# INTELLIGENCE BRIEFING: 173.234.225.125
Classification: Moderate Risk / High-Abuse Neighborhood
Date: 2026-06-19
---
## EXECUTIVE SUMMARY
IP address 173.234.225.125 is hosted within Leaseweb USA, Inc. (ASN 394380) infrastructure in Dallas, TX. The IP carries a risk score of 50 (Moderate Risk) and is classified within a high-abuse density subnet (173.234.225.0/24) with an abuse density rating of 0.8672. While no direct threat indicators or active services were detected, the surrounding neighborhood exhibits significant malicious activity, warranting defensive monitoring.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **Organization** | Leaseweb USA, Inc. |
| **ASN** | 394380 |
| **RIR** | ARIN |
| **Geolocation** | Dallas, TX, US |
| **Network Role** | Colocation Hosting / Choopa/GameServers |
| **Infrastructure Type** | Hosting |
| **CIDR Block** | 173.234.225.0/24 |
No open ports or active services were detected on the IP address. The infrastructure is classified as firewalled with no exposed services.
---
## THREAT ASSESSMENT
Direct Threat Indicators
- Risk Score: 50 (Moderate)
- Blacklist Count: 0
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Abuse Confidence Score: Not available
Control Plane Indicators
- DNSBL Listings: 2 of 8 total lists
- DNSSEC: Valid
- RPKI State: Not available
- Route Stability: False
---
## NEIGHBORHOOD ANALYSIS (173.234.225.0/24)
The /24 subnet demonstrates elevated abuse characteristics:
| Metric | Value |
|---|---|
| **Abuse Density** | 0.8672 (HIGH) |
| **Subnet Classification** | high_abuse |
| **Total Siblings** | 256 |
| **Active Siblings** | 184 |
| **Threat Siblings** | 222 |
| **Inherited Risk** | 34 |
All sampled neighbors within the subnet exhibit a uniform risk score of 50, indicating systemic abuse patterns across this hosting block. The 222 threat siblings represent approximately 87% of the total subnet, confirming this is a high-risk hosting environment.
---
## OBSERVATION HISTORY
Total Observations: 44
Recent signal observations indicate consistent abuse density metrics (0.8672) and sustained high_abuse classification. Operator score remains stable at 0.2174 (Minimal). DNSSEC validation has been maintained throughout the observation period. No ownership changes detected.
---
## RELATIONSHIP ANALYSIS
Total Relationships: 150
Multiple same-network relationships (LU-79) identified, indicating the IP shares network infrastructure with numerous associated entities.
---
## RECOMMENDED ACTIONS
Based on the risk profile and neighborhood context, the following defensive measures are recommended:
Firewall Rules
```bash
# iptables
iptables -A INPUT -s 173.234.225.125 -j DROP
# nftables
nft add rule inet filter input ip saddr 173.234.225.125 drop
```
Application-Level Blocking
```nginx
# nginx
deny 173.234.225.125;
# Cloudflare WAF
Expression: ip.src eq 173.234.225.125
Action: Block
# AWS WAF
Addresses: 173.234.225.125/32
Description: IPDebrief risk 50
```
Operational Recommendation
Consider implementing subnet-wide blocking for 173.234.225.0/24 given the 0.8672 abuse density and 87% threat sibling ratio. Monitor for lateral movement attempts from neighboring IPs.
---
## ASSESSMENT
This IP presents moderate risk primarily due to its placement within a high-abuse density hosting subnet. While no active threats or services were detected on the IP itself, the neighborhood context warrants defensive blocking and ongoing monitoring. The infrastructure is typical of game server/co-location hosting environments commonly associated with abuse activities.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | 173.234.225.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 36% | 2 | 4 |
| services | 17% | 2 | 3 |
| ownership | 32% | 3 | 5 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 28% | 12 | 22 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:02 UTC |
| Last Seen | 2026-06-27 10:10:48 UTC |
| Profile Built | 2026-06-28 04:17:57 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 53 |
Full dossier details are available via our API.