# IP INTELLIGENCE BRIEFING: 158.173.67.96/32
## Executive Summary
The IP address 158.173.67.96 presents as a low-risk endpoint associated with VPN Consumer infrastructure in Brussels, Belgium. Current risk scoring indicates minimal threat exposure, though neighborhood context reveals elevated sibling activity within the /24 subnet. No immediate blocking action is recommended; monitor for behavioral changes.
---
## Risk Assessment
- Overall Risk Score: 25 (Low Risk)
- Reputation Classification: Low Risk
- Abuse Confidence: Not scored
- Known Threat Indicators: None detected
- Blacklist Status: 0 active blacklists; 1 DNSBL listing among 8 total checks
- Campaign Association: None identified
Risk Breakdown:
- Provider Score: 0
- Authority Score: 0
- Stability Score: 0
---
## Ownership & Geolocation
- ASN: 212238 (AS3292 TDC A/S)
- Organization: VPN Consumer Brussels, Belgium
- Network Block: 158.173.67.0/24
- Geolocation: Brussels, Belgium (BE)
- Coordinates: 51.26°N, 4.85°E
- Timezone: Europe/Brussels
- Accuracy Radius: 134km
- RIR: ARIN
---
## Network Role & Services
- Classification: Firewalled / No Services
- Infrastructure Type: Not CDN, VPN, Proxy, or Hosting
- Connection Type: Not cloud, mobile, or residential
- Anycast: False
- Bogon: False
- Route Stability: False (route changes observed)
- RPKI State: Not scored
- DNSSEC: Valid
---
## Subnet Neighborhood Analysis (158.173.67.0/24)
- Total Siblings: 80
- Active Siblings: 61
- Threat Siblings: 26
- Abuse Density: 0.325 (Mixed)
- Inherited Risk Score: 13
- Risk Distribution: 0 high, 1 medium, 82 low
Notable High-Risk Siblings:
- 158.173.67.2 (Risk: 25, Authority: 50)
- 158.173.67.6 (Risk: 25, Authority: 50)
- 158.173.67.7 (Risk: 25, Authority: 50)
- 158.173.67.10 (Risk: 25, Authority: 50)
---
## Observed Relationships
- Network Associations: Multiple entries linking to BRUSSELS-BE-158-173-67-0
- Correlated Entities: 0 campaign-correlated IPs
- Certificate Matches: 0
- Banner Matches: 0
---
## Historical Signal Timeline
Total Observations: 17
Recent Activity (2026-06-26):
- 06:41:15 โ AlienVault OTX signal (confidence: 0.75) โ Potential threat indicators with 3 pulse names
- 06:40:14 โ Operator score signal (confidence: 0.30) โ Label: Minimal
- 06:40:14 โ Comprehensive profile signal (confidence: 0.18) โ 6 dimensions covered
Historical Context (2026-06-06):
- Subnet abuse density observed: 0.325 (mixed classification)
- No campaign likelihood or correlated IPs detected at that time
Temporal Indicators:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Threat Observation Count: 0
- Persistently Malicious: False
---
## Security Actions & Recommendations
No specific firewall rules or blocking actions are currently recommended based on the IP's risk profile. The endpoint demonstrates low-risk characteristics with no active threat indicators.
Suggested Monitoring Approach:
- Monitor for shifts in risk score or new threat indicators
- Track DNSBL listing changes (currently 1 of 8 lists)
- Watch for service activation on previously firewalled ports
---
## Threat Intelligence Narrative
The target IP 158.173.67.96 operates within a Brussels-based VPN infrastructure network. Current evidence shows minimal malicious activity, with the IP classified as firewalled and not exposing active services. While the individual IP presents low risk, the parent /24 subnet exhibits a mixed abuse profile with 26 threat siblings among 80 total addresses. Historical signals from June 2026 indicate transient threat associations, though no persistent malicious behavior has been confirmed. The absence of known attacker reputation, Tor exit status, or spam source classification supports a benign operational posture. Security teams should maintain standard monitoring without immediate remediation actions, while remaining aware of the elevated risk context within the broader subnet.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | VPN Consumer Brussels, Belgium |
| ASN | AS212238 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 18% | 10 | 13 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 02:50:32 UTC |
| Last Seen | 2026-06-26 06:39:54 UTC |
| Profile Built | 2026-06-26 06:49:21 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 18 |
Full dossier details are available via our API.