IP INTELLIGENCE BRIEFING
Target: 173.234.226.174/32
Date: [Current]
Classification: Moderate Risk
---
EXECUTIVE SUMMARY
IPDebrief analyzed 173.234.226.174 and classified the address as Moderate Risk with a risk score of 50/100. The IP is hosted on Leaseweb USA, Inc. (ASN 394380) infrastructure in Dallas, Texas, operating as colocation hosting under the Choopa/GameServers network role. The address is listed on 2 of 8 DNS blacklists and the /24 subnet demonstrates high abuse density (0.7344) with 188 threat-identified sibling IPs among 236 active addresses.
OWNERSHIP & GEOLOCATION
The IP resolved to Leaseweb USA, Inc. (ASN 394380), registered under ARIN jurisdiction. Geographic data indicates Dallas, TX, US with consensus confidence from multiple sources. The control plane shows the BGP prefix 173.234.226.0/24 originating from ASN 394380.
NETWORK PROFILE & SERVICES
Network reconnaissance revealed no open ports, no TLS certificates, and no active services. DNS analysis showed no PTR hostnames and no forward resolution. The infrastructure operates as firewalled colocation hosting with no cloud, CDN, proxy, or VPN characteristics.
THREAT INDICATORS
Threat intelligence feeds reported no active indicators. The IP is not identified as a Tor exit node, known attacker, or spam source. However, the subnet exhibits significant abuse patterns with high-abuse classification. The IP has minimal operator score (0.2174) and is not persistently malicious in historical observations.
OBSERVATION HISTORY
Analysis of 49 historical observations shows consistent ASN attribution to LEASEWEB-USA-DAL. Recent signals from June 2026 maintained minimal operator scores across multiple observations. Threat observation count stands at 1 with no sustained malicious activity detected.
RELATIONSHIP MAPPING
The relationship graph identified 168 associations, primarily network-level relationships within LU-79 network space. No certificate or organization-level relationships beyond network scope were returned.
NEIGHBORHOOD ANALYSIS
The /24 subnet 173.234.226.0/24 contains 256 sibling IPs with 236 actively assigned. Abuse density scoring of 0.7344 classifies the subnet as high_abuse. Neighbor analysis sampled 100 addresses, all showing uniform risk scores of 50 with authority scores of 50.
RECOMMENDED ACTIONS
Security teams should block this IP using the following rules:
Firewall/IDS:
```
iptables -A INPUT -s 173.234.226.174 -j DROP
nft add rule inet filter input ip saddr 173.234.226.174 drop
```
Web Application Firewall:
```
nginx: deny 173.234.226.174;
Cloudflare WAF: Block with expression ip.src eq 173.234.226.174
AWS WAF: Add 173.234.226.174/32 to rule set
```
pfSense:
```
173.234.226.174/32
```
SOC NOTES
The IP presents moderate risk primarily due to subnet-level abuse density rather than direct threat indicators. Recommended actions balance proactive blocking with the absence of confirmed malicious activity. Monitor for any emergence of threat indicators or service activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 34% | 1 | 4 |
| services | 20% | 2 | 3 |
| ownership | 17% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 26% | 10 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:03 UTC |
| Last Seen | 2026-06-27 11:02:05 UTC |
| Profile Built | 2026-06-28 05:08:20 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 53 |
Full dossier details are available via our API.