41.243.25.136

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 41.243.25.136/32

Classification: Moderate Risk (Score: 55/100)

Reporting Period: Current data through 26 June 2026

---

## 1. Ownership and Geolocation

The IP address 41.243.25.136 is registered to Thomas Fwamini (Organization) under AS37020 (Thomas Fwamini). The address falls within the 41.243.24.0/21 CIDR block registered with AFRINIC. Geolocation data indicates the IP is associated with Kinshasa 1201, Congo DR (CD), though geovalidation shows low confidence (plausibility: false).

Control Plane Data:

Origin ASN: 37020
BGP Prefix: 41.243.25.0/24
Route stability: false (route changes observed)
DNSSEC: Valid
DNSBL listings: 3 of 8 total lists (moderate listing presence)

---

## 2. Network Role and Services

The IP exhibits a firewalled/no services profile. No open ports were detected during scanning. The DNS PTR record resolves to 136-25-243-41.r.airtel.cd, with forward resolution confirming the domain airtel.cd.

Classification Flags:

Not a provider, CDN, VPN, proxy, Tor exit, or hosting service
Not mobile, residential, bogon, or anycast
No TLS certificates or HTTP services detected

---

## 3. Threat Indicators and Reputation

The IP shows a moderate risk profile with the following threat signals:

Abuse Confidence Score: Not quantified
Known Attacker/Spam Source: No
Tor Exit Node: No
Blacklist Count: 0 (traditional blacklists)
DNSBL Listings: 3 lists (control plane data)
Pulse Count: 50 (threat feed activity)
Campaign Matches: 0

Recent observations (26 June 2026) indicate threat-related signals with a pulse count of 50 across multiple threat feeds. The IP has been listed on 8 total reputation lists, with 2 currently active listings showing maximum severity of "medium."

---

## 4. Neighborhood Analysis

The /24 subnet (41.243.25.0/24) shows:

Abuse Density: 0%
Classification: Clean
Threat Siblings: 0
Active Siblings: 0

The IP appears isolated within its subnet with no neighboring threat activity.

---

## 5. Historical Trends

Analysis of 19 observations reveals:

Observation Period: Recent activity concentrated around 26 June 2026
Risk Trajectory: Elevated threat signals detected in most recent observations
Threat Persistence: 0 days (no persistent malicious activity detected)
Ownership Changes: 0 (stable ownership)

The most recent data shows elevated threat indicators with 50 pulse names associated with the IP.

---

## 6. Recommended Actions

Based on risk score 55/100, the following security actions are recommended:

Platform	Action
Firewall (iptables)	`iptables -A INPUT -s 41.243.25.136 -j DROP`
Firewall (nftables)	`nft add rule inet filter input ip saddr 41.243.25.136 drop`
Nginx	`deny 41.243.25.136;`
pfSense	`41.243.25.136/32`
Cloudflare WAF	Block with expression `ip.src eq 41.243.25.136`
AWS WAF	Add to IP set `41.243.25.136/32`

Primary Recommendation: Increase logging verbosity and review recent activity from this IP due to elevated risk score (55/100).

---

## 7. Intelligence Summary

IP 41.243.25.136/32 is a moderately risky address associated with Thomas Fwamini in Kinshasa, Congo DR. The IP exhibits firewalled behavior with no active services but demonstrates elevated threat indicators in recent observations. While the immediate subnet appears clean, the IP has been listed on multiple DNSBLs and shows 50 threat pulse associations. SOC teams should monitor traffic from this address and consider blocking based on organizational risk tolerance.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🌐 CD
Region	Congo DR
City	Kinshasa 1201
Timezone	—
Latitude	0.00
Longitude	25.00

🏢 Ownership & Registration

Organization	Thomas Fwamini
ASN	AS37020
Network Name	41.243.24.0 - 41.243.31.255
CIDR Block	41.243.24.0/21
RIR	AFRINIC
Country	CD
Abuse Contact	—

🌐 DNS Intelligence

PTR	136-25-243-41.r.airtel.cd
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`136-25-243-41.r.airtel.cd`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	15%	2	2
routing	13%	1	1
services	15%	2	2
ownership	19%	2	2
reputation	13%	1	2
geolocation	13%	1	1
Overall	15%	9	10

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-08 23:18:36 UTC
Last Seen	2026-06-25 12:00:22 UTC
Profile Built	2026-06-25 12:09:43 UTC
Data Freshness	Live
Signal Types	17
Total Observations	18

🔍 17 signal types · 18 observations collected

This report is generated from 17+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

41.243.25.136📋 Copy