173.234.227.6
# IP Intelligence Briefing: 173.234.227.6/32
Date: 2026-06-24
Classification: Moderate Risk (Score: 50/100)
Status: Active Monitoring Required
---
## Executive Summary
IP 173.234.227.6 is a colocation hosting address within the 173.234.227.0/24 subnet, operated by Leaseweb USA, Inc. (ASN 394380). The IP exhibits moderate risk characteristics with no services currently detected. The parent subnet shows elevated abuse density (79.69%), with 204 of 256 sibling IPs flagged as threat-related. Immediate defensive actions recommended.
---
## Technical Profile
Ownership & Infrastructure:
- Organization: Leaseweb USA, Inc.
- ASN: 394380
- Location: Dallas, TX, US
- Network Role: Colocation Hosting / GameServers provider (Choopa)
- Geolocation Accuracy: 2,500 km radius (consensus from 2 sources)
Control Plane:
- BGP Prefix: 173.234.227.0/24
- AS Path: 3257 β 394380
- Route Stability: Stable (0 route changes in 30 days)
- DNSSEC: Valid
- Delegation Age: 3,937 days (~10.8 years)
---
## Threat Assessment
Current Risk Indicators:
- Risk Score: 50 (Moderate)
- Abuse Confidence: Not publicly flagged
- Blacklist Status: Listed on 2 of 8 DNSBLs
- Tor/Exit Node: Not detected
- Known Attacker: No
- Spam Source: No
- Campaign Affiliation: None detected
Threat Persistence:
- Observation Count: 1
- Persistently Malicious: No
- Recent Activity: Minimal temporal changes observed
---
## Neighborhood Analysis
Subnet: 173.234.227.0/24
- Total Siblings: 256 IPs
- Active Siblings: 243
- Threat Siblings: 204
- Abuse Density: 79.69% (High Abuse Classification)
- Inherited Risk Score: 31
Risk Distribution:
- High Risk: 0%
- Medium Risk: 100% (sampled)
- Low Risk: 0%
Sample Neighbor Scores:
- 173.234.227.0: Risk 40
- 173.234.227.1-5: Risk 50
---
## Network Services & DNS
Open Ports: None detected
DNS Records: No PTR hostnames, no forward resolution
Email Auth: SPF/DMARC not configured
HTTP Services: No TLS certificates or HTTP titles detected
---
## Observation History
Total Observations: 49
Recent Activity (2026-06-23 to 2026-06-24):
- ASN consistently identified as LEASEWEB-USA-DAL
- Operator scores: 0.26-0.30 (Basic classification)
- No significant geolocation or threat profile changes
- Signal confidence ranges: 0.24-0.85
---
## Recommended Actions
Immediate (SOC Team):
1. Monitor Ingress/Egress: Block or rate-limit traffic from 173.234.227.0/24 due to high abuse density
2. Threat Hunting: Correlate with threat indicators for 204 sibling IPs showing malicious activity
3. DNSBL Monitoring: Track DNSBL listing changes (currently 2 of 8 lists)
Firewall Rules (iptables/nftables):
```bash
# Block subnet (recommended due to 79.69% abuse density)
iptables -A INPUT -s 173.234.227.0/24 -j DROP
```
WAF Rules (Cloudflare/AWS):
```
Block IPs from subnet 173.234.227.0/24
```
Long-term:
- Implement geo-based blocking if policy permits
- Monitor for service openings on subnet IPs
- Track for potential C2 or spam source emergence
---
## Risk Summary
| Metric | Value | Severity |
|---|---|---|
| Risk Score | 50 | Moderate |
| Abuse Density | 79.69% | High |
| Threat Siblings | 204/256 | Elevated |
| Blacklist Count | 2/8 | Low-Moderate |
| Route Stability | Stable | Normal |
Bottom Line: This IP resides in a high-abuse colocation subnet. While the specific address shows no active malicious indicators, the environment warrants defensive posture. Recommend subnet-level blocking if security policy permits.
---
*Report generated by IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | 173.234.227.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 48% | 2 | 8 |
| services | 12% | 2 | 2 |
| ownership | 27% | 3 | 4 |
| reputation | 31% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 29% | 12 | 24 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:04 UTC |
| Last Seen | 2026-06-27 11:16:51 UTC |
| Profile Built | 2026-06-28 05:22:01 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 57 |
Full dossier details are available via our API.