91.230.225.173
IP Intelligence Briefing: 91.230.225.173
Date: 2026-06-07
**1. Risk Profile**
- Overall Risk: Low (Risk Score: 0/100)
- Provider/Authority Scores: 0/100 (no malicious activity detected)
- Network Classification: Firewalled / No Services (no open ports or active DNS records)
- Threat Indicators: No malware, phishing, or exploit activity observed.
**2. Ownership & Geolocation**
- Organization: ExpressVPN (ASN 206092, RIPE registry)
- Location: United Kingdom (London, 51.51°N, 0.13°W)
- Network: Part of `91.230.225.0/24` subnet, registered to ExpressVPN.
**3. Observation History**
- Recent Activity:
- Observed May 31, 2026 โ June 7, 2026 (13 total observations).
- Most signals have low confidence (0.16โ0.95), with one high-confidence entry confirming ownership by ExpressVPN.
- Trend: No significant changes in risk or threat indicators.
**4. Network Relationships**
- Linked Entities:
- Same network: `NL-NETROUTING-20210920` (ExpressVPN).
- No connections to known malicious subnets, organizations, or domains.
**5. Subnet Neighbors**
- Subnet: `91.230.225.0/24` (44 IPs total).
- Risk Distribution:
- 44 IPs with low risk (25/100 average).
- No abuse density or malicious activity detected in the subnet.
- Notable Neighbors:
- IPs like `91.230.225.26`, `91.230.225.27`, and `91.230.225.30` show moderate risk (25/100).
**6. Recommendations**
- Monitoring: Track subnet activity for anomalies, especially given mixed risk scores in neighbors.
- Firewall: No immediate action required for this IP, but consider monitoring the `91.230.225.0/24` subnet for lateral movement risks.
- Context: ExpressVPN is a legitimate service provider; ensure no misconfigured devices are exposing internal networks.
Conclusion: 91.230.225.173 is a low-risk IP owned by ExpressVPN with no direct threat indicators. Focus on subnet-level monitoring due to mixed neighbor risk scores.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ExpressVPN |
| ASN | AS206092 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 1 |
| geolocation | 13% | 1 | 1 |
| Overall | 16% | 7 | 8 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-15 20:48:42 UTC |
| Last Seen | 2026-06-07 18:10:08 UTC |
| Profile Built | 2026-06-07 18:17:41 UTC |
| Data Freshness | Live |
| Signal Types | 15 |
| Total Observations | 16 |
Full dossier details are available via our API.