## IP Intelligence Briefing: 95.141.17.238/32
Date: Intelligence compiled from live IPDebrief data
Classification: Moderate Risk / High-Abuse Neighborhood
Executive Summary
IP address 95.141.17.238 is a UK-based address assigned to G.Network Administrators (ASN 202596) with a risk score of 50. The IP operates in a high-abuse subnet (95.141.17.0/24) exhibiting elevated malicious activity. While the target itself shows no active services or direct threat indicators, the surrounding neighborhood demonstrates significant abuse density (0.7109), with 182 of 256 sibling IPs flagged as threats.
Risk Profile
- Risk Score: 50 (Moderate Risk)
- Provider/Authority Scores: 0 (null provider classification)
- Geolocation: England, City of London (GB)
- Organization: G.Network Administrators, RIR RIPE
- Network Role: Firewalled / No Services
- Known Threat Indicators: None detected
- Blacklist Status: Listed on 2 of 8 DNSBL lists
- Campaign Association: None identified
Neighborhood Intelligence
The /24 subnet 95.141.17.0/24 demonstrates concerning abuse characteristics:
- Abuse Density: 0.7109 (High)
- Classification: high_abuse
- Threat Siblings: 182
- Active Siblings: 133
- Risk Distribution: 0 High, 99 Medium, 1 Low
All neighboring IPs within the subnet returned risk scores of 50 with authority scores of 50, indicating systemic abuse patterns across the block rather than isolated incidents.
Historical Signals
Analysis of 23 historical observations reveals:
- Recent activity detected as of June 2026
- Neighborhood abuse classification consistently flagged at 0.7109
- ICMP validation failed (blocked)
- No persistent malicious activity detected
- Geographic validation plausible (471.1 km from reference point)
Relationships
102 relationship entities identified, including multiple Same Network relationships to network block UK-GNETWORK-188.
Recommended Actions
Based on risk score 50 and high-abuse neighborhood context, the following blocking rules are recommended:
```bash
# iptables
iptables -A INPUT -s 95.141.17.238 -j DROP
# nftables
nft add rule inet filter input ip saddr 95.141.17.238 drop
# nginx
deny 95.141.17.238;
# pfSense
95.141.17.238/32
# Cloudflare WAF
{"description":"Block 95.141.17.238 โ IPDebrief risk score 50", "action":"block", "filter":{"expression":"ip.src eq 95.141.17.238"}}
# AWS WAF
{"Addresses":["95.141.17.238/32"], "Description":"IPDebrief risk 50"}
```
SOC Analyst Notes
While the IP shows no direct threat indicators (no open ports, no known attacks, no spam activity), the high-abuse subnet context warrants defensive blocking. Consider monitoring the /24 block for broader campaign activity. The 182 threat siblings in this subnet may warrant additional correlation analysis to identify coordinated attack patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | G.Network Administrators |
| ASN | AS202596 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 95.141.17.238.g.network |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 95.141.17.238.g.network |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:51 UTC |
| Last Seen | 2026-06-26 18:11:51 UTC |
| Profile Built | 2026-06-24 20:45:04 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.