108.62.63.167
# IP Intelligence Briefing: 108.62.63.167/32
Classification: Moderate Risk (Score: 50/100)
Date: Current Analysis
Status: Active Monitoring Recommended
---
## Executive Summary
IP 108.62.63.167 is a LeaseWeb USA infrastructure endpoint located in Seattle, WA (ASN 396190). The IP presents moderate risk with a score of 50. While the endpoint itself shows no active malicious indicators, it operates within a high-abuse subnet environment (108.62.63.0/24) with a 66.4% abuse density rate.
---
## Ownership and Network Context
| Attribute | Value |
|---|---|
| **Organization** | LeaseWeb USA, Inc. Seattle |
| **ASN** | 396190 |
| **Network** | 108.62.56.0/21 (BGP Origin) |
| **Geolocation** | Seattle, WA, US |
| **RIR** | ARIN |
| **Service Classification** | Firewalled / No Services |
The IP belongs to a large provider infrastructure network. The BGP prefix 108.62.56.0/21 is not route-stable, indicating dynamic routing changes within the last 30 days.
---
## Threat Intelligence Profile
Current Risk Indicators:
- Risk Score: 50 (Moderate)
- DNSBL Listings: 2 of 8 total lists
- Threat Indicators: None detected
- Campaign Associations: None identified
- Known Attacker Status: No
- Tor Exit Node: No
- Spam Source: No
Behavioral Signals:
- No open ports or services detected
- No TLS certificates or HTTP banners
- No email authentication records (SPF/DMARC)
- No honeypot hits or WAF violations
---
## Neighborhood Analysis
The IP operates within a high-risk subnet environment:
| Metric | Value |
|---|---|
| **Subnet** | 108.62.63.0/24 |
| **Abuse Density** | 0.6641 (High) |
| **Total Siblings** | 256 |
| **Active Siblings** | 176 |
| **Threat Siblings** | 170 |
| **Risk Distribution** | 100 medium, 0 high, 0 low |
Neighboring IPs Sample:
- 108.62.63.0-4: All show risk score 50 with authority score 50
- Pattern indicates systematic provider infrastructure
Assessment: The high abuse density in this /24 subnet suggests either legitimate provider services with some abuse, or a hosting environment that attracts malicious actors. Correlation with 170 threat siblings warrants contextual analysis.
---
## Relationship Graph
Connections Detected: 109 relationships
Primary Relationship Types:
- Same Network: 104+ relationships to 108-62-56-0 networks
- Network-level associations indicate infrastructure clustering
Implications: The IP maintains strong associations with the broader 108.62.56.0/21 network infrastructure. This supports provider classification and indicates the IP is part of a larger hosting/service infrastructure.
---
## Historical Observations
Observation Period: June 21-24, 2026 (25 observations)
Temporal Trends:
- Threat Persistence: 0 days (not persistently malicious)
- Ownership Changes: 0
- Recent Operator Scores: Consistently "Minimal" (0.0-0.15 range)
- Geolocation Validation: Confirmed as plausible (ICMP probe blocked)
Stability Assessment: The IP shows minimal operational signals over the observation period with no escalation in threat indicators. The operator score remained stable at 0.1304 across multiple observations.
---
## Recommended Security Actions
Based on the risk profile, the following controls are recommended:
| System | Action |
|---|---|
| **iptables** | `iptables -A INPUT -s 108.62.63.167 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 108.62.63.167 drop` |
| **nginx** | `deny 108.62.63.167;` |
| **pfSense** | `108.62.63.167/32` (block rule) |
| **Cloudflare WAF** | Block with expression `ip.src eq 108.62.63.167` |
| **AWS WAF** | `Addresses: ["108.62.63.167/32"]` |
Action Priority: MEDIUM
Rationale: While the IP shows no active malicious indicators, the high-abuse neighborhood environment (66.4% abuse density) and moderate risk score warrant defensive blocking in conjunction with other threat signals.
---
## Intelligence Conclusions
1. Provider Infrastructure: The IP operates as part of LeaseWeb USA hosting infrastructure in Seattle.
2. Elevated Neighborhood Risk: Despite individual endpoint benignness, the /24 subnet exhibits high abuse density (170 threat siblings). This suggests either compromised hosting or a high-risk infrastructure zone.
3. No Active Threat: The IP itself shows no active threat indicators, campaigns, or malicious behavior in the observation window.
4. Defensive Recommendation: Implement blocking controls at the network perimeter. Monitor for any behavioral changes or new threat indicators in the neighborhood subnet.
5. Contextual Analysis: Investigate other IPs in the 108.62.63.0/24 subnet if traffic patterns suggest correlation with known malicious activity.
---
Disclaimer: This intelligence is based on automated analysis. Validate with internal threat data before implementing blocking rules. Consider the operational context and business requirements when applying these recommendations.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | LeaseWeb USA, Inc. Seattle |
| ASN | AS396190 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 15% | 2 | 2 |
| routing | 8% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 20% | 2 | 3 |
| reputation | 16% | 1 | 2 |
| geolocation | 24% | 2 | 3 |
| Overall | 15% | 9 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:01 UTC |
| Last Seen | 2026-06-26 18:11:59 UTC |
| Profile Built | 2026-06-26 22:26:07 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 22 |
Full dossier details are available via our API.