# IP Intelligence Briefing: 173.234.227.49/32
## Executive Summary
IP address 173.234.227.49 is a moderate-risk (score: 50) hosting/colocation endpoint located in Dallas, TX under Leaseweb USA, Inc. (ASN: 394380). The IP demonstrates persistent activity within a high-abuse subnet environment with 204 malicious siblings detected in the /24. No active services or open ports were observed, indicating a firewalled endpoint.
---
## Network Ownership & Classification
- Organization: Leaseweb USA, Inc.
- ASN: 394380
- Network Block: 173.234.224.0/22
- Infrastructure Type: Colocation Hosting (Choopa/GameServers)
- Location: Dallas, Texas, United States
- Registration: RIR ARIN (allocated 2010-02-12)
- Network Role: Hosting with no active services detected (Firewalled / No Services)
---
## Risk Assessment
| Metric | Value |
|---|---|
| Risk Score | 50 (Moderate Risk) |
| Operator Score | 0.1304 (Minimal) |
| Abuse Confidence | Not applicable |
| DNSBL Listings | 2 of 8 lists |
| Known Campaigns | None |
| Tor Exit Node | No |
---
## Neighborhood Analysis
The IP resides in subnet 173.234.227.0/24 showing:
- Total Siblings: 256
- Active Siblings: 243 (95% activity rate)
- Threat Siblings: 204 (82% of active peers)
- Abuse Density: 0.7969 (High Abuse Classification)
- Neighbor Risk Distribution: 100 medium-risk neighbors observed
- Inherited Risk Score: 31 (moderate subnet-level threat)
---
## Behavioral Indicators
- Threat Observation Count: 1
- Threat Persistence: Not persistently malicious
- Ownership Changes: 0 (stable ownership)
- Route Stability: Not stable (route changes observed)
- Recent Signals: 45 total observations recorded
---
## Historical Activity
Signal observation history indicates:
- Consistent ASN attribution (AS394380 Leaseweb USA)
- Multiple threat-related Pulse detections (50+ pulses in recent signals)
- Operator scores maintained at minimal levels
- Geographic data consistently validated from US sources
---
## Related Entities
- 167 relationship records detected
- Predominantly same-network relationships (LU-79 network designation)
- No cross-network or organizational associations identified
---
## Recommended Actions
Based on the moderate risk profile and high-abuse neighborhood:
1. Monitoring: Continue passive monitoring. No immediate blocking required.
2. Allowlisting: Consider allowlisting if endpoint is legitimate business traffic.
3. Filtering: If traffic patterns indicate abuse, implement rate limiting or geo-blocking for non-business hours.
4. Network Security: Monitor for lateral movement attempts from this subnet given 82% threat sibling ratio.
5. Threat Intel Integration: Add to watchlist for anomaly detection; correlate with known malicious activity patterns from the /24.
---
## Threat Intel Narrative
This endpoint represents a typical colocation hosting IP with elevated neighborhood risk due to the high concentration of malicious activity in the /24 subnet. While the individual IP shows no active threats or services, the contextual risk is elevated by the 204 malicious sibling addresses. Security teams should treat traffic from this subnet with heightened scrutiny, particularly for port scanning, brute force attempts, or data exfiltration patterns. The firewalled nature of the endpoint suggests it may be used for hosting services or game servers, which are common vectors for compromise and abuse.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 17% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:04 UTC |
| Last Seen | 2026-06-27 11:24:04 UTC |
| Profile Built | 2026-06-28 05:31:11 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 45 |
Full dossier details are available via our API.