108.62.57.119
# IP Intelligence Briefing: 108.62.57.119/32
## Executive Summary
IP address 108.62.57.119 is registered to LeaseWeb USA, Inc. Seattle (ASN 396190) and presents a moderate risk profile with a risk score of 65. The IP is located in Seattle, Washington, USA, and is associated with the 3e.vc domain. Despite no active services detected, the IP demonstrates significant neighborhood abuse density and multiple blacklist listings, indicating infrastructure-level risk.
## Risk Assessment
| Metric | Value | Classification |
|---|---|---|
| Risk Score | 65 | Moderate Risk |
| Provider Score | 0 | N/A |
| Authority Score | 0 | N/A |
| Abuse Confidence | N/A | N/A |
| Operator Score | 0.4783 | Basic |
The IP is classified as "Firewalled / No Services" with zero open ports detected. No TLS certificates or HTTP responses were observed during scanning.
## Network Infrastructure
Ownership & Registration:
- ASN: 396190
- Organization: LeaseWeb USA, Inc. Seattle
- RIR: ARIN
- Route Origin: 108.62.56.0/21
Geolocation:
- Country: United States (US)
- Region: Washington (WA)
- City: Seattle
- Location Accuracy: 2500 km radius
Control Plane:
- Route Stability: Stable
- AS Path: 3257 β 396190
- DNSSEC: Valid
- RPKI: State not determined
## Threat Indicators
Blacklist Status:
- DNSBL Listings: 3 of 8 lists
- Classification: High abuse subnet
- No active threat campaigns correlated
Threat Classification:
- Not a known attacker
- Not a spam source
- Not a Tor exit node
- No known malicious campaigns
Abuse Context:
- Subnet: 108.62.57.0/24
- Abuse Density: 0.7656 (high_abuse classification)
- Threat Siblings: 196 out of 256 total siblings (77% threat ratio)
## Relationship Analysis
The IP has 62 documented relationships, primarily indicating same-network associations with the 108-62-56-0 network prefix. These relationships suggest the IP operates within a shared hosting or cloud infrastructure environment typical of LeaseWeb's service model.
## Observation History
Analysis of 24 historical observations reveals:
- Recent DNS Activity: Resolution to 3e.vc domain with SPF record present but DMARC not configured
- Operator Scoring: Consistent 0.4783 operator score across recent observations
- Blacklist Activity: Three blacklist listings with high severity classification observed
- Subnet Risk: Persistent high-abuse classification (0.7656 abuse density)
Temporal analysis indicates no persistent malicious behavior pattern, with threat observation count at 1 and threat persistence days at 0.
## Neighborhood Analysis
The /24 subnet (108.62.57.0/24) was analyzed with 100 neighbor IPs:
| Risk Level | Count | Percentage |
|---|---|---|
| High | 0 | 0% |
| Medium | 99 | 99% |
| Low | 1 | 1% |
The subnet demonstrates a 0.7656 abuse density with 174 active siblings and 196 threat siblings, indicating systemic infrastructure abuse patterns within the /24 block.
## Recommended Actions
Based on the risk profile and neighborhood context, the following firewall rules are recommended:
1. Default Deny Policy: Consider blocking inbound traffic from this IP range at perimeter firewalls
2. Monitoring: Add to SIEM alerting for any outbound connections to/from this IP
3. Rate Limiting: Implement connection rate limiting to mitigate potential abuse
4. Block List Integration: Add IP to organizational block lists given multiple blacklist listings
## Intelligence Conclusion
IP 108.62.57.119 presents moderate risk primarily due to neighborhood-level abuse patterns rather than direct malicious activity. The high abuse density of the parent subnet (0.7656) and 77% threat sibling ratio suggest this IP may be co-located with compromised infrastructure. While the IP itself shows no active services or direct threat indicators, the organizational risk warrants defensive controls and monitoring.
Threat Level: Moderate
Priority: Monitor
Recommended Action: Implement filtering and monitoring controls
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | LeaseWeb USA, Inc. Seattle |
| ASN | AS396190 |
| Network Name | β |
| CIDR Block | 108.62.56.0/21 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 108.62.57.119.rdns.3e.vc |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 108.62.57.119.rdns.3e.vc |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 3 |
| routing | 24% | 2 | 3 |
| services | 8% | 1 | 1 |
| ownership | 27% | 3 | 4 |
| reputation | 31% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 25% | 11 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:53 UTC |
| Last Seen | 2026-06-26 18:11:53 UTC |
| Profile Built | 2026-06-24 19:12:47 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 27 |
Full dossier details are available via our API.