# Intelligence Briefing: 108.62.62.110
Classification: Moderate Risk
Date: 2026-06-24
Prepared For: SOC Analyst
## Executive Summary
IP 108.62.62.110 is a residential/infrastructure address owned by LeaseWeb USA, Inc. Seattle (ASN 396190) located in Seattle, Washington. The IP presents a moderate risk profile (65/100) with elevated neighborhood abuse density and multiple DNS blacklistings. No active threat campaigns or attack indicators are currently observed.
## Technical Profile
Ownership & Infrastructure:
- ASN: 396190 (LeaseWeb USA, Inc. Seattle)
- CIDR Block: 108.62.56.0/21
- Network Classification: Infrastructure/Hosting
- Service Status: Firewalled / No services detected
Geolocation:
- Country: United States (US)
- Region: Washington
- City: Seattle
- Geo Validation: Plausible (distance 3,865.3km from probe origin)
- Consensus: Confirmed via multiple sources
Network Classification:
- DNSBL Listings: 3/8 blacklists
- RPKI State: Unknown
- Route Stability: False (isRouteStable)
- Operator Score: 0.1304 (Minimal)
## Threat Assessment
Current Risk Indicators:
- No Tor exit node activity
- No known attacker attribution
- No spam source designation
- No active threat campaigns
- No honeypot hits or enumeration strikes
Neighborhood Context:
The IP resides in subnet 108.62.62.0/24, classified as HIGH ABUSE with 53.52% abuse density. The subnet contains 256 sibling IPs with 130 active and 137 identified as threat indicators. This elevated neighborhood context contributes to the IP's risk elevation.
Historical Signals:
Recent observations (2026-06-17 through 2026-06-24) show consistent minimal operator scores (0.1304) with no significant threat persistence observed over the monitoring period.
## Recommended Actions
Immediate:
1. Implement blocking rules on perimeter infrastructure
2. Increase logging verbosity for traffic analysis
3. Monitor for emerging threat indicators
Recommended Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 108.62.62.110 -j DROP
# nftables
nft add rule inet filter input ip saddr 108.62.62.110 drop
# nginx
deny 108.62.62.110;
# pfSense
108.62.62.110/32
```
## Risk Factors
- Elevated Neighborhood Risk: Subnet abuse density at 53.52%
- DNS Blacklist Presence: Listed on 3 DNS blacklists
- Infrastructure Hosting: May be repurposed for malicious activities
- Route Instability: BGP routing shows instability indicators
## Conclusion
This IP represents a moderate risk infrastructure address in a high-abuse neighborhood. While no active threat campaigns are currently attributed to this address, the neighborhood context and DNS blacklistings warrant defensive blocking and monitoring. The IP should be treated with caution in security operations.
---
*Intel generated from IPDebrief analysis. Recommendations should be validated against additional threat intelligence sources before implementation.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | LeaseWeb USA, Inc. Seattle |
| ASN | AS396190 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 28% | 2 | 3 |
| reputation | 32% | 1 | 3 |
| geolocation | 24% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:59 UTC |
| Last Seen | 2026-06-26 18:11:58 UTC |
| Profile Built | 2026-06-26 23:22:20 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 22 |
Full dossier details are available via our API.