41.211.21.49
IP Intelligence Briefing: 41.211.21.49/32
*Generated via IPDebrief Threat Intelligence Platform*
---
**Risk Profile**
- Risk Score: 80/100 (High Risk)
- Ownership: Registered to Gregory Eid (ASN 35091, Teledata-AS, Ghana)
- Geolocation: Geolocated to Ghana (GH) via MaxMind, but ownership tied to a U.S.-based ISP (Comcast/Lumen).
- Threat Indicators: No direct malware, phishing, or C2 indicators. Listed in 3/8 DNSBLs (abuse confidence score: 0.2857).
---
**Network Behavior**
- Subnet: 41.211.20.0/22 (mixed classification, 6 neighbors).
- Abuse Density: 16.7% (1 high-risk, 5 medium-risk neighbors).
- Services: No open ports, TLS certs, or HTTP services detected.
- Routing: BGP prefix stable (41.211.20.0/22), but DNSSEC validation is enabled.
---
**Observation History**
- Recent Activity:
- Listed in 3 DNSBLs (e.g., Spamhaus, Emerging Threats) since 2026-06-09.
- Geolocation data mismatch: Ownership (Ghana) vs. geolocation (U.S.).
- No persistent threat activity or campaign correlations.
---
**Recommended Actions**
1. Block the IP:
- Apply firewall rules (iptables/nftables/Cloudflare WAF) to block 41.211.21.49.
- Example: `iptables -A INPUT -s 41.211.21.49 -j DROP`.
2. Monitor Subnet:
- Investigate 41.211.20.0/22 for potential lateral movement or abuse.
3. Verify Ownership:
- Confirm if Gregory Eidβs ASN (35091) is misconfigured or compromised.
4. Check DNSBL Listings:
- Validate the IPβs presence in DNSBLs and assess if itβs a false positive.
---
**Summary**
This IP exhibits a high risk score due to DNSBL listings and ownership/geolocation discrepancies. While no direct malicious activity is observed, its association with a Ghanaian ASN and U.S. geolocation suggests potential misconfiguration or spoofing. Block the IP immediately and monitor its subnet for further anomalies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Gregory Eid |
| ASN | AS35091 |
| Network Name | 41.211.20.0 - 41.211.23.255 |
| CIDR Block | 41.211.20.0/22 |
| RIR | AFRINIC |
| Country | GH |
| Abuse Contact | β |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 13% | 1 | 1 |
| geolocation | 17% | 1 | 1 |
| Overall | 16% | 8 | 8 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 03:09:49 UTC |
| Last Seen | 2026-06-14 23:36:52 UTC |
| Profile Built | 2026-06-09 18:13:06 UTC |
| Data Freshness | Live |
| Signal Types | 14 |
| Total Observations | 14 |
Full dossier details are available via our API.