108.62.62.221
# IPDEBRIEF INTELLIGENCE BRIEFING
Target IP: 108.62.62.221/32
Classification: Moderate Risk
Date: Current Intelligence Cycle
---
## EXECUTIVE SUMMARY
IP address 108.62.62.221 is a LeaseWeb USA infrastructure endpoint located in Seattle, Washington. The IP registers a moderate risk score of 50 with no active threat indicators. While the endpoint itself shows no known malicious activity, the /24 subnet exhibits elevated abuse density (9%), suggesting compromised or misconfigured peers in the neighborhood. No immediate blocking is required unless contextual threat intelligence indicates correlation.
---
## OWNERSHIP & GEOLOCATION
| Attribute | Value |
|---|---|
| **Organization** | LeaseWeb USA, Inc. Seattle |
| **ASN** | 396190 |
| **Country** | United States (US) |
| **Region** | Washington (WA) |
| **City** | Seattle |
| **Coordinates** | 47.45, -122.31 |
| **CIDR Block** | 108.62.56.0/21 |
The IP resolves to LeaseWeb infrastructure with PTR hostname `v19.ce02.sea-11.us.leaseweb.net`. Forward DNS confirmation is unavailable, and no reverse DNS records were observed beyond the PTR entry.
---
## THREAT ASSESSMENT
| Metric | Value |
|---|---|
| **Risk Score** | 50 (Moderate) |
| **Abuse Confidence** | Not applicable (no active indicators) |
| **Known Campaigns** | None |
| **Blacklist Count** | 0 |
| **Tor Exit Node** | No |
| **Known Attacker** | No |
| **Spam Source** | No |
Threat Indicators: Empty. No known attack campaigns, spam sources, or blacklisting activity associated with this IP.
---
## NETWORK ROLE & SERVICES
| Attribute | Value |
|---|---|
| **Infrastructure Type** | Provider |
| **Cloud/CDN/Proxy** | No |
| **Open Ports** | None detected |
| **Service Status** | Firewalled / No Services |
| **TLS Certificate** | Not observed |
The endpoint is configured with no open services, indicating it is likely a network infrastructure or management endpoint rather than a public-facing host.
---
## SUBNET NEIGHBORHOOD ANALYSIS
| Metric | Value |
|---|---|
| **Subnet** | 108.62.62.0/24 |
| **Abuse Density** | 0.09 (9%) |
| **High-Risk Neighbors** | 9 |
| **Medium-Risk Neighbors** | 91 |
| **Total Analyzed** | 100 |
The /24 subnet shows elevated abuse density with 9% of peers classified as high-risk. While 108.62.62.221 itself shows no malicious activity, analysts should monitor for correlation with known compromised IPs in the same subnet.
---
## OBSERVATION HISTORY
The IP has generated 24 observations since tracking began. Recent signals (June 2026) indicate:
- Consistent CAA record presence
- DNSSEC validation signals
- Stable operator score of 0.2174 (labeled "Minimal")
- No significant threat profile changes observed
The IP demonstrates persistence without escalation of threat indicators.
---
## RELATIONSHIP GRAPH
169 relationships identified, predominantly "Same Network" associations pointing to 108-62-56-0 network. No external organization or certificate relationships detected.
---
## RECOMMENDED ACTIONS
| Platform | Action |
|---|---|
| **iptables** | `iptables -A INPUT -s 108.62.62.221 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 108.62.62.221 drop` |
| **nginx** | `deny 108.62.62.221;` |
| **pfSense** | Block 108.62.62.221/32 |
| **Cloudflare WAF** | Block with expression `ip.src eq 108.62.62.221` |
| **AWS WAF** | Add address 108.62.62.221/32 to rule set |
Note: These recommendations are probabilistic and should be combined with other signals before taking action. No active threat indicators require immediate blocking.
---
## INTELLIGENCE CONCLUSION
108.62.62.221 is a LeaseWeb infrastructure endpoint with moderate risk classification and no active threat indicators. The IP is not associated with known campaigns, spam sources, or malicious activity. However, the elevated abuse density in the /24 subnet warrants continued monitoring. Recommend standard baseline monitoring without immediate blocking unless additional contextual indicators emerge.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | LeaseWeb USA, Inc. Seattle |
| ASN | AS396190 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | v19.ce02.sea-11.us.leaseweb.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | v19.ce02.sea-11.us.leaseweb.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:00 UTC |
| Last Seen | 2026-06-26 18:11:59 UTC |
| Profile Built | 2026-06-26 23:02:47 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.