Dashboard›🇲🇿 MZ›41.220.201.64

THREAT REPORT

IP Threat Report
41.220.201.64

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-27 20:37:01

First seen: 2026-03-03 18:00:05

Last seen: 2026-03-03 18:00:05

Geolocation & Classification

IP Address

41.220.201.64

Type

Mobile

Country

🇲🇿 MZ

City

Maputo

ISP

Tmcel-Mobileglobal201

Organization

Unknown

Autonomous System

AS30619 TMCEL - Moçambique Telecom, SA

Hit Count

Detection Signatures

Signature	Description	Points
Danger strong hits: 3	High-risk paths: shells, RCE vectors, exploits	+75
Danger medium hits: 2	Medium-risk: admin panels, config files	+20
POST requests present	Behavioral anomaly detected by automated analysis	+8

Σ = 103

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]

GET

200

Requests shown: 1 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

Timeline

2026-03-03 18:00:05

First malicious request detected

IP entered monitoring from server access logs

During observation

Multiple detection signatures triggered

Danger strong hits: 3 (+75), Danger medium hits: 2 (+20), POST requests present (+8)

2026-03-03 18:00:05

Last malicious request observed

Total score reached: 103/100

Next cycle

IP blocked — all subsequent requests denied (HTTP 403)

Added to blocklist automatically

Network Provider

Tmcel-Mobileglobal201

AS30619 · 🇲🇿 MZ

Recommendations

Actions taken & recommended

IP 41.220.201.64 is blocked at application level (HTTP 403)
Consider blocking at firewall level (iptables/CSF) to reduce server load
Report abuse to the network provider via their abuse contact
Ensure sensitive files (.env, .git, backups) are not accessible from the web

⚙️ Defensive Recommendations

Block 41.220.201.64 at the network perimeter. Implement defense-in-depth combining IP blocking with application-layer protections.

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

⛔ LISTED

Spamhaus ZEN

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

Threat Analysis

41.220.201.64 has been assigned a threat score of 103/100 (Critical). This places it in the critical threat category. Immediate blocking is strongly advised across all network perimeters.

📊 Threat Analysis

Threat intelligence analysis has linked 41.220.201.64 to malicious activity originating from Maputo, MZ, operating on the network of Tmcel-Mobileglobal201. The address has been under observation since its initial detection. Over a period of 1 days, this IP generated 2 malicious requests, averaging approximately 2 requests per day. This is a mobile network IP. While mobile addresses are typically shared via CGNAT, persistent malicious activity from this specific address suggests automated abuse. MZ currently accounts for 22 blocked IPs in our database, making it a notable source of malicious traffic. A score of 103/100 places this address in the top tier of severity. Block and investigate any historical connections.

Related Threats

🇲🇿 Top threats from MZ

197.218.73.155 (103)197.249.127.179 (103)216.234.211.225 (103)41.76.151.162 (103)197.219.150.172 (103)View all →

🏢 Same network: AS30619

41.220.200.134 (103)41.220.200.223 (68)View all →

Security Intelligence

💡 File Upload Vulnerabilities

Insecure file upload functionality allows attackers to upload web shells, malware, or scripts that execute on the server. Proper validation must check file content, not just extensions, and uploaded files should be stored outside the web root.

💡 Subdomain Takeover Vulnerabilities

Subdomain takeover occurs when DNS records point to decommissioned services. Attackers claim the abandoned resource and serve content under the trusted domain, enabling cookie theft, phishing, and reputation damage.

🔍 Check Any IP Address

Share this report:

IP Threat Report41.220.201.64

⛔ Verdict: BLOCK