## IP Intelligence Briefing: 173.234.227.112/32
Classification: Moderate Risk Hosting Infrastructure
Date of Analysis: 2026-06-19
Analyst: IPDebrief Intelligence Division
---
EXECUTIVE SUMMARY
IP 173.234.227.112 is a colocation hosting address assigned to Leaseweb USA, Inc. (ASN: 394380) in Dallas, TX. The IP presents a moderate risk profile (50/100) with no active services detected, indicating a firewalled state. The subnet demonstrates high abuse density (0.9453), with 242 of 256 sibling IPs flagged as threat indicators.
---
OWNERSHIP & GEOLOCATION
| Attribute | Value |
|---|---|
| Organization | Leaseweb USA, Inc. |
| ASN | 394380 |
| Country/Region | United States, Texas |
| City | Dallas |
| Network Block | 173.234.224.0/22 |
| RIR | ARIN |
| Infrastructure Type | Colocation Hosting |
| Service Provider | Choopa/GameServers |
---
THREAT INDICATORS
| Metric | Value |
|---|---|
| Risk Score | 50 (Moderate Risk) |
| Abuse Confidence Score | Not Available |
| DNS Blacklist Count | 2 (of 8 total lists) |
| Tor Exit Node | No |
| Known Attacker | No |
| Spam Source | No |
| Is Hosting | Yes |
| Open Ports/Services | None Detected |
| DNS PTR Records | None |
---
NETWORK BEHAVIOR
Control Plane Assessment:
- Route Stability: False (route changes observed within 30 days)
- DNSSEC Valid: Yes
- Has CAA Records: Yes
- Operator Score: 0.2174 (Minimal)
- BGP Prefix: 173.234.224.0/22
Service State: No active services detected. IP is firewalled with no open ports, HTTP titles, or TLS certificates.
---
NEIGHBORHOOD ANALYSIS
Subnet Profile (173.234.227.0/24):
- Total Siblings: 256
- Active Siblings: 205
- Threat Siblings: 242
- Abuse Density: 0.9453 (94.53%)
- Inherited Risk Score: 37
- Classification: High Abuse
The subnet exhibits extremely high abuse density, indicating a hosting environment with prevalent malicious activity. However, this is consistent with the Choopa/GameServers infrastructure model.
---
OBSERVATION HISTORY
Temporal Analysis (47 observations):
- Data Span: Multiple days with consistent observations
- Recent Activity: 2026-06-18 to 2026-06-19
- ASN Consistency: 394380 (Leaseweb USA, Inc.)
- Operator Score: Consistently 0.2174 (Minimal)
- Threat Persistence: 0 days (not persistently malicious)
- Ownership Changes: 0
The IP demonstrates stability with no ownership changes and consistent operational characteristics over the observation period.
---
RELATIONSHIP MAPPING
Connected Entities (145 relationships):
- Primary Network: LU-79 (140+ same network relationships)
- Infrastructure: Hosting/Colocation network
- No certificate matches or campaign correlations detected
---
SECURITY ACTIONS & RECOMMENDATIONS
Assessment: The IP represents infrastructure-level hosting with no direct threat indicators. However, the subnet's high abuse density warrants defensive consideration.
Recommended Actions:
1. Monitor for outbound connections from 173.234.227.0/24 to known malicious destinations
2. Implement allow-listing for legitimate business needs if communication is required
3. Block inbound connections unless business justification exists
4. Monitor for DNS query patterns to the subnet (2 DNSBL listings present)
Firewall Rule Considerations:
- No specific block recommended due to moderate risk classification
- Consider rate-limiting if communication patterns emerge
- Monitor for C2 traffic patterns to/from the subnet
---
CONCLUSION
IP 173.234.227.112 is a legitimate colocation hosting address with moderate risk characteristics. The absence of active services, no known attacker indicators, and stable ownership history suggest infrastructure use rather than active malicious operations. However, the high abuse density in the parent subnet (173.234.227.0/24) requires contextual awareness and potential defensive monitoring.
Threat Level: MODERATE
Action Required: MONITOR
Priority: LOW
---
*Intelligence generated by IPDebrief Threat Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 4 |
| routing | 45% | 1 | 7 |
| services | 17% | 2 | 3 |
| ownership | 17% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 27% | 10 | 23 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:04 UTC |
| Last Seen | 2026-06-27 11:34:40 UTC |
| Profile Built | 2026-06-28 05:40:16 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 55 |
Full dossier details are available via our API.