IPDebrief

173.234.225.4

IP Intelligence Dossier
Your IP: 216.73.217.135
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP INTELLIGENCE BRIEFING: 173.234.225.4

Classification: Moderate Risk | Reputation Score: 50/100 | Last Updated: June 2026

---

**EXECUTIVE SUMMARY**

IP 173.234.225.4 is a colocation hosting endpoint operated by Leaseweb USA, Inc. (ASN 394380) located in Dallas, TX. The IP demonstrates moderate risk characteristics with no active service exposure. However, the immediate /24 neighborhood exhibits high abuse density (0.8477), indicating elevated threat activity in the broader network segment.

---

**OWNERSHIP & GEOSPATIAL**

---

**THREAT ASSESSMENT**

IndicatorStatus
Risk Score50 (Moderate)
Abuse ConfidenceNot assessed
Blacklist StatusListed on 2/8 DNSBL checks
Tor Exit NodeNo
Known AttackerNo
Spam SourceNo
Active ServicesNone detected
TLS CertificatesNone

Behavioral Profile: No open ports, no active DNS resolution, no HTTP services detected. IP is currently inactive from a service perspective.

---

**NEIGHBORHOOD ANALYSIS (173.234.225.0/24)**

Assessment: The /24 subnet demonstrates elevated abuse activity. Of 256 total addresses, 217 are flagged as threats, suggesting coordinated or co-located malicious activity within this hosting infrastructure.

---

**OBSERVATION HISTORY (39 Signals)**

Recent temporal analysis shows consistent classification as "high_abuse" with abuse density fluctuating between 0.5156 and 0.8477. The subnet maintains persistent high-risk classification across observation windows, indicating sustained threat presence rather than transient activity.

---

**RELATIONSHIP GRAPH**

---

**THREAT INTELLIGENCE NARRATIVE**

IP 173.234.225.4 belongs to a high-abuse-density colocation hosting network (Leaseweb USA). While the endpoint itself shows no active services, its neighborhood demonstrates 84.8% threat sibling ratio, suggesting this infrastructure is frequently leveraged for malicious activities. The subnet's persistent "high_abuse" classification over multiple observation windows indicates institutionalized threat presence rather than opportunistic activity.

Key Observations:

1. No direct attack indicators on this specific IP (no ports, no campaigns)

2. Neighborhood abuse density warrants monitoring

3. Two DNSBL listings suggest historical abuse activity

4. Route stability issues may indicate infrastructure churn

---

**RECOMMENDED ACTIONS**

1. Monitor: Track incoming connection attempts from this /24 subnet

2. Threat Intel: Correlate with known threat campaigns from Leaseweb hosting infrastructure

3. Firewall Rules: Consider rate-limiting or blocking non-essential traffic from 173.234.225.0/24

4. IOC Integration: Add subnet to watchlist given 0.8477 abuse density

5. Triage: Review any historical connections from this IP for potential indicators of compromise

---

Analyst Notes: While individual IP risk is moderate, the high neighborhood threat ratio suggests this address should be treated with elevated caution in inbound traffic analysis.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionTX
CityDallas
Timezoneβ€”
Latitude32.78
Longitude-96.80

🏒 Ownership & Registration

OrganizationLeaseweb USA, Inc.
ASNAS394380
Network Nameβ€”
CIDR Blockβ€”
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)

πŸ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierHosting β€” Infrastructure provider without advanced routing
Hosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
29%
24
routing
34%
14
services
12%
22
ownership
24%
23
reputation
31%
13
geolocation
30%
23
Overall26%1019
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-07 23:05:01 UTC
Last Seen2026-06-27 09:50:32 UTC
Profile Built2026-06-28 03:57:08 UTC
Data FreshnessLive
Signal Types19
Total Observations45
πŸ” 19 signal types Β· 45 observations collected
This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.