173.234.227.70
IP Intelligence Briefing: 173.234.227.70
Date: 2026-06-14
---
**1. Risk Profile**
- Overall Risk: Moderate (Risk Score: 50/100)
- Provider: Leaseweb USA, Inc. (Hosting Provider)
- Geolocation: Dallas, TX, US (Inferred via ARIN registration)
- Network Role: Hosting (Firewalled / No Services)
---
**2. Threat Indicators**
- No Direct Malicious Activity: No indicators of spam, attacks, or abuse linked to this IP.
- Neighborhood Risk:
- Subnet 173.234.227.0/24 has high abuse density (0.8359).
- 214 threat siblings (malicious IPs in the same subnet).
- 187 active IPs in the subnet, with 33% inherited risk from the subnet's reputation.
---
**3. Network Relationships**
- Associated Network: LU-79 (Leaseweb subnet).
- Provider Context:
- Assigned to Choopa/GameServers (likely a gaming or cloud hosting service).
- BGP Prefix: 173.234.224.0/22 (shared with other Leaseweb IPs).
- Routing:
- DNSSEC Valid: Yes.
- Route Stability: Unstable (route changes detected in 30 days).
---
**4. Historical Observations**
- Ownership Stability: Consistently registered to Leaseweb USA, Inc. since 2010.
- Threat Persistence: No persistent malicious activity linked to this IP.
- Geolocation Validation: ICMP blocked, making geolocation verification unreliable.
---
**5. Recommendations**
- Monitor Subnet Activity: Given the high abuse density in 173.234.227.0/24, monitor traffic patterns and investigate potential lateral movement or compromised hosts.
- Block/Restrict Access: Consider blocking the IP in firewalls (e.g., `iptables -A INPUT -s 173.234.227.70 -j DROP`) due to its association with a high-risk subnet.
- Verify Hosting Provider Security: Confirm Leaseweb's security practices, as the subnetβs abuse density suggests potential provider-level vulnerabilities.
---
**6. Actionable Rules**
- Firewall:
- `iptables`: Drop traffic from `173.234.227.70`.
- `nftables`: Add rule to block `173.234.227.70/32`.
- Cloud WAF (AWS/Cloudflare):
- Add `173.234.227.70/32` to blocklists for further scrutiny.
---
Conclusion: While the IP itself is not malicious, its subnet exhibits significant risk. SOC teams should prioritize monitoring and restrict access to mitigate potential exposure from the broader network.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Leaseweb USA, Inc. |
| ASN | AS394380 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 45% | 1 | 6 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 28% | 10 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:04 UTC |
| Last Seen | 2026-06-27 11:27:35 UTC |
| Profile Built | 2026-06-28 05:32:23 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 51 |
Full dossier details are available via our API.