173.234.225.106
IP Intelligence Briefing: 173.234.225.106
Date: 2026-06-14
---
**1. Core Profile**
- Risk Score: 50 (Moderate Risk)
- Provider: Leaseweb USA, Inc. (AS394380)
- Geolocation: Dallas, TX, US
- Network Role: Hosting provider (firewalled, no public services)
- Threat Indicators: No malicious activity detected (zero threat indicators, no blacklists, no campaigns).
---
**2. Observation History**
- Recent Activity (2026-06-14):
- Consistent as a hosting provider with no CDN, Tor, orVPN associations.
- DNSSEC validation successful, but ICMP validation failed (ICMP blocked).
- No changes in ownership or threat signals over the past 30 days.
---
**3. Network Relationships**
- Linked Entities:
- Subnet: 173.234.225.0/24 (LU-79)
- Shared infrastructure with other IPs in the same subnet.
- Key Insight: No direct ties to malicious campaigns, but the subnet shows mixed risk profiles.
---
**4. Subnet Analysis**
- Subnet: 173.234.225.0/24
- Abuse Density: 83.59% (high risk)
- Neighbor Risk:
- 100 sibling IPs in the subnet.
- 100% of neighbors have a risk score of 50 (moderate).
- Note: Abnormally uniform risk scores may indicate data normalization or shared infrastructure.
---
**5. Actionable Recommendations**
- Monitor Subnet: High abuse density in the subnet warrants closer scrutiny for lateral movement or botnet activity.
- Block IP: Consider blocking the IP if it appears in future threat feeds or if the subnet shows increased malicious activity.
- Verify ICMP Issues: Investigate why ICMP validation failed, as it may mask deeper network vulnerabilities.
---
Conclusion:
The IP is a low-risk hosting provider with no direct malicious indicators. However, its subnet exhibits high abuse density, suggesting potential for associated threats. SOC teams should prioritize monitoring the subnet and validate ICMP issues to ensure full network visibility.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | 173.234.225.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 48% | 2 | 7 |
| services | 15% | 2 | 2 |
| ownership | 35% | 3 | 5 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 32% | 12 | 24 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:02 UTC |
| Last Seen | 2026-06-27 10:07:37 UTC |
| Profile Built | 2026-06-28 04:13:19 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 54 |
Full dossier details are available via our API.