41.223.251.150
IP Intelligence Briefing: 41.223.251.150
*Generated via IPDebrief Threat Intelligence Platform*
---
**Core Profile**
- Risk Score: 80 (High Risk)
- Ownership: Assigned to DONHOUEDE Blaise (ASN 37292, afrinic)
- Geolocation: Benin (country code BJ), latitude 9.5, longitude 2.25
- Network Role: Web server (HTTP/HTTPS/SSH services)
- Services:
- Open ports: 80 (HTTP), 443 (HTTPS), 22 (SSH)
- SSH banner: `SSH-2.0-dropbear`
- Server banner: `lighttpd/1.4.39`
---
**Threat Indicators**
- No direct malicious indicators (no malware, phishing, or spam associations).
- Subnet Abuse: 41.223.251.0/24 has high abuse density (0.6667), with 4/6 siblings flagged as risky.
- Historical Observations:
- Minimal risk score (0.15) consistently recorded since June 3, 2026.
- One connection failure observed on June 15, 2026.
---
**Network Relationships**
- Subnet: 41.223.251.0/24 (shared with 6 IPs; 4 active, 2 flagged as risky).
- Neighbors:
- High-risk IPs: 41.223.251.147 (80), 41.223.251.172 (80)
- Medium-risk IPs: 41.223.251.9 (55), 41.223.251.135 (70)
- Low-risk IPs: 41.223.251.166 (70)
---
**Actionable Insights**
1. Monitor Web Services: The HTTP/HTTPS/SSH services may be exploited due to the subnetβs high abuse density.
2. Subnet-Level Threat: The IP is part of a /24 subnet with multiple risky neighbors; consider blocking the entire subnet or isolating the IP.
3. SSH Vulnerabilities: The `dropbear` SSH server may be outdated; check for known exploits (e.g., CVE-2023-46998).
4. Geolocation Anomalies: The IPβs location in Benin is inconsistent with typical web server traffic patterns. Verify if this is a legitimate setup or a spoofed geolocation.
Recommendation: Block the IP in firewalls and investigate the subnet for potential lateral movement or compromised hosts.
---
*Generated from IPDebriefβs full intelligence profile, historical data, and network relationships.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DONHOUEDE Blaise |
| ASN | AS37292 |
| Network Name | 41.223.251.0 - 41.223.251.255 |
| CIDR Block | 41.223.251.0/24 |
| RIR | AFRINIC |
| Country | BJ |
| Abuse Contact | β |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | lighttpd/1.4.39 |
| HTTP Title | β |
| SSH Version | SSH-2.0-dropbear <N"b?4?,Go?Q? V??curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-gro |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 37% | 2 | 5 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 19% | 2 | 2 |
| reputation | 26% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:19 UTC |
| Last Seen | 2026-06-23 12:19:08 UTC |
| Profile Built | 2026-06-23 13:04:09 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.