41.215.146.195
IP Intelligence Briefing: 41.215.146.195
*Generated via IPDebrief analysis*
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Ownership:
- ASN: 19711
- Organization: Musa Tsela
- Netblock: 41.215.144.0/22 (Swaziland, SZ)
- Geolocation:
- Country: Swaziland (SZ)
- City: Mbabane
- Coordinates: -26.32° latitude, 31.13° longitude
- Network Role:
- Web Server (HTTP/HTTPS, SSH)
- TLS Certificate: Issued to *sage.gsh.org.sz* (Sectigo CA)
- Server Banner: Microsoft-IIS/10.0
---
**2. Threat Indicators**
- No direct malicious indicators (no malware, spam, or known attacker associations).
- DNSSEC Valid: Resolves with DNSSEC validation.
- BGP Prefix: 41.215.144.0/20 (owned by Musa Tsela, Swaziland).
---
**3. Observation History (Last 30 Days)**
- Geo Validation: Plausible (435β445ms RTT, ~9,077km distance from probe).
- Network Stability:
- 0 route changes in 30 days.
- Subnet abuse density: 1 (low risk).
- Services:
- Open ports: 80 (HTTP), 443 (HTTPS), 22 (SSH), 8443 (HTTPS-alt).
- IIS server with ASP.NET, no HSTS or CSP headers.
---
**4. Relationships & Neighbors**
- Network Relationships:
- Linked to 41.215.144.0/22 (same subnet).
- No direct connections to known malicious entities.
- Neighboring IPs:
- Subnet 41.215.146.195/24 shows 0 abuse density.
- No active or threat siblings reported.
---
**5. Recommendations**
- Monitor Traffic: Track unusual activity on ports 80/443 due to high exposure.
- Verify Certificate: Confirm validity of *sage.gsh.org.sz* TLS certificate.
- Check Subnet: Investigate 41.215.144.0/22 for potential collateral risks.
- Firewall Rules: Consider blocking non-essential ports (e.g., 8443) unless required.
---
Note: While the IP has a high risk score, no direct malicious activity is observed. Further analysis of the subnet and network behavior is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Musa Tsela |
| ASN | AS19711 |
| Network Name | 41.215.144.0 - 41.215.147.255 |
| CIDR Block | 41.215.144.0/22 |
| RIR | AFRINIC |
| Country | SZ |
| Abuse Contact | β |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| 8443 | https-alt | tcp | β |
| Closed Ports | 25, 3389, 8080 (4 open / 7 scanned) | ||
| Server | Microsoft-IIS/10.0 |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_for_Windows_9.5 |
π TLS Certificate
| SANs | sage.gsh.org.sz |
| Valid From | 2026-03-04T00:00:00+00:00 |
| Valid Until | 2027-02-20T23:59:59+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 353 days |
| Serial Number | 009107A256E09579EF59203C3C16C87671 |
| Thumbprint | 23E7A933690E1B146817BC765355CD96ECB9F945 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 4 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 13% | 1 | 1 |
| Overall | 21% | 9 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-15 20:48:01 UTC |
| Last Seen | 2026-06-26 18:11:17 UTC |
| Profile Built | 2026-06-26 09:01:51 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.