IP Intelligence Briefing: 173.234.227.128
Date: 2026-06-14
---
**1. Core Profile**
- Risk Score: 50 (Moderate Risk)
- Provider: Choopa/GameServers (Hosting)
- Ownership: Leaseweb USA, Inc. (ASN 394380)
- Geolocation: Dallas, TX, US (latitude 39.83, longitude -98.58)
- Network Role: Hosting service (Firewalled / No Services)
- Threat Indicators: No detected malicious activity (no indicators, abuse confidence, or campaigns).
---
**2. Observation History**
- Recent Signals:
- Geolocation validated via cymru-country (confidence: 0.35).
- DNSSEC validation (operator score: 0.13).
- Consistent geolocation and network role data over 3 days.
- Temporal Trends: No persistent malicious behavior; threat observation count: 1.
---
**3. Network Relationships**
- Subnet: 173.234.227.128/24
- Neighbors:
- Abuse Density: 83.59% (high risk subnet).
- Active Siblings: 187 IPs (256 total).
- Threat Siblings: 214 IPs flagged as risky.
- Relationships: Linked to network LU-79 (same provider/organization).
---
**4. Subnet Analysis**
- Subnet Risk: High abuse density (0.8359).
- Neighbor Risk Scores: Vary between 50 (moderate) and 0 (low).
- Inherited Risk: 33% of subnetβs overall risk applies to this IP.
---
**5. Security Recommendations**
- Firewall Rules:
- Block IP using:
- `iptables -A INPUT -s 173.234.227.128 -j DROP`
- `nft add rule inet filter input ip saddr 173.234.227.128 drop`
- Cloudflare/AWS WAF rules provided in tool response.
- Monitoring:
- Track traffic to/from this IP due to high subnet abuse density.
- Monitor for unexpected services or DNS activity.
---
**6. Summary**
This IP is associated with a hosting provider and shows no direct malicious activity. However, its subnet has a high abuse density, suggesting potential risks. While the IP itself is not flagged as malicious, network defenders should monitor traffic and consider blocking it if it correlates with suspicious activity. No immediate action is required unless specific threats are observed.
SOC Analyst Note: Prioritize investigating traffic patterns within the 173.234.224.0/22 subnet due to elevated risk.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 33% | 1 | 3 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 28% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:04 UTC |
| Last Seen | 2026-06-27 11:37:22 UTC |
| Profile Built | 2026-06-28 05:42:31 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 48 |
Full dossier details are available via our API.