108.62.57.41
# Threat Intelligence Briefing: 108.62.57.41
Classification: Moderate Risk / Infrastructure Provider
Report Date: Current Analysis
IP Address: 108.62.57.41/32
---
## Executive Summary
The IP address 108.62.57.41 belongs to LeaseWeb USA, Inc. Seattle (ASN 396190) and is classified as moderate risk (risk score: 40). The address resides within a high-abuse density subnet (108.62.57.41/24) with 190 threat siblings identified among 256 total addresses. No open services or active threat indicators were detected on this specific IP, but the neighborhood context indicates elevated regional risk.
---
## Ownership and Network Context
Provider: LeaseWeb USA, Inc. Seattle
ASN: 396190
Geolocation: Seattle, WA, US (US, WA)
BGP Prefix: 108.62.56.0/21
Network Classification: Provider infrastructure, firewalled/no services
The IP is owned by a known hosting provider. No service banners or open ports were observed during scanning. The address resolves to geolocation coordinates approximately 39.83°N, -98.58°W with an accuracy radius of 2,500 km.
---
## Threat Assessment
Current Risk Score: 40 (Moderate Risk)
Abuse Confidence: Data insufficient for precise scoring
Blacklist Status: 0 blacklist listings (current profile)
Tor/Proxy: Not identified as Tor exit node, proxy, or VPN
Known Attacker: No association with known attacker IP databases
Spam Source: No spam source indicators
Threat Indicators: None currently active
Campaign Associations: None identified
Cert Matches: 0
---
## Neighborhood Analysis
Subnet: 108.62.57.41/24
Abuse Density: 0.7422 (High Abuse Classification)
Total Siblings: 256
Active Siblings: 156
Threat Siblings: 190
The /24 subnet exhibits high abuse density with 74% of active IPs flagged as threats. Risk distribution across neighbors shows 100 medium-risk addresses, 0 high-risk, and 0 low-risk. All neighboring IPs returned risk score 50 with authority score 50.
---
## Historical Observations
Total Observations: 18 signals collected
Key Historical Events:
- 2026-06-04 01:24:49: DNS blacklist listing observed (max severity: high, 8 total lists)
- 2026-06-04 00:50:56: Geolocation signal from US (confidence: 0.35)
- 2026-06-04 00:48:43: Subnet abuse density classification confirmed (high_abuse, 0.7422)
Recent signal activity (2026-06-24) shows minimal threat indicators with operator score of 0. No persistent malicious behavior detected over the observation period.
---
## Relationship Graph
Total Relationships: 29
Network Relationships: All 29 relationships point to network 108.62.56.0
Hostname Relationships: None
Organization Relationships: None
Certificate Relationships: None
The IP has no associated hostnames, organizations, or SSL certificates in the relationship database.
---
## Recommended Actions
Status: No immediate action required based on current risk profile
Monitoring Recommendations:
- Monitor for DNS blacklist additions (historical pattern observed)
- Track subnet-level threat activity (108.62.57.0/24)
- Consider blocking if traffic patterns indicate exploitation attempts
Firewall Rules: No specific firewall rules generated due to low individual IP risk. Consider subnet-level blocking policies given the high abuse density environment.
---
## Conclusion
IP 108.62.57.41 is a provider infrastructure address with moderate risk classification. While the individual IP shows no active threats or open services, the subnet exhibits high abuse density. SOC teams should monitor for any service activation or behavioral changes, as the neighborhood context indicates this IP may be used for legitimate hosting services within a high-risk environment. The historical DNS blacklist listing on 2026-06-04 suggests past abuse activity that may be resolved or attributed to neighboring IPs.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | LeaseWeb USA, Inc. Seattle |
| ASN | AS396190 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 24% | 2 | 3 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:53 UTC |
| Last Seen | 2026-06-26 18:11:52 UTC |
| Profile Built | 2026-06-25 01:01:03 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 22 |
Full dossier details are available via our API.