# IPDEBRIEF INTELLIGENCE BRIEFING
Target: 173.234.226.125/32
Classification: Moderate Risk (Score: 50/100)
Date: 2026-06-19
Report ID: IP-173.234.226.125-20260619
---
## EXECUTIVE SUMMARY
IP 173.234.226.125 is a colocation hosting endpoint operated by Leaseweb USA, Inc. (ASN: 394380) from the Dallas, TX infrastructure. The IP is assigned to Choopa/GameServers hosting tier with no active services currently exposed. Risk assessment indicates moderate threat posture (Score: 50) with elevated neighborhood abuse density. No active threat indicators or known malicious campaigns detected.
---
## OWNERSHIP AND INFRASTRUCTURE
| Attribute | Value |
|---|---|
| Organization | Leaseweb USA, Inc. |
| ASN | 394380 |
| Location | Dallas, TX, US |
| Network Block | 173.234.226.0/24 |
| Classification | Colocation Hosting |
| Service Status | Firewalled / No Services |
The IP resides within a high-density hosting environment with 226 active siblings out of 256 total addresses in the /24 subnet.
---
## THREAT PROFILE
- Risk Score: 50 (Moderate)
- Abuse Confidence: Not explicitly scored
- Blacklist Count: 0
- DNSBL Listed: 2 of 8 total lists
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Campaign Association: None detected
Threat indicators remain absent. No correlation to known APT campaigns, malware distribution, or coordinated attack infrastructure.
---
## NETWORK BEHAVIOR
- Open Ports: None detected
- Reverse DNS: No PTR records
- Forward Resolution: 0 hostnames
- HTTP/HTTPS Services: None operational
- TLS Certificate: Not present
- Operator Score: 0.1304 (Minimal)
The subnet exhibits elevated activity: 229 threat-associated sibling IPs identified within the /24 range, though the target IP itself shows no active malicious behavior.
---
## OBSERVATION HISTORY
Analysis of 40 historical observations indicates stable operator classification with consistent "Minimal" risk labeling across recent timestamps (June 18-19, 2026). No escalation in threat persistence or behavioral changes detected. The IP demonstrates short-term threat observation window (0 days persistence) with no persistent malicious activity pattern.
---
## RELATIONSHIP GRAPH
124 relationships identified, primarily network-level associations (LU-79). All relationships classified as "Same Network," indicating the IP is integrated within a broader shared infrastructure environment typical of colocation hosting facilities.
---
## RECOMMENDED ACTIONS
Risk Threshold: Score 50 warrants review but does not mandate immediate blocking without additional correlation signals.
Recommended Firewall Rules:
```
iptables -A INPUT -s 173.234.226.125 -j DROP
nft add rule inet filter input ip saddr 173.234.226.125 drop
```
Cloud Platform Actions:
- Cloudflare WAF: Block IP 173.234.226.125 (Expression: `ip.src eq 173.234.226.125`)
- AWS WAF: Add IP 173.234.226.125/32 to deny list
Assessment: Blocking recommended if additional contextual threat intelligence confirms malicious activity. The IP's hosting tier and lack of open services suggest it may be a dormant endpoint or misconfigured service. Monitor for service activation or behavioral changes.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 36% | 1 | 3 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 28% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:03 UTC |
| Last Seen | 2026-06-27 10:53:52 UTC |
| Profile Built | 2026-06-28 05:00:24 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 48 |
Full dossier details are available via our API.