligence Assessment
This IP represents a residential endpoint in a moderately risky subnet. While the IP itself shows no active malicious indicators and no open services, the neighborhood context suggests potential for abuse. The DNSBL listings and moderate risk score warrant defensive blocking at the perimeter. The IP's association with Jacobus De Beer indicates residential/ISP usage rather than dedicated hosting infrastructure.
Priority: Monitor | Action: Block recommended based on neighborhood risk and DNSBL listings.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Jacobus De Beer |
| ASN | AS327991 |
| Network Name | 102.64.41.0 - 102.64.41.255 |
| CIDR Block | 102.64.41.0/24 |
| RIR | AFRINIC |
| Country | ZA |
| Abuse Contact | β |
π DNS Intelligence
| PTR | ms-41-67.megasurf.co.za |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ms-41-67.megasurf.co.za |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 13% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 16% | 10 | 11 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-11 21:09:34 UTC |
| Last Seen | 2026-06-26 11:34:49 UTC |
| Profile Built | 2026-06-26 11:43:58 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 18 |
Full dossier details are available via our API.