108.62.58.93

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 108.62.58.93/32

Classification: Moderate Risk Infrastructure IP

Date Generated: 2026-06-09

Analysis Authority: IPDebrief Threat Intelligence Platform

---

## EXECUTIVE SUMMARY

IP address 108.62.58.93 is classified as Moderate Risk (Score: 50) and is assigned to LeaseWeb USA, Inc. Seattle (ASN 396190). The IP is geolocated to Tukwila, Washington. Current scanning indicates no open ports or active services, with the host classified as "Firewalled / No Services." While the IP shows no direct threat indicators, it operates within a subnet with elevated abuse density (0.8398) and 215 threat siblings across 256 total addresses.

---

## OWNERSHIP AND NETWORK CLASSIFICATION

Field	Value
Organization	LeaseWeb USA, Inc. Seattle
ASN	396190
BGP Prefix	108.62.56.0/21
Country	United States (US)
Region	Washington (WA)
City	Tukwila
Registration RIR	ARIN
Service Purpose	Firewalled / No Services

The IP demonstrates stable ownership with no ownership changes observed. Control plane analysis indicates the subnet is route-stable with 0 route changes in the past 30 days.

---

## THREAT ASSESSMENT

Current Risk Profile

Overall Risk Score: 50 (Moderate)
Operator Score: 0.1304 (Minimal)
DNSBL Listings: 2 of 8 total lists
Abuse Confidence: Not explicitly scored

Threat Indicators

Is Tor Exit Node: No
Is Known Attacker: No
Is Spam Source: No
Known Campaigns: None identified
Blacklist Count: 0

The IP shows no direct correlation to known threat campaigns or active malicious behavior in threat feeds.

---

## OBSERVATION HISTORY ANALYSIS

Total Observations: 19 signals over monitoring period

Key Temporal Findings:

2026-06-09: Operator score 0.15 (Minimal), DNSSEC validated
2026-06-04: Threat signal detected with Pulse count of 50 via AlienVault-OTX; subnet abuse density reported as 0.8398 (high_abuse classification)

Temporal Trend: The IP exhibits intermittent threat signal activity. The 2026-06-04 observation indicates elevated threat correlation with 50 pulse matches, though subsequent monitoring shows normalization to minimal operator scores. No persistent malicious behavior pattern confirmed.

---

## NETWORK NEIGHBORHOOD ANALYSIS

Subnet: 108.62.58.0/24

Total Siblings: 256

Active Siblings: 132

Threat Siblings: 215

Risk Distribution:

High Risk: 0
Medium Risk: 100
Low Risk: 0

Abuse Density: 0.8398 (High Abuse Classification)

The /24 subnet demonstrates concentrated risk, with 215 threat siblings out of 256 total addresses. This suggests the subnet may be hosting multiple infrastructure targets or compromised systems. The high abuse density warrants lateral investigation of adjacent IP addresses for potential command-and-control or related malicious infrastructure.

---

## INFRASTRUCTURE AND SERVICES

Network Services

Open Ports: None detected
HTTP Services: None
TLS Certificates: None
DNS Records: 0 forward hostnames
Email Authentication: No SPF or DMARC records

Control Plane

RPKI State: Not verified
Route Stability: Stable (0 changes in 30 days)
DNSSEC Valid: Yes
MoAS Status: No

The infrastructure shows defensive posture with no exposed services. The firewalled status indicates minimal attack surface at this specific address level.

---

## RECOMMENDED ACTIONS

For SOC Analysts

1. Monitor Subnet Activity: Given the 0.8398 abuse density, monitor related IPs in 108.62.58.0/24 for anomalous traffic patterns.

2. Block at Perimeter: Implement blocking rules for inbound connections from this subnet if organizational policy requires high-risk subnet containment.

3. Correlate Traffic: Cross-reference observed traffic against known malicious IP feeds, particularly focusing on the 215 identified threat siblings.

4. Investigate Pulse Signals: The 2026-06-04 threat correlation with 50 pulse matches warrants investigation into potential campaign activity.

Firewall Rules (Recommended)

```

# Block traffic from this IP

iptables -A INPUT -s 108.62.58.93 -j DROP

iptables -A OUTPUT -d 108.62.58.93 -j DROP

# Consider blocking the entire /24 subnet given abuse density

iptables -A INPUT -s 108.62.58.0/24 -j DROP

```

---

## CONCLUSION

IP 108.62.58.93 presents Moderate Risk with no direct threat indicators but operates within a high-abuse-density subnet. The infrastructure is well-defended with no exposed services, and ownership is stable under LeaseWeb USA, Inc. The primary risk factor is the subnet-level concentration of threat activity (215 threat siblings). Recommend monitoring adjacent IPs for potential lateral threat indicators and implementing perimeter blocking based on organizational risk tolerance thresholds.

Threat Level: MODERATE

Action Required: MONITOR / CONSIDER BLOCK

Confidence: HIGH

---

*Intel generated by IPDebrief Threat Intelligence Platform*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	WA
City	Tukwila
Timezone	—
Latitude	47.61
Longitude	-122.33

🏢 Ownership & Registration

Organization	LeaseWeb USA, Inc. Seattle
ASN	AS396190
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	3
routing	8%	1	1
services	8%	1	1
ownership	24%	2	3
reputation	31%	1	3
geolocation	24%	2	3
Overall	21%	9	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:54 UTC
Last Seen	2026-06-26 18:11:54 UTC
Profile Built	2026-06-24 20:38:24 UTC
Data Freshness	Live
Signal Types	20
Total Observations	23

🔍 20 signal types · 23 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

108.62.58.93📋 Copy