# IP INTELLIGENCE BRIEFING: 173.234.226.140/32
## Executive Summary
IP address 173.234.226.140 is a moderate-risk (score: 50) colocation hosting IP from Leaseweb USA, Inc. (ASN 394380), operating in Dallas, TX. The IP is associated with Choopa/GameServers infrastructure and shows no active threat indicators despite operating within a high-abuse density subnet (0.7266).
## Infrastructure Profile
- Organization: Leaseweb USA, Inc.
- ASN: 394380
- Location: Dallas, TX, US (2500km accuracy radius)
- Infrastructure Type: Colocation Hosting
- Network Role: Firewalled / No Services
- DNS: No PTR records; forward resolution unconfirmed
- Services: No open ports detected; TLS certificates not observed
## Threat Assessment
- Risk Score: 50/100 (Moderate)
- Abuse Confidence: Not quantified
- Threat Indicators: None detected
- Blacklist Status: Listed on 2 of 8 DNSBLs
- Tor/Proxy/VPN: Not identified
- Known Attacker: No
- Spam Source: Not identified
## Neighborhood Context
The /24 subnet (173.234.226.0/24) exhibits elevated abuse characteristics:
- Abuse Density: 0.7266 (High Abuse Classification)
- Total Siblings: 256
- Active Siblings: 236
- Threat-Sibling Count: 186
- Risk Distribution: 100 medium-risk neighbors; zero high-risk neighbors
This indicates the IP resides in a high-density hosting environment with significant peer abuse activity, though the target IP itself shows no elevated malicious signals.
## Observational History
Forty-three signal observations recorded. Historical data shows minimal persistent activity with no evidence of evolving threat behavior. No sustained malicious campaigns detected.
## Relationship Graph
144 relationships identified, predominantly "Same Network" associations with LU-79 network. No certificate or hostname relationships observed.
## Recommended Actions
Based on the risk profile, the following firewall rules are recommended:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 173.234.226.140 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 173.234.226.140 drop` |
| nginx | `deny 173.234.226.140;` |
| pfSense | `173.234.226.140/32` |
| Cloudflare WAF | Block 173.234.226.140 (risk score: 50) |
| AWS WAF | Add 173.234.226.140/32 to blocked addresses |
## Assessment Notes
Despite moderate risk scoring, the IP shows no active exploitation patterns. The elevated neighborhood abuse density warrants contextual considerationβthis IP operates in a hosting environment with significant peer abuse activity. Blocking is recommended due to DNSBL listings and moderate risk classification, though the absence of active threat indicators suggests opportunistic rather than targeted behavior.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 47% | 2 | 5 |
| routing | 22% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 28% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:03 UTC |
| Last Seen | 2026-06-27 10:56:23 UTC |
| Profile Built | 2026-06-28 05:02:35 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 48 |
Full dossier details are available via our API.