85.203.23.184
## IP Intelligence Briefing: 85.203.23.184/32
Classification: MODERATE RISK - Contextual Threat Elevation from Subnet
Risk Score: 40/100
Analysis Date: 2026-06-23
---
EXECUTIVE SUMMARY
IP address 85.203.23.184 presents a moderate-risk profile with contextual threat elevation derived from subnet-level abuse patterns. The address is currently firewalled with no active services but operates within a high-abuse density subnet (85.203.23.0/24) containing 79 identified threat siblings. Geographic inconsistencies between registered location (Singapore) and routing data (Dallas, US) warrant monitoring.
---
NETWORK OWNERSHIP & GEOLOCATION
Ownership:
- ASN: 137409
- Organization: VPN Consumer Singapore, Republic of Singapore
- RIR: RIPE
- Registration: Singapore-based
Geolocation Analysis:
- Primary consensus: Singapore (SG), coordinates 1.35°N, 103.82°E
- Historical signal (2026-06-18): Dallas, TX, US via AS36351 SoftLayer Technologies
- Routing origin: BGP prefix 85.203.23.0/24
- Notable: Geographic inconsistency between Singapore registration and US routing indicates potential multi-region infrastructure or routing anomalies
---
THREAT ASSESSMENT
Threat Indicators:
- Known attacker: No
- Spam source: No
- Tor exit node: No
- Proxy: No
- Host: No
- Blacklist count: 0 (control plane shows 1/8 DNSBL listings)
Risk Profile:
- Risk score: 40 (Moderate)
- Abuse confidence score: Not applicable
- Threat persistence: 0 days
- Is persistently malicious: No
---
NETWORK STATE & SERVICES
Service Status:
- Open ports: None detected
- Service classification: Firewalled / No Services
- TLS certificates: None
- HTTP services: None
DNS Analysis:
- PTR records: None
- Forward resolution: None
- Hosted domains: 0
- SPF/DMARC: Not configured
- Forward hostnames: None
Control Plane:
- Operator score: 0.1304 (Minimal)
- Route stability: False
- DNSSEC validation: True
- Route changes (30d): 0
---
SUBNET CONTEXT (85.203.23.0/24)
Abuse Density: 0.5032 (High Abuse Classification)
Subnet Statistics:
- Total sibling IPs: 157
- Active siblings: 49
- Threat siblings: 79
Risk Distribution:
- High risk: 0
- Medium risk: 53
- Low risk: 47
Implication: The subnet demonstrates elevated abuse activity. While 85.203.23.184 itself shows no active services, the contextual risk from neighboring addresses (including 85.203.23.50-57 with matching risk scores of 40) suggests this subnet warrants defensive attention.
---
OBSERVATION HISTORY
Signal Count: 18 observations
Recent Trend (2026-06-23): Minimal risk (0.15 operator score)
Historical Note: 2026-06-18 showed Dallas, TX geolocation with threat associations (AS36351)
Temporal Analysis:
- Ownership changes: 0
- Threat observation count: 1
- Classification: Not persistently malicious
---
RELATIONSHIP ANALYSIS
External Connections: 13 relationship entries
- All relationships classified as "Same Network"
- No external organization, hostname, or certificate associations
- No correlated threat campaigns identified
---
RECOMMENDED ACTIONS
Defensive Posture:
1. Monitor subnet traffic patterns β High abuse density (0.5032) with 79 threat siblings suggests coordinated or adjacent malicious activity
2. Implement geo-blocking or rate-limiting for traffic originating from 85.203.23.0/24, particularly given geographic inconsistencies
3. Block or throttle if observed traffic patterns align with the subnet's abuse profile
4. Continue monitoring for service emergence β currently firewalled but could be repurposed
Firewall Rules (Recommended):
```bash
# Block subnet origin (high-abuse density context)
iptables -A INPUT -s 85.203.23.0/24 -j DROP
# OR implement rate limiting
iptables -A INPUT -s 85.203.23.0/24 -m limit --limit 5/min -j ACCEPT
# OR allow with logging for monitoring
iptables -A INPUT -s 85.203.23.0/24 -j LOG --log-prefix "85.203.23.0/24:"
```
---
INTELLIGENCE JUDGMENT
Threat Level: MODERATE (Contextual)
While 85.203.23.184 presents no immediate direct threat indicators, the subnet's high abuse density and geographic inconsistencies create elevated contextual risk. The IP should be monitored for traffic patterns and potential service activation. No immediate blocking is required, but defensive controls should be prepared for subnet-level incidents.
Priority: Medium β Monitor and prepare for potential subnet abuse incidents.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | VPN Consumer Singapore, Republic of Singapore |
| ASN | AS137409 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 21% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:38 UTC |
| Last Seen | 2026-06-23 23:26:07 UTC |
| Profile Built | 2026-06-23 23:35:41 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 18 |
Full dossier details are available via our API.