173.234.225.139
# IP Intelligence Briefing: 173.234.225.139
Classification: Moderate Risk β High Neighborhood Context
Date of Analysis: Current
Data Sources: IPDebrief Intelligence Platform
---
## Executive Summary
IP 173.234.225.139 is registered to Leaseweb USA, Inc. (ASN 394380), a Dallas, TX colocation hosting facility. The IP presents a moderate individual risk score (50) but operates within a high-abuse-density subnet (173.234.225.0/24), classified as "high_abuse" with 84.38% abuse density. The subnet contains 184 active sibling IPs and 216 threat-sibling IPs. No active services detected on the target IP. Recommended action: Block at perimeter firewall.
---
## Ownership and Network Infrastructure
| Attribute | Value |
|---|---|
| **Organization** | Leaseweb USA, Inc. |
| **ASN** | 394380 |
| **Location** | Dallas, TX, US |
| **Infrastructure Type** | Colocation Hosting |
| **Provider Classification** | Choopa/GameServers |
| **BGP Prefix** | 173.234.225.0/24 |
| **Route Stability** | Stable (no changes in 30 days) |
| **DNSSEC** | Valid |
---
## Threat Indicators
| Indicator | Status |
|---|---|
| **Risk Score** | 50 (Moderate Risk) |
| **Abuse Confidence** | Not scored |
| **Known Attacker** | No |
| **Spam Source** | No |
| **Tor Exit Node** | No |
| **Blacklist Count** | 0 (direct) |
| **DNSBL Listings** | 2 of 8 total lists |
| **Threat Feeds** | None |
| **Campaign Associations** | None |
Note: While the IP itself shows no direct threat indicators, the high neighborhood abuse density (0.8438) and 216 threat siblings in the /24 subnet warrant elevated scrutiny.
---
## Network Behavior and Services
- Open Ports: None detected
- TLS Certificate: Not present
- HTTP Services: Not detected
- DNS Records: No PTR hostnames, forward resolution not confirmed
- Email Auth: No SPF/DMARC records
- Service Purpose: Firewalled / No Services
The IP appears to be a dormant or firewall-protected endpoint within a hosting environment.
---
## Temporal Analysis
Observation History: 43 total observations recorded
Key Patterns:
- Consistent ASN 394380 attribution across all observations
- Stable geolocation (Dallas, TX) throughout observation period
- Operator score maintained at 0.3478 (Basic)
- No ownership changes detected
- No persistent malicious behavior observed
---
## Neighborhood Context (173.234.225.0/24)
| Metric | Value |
|---|---|
| **Total Siblings** | 256 |
| **Active Siblings** | 184 |
| **Threat Siblings** | 216 |
| **Abuse Density** | 0.8438 (High Abuse) |
| **Inherited Risk** | 33 |
| **Risk Distribution** | 100 Medium Risk IPs |
The /24 subnet is heavily utilized by high-risk actors, with 216 of 256 IPs flagged as threats. This contextual risk elevates the threat profile of 173.234.225.139 despite its moderate individual score.
---
## Recommended Security Actions
Firewall Rules
iptables:
```bash
iptables -A INPUT -s 173.234.225.139 -j DROP
```
nftables:
```bash
nft add rule inet filter input ip saddr 173.234.225.139 drop
```
nginx:
```nginx
deny 173.234.225.139;
```
Cloud/WAF Rules
Cloudflare WAF:
```json
{
"description": "Block 173.234.225.139 β IPDebrief risk score 50",
"action": "block",
"filter": {
"expression": "ip.src eq 173.234.225.139"
}
}
```
AWS WAF:
```json
{
"Addresses": ["173.234.225.139/32"],
"Description": "IPDebrief risk 50"
}
```
pfSense:
```
173.234.225.139/32
```
---
## Intelligence Assessment
This IP requires defensive blocking due to:
1. High Neighborhood Context: 84.38% abuse density in /24 subnet
2. DNSBL Presence: Listed on 2 of 8 DNSBLs
3. Hosting Provider: Choopa/GameServers infrastructure commonly abused
4. Threat Siblings: 216 neighboring IPs flagged as threats
Recommended Priority: Medium-High (Block at perimeter)
Monitoring: Continue observing for service activity or behavioral changes
---
Report Generated: IPDebrief Intelligence Platform
Disclaimer: Recommendations are probabilistic and should be combined with other threat intelligence signals before operational action.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | 173.234.225.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 47% | 2 | 8 |
| services | 12% | 2 | 2 |
| ownership | 35% | 3 | 6 |
| reputation | 28% | 1 | 3 |
| geolocation | 26% | 2 | 3 |
| Overall | 29% | 12 | 26 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:02 UTC |
| Last Seen | 2026-06-27 10:13:10 UTC |
| Profile Built | 2026-06-28 04:19:06 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 56 |
Full dossier details are available via our API.