108.62.63.81
# IP Intelligence Briefing: 108.62.63.81/32
Classification: Moderate Risk | Date: Analysis based on current IPDebrief data
---
## Executive Summary
IP address 108.62.63.81 is assigned to LeaseWeb USA, Inc. Seattle (ASN 396190) with a risk score of 50, classified as Moderate Risk. The IP hosts no open services and shows no direct threat indicators. Risk is primarily inherited from the broader 108.62.63.0/24 subnet, which exhibits mixed traffic patterns with 95 threat-identified siblings among 212 active peers.
---
## Network Profile & Ownership
| Attribute | Value |
|---|---|
| **ASN** | 396190 (LeaseWeb USA, Inc. Seattle) |
| **Location** | Seattle, WA, US |
| **Geolocation Confidence** | High (geoConsensus: true, geoPlausible: true) |
| **Ownership Classification** | Provider / Infrastructure |
| **Registration** | ARIN RIR |
Service Status: Firewalled / No Services detected. No open ports, TLS certificates, or web service banners.
---
## Threat Assessment
| Indicator | Status |
|---|---|
| **Risk Score** | 50 (Moderate) |
| **Known Attacker** | No |
| **Spam Source** | No |
| **Tor Exit Node** | No |
| **Proxy Service** | No |
| **Blacklist Count** | 0 |
| **Threat Feeds** | None |
| **Campaign Matches** | 0 |
Control Plane: Route stable (isRouteStable: false), RPKI state pending validation, DNSSEC valid.
---
## Neighborhood Context
Subnet Analysis: 108.62.63.0/24
- Abuse Density: 0.3711 (moderate)
- Classification: Mixed
- Active Siblings: 212 of 256 total IPs
- Threat Siblings: 95 IPs
- Risk Distribution: 0 High | 96 Medium | 4 Low
The subnet demonstrates elevated activity consistent with shared hosting infrastructure. The target IP inherits neighborhood risk but shows no unique malicious behavior.
---
## Observation History
Total Observations: 26 signals
- Most recent signals: June 24, 2026
- Signal types include network reputation, DNS resolution, and service discovery
- No evidence of persistent malicious behavior
- Threat observation count: 1
---
## Related Entities
Relationship Graph: 109 relationships identified
- Primary linkage: Same network (108-62-56-0)
- Multiple BGP prefix associations
- No organizational or certificate-level relationships
---
## Recommended Actions
Based on risk score 50, the following defensive measures are recommended:
```bash
# iptables
iptables -A INPUT -s 108.62.63.81 -j DROP
# nftables
nft add rule inet filter input ip saddr 108.62.63.81 drop
# nginx
deny 108.62.63.81;
# Cloudflare WAF
ip.src eq 108.62.63.81 β Block
# AWS WAF
Addresses: 108.62.63.81/32
```
---
## Intelligence Narrative
The target IP 108.62.63.81 operates within a LeaseWeb enterprise hosting environment in Seattle, Washington. While the IP itself shows no direct malicious indicators or active services, it resides in a subnet with documented abuse patterns. The subnet's 37% abuse density and 95 threat siblings suggest this is a shared infrastructure environment where risk is distributed across multiple endpoints.
Threat Context: The moderate risk rating (50) reflects neighborhood contamination rather than unique malicious behavior. The IP has been observed in network scans but shows no evidence of command-and-control activity, spam distribution, or exploitation campaigns.
SOC Recommendation: Monitor the broader 108.62.63.0/24 subnet for coordinated activity. Isolated blocks may be warranted for the specific IP, but defensive posture should account for potential lateral movement or abuse patterns emerging from the subnet as a whole. No immediate threat action required for the IP in isolation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | LeaseWeb USA, Inc. Seattle |
| ASN | AS396190 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 20% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:00 UTC |
| Last Seen | 2026-06-26 18:11:59 UTC |
| Profile Built | 2026-06-26 22:39:51 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 24 |
Full dossier details are available via our API.