2.110.116.170
# Intelligence Briefing: 2.110.116.170/32
Classification: Low Risk Infrastructure Address
Date: June 6, 2026
Target: 2.110.116.170
## Executive Summary
Target IP 2.110.116.170 is a low-risk infrastructure address belonging to Hiper - Hiper A/S (ASN 203953) in Denmark. The address is geolocated to Vedbaek, DK, and is currently classified as "Firewalled / No Services" with no open ports or active services detected. Risk assessment yields a score of 25 (Low Risk) with no known malicious activity indicators.
## Ownership and Geolocation
| Field | Value |
|---|---|
| **ASN** | 203953 |
| **Organization** | Hiper - Hiper A/S, DK |
| **Country** | Denmark (DK) |
| **City** | Vedbaek |
| **Region** | 84 |
| **RIR** | RIPE |
| **BGP Prefix** | 2.110.64.0/18 |
| **Network Role** | Provider/Infrastructure |
The ASN was allocated on 2010-05-04. Abuse contact information is available via RDAP.
## Threat Assessment
- Risk Score: 25 (Low Risk)
- Reputation: Low Risk
- Abuse Confidence Score: Not available
- Blacklist Status: Not listed (0/0 feeds)
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Campaign Involvement: None detected
The IP shows minimal threat indicators with no known campaigns or associated malicious activity in threat feeds. DNSBL listing count is 1 out of 8 total lists checked.
## Network Behavior and Services
- Open Ports: None detected
- HTTP/HTTPS Services: None
- TLS Certificates: None
- PTR Records: None
- Forward Resolution: No DNS records
- Service Purpose: Firewalled / No Services
The address appears to be a passive infrastructure endpoint with no active service enumeration.
## Control Plane Analysis
- Origin ASN: 203953
- BGP Prefix: 2.110.64.0/18
- Route Stability: Unstable
- MoAS Status: No
- RPKI State: Not available
- DNSSEC: Valid
- Operator Score: 0.1304 (Minimal)
- Delegation Age: Not available
- IRR Consistency: Not available
## Observation History
The IP has 15 recorded observations as of June 6, 2026. Key findings:
- ASN Verification: Multiple sources (Cymru, AlienVault) consistently identify ASN 203953
- Geolocation: Denmark (DK) confirmed across multiple signals; coordinates ~56.26°N, 9.5°E
- Threat Signals: 1 threat observation recorded; not persistently malicious
- Ownership Stability: No ownership changes detected
- Persistence: 0 threat persistence days
Recent signals show varying confidence levels (0.21-0.85) with geolocation and ASN data being most reliable.
## Network Neighborhood
- Subnet: 2.110.116.170/24
- Abuse Density: 1 (Low)
- Classification: Mostly Clean
- Total Siblings: 1
- Active Siblings: 0
- Threat Siblings: 1
- Risk Distribution: High: 0, Medium: 0, Low: 0
The /24 subnet contains minimal abuse density with no active sibling IPs. One threat sibling was identified in the neighborhood.
## Relationships
The IP has 13 recorded relationships, all categorized as "Same Network" to target "Hiper-20250917-1," indicating internal network segmentation or organizational identifiers within the Hiper infrastructure.
## Recommended Actions
- No immediate firewall rules recommended based on current low-risk profile
- Monitor for service enumeration if the address begins showing open ports
- Cross-reference with threat intelligence feeds periodically
- No blocking required at this time
## Analyst Notes
The IP represents legitimate infrastructure for Hiper - Hiper A/S, a Danish telecommunications provider. The address shows minimal activity and no evidence of malicious use. While the control plane indicates route instability, this does not correlate with malicious behavior. SOC teams should maintain standard monitoring but no elevated threat response is warranted at this time.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | mnt-dk-nuuday-1 |
| ASN | AS203953 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 18% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 08:58:23 UTC |
| Last Seen | 2026-06-26 08:38:05 UTC |
| Profile Built | 2026-06-26 08:44:46 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 16 |
Full dossier details are available via our API.