95.141.17.194📋 Copy

# INTELLIGENCE BRIEFING: 95.141.17.194/32

Date: 2026-06-24

Classification: Moderate Risk / High-Abuse Context

Target IP: 95.141.17.194/32

---

## 1. OWNERSHIP & GEOGRAPHY

The target IP belongs to ASN 202596 (G.Network Administrators), registered under RIR RIPE. Geolocation data identifies the IP as located in England, City of London, GB. DNS resolution points to the hostname 95.141.17.194.g.network within the g.network domain infrastructure. Email authentication records show SPF and DMARC configurations present.

Key Attributes:

• Organization: G.Network Administrators
• Country: United Kingdom (GB)
• City: City of London
• RIR: RIPE
• CIDR Block: 95.141.17.0/24

---

## 2. RISK ASSESSMENT

Current Risk Profile:

• Overall Risk Score: 50/100 (Moderate Risk)
• Operator Score: 0.1304 (Minimal)
• Blacklist Count: 0 current listings
• Reputation Label: Moderate Risk

Control Plane Indicators:

• Route stability: Unstable (isRouteStable: false)
• DNSBL status: Listed on 1 of 8 total lists checked
• BGP prefix: 95.141.16.0/20
• Route changes (30-day): 0

---

## 3. CRITICAL CONTEXTUAL RISK: SUBNET ANALYSIS

Subnet: 95.141.17.0/24

Analysis: The target IP resides in a subnet exhibiting severe abuse characteristics. The 71% abuse density indicates that 182 of 256 addresses in this /24 have been observed with malicious activity. This contextual risk significantly elevates the threat posture beyond the IP's individual risk score of 50. Network defenders should treat all traffic from this subnet with heightened scrutiny.

---

## 4. NETWORK SERVICES & THREAT INDICATORS

Service Discovery:

• Open Ports: None detected
• TLS Certificate: Not detected
• HTTP Title: Not detected
• Service Purpose: Firewalled / No Services

Threat Indicators:

• Tor Exit Node: No
• Known Attacker: No
• Spam Source: No
• Is Proxy: No
• Is Hosting: No

Campaign Intelligence:

• Threat Campaigns: None correlated
• Certificate Matches: 0
• Banner Matches: 0
• Correlated IPs: 0

---

## 5. OBSERVATION HISTORY

Historical Activity: 22 total observations recorded

Notable Timeline Events:

• 2026-06-24 05:55 UTC: Recent observation with minimal operator score (0.13)
• 2026-06-04 17:51 UTC: Comprehensive signal observation across 6 dimensions
• 2026-06-03 23:51 UTC: Blacklist listing detected across 8 total lists (2 active listings with high severity)

Temporal Analysis:

• Ownership changes: 0
• Threat persistence days: 0
• Threat observation count: 1
• Persistently malicious: No

---

## 6. RELATIONSHIP MAPPING

Relationships Identified: 66 total

• Primary association: UK-GNETWORK-188 network
• Multiple "Same Network" type relationships detected
• No anomalous external network associations

---

## 7. RECOMMENDATIONS FOR SOC ANALYSTS

Immediate Actions:

1. Block or Rate-Limit: Consider blocking inbound connections to this subnet (95.141.17.0/24) given the 71% abuse density

2. Monitor Outbound: Investigate any outbound connections FROM hosts on this subnet to external networks

3. Log All Traffic: Enable comprehensive logging for all traffic to/from this IP range

Network Defense Rules:

• Add to firewall blocklist: `95.141.17.0/24`
• Apply monitoring rules for traffic patterns from this subnet
• Alert on any established sessions with this IP range

Further Investigation:

• Correlate with threat intelligence feeds for active campaigns involving this ASN
• Review any historical incident logs for connections from this subnet
• Consider requesting AS path filtering from upstream providers

---

Report Generated By: IPDebrief Intelligence Platform

Data Sources: 6+ intelligence feeds, 22 historical observations, 66 relationship mappings

Classification Level: Internal Security Use Only

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.