158.173.67.96📋 Copy

# IP INTELLIGENCE BRIEFING: 158.173.67.96/32

## Executive Summary

The IP address 158.173.67.96 presents as a low-risk endpoint associated with VPN Consumer infrastructure in Brussels, Belgium. Current risk scoring indicates minimal threat exposure, though neighborhood context reveals elevated sibling activity within the /24 subnet. No immediate blocking action is recommended; monitor for behavioral changes.

---

## Risk Assessment

• Overall Risk Score: 25 (Low Risk)
• Reputation Classification: Low Risk
• Abuse Confidence: Not scored
• Known Threat Indicators: None detected
• Blacklist Status: 0 active blacklists; 1 DNSBL listing among 8 total checks
• Campaign Association: None identified

Risk Breakdown:

• Provider Score: 0
• Authority Score: 0
• Stability Score: 0

---

## Ownership & Geolocation

• ASN: 212238 (AS3292 TDC A/S)
• Organization: VPN Consumer Brussels, Belgium
• Network Block: 158.173.67.0/24
• Geolocation: Brussels, Belgium (BE)

- Coordinates: 51.26°N, 4.85°E

- Timezone: Europe/Brussels

- Accuracy Radius: 134km

• RIR: ARIN

---

## Network Role & Services

• Classification: Firewalled / No Services
• Infrastructure Type: Not CDN, VPN, Proxy, or Hosting
• Connection Type: Not cloud, mobile, or residential
• Anycast: False
• Bogon: False
• Route Stability: False (route changes observed)
• RPKI State: Not scored
• DNSSEC: Valid

---

## Subnet Neighborhood Analysis (158.173.67.0/24)

• Total Siblings: 80
• Active Siblings: 61
• Threat Siblings: 26
• Abuse Density: 0.325 (Mixed)
• Inherited Risk Score: 13
• Risk Distribution: 0 high, 1 medium, 82 low

Notable High-Risk Siblings:

• 158.173.67.2 (Risk: 25, Authority: 50)
• 158.173.67.6 (Risk: 25, Authority: 50)
• 158.173.67.7 (Risk: 25, Authority: 50)
• 158.173.67.10 (Risk: 25, Authority: 50)

---

## Observed Relationships

• Network Associations: Multiple entries linking to BRUSSELS-BE-158-173-67-0
• Correlated Entities: 0 campaign-correlated IPs
• Certificate Matches: 0
• Banner Matches: 0

---

## Historical Signal Timeline

Total Observations: 17

Recent Activity (2026-06-26):

• 06:41:15 — AlienVault OTX signal (confidence: 0.75) — Potential threat indicators with 3 pulse names
• 06:40:14 — Operator score signal (confidence: 0.30) — Label: Minimal
• 06:40:14 — Comprehensive profile signal (confidence: 0.18) — 6 dimensions covered

Historical Context (2026-06-06):

• Subnet abuse density observed: 0.325 (mixed classification)
• No campaign likelihood or correlated IPs detected at that time

Temporal Indicators:

• Ownership Changes: 0
• Threat Persistence Days: 0
• Threat Observation Count: 0
• Persistently Malicious: False

---

## Security Actions & Recommendations

No specific firewall rules or blocking actions are currently recommended based on the IP's risk profile. The endpoint demonstrates low-risk characteristics with no active threat indicators.

Suggested Monitoring Approach:

• Monitor for shifts in risk score or new threat indicators
• Track DNSBL listing changes (currently 1 of 8 lists)
• Watch for service activation on previously firewalled ports

---

## Threat Intelligence Narrative

The target IP 158.173.67.96 operates within a Brussels-based VPN infrastructure network. Current evidence shows minimal malicious activity, with the IP classified as firewalled and not exposing active services. While the individual IP presents low risk, the parent /24 subnet exhibits a mixed abuse profile with 26 threat siblings among 80 total addresses. Historical signals from June 2026 indicate transient threat associations, though no persistent malicious behavior has been confirmed. The absence of known attacker reputation, Tor exit status, or spam source classification supports a benign operational posture. Security teams should maintain standard monitoring without immediate remediation actions, while remaining aware of the elevated risk context within the broader subnet.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.