173.234.226.210
# IP Intelligence Briefing: 173.234.226.210
## Executive Summary
IP 173.234.226.210 is classified as a Moderate Risk address (risk score: 50) hosted on a colocation hosting platform. The IP belongs to Leaseweb USA, Inc. (ASN: 394380) in Dallas, TX. While the IP itself shows no active threat indicators, it operates within a high-abuse-density subnet (173.234.226.0/24) with an abuse density of 0.7344 and 188 threat-identified siblings. The address is currently firewalled with no open services detected.
---
## Profile Details
Ownership & Registration
- ASN: 394380 (Leaseweb USA, Inc.)
- Organization: Leaseweb USA, Inc.
- CIDR Block: 173.234.226.0/24
- RIR: ARIN
- Network Type: Colocation Hosting
- Provider Classification: Choopa/GameServers
Geolocation
- Country: US
- Region: TX
- City: Dallas
- Geo Consensus: True (2 sources)
- Validation Status: ICMP blocked β unable to validate
Control Plane
- Origin ASN: 394380
- BGP Prefix: 173.234.226.0/24
- AS Path: 3257 394380
- Route Stability: Stable (0 route changes in 30 days)
- DNSSEC Valid: True
- Has CAA: True
---
## Threat Indicators
| Indicator | Status |
|---|---|
| Risk Score | 50 (Moderate) |
| Blacklist Count | 2 |
| DNSBL Listed | 2 of 8 lists |
| Is Known Attacker | No |
| Is Tor Exit | No |
| Is Proxy | No |
| Is Spam Source | No |
| Reputation Sources | None identified |
| Threat Feeds | None |
Key Observations
- No active threat indicators or known campaigns
- DNSBL listings indicate prior reputation issues
- Abuse confidence score not available
---
## Network Neighborhood Analysis
Subnet: 173.234.226.0/24
| Metric | Value |
|---|---|
| Abuse Density | 0.7344 |
| Classification | High Abuse |
| Inherited Risk | 29 |
| Total Siblings | 256 |
| Active Siblings | 236 |
| Threat Siblings | 188 |
Risk Distribution: 100 medium-risk IPs, 0 high-risk IPs
The subnet exhibits elevated abuse activity, with 188 out of 256 sibling IPs flagged as threats. This suggests the hosting infrastructure is commonly exploited for malicious purposes.
---
## Historical Analysis
Total Observations: 54
Recent signal activity indicates:
- Consistent classification as Choopa/GameServers hosting
- DNSBL listings with high-severity ratings
- Operator score fluctuations (0.2609β0.4783)
- Network classification stability (is_hosting: true)
No persistent malicious activity observed, but historical DNSBL presence warrants attention.
---
## Relationship Graph
Total Relationships: 197
- Multiple same-network associations (LU-79 network segment)
- No certificate or hostname relationships detected
- No related organizations or subnets beyond same-network peers
---
## Services & DNS
| Category | Status |
|---|---|
| Open Ports | None detected |
| Hosted Domains | 0 |
| Email Auth (SPF/DMARC) | Not configured |
| TLS Certificate | None |
| HTTP Services | None |
Note: Services appear firewalled or inactive.
---
## Recommended Actions
Based on the moderate risk profile and subnet abuse history, the following defensive measures are recommended:
Firewall Rules
iptables:
```
iptables -A INPUT -s 173.234.226.210 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 173.234.226.210 drop
```
nginx:
```
deny 173.234.226.210;
```
Cloudflare WAF:
```json
{
"description": "Block 173.234.226.210 β IPDebrief risk score 50",
"action": "block",
"filter": {
"expression": "ip.src eq 173.234.226.210"
}
}
```
AWS WAF:
```json
{
"Addresses": ["173.234.226.210/32"],
"Description": "IPDebrief risk 50"
}
```
---
## Intelligence Assessment
This IP represents a low-to-moderate threat suitable for defensive blocking. Key factors supporting this assessment:
1. Hosting Infrastructure: IP operates on a colocation platform commonly used for both legitimate and malicious purposes
2. Abuse Environment: High-abuse subnet with significant threat sibling activity
3. Clean Current Profile: No active attacker indicators or known campaigns
4. Historical DNSBL Presence: Prior reputation issues suggest previous abuse or misconfiguration
Recommended Action: Implement block rules while monitoring for legitimate service requirements. Consider broader subnet-level filtering (173.234.226.0/24) if the organization experiences related attack patterns from the subnet.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | 173.234.226.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 56% | 2 | 10 |
| services | 17% | 2 | 3 |
| ownership | 22% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 26% | 2 | 3 |
| Overall | 30% | 12 | 27 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:03 UTC |
| Last Seen | 2026-06-27 11:08:08 UTC |
| Profile Built | 2026-06-28 05:14:07 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 61 |
Full dossier details are available via our API.