IPDebrief

173.234.225.139

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 173.234.225.139

Classification: Moderate Risk – High Neighborhood Context

Date of Analysis: Current

Data Sources: IPDebrief Intelligence Platform

---

## Executive Summary

IP 173.234.225.139 is registered to Leaseweb USA, Inc. (ASN 394380), a Dallas, TX colocation hosting facility. The IP presents a moderate individual risk score (50) but operates within a high-abuse-density subnet (173.234.225.0/24), classified as "high_abuse" with 84.38% abuse density. The subnet contains 184 active sibling IPs and 216 threat-sibling IPs. No active services detected on the target IP. Recommended action: Block at perimeter firewall.

---

## Ownership and Network Infrastructure

AttributeValue
**Organization**Leaseweb USA, Inc.
**ASN**394380
**Location**Dallas, TX, US
**Infrastructure Type**Colocation Hosting
**Provider Classification**Choopa/GameServers
**BGP Prefix**173.234.225.0/24
**Route Stability**Stable (no changes in 30 days)
**DNSSEC**Valid

---

## Threat Indicators

IndicatorStatus
**Risk Score**50 (Moderate Risk)
**Abuse Confidence**Not scored
**Known Attacker**No
**Spam Source**No
**Tor Exit Node**No
**Blacklist Count**0 (direct)
**DNSBL Listings**2 of 8 total lists
**Threat Feeds**None
**Campaign Associations**None

Note: While the IP itself shows no direct threat indicators, the high neighborhood abuse density (0.8438) and 216 threat siblings in the /24 subnet warrant elevated scrutiny.

---

## Network Behavior and Services

The IP appears to be a dormant or firewall-protected endpoint within a hosting environment.

---

## Temporal Analysis

Observation History: 43 total observations recorded

Key Patterns:

---

## Neighborhood Context (173.234.225.0/24)

MetricValue
**Total Siblings**256
**Active Siblings**184
**Threat Siblings**216
**Abuse Density**0.8438 (High Abuse)
**Inherited Risk**33
**Risk Distribution**100 Medium Risk IPs

The /24 subnet is heavily utilized by high-risk actors, with 216 of 256 IPs flagged as threats. This contextual risk elevates the threat profile of 173.234.225.139 despite its moderate individual score.

---

## Recommended Security Actions

Firewall Rules

iptables:

```bash

iptables -A INPUT -s 173.234.225.139 -j DROP

```

nftables:

```bash

nft add rule inet filter input ip saddr 173.234.225.139 drop

```

nginx:

```nginx

deny 173.234.225.139;

```

Cloud/WAF Rules

Cloudflare WAF:

```json

{

"description": "Block 173.234.225.139 β€” IPDebrief risk score 50",

"action": "block",

"filter": {

"expression": "ip.src eq 173.234.225.139"

}

}

```

AWS WAF:

```json

{

"Addresses": ["173.234.225.139/32"],

"Description": "IPDebrief risk 50"

}

```

pfSense:

```

173.234.225.139/32

```

---

## Intelligence Assessment

This IP requires defensive blocking due to:

1. High Neighborhood Context: 84.38% abuse density in /24 subnet

2. DNSBL Presence: Listed on 2 of 8 DNSBLs

3. Hosting Provider: Choopa/GameServers infrastructure commonly abused

4. Threat Siblings: 216 neighboring IPs flagged as threats

Recommended Priority: Medium-High (Block at perimeter)

Monitoring: Continue observing for service activity or behavioral changes

---

Report Generated: IPDebrief Intelligence Platform

Disclaimer: Recommendations are probabilistic and should be combined with other threat intelligence signals before operational action.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionTX
CityDallas
Timezoneβ€”
Latitude32.78
Longitude-96.80

🏒 Ownership & Registration

OrganizationLeaseweb USA, Inc.
ASNAS394380
Network Nameβ€”
CIDR Block173.234.225.0/24
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)

πŸ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierTier 3 β€” Basic operator with some routing infrastructure
Hosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
26%
24
routing
47%
28
services
12%
22
ownership
35%
36
reputation
28%
13
geolocation
26%
23
Overall29%1226
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-07 23:05:02 UTC
Last Seen2026-06-27 10:13:10 UTC
Profile Built2026-06-28 04:19:06 UTC
Data FreshnessLive
Signal Types23
Total Observations56
πŸ” 23 signal types Β· 56 observations collected
This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.