IP Intelligence Briefing: 173.234.225.221
Date: 2026-06-14
---
**Key Risk Summary**
- Risk Score: 50 (Moderate Risk)
- Provider: Leaseweb USA, Inc. (Hosting/Colocation)
- Subnet: 173.234.225.0/24
- Subnet Abuse Density: 83.59% (High Abuse)
- Threat Indicators: No direct malicious activity observed.
---
**Network Context**
- Ownership:
- ASN: 394380
- Organization: Leaseweb USA, Inc. (Hosting provider).
- Geolocation: Dallas, Texas, US (plausible, but ICMP validation blocked).
- Network Role:
- Colocation Hosting (GameServers).
- No services (open ports, TLS, HTTP) detected.
- Subnet Analysis:
- 256 IPs in 173.234.225.0/24.
- 179 active IPs, 214 flagged as threats (high abuse density).
- 214 threat-related IPs in the subnet.
---
**Threat Observations**
- No direct malicious indicators (no blacklists, spam, or known campaigns).
- Geolocation Validity:
- Plausible US location, but ICMP validation failed (potential firewall blocking).
- DNS/Network:
- No PTR records or domain associations.
- DNSSEC and CAA records present, but no email authentication (SPF/DKIM).
---
**Behavioral & Historical Data**
- Observation History:
- Last 48 hours: No significant changes in risk score (stable at 50).
- Confidence levels vary (0.25β0.60), suggesting limited signal coverage.
- Neighboring IPs:
- Subnet abuse density is high, but this IPβs risk score remains moderate.
- Likely part of a compromised or high-risk network segment.
---
**Recommended Actions**
1. Monitor Subnet:
- The 173.234.225.0/24 subnet has a high abuse density. Investigate neighboring IPs for potential lateral movement or compromised hosts.
2. Block IP Precautionarily:
- Use firewall rules to block the IP if itβs part of a broader threat (e.g., botnet or scanning activity).
- Example:
- iptables: `iptables -A INPUT -s 173.234.225.221 -j DROP`
- Cloudflare/WAF: Block IP with risk score 50.
3. Verify Geolocation:
- ICMP validation is blocked; confirm if the IP is a honeypot or misconfigured host.
---
**Conclusion**
The IP is part of a hosting providerβs network with no direct malicious activity. However, its subnet exhibits high abuse density, suggesting potential risks in the broader network. While the IP itself is not currently malicious, proactive monitoring and subnet-level analysis are recommended to mitigate associated risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 45% | 1 | 9 |
| services | 20% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 28% | 10 | 25 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:02 UTC |
| Last Seen | 2026-06-27 10:27:04 UTC |
| Profile Built | 2026-06-28 04:36:41 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 56 |
Full dossier details are available via our API.