173.234.225.19📋 Copy

# IP Intelligence Briefing: 173.234.225.19/32

Classification: Moderate Risk | Last Updated: 2026-06-19

## Executive Summary

IP address 173.234.225.19 is a moderate-risk colocation hosting address owned by Leaseweb USA, Inc. (ASN 394380) located in Dallas, TX. While the individual IP shows no active threat indicators, the subnet exhibits elevated abuse density (84.38%), indicating a high-abuse hosting environment. SOC analysts should monitor this IP for anomalous outbound connections and consider implementing rate-limiting rules.

---

## Network Profile

---

## Threat Assessment

Current Threat Indicators

• Known Campaigns: None detected
• Blacklist Status: Not on known blacklists
• Threat Feed Matches: 0
• Tor Exit Node: No
• Known Attacker: No
• Spam Source: No

DNSBL Status

• Lists Checked: 8 total
• DNSBL Listed: 2 lists
• Impact: Minimal (indicates historical abuse patterns)

---

## Historical Observations

Observation Count: 37 signals recorded

Temporal Trends:

• Ownership changes: 0
• Threat persistence days: 0
• Is persistently malicious: No
• Recent operator scores: Consistent "Minimal" rating (0.15 raw score)
• ASN/geolocation data: Stable across observation period

Notable Signals:

• ASN 394380 (Leaseweb USA) confirmed across all recent observations
• Geographic data consistently resolving to US region
• No significant risk profile changes detected

---

## Neighborhood Analysis (173.234.225.0/24)

Risk Distribution (Sampled Neighbors):

• High Risk: 0
• Medium Risk: 100
• Low Risk: 0

Neighbor IP Risk Scores: All sampled neighbors (173.234.225.0-4, etc.) show riskScore: 50, authorityScore: 50

---

## Relationship Graph

Total Relationships: 120 entities

• Primary relationship type: Same Network (LU-79)
• Associated networks: LU-79 (multiple entries)
• No organization/certificate/hosting provider relationships detected

---

## Technical Characteristics

Services & Ports

• Open Ports: None detected
• HTTP Services: None (servicePurpose: "Firewalled / No Services")
• TLS Certificates: None
• Banner Information: None

DNS Analysis

• PTR Hostnames: None
• Forward Resolution: 0 records
• Forward Hostnames: None
• Email Auth: SPF/DMARC records not present

---

## Recommended Actions

Immediate

1. Monitor for outbound connection attempts to this IP from your infrastructure

2. Block if observed initiating connections from your network

3. Rate Limit inbound connections if traffic is observed

Firewall Rules (iptables/nftables)

```bash

# Block IP (recommended given high-abuse neighborhood)

iptables -A INPUT -s 173.234.225.19 -j DROP

```

WAF/Cloudflare Rules

```nginx

# Block requests from IP

location / {

if ($remote_addr = "173.234.225.19") {

return 403;

}

}

```

AWS WAF

• Create IP-based web ACL rule with action: `block`
• IP set: 173.234.225.19
• Priority: High (given neighborhood abuse density)

---

## Intelligence Narrative

173.234.225.19 operates within Leaseweb's Dallas colocation infrastructure, specifically in the Choopa/GameServers hosting segment. The subnet classification of "high_abuse" with 84.38% abuse density suggests this IP is part of a compromised or high-risk hosting environment. While the individual IP shows no active malicious indicators, the neighborhood context warrants defensive posture.

The IP's "firewalled/no services" designation indicates it may be a residential or customer-facing endpoint rather than infrastructure. Historical data shows stable ownership and geolocation, with no emergence of new threat indicators over the observation period.

Recommendation: Treat this IP as a potential source of inbound abuse. Implement blocking or strict rate-limiting policies. Monitor for any changes in threat indicators, particularly DNSBL additions or emergence on threat feeds.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.