41.139.9.9
IP Intelligence Briefing: 41.139.9.9
Date: 2026-06-10
---
**1. Core Profile**
- Risk Score: 55 (Moderate Risk)
- Ownership: Registered to Gregory Eid (ASN 35091), covering 41.139.8.0/21.
- Geolocation:
- Primary Location: Miami, US (per geolocation data).
- Network Provider: Teledata-AS (Ghana, IL), conflicting with US geolocation.
- Threat Indicators: No direct malicious activity detected.
- Network Role: Firewalled / No Services (no open ports, TLS, or HTTP services).
---
**2. Observation History**
- Recent Activity (Last 30 Days):
- DNSBL Listings: Identified in 3/8 DNSBLs (high-severity lists).
- Geolocation Shifts: Conflicting data (Ghanaian provider vs. US city).
- BGP Stability: Unstable route (routeChanges30d = 0, but route stability flagged as "false").
- Temporal Trends: No persistent malicious behavior (threatPersistenceDays = 0).
---
**3. Relationships**
- Network Connections:
- Linked to 41.139.8.0/21 (same subnet).
- No direct ties to known campaigns, organizations, or certificates.
- DNS: No PTR records or domain associations.
---
**4. Neighborhood Analysis**
- Subnet: 41.139.9.9/24.
- Neighbor Risk:
- 41.139.9.5: Risk Score 70 (High Risk).
- 41.139.9.208: Risk Score 55 (Moderate Risk).
- Subnet Abuse Density: 0% (no malicious activity detected in subnet).
---
**5. Recommended Actions**
1. Monitor Neighbors: Investigate 41.139.9.5 (high-risk neighbor) for potentialε ³θ.
2. Verify Geolocation Discrepancy: Confirm if the IP is legitimately in the US or if there is a misconfiguration.
3. Check DNSBL Listings: Validate why the IP is listed in 3 DNSBLs and assess if itβs a false positive.
4. Block High-Risk Neighbors: Consider firewall rules to restrict traffic from 41.139.9.5.
5. Review BGP Stability: Monitor route stability for 41.139.8.0/21 to detect potential network manipulation.
---
Conclusion: The IP exhibits moderate risk due to DNSBL listings and a high-risk neighbor. While no direct malicious activity is observed, the conflicting geolocation and network provider details warrant further investigation. SOC teams should prioritize monitoring the subnet and validating the IPβs legitimacy.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Gregory Eid |
| ASN | AS35091 |
| Network Name | 41.139.8.0 - 41.139.15.255 |
| CIDR Block | 41.139.8.0/21 |
| RIR | AFRINIC |
| Country | GH |
| Abuse Contact | β |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 21% | 2 | 2 |
| reputation | 0% | 0 | 0 |
| geolocation | 13% | 1 | 1 |
| Overall | 12% | 6 | 6 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-23 12:23:40 UTC |
| Last Seen | 2026-06-25 07:55:13 UTC |
| Profile Built | 2026-06-23 20:19:38 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 16 |
Full dossier details are available via our API.