173.234.226.173
# IP INTELLIGENCE BRIEFING
Target: 173.234.226.173/32
Classification: Moderate Risk
Date: Current Analysis
Prepared For: SOC Operations Team
---
## EXECUTIVE SUMMARY
IP address 173.234.226.173 is a colocation hosting resource operated by Choopa/GameServers under Leaseweb USA, Inc. (ASN 394380). The address exhibits moderate risk characteristics (risk score: 50) with evidence of DNSBL listing (2 of 8 lists). The broader /24 subnet demonstrates high abuse density (0.8945) with 229 threat-sibling IPs among 256 active addresses. No active malicious campaigns or known attacker indicators associated with this specific IP.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **Organization** | Leaseweb USA, Inc. |
| **Provider Label** | Choopa/GameServers |
| **ASN** | 394380 |
| **Location** | Dallas, TX, US |
| **Infrastructure Type** | Colocation Hosting |
| **Service Status** | Firewalled / No Services |
| **Cloud/CDN/VPN** | Negative |
---
## THREAT INDICATORS
- Risk Score: 50 (Moderate)
- Abuse Confidence: Not quantified
- DNSBL Status: Listed on 2 of 8 threat feeds
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Active Campaigns: None identified
---
## SUBNET CONTEXT: 173.234.226.0/24
- Abuse Density: 0.8945 (High)
- Active Siblings: 226 of 256
- Threat Siblings: 229
- Inherited Risk: 35
- Risk Distribution: 100 medium-risk neighbors, 0 high/low
The /24 subnet exhibits consistent medium-risk classification across the neighborhood, suggesting systematic abuse patterns or misconfiguration within the hosting infrastructure.
---
## OBSERVATION HISTORY
Fourteen observations recorded over the past 48 hours, with operator scores consistently at 0.1304. No escalation in threat signals detected. The IP maintains stable ownership with no recent changes.
---
## NETWORK RELATIONSHIPS
121 relationship entries identified, primarily "Same Network" associations with LU-79 network designation. No cross-organization or certificate-based relationships detected.
---
## RECOMMENDED ACTIONS
Immediate Mitigation: Block traffic from this IP address due to DNSBL presence and moderate risk profile.
Platform-Specific Rules:
```bash
# iptables
iptables -A INPUT -s 173.234.226.173 -j DROP
# nftables
nft add rule inet filter input ip saddr 173.234.226.173 drop
# Nginx
deny 173.234.226.173;
# pfSense
173.234.226.173/32
# Cloudflare WAF
{"description":"Block 173.234.226.173 β IPDebrief risk score 50","action":"block","filter":{"expression":"ip.src eq 173.234.226.173"}}
# AWS WAF
{"Addresses":["173.234.226.173/32"],"Description":"IPDebrief risk 50"}
```
---
## ASSESSMENT
This IP represents a moderate-risk colocation host within a high-abuse-density subnet. While no active malicious indicators are present, the DNSBL listings and subnet context warrant defensive blocking. Consider monitoring for lateral activity to neighboring IPs in the /24 if this address becomes actively blocked.
Priority: MEDIUM
Action Required: Block at perimeter firewall/WAF
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 20% | 1 | 2 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 23% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:03 UTC |
| Last Seen | 2026-06-27 11:01:55 UTC |
| Profile Built | 2026-06-28 05:08:20 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 47 |
Full dossier details are available via our API.