108.62.60.9

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: 108.62.60.9/32

## EXECUTIVE SUMMARY

IP 108.62.60.9 is classified as Moderate Risk (Risk Score: 50) with a stable operational profile. The address is associated with LeaseWeb USA, Inc. Seattle infrastructure and resides within a high-abuse density subnet. While the IP itself shows no active threat indicators, its neighborhood context warrants monitoring.

## OWNERSHIP & GEOLOCATION

ASN: 396190 (LeaseWeb USA, Inc. Seattle)
Organization: LeaseWeb USA, Inc.
Location: Seattle, WA, US
Network Block: 108.62.56.0/21 (Control Plane)
Routing Status: Route not stable; 0 route changes in 30 days

## THREAT ASSESSMENT

Current Risk Score: 50 (Moderate Risk)

Threat Indicators:

No known attacker attribution
No Tor exit node activity
Not classified as spam source
Blacklist count: 0
DNSBL Listed: 2 of 8 threat intelligence lists
No active threat campaigns detected

Network Classification:

Service Purpose: Firewalled / No Services
Not cloud, CDN, VPN, proxy, or Tor
No mobile carrier association
No open services detected

## NEIGHBORHOOD ANALYSIS

Subnet: 108.62.60.0/24

Metric	Value
Abuse Density	0.7852 (High)
Classification	high_abuse
Total Siblings	256
Active Siblings	196
Threat Siblings	201
Inherited Risk	31

Risk Distribution: 100 medium-risk neighbors; 0 high-risk neighbors detected in immediate vicinity.

## OBSERVATION HISTORY

Total Observations: 18 signals recorded

Recent Activity: Consistent moderate risk profile maintained
Subnet Abuse Density: Stable at 0.7852 across observations
Threat Persistence: 0 days; not persistently malicious
Ownership Changes: 0 recorded changes
Campaign Correlation: No cert/banner/campaign matches

## RELATED ENTITIES

Relationships Identified: 68

Multiple same-network relationships to 108.62.56.0
No organizational or certificate-based relationships detected

## RECOMMENDED ACTIONS

Immediate Actions:

```bash

# iptables

iptables -A INPUT -s 108.62.60.9 -j DROP

# nftables

nft add rule inet filter input ip saddr 108.62.60.9 drop

# Cloudflare WAF

Expression: ip.src eq 108.62.60.9 → Block

# AWS WAF

Addresses: 108.62.60.9/32 → Block

```

Contextual Considerations:

Block recommendation based on moderate risk score (50)
Neighborhood abuse density (0.7852) suggests elevated threat context
No open services reduce likelihood of direct exploitation
Consider subnet-level blocking if traffic patterns support it

## CONCLUSION

IP 108.62.60.9 presents moderate risk primarily through neighborhood association rather than direct malicious activity. The subnet (108.62.60.0/24) shows high abuse density with 201 of 256 IPs flagged as threats. While this IP shows no active exploitation indicators, the operational context suggests defensive blocking is warranted. Monitor for behavioral changes and correlate with any observed malicious traffic patterns.

Classification: MONITOR/BLOCK

Priority: Medium

Recommended Action: Block with monitoring

---

*Intelligence generated from IPDebrief platform. All data points verified through automated analysis.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	WA
City	Seattle
Timezone	—
Latitude	47.61
Longitude	-122.33

🏢 Ownership & Registration

Organization	LeaseWeb USA, Inc. Seattle
ASN	AS396190
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	33%	2	4
routing	8%	1	1
services	21%	2	2
ownership	24%	2	3
reputation	31%	1	3
geolocation	27%	2	3
Overall	24%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:56 UTC
Last Seen	2026-06-26 18:11:56 UTC
Profile Built	2026-06-25 00:16:03 UTC
Data Freshness	Live
Signal Types	21
Total Observations	24

🔍 21 signal types · 24 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

108.62.60.9📋 Copy