# IP Intelligence Briefing: 173.234.226.45/32
## Executive Summary
IP address 173.234.226.45 is hosted in Dallas, Texas, US within Leaseweb USA, Inc. (ASN 394380) colocation infrastructure. The IP carries a moderate risk score of 50 and is located in a subnet with elevated abuse density (71.48%), indicating systemic risk within the broader network block. No direct threat indicators were observed against the specific IP, though neighborhood analysis reveals significant peer activity.
## Ownership and Infrastructure
| Attribute | Value |
|---|---|
| Organization | Leaseweb USA, Inc. |
| ASN | 394380 |
| RIR | ARIN |
| Network Block | 173.234.224.0/22 |
| Network Role | Colocation Hosting (Choopa/GameServers) |
| Classification | Hosting Infrastructure |
## Geolocation
| Attribute | Value |
|---|---|
| Country | United States (US) |
| Region | Texas (TX) |
| City | Dallas |
| Geo Accuracy | 2,500 km (consensus-based) |
| Validation Status | ICMP blocked β unable to validate |
## Threat Profile
- Risk Score: 50 (Moderate Risk)
- Abuse Confidence: Not quantified
- Threat Indicators: None observed
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Status: Listed on 2 of 8 DNSBLs
- Operator Score: 0.1304 (Minimal)
## Network Behavior
- Open Ports: None detected
- TLS Certificates: None observed
- Service Purpose: Firewalled / No Services
- Route Stability: False (route changes detected)
- BGP Prefix: 173.234.224.0/22
- Control Plane Status: Route stable = false
## Neighborhood Analysis (173.234.226.0/24)
The /24 subnet exhibits elevated abuse characteristics:
| Metric | Value |
|---|---|
| Subnet Abuse Density | 71.48% (HIGH) |
| Subnet Classification | high_abuse |
| Total Siblings | 256 |
| Active Siblings | 236 |
| Threat Siblings | 183 |
| Risk Distribution | 100 medium, 0 high, 0 low |
Implication: 71.48% of the subnet has been observed with abuse signals. This contextual risk factor suggests the hosting environment may be leveraged for malicious activities, even if the specific IP under analysis shows no direct indicators.
## Observation History
- Total Observations: 43 signals
- Most Recent: 2026-06-24T12:38:54 UTC
- Signal Types: ASN resolution, country geolocation, operator scoring, network classification
- Threat Persistence: 0 days observed
- Ownership Changes: None recorded
## Intelligence Relationships
- Total Relationships: 149 entities linked
- Primary Link Type: Same Network (LU-79)
- Notable Connections: Multiple network-level associations within the Leaseweb infrastructure
## Recommended Security Actions
Based on the IP's moderate risk score and the high-abuse context of the /24 subnet, the following firewall rules are recommended:
iptables
```bash
iptables -A INPUT -s 173.234.226.45 -j DROP
```
nftables
```bash
nft add rule inet filter input ip saddr 173.234.226.45 drop
```
nginx
```nginx
deny 173.234.226.45;
```
pfSense
```
173.234.226.45/32
```
Cloudflare WAF
```json
{
"description": "Block 173.234.226.45 β IPDebrief risk score 50",
"action": "block",
"filter": {"expression": "ip.src eq 173.234.226.45"}
}
```
AWS WAF
```json
{
"Addresses": ["173.234.226.45/32"],
"Description": "IPDebrief risk 50"
}
```
## Assessment Notes
The IP under analysis lacks direct malicious indicators but resides within a subnet exhibiting 71.48% abuse density. The absence of open services and TLS certificates suggests the IP may be dormant, temporarily inactive, or part of a broader hosting infrastructure that supports mixed legitimate and potentially compromised endpoints. The control plane instability (route changes detected) combined with the subnet's high abuse classification warrants defensive posturing despite the absence of active threat indicators.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 4 |
| routing | 22% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:03 UTC |
| Last Seen | 2026-06-27 10:40:28 UTC |
| Profile Built | 2026-06-28 04:45:44 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 45 |
Full dossier details are available via our API.