85.203.21.18
IP Intelligence Briefing: 85.203.21.18
Date: 2026-06-06
---
**1. Risk Profile**
- Overall Risk: Moderate (Risk Score: 40)
- Threat Indicators: No malicious activity detected (no malware, phishing, or C2 indicators).
- Network Classification: Residential/Private (not cloud, CDN, or public infrastructure).
- Geolocation: Singapore (SG), latitude 1.35, longitude 103.82.
---
**2. Ownership & Subnet**
- Registered Owner: Jeroen van Veen (ASN 206092, "VPN-Consumer-Network").
- Subnet: 85.203.21.0/24.
- Abuse Density: Subnet shows moderate abuse risk (0.5762), with 87 of 151 sibling IPs flagged as risky.
---
**3. Observation History**
- Recent Activity:
- Detected as a residential IP with no open services (ports closed).
- Geolocation confirmed via MaxMind and AlienVault OTX.
- No persistent threats or long-term malicious behavior observed.
---
**4. Relationships & Network Context**
- Linked Entities:
- Same network ("VPN-Consumer-Network").
- No ties to known malicious organizations or campaigns.
- Subnet Neighbors:
- 17 active IPs in the subnet, with 87 flagged as risky.
- Inherited subnet risk score: 23.
---
**5. Actionable Insights**
- Monitor Subnet: The 85.203.21.0/24 subnet has a moderate abuse density. Investigate neighboring IPs with high risk scores.
- Verify Ownership: Confirm legitimacy of Jeroen van Veenβs network, as residential IPs can sometimes be abused.
- Geolocation Check: Validate Singaporean origin, as geolocation spoofing could mask malicious activity.
---
Conclusion: This IP is part of a residential network with no direct threats, but its subnet shows elevated risk. SOC teams should monitor for unusual activity in the subnet and validate geolocation and ownership details. No immediate mitigation required, but ongoing surveillance is recommended.
Tools Used: `ipdebrief_profile`, `ipdebrief_history`, `ipdebrief_relationships`, `ipdebrief_neighbors`.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Jeroen van veen |
| ASN | AS206092 |
| Network Name | β |
| CIDR Block | 85.203.21.0/24 |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 5 |
| routing | 20% | 2 | 3 |
| services | 24% | 2 | 3 |
| ownership | 22% | 3 | 4 |
| reputation | 24% | 1 | 4 |
| geolocation | 19% | 2 | 2 |
| Overall | 24% | 12 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-11 08:59:31 UTC |
| Last Seen | 2026-06-26 09:22:35 UTC |
| Profile Built | 2026-06-26 09:24:36 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 25 |
Full dossier details are available via our API.