95.140.123.4
# IP Intelligence Briefing: 95.140.123.4
Classification: Moderate Risk / Web Server Infrastructure
Date: 2026-06-24
Analyst: IPDebrief Intelligence Unit
---
## Executive Summary
IP address 95.140.123.4 is a web server infrastructure endpoint with a risk score of 55/100, classified as "Moderate Risk." The IP is owned by Igor Stojkovic (ASN 200923) under RIPE NCC registry and is geolocated to New Belgrade, Serbia. While the individual IP shows no direct threat indicators, neighborhood analysis reveals elevated abuse density within the /24 subnet, with one neighboring IP (95.140.123.15) scoring 80/100 as high risk.
---
## Technical Profile
| Attribute | Value |
|---|---|
| **Risk Score** | 55/100 (Moderate Risk) |
| **ASN** | 200923 |
| **Organization** | Igor Stojkovic |
| **RIR** | RIPE |
| **Geolocation** | Serbia (RS), New Belgrade |
| **Coordinates** | 43.99°N, 20.97°E |
| **Network Block** | 95.140.123.0/24 |
| **Service Purpose** | Web Server |
| **Open Ports** | 443/TCP (HTTPS) |
---
## Network Neighborhood Analysis
The /24 subnet (95.140.123.0/24) shows concerning abuse density patterns:
- Abuse Density: 1 (elevated)
- Subnet Classification: Mostly Clean
- Total Siblings: 2
- Active Siblings: 2
- Threat Siblings: 2
- High-Risk Neighbor: 95.140.123.15 (risk score: 80/100, authority score: 50)
The presence of a high-risk sibling IP within the same subnet suggests potential shared infrastructure or coordinated abuse activity.
---
## DNS and Infrastructure Relationships
DNS Associations:
- PTR Hostname: free-123-4.mediaworksit.net
- Hosted Domain: mediaworksit.net
- Forward Resolution: Confirmed (1 hostname)
- SPF Record: Present (hasSPF: true)
- DMARC Record: Absent
Network Relationships:
- Multiple associations to network: EWIRELESS-NET
- DNS associations to hostname: free-123-4.mediaworksit.net (32 relationship records)
---
## Historical Observation Timeline
The IP has generated 21 signal observations, with recent activity recorded on 2026-06-24. Key historical signals include:
- Traceroute validation: 143ms avg RTT, 1320.3km distance from probe location (geographically plausible)
- Connection attempts: HTTPS connections observed on 2026-06-03
- Subnet classification updates: Abuse density tracked at 1 with inherited risk of 5
---
## Control Plane and Routing
- Origin ASN: 200923
- BGP Prefix: 95.140.123.0/24
- Route Stability: False (isRouteStable: false)
- Route Changes (30d): 0
- RPKI State: Not reported
- DNSBL Listings: 3/8 total lists
---
## Threat Indicators
Direct Threat Indicators:
- Blacklist Count: 0
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Campaign Likelihood: None
Abuse Confidence: No specific confidence score reported.
---
## Recommended Actions
Immediate Mitigation
1. Increase logging verbosity and review recent activity from this IP
2. Monitor neighbor IP 95.140.123.15 (risk score 80) for coordinated activity
3. Verify DMARC record for mediaworksit.net domain (currently absent)
Firewall Rules (Recommended)
| System | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 95.140.123.4 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 95.140.123.4 drop` |
| **nginx** | `deny 95.140.123.4;` |
| **pfSense** | `95.140.123.4/32` |
| **Cloudflare WAF** | Block IP with expression: `ip.src eq 95.140.123.4` |
| **AWS WAF** | Add address: `95.140.123.4/32` |
---
## Risk Assessment & SOC Guidance
Primary Concerns:
1. Elevated risk score (55/100) with recommendation to increase monitoring
2. High-risk sibling IP (95.140.123.15) in same /24 subnet suggests potential infrastructure sharing
3. Absence of DMARC record indicates potential email authentication weaknesses
4. Route instability (isRouteStable: false) may indicate dynamic routing or infrastructure changes
Recommendations:
- Monitor for any escalation in risk profile
- Investigate the relationship between 95.140.123.4 and 95.140.123.15
- Verify legitimacy of mediaworksit.net domain ownership
- Implement rate limiting as additional defense layer
Classification Status: Continue monitoring with elevated awareness. No immediate threat indicators detected, but neighborhood context warrants vigilance.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Igor Stojkovic |
| ASN | AS200923 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | free-123-4.mediaworksit.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | free-123-4.mediaworksit.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 19% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 20% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:44 UTC |
| Last Seen | 2026-06-24 02:03:14 UTC |
| Profile Built | 2026-06-24 02:12:21 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 22 |
Full dossier details are available via our API.