IPDebrief

173.234.225.89

IP Intelligence Dossier
Your IP: 216.73.217.135
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IP Intelligence Briefing: 173.234.225.89/32

Classification: Moderate Risk β€” Colocation Hosting Infrastructure

Date Generated: 2026-06-24

---

Executive Summary

IP 173.234.225.89 is a colocation hosting address assigned to Leaseweb USA, Inc. (ASN 394380) in Dallas, TX. The address demonstrates moderate risk characteristics consistent with shared hosting infrastructure. No active malicious services were observed, but the subnet exhibits high abuse density (0.8672), indicating elevated risk from neighboring addresses.

---

Threat Profile

Risk Assessment:

Threat Indicators:

Network Classification:

---

Neighborhood Analysis

Subnet Assessment (173.234.225.0/24):

The subnet demonstrates significant abuse activity with 86.72% abuse density and 222 threat-associated sibling IPs. This contextual factor elevates the risk profile despite the target IP's clean service status.

---

Observation History

Signal Timeline: 40 observations tracked

The IP has demonstrated consistent geographic attribution to the United States with no significant temporal shifts in risk profile or service behavior.

---

Relationship Graph

Connected Entities: 139 relationships identified

---

Recommended Security Actions

Firewall Rule Recommendations:

PlatformRule
iptables`iptables -A INPUT -s 173.234.225.89 -j DROP`
nftables`nft add rule inet filter input ip saddr 173.234.225.89 drop`
nginx`deny 173.234.225.89;`
pfSense`173.234.225.89/32`
Cloudflare WAFBlock β€” Risk score 50
AWS WAF`["173.234.225.89/32"]` β€” IPDebrief risk 50

Action Justification:

Despite the IP's clean service profile, the following factors warrant defensive blocking:

1. High-abuse subnet context (0.8672 abuse density)

2. Colocation hosting environment (shared infrastructure risk)

3. DNSBL listings (2/8 blacklists)

4. No observed services (potential for dormant malicious infrastructure)

---

Intelligence Conclusions

IP 173.234.225.89 represents a moderate-risk colocation hosting address within a high-abuse subnet. While the specific IP shows no active malicious services, the neighborhood context and infrastructure type warrant defensive blocking as a security best practice. No immediate threat indicators suggest active exploitation, but the IP should be monitored for service emergence or threat signal activity.

Recommendation: Implement blocking rules at perimeter defenses. Monitor for service activation or threat signal changes over the next 30 days.

---

*Generated by IPDebrief Intelligence Platform*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionTX
CityDallas
Timezoneβ€”
Latitude32.78
Longitude-96.80

🏒 Ownership & Registration

OrganizationLeaseweb USA, Inc.
ASNAS394380
Network Nameβ€”
CIDR Block173.234.225.0/24
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)

πŸ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierTier 3 β€” Basic operator with some routing infrastructure
Hosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
49%
25
routing
33%
23
services
15%
22
ownership
37%
35
reputation
31%
13
geolocation
32%
23
Overall33%1221
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-07 23:05:02 UTC
Last Seen2026-06-27 10:04:47 UTC
Profile Built2026-06-28 04:11:03 UTC
Data FreshnessLive
Signal Types22
Total Observations49
πŸ” 22 signal types Β· 49 observations collected
This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.