173.234.225.4
IP INTELLIGENCE BRIEFING: 173.234.225.4
Classification: Moderate Risk | Reputation Score: 50/100 | Last Updated: June 2026
---
**EXECUTIVE SUMMARY**
IP 173.234.225.4 is a colocation hosting endpoint operated by Leaseweb USA, Inc. (ASN 394380) located in Dallas, TX. The IP demonstrates moderate risk characteristics with no active service exposure. However, the immediate /24 neighborhood exhibits high abuse density (0.8477), indicating elevated threat activity in the broader network segment.
---
**OWNERSHIP & GEOSPATIAL**
- Organization: Leaseweb USA, Inc.
- ASN: 394380 (LEASEWEB-USA-DAL)
- CIDR Block: 173.234.225.0/24
- Geolocation: United States, Texas, Dallas (±2500km accuracy)
- Registration: ARIN, allocated 2010-02-12
- Network Role: Colocation Hosting / Firewalled infrastructure
---
**THREAT ASSESSMENT**
| Indicator | Status |
|---|---|
| Risk Score | 50 (Moderate) |
| Abuse Confidence | Not assessed |
| Blacklist Status | Listed on 2/8 DNSBL checks |
| Tor Exit Node | No |
| Known Attacker | No |
| Spam Source | No |
| Active Services | None detected |
| TLS Certificates | None |
Behavioral Profile: No open ports, no active DNS resolution, no HTTP services detected. IP is currently inactive from a service perspective.
---
**NEIGHBORHOOD ANALYSIS (173.234.225.0/24)**
- Total Siblings: 256
- Active Siblings: 184
- Threat Siblings: 217 (84.8% threat ratio)
- Abuse Density: 0.8477 (High)
- Classification: high_abuse
- Inherited Risk Score: 33/100
Assessment: The /24 subnet demonstrates elevated abuse activity. Of 256 total addresses, 217 are flagged as threats, suggesting coordinated or co-located malicious activity within this hosting infrastructure.
---
**OBSERVATION HISTORY (39 Signals)**
Recent temporal analysis shows consistent classification as "high_abuse" with abuse density fluctuating between 0.5156 and 0.8477. The subnet maintains persistent high-risk classification across observation windows, indicating sustained threat presence rather than transient activity.
---
**RELATIONSHIP GRAPH**
- Total Relationships: 136
- Network Correlations: 131+ associations to network identifier "LU-79"
- Implication: Strong correlation with other IP endpoints within the same infrastructure
---
**THREAT INTELLIGENCE NARRATIVE**
IP 173.234.225.4 belongs to a high-abuse-density colocation hosting network (Leaseweb USA). While the endpoint itself shows no active services, its neighborhood demonstrates 84.8% threat sibling ratio, suggesting this infrastructure is frequently leveraged for malicious activities. The subnet's persistent "high_abuse" classification over multiple observation windows indicates institutionalized threat presence rather than opportunistic activity.
Key Observations:
1. No direct attack indicators on this specific IP (no ports, no campaigns)
2. Neighborhood abuse density warrants monitoring
3. Two DNSBL listings suggest historical abuse activity
4. Route stability issues may indicate infrastructure churn
---
**RECOMMENDED ACTIONS**
1. Monitor: Track incoming connection attempts from this /24 subnet
2. Threat Intel: Correlate with known threat campaigns from Leaseweb hosting infrastructure
3. Firewall Rules: Consider rate-limiting or blocking non-essential traffic from 173.234.225.0/24
4. IOC Integration: Add subnet to watchlist given 0.8477 abuse density
5. Triage: Review any historical connections from this IP for potential indicators of compromise
---
Analyst Notes: While individual IP risk is moderate, the high neighborhood threat ratio suggests this address should be treated with elevated caution in inbound traffic analysis.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 34% | 1 | 4 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 26% | 10 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:01 UTC |
| Last Seen | 2026-06-27 09:50:32 UTC |
| Profile Built | 2026-06-28 03:57:08 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 45 |
Full dossier details are available via our API.