208.109.34.15 Threat Intelligence and Host Information

Share on:

May 02, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Known Malicious Host 🔴 75/100

Host and Network Information

Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing, T1595 - Active Scanning
Tags: Brute-Force, Bruteforce, Nextray, SSH, Telnet, am utc, api access, attack, blogpost https, brute-force, bruteforce, cowrie, cyber security, digital ocean, email, feed updation, feeds, feeds malicious, feeds malware, greater, ioc, ip blacklist, ip dns, ipsum, login, malicious, number, phishing, rescure cyber, scan, scanner, scanners, shame, sip, ssh, tcp, vultr, wall, zmap
View other sources: Spamhaus VirusTotal
Contained within other IP sets: blocklist_de, blocklist_de_ssh
Country: United States of America
Network: AS398101 godaddy.com llc
Noticed: 50 times
Protcols Attacked: ssh
Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Spain, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: catalog.raptornjtrading.com www.raptornjtrading.com raptornjtrading.com imgs.vanguardoffroad.com beta.tempest-freezer.com www.auto-beauty.com auto-beauty.com wechat.vanguardoffroad.com ab.vanguardoffroad.com www.parts.vanguardoffroad.com parts.vanguardoffroad.com manual.vanguardoffroad.com store.aegis-tonneau.com magento1.vanguardoffroad.com laravel.tempest-freezer.com ip-208-109-34-15.ip.secureserver.net

Open Ports Detected

111 2079 22 3306 53

CVEs Detected

CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617

Map

Whois Information

NetRange: 208.109.0.0 - 208.109.255.255
CIDR: 208.109.0.0/16
NetName: GO-DADDY-COM-LLC
NetHandle: NET-208-109-0-0-1
Parent: NET208 (NET-208-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS26496
Organization: GoDaddy.com, LLC (GODAD)
RegDate: 2006-04-12
Updated: 2014-02-25
Comment: Please send abuse complaints to [email protected]
Ref: https://rdap.arin.net/registry/ip/208.109.0.0
OrgName: GoDaddy.com, LLC
OrgId: GODAD
Address: 2155 E GoDaddy Way
City: Tempe
StateProv: AZ
PostalCode: 85284
Country: US
RegDate: 2007-06-01
Updated: 2022-08-02
Comment: Please send abuse complaints to [email protected]
Ref: https://rdap.arin.net/registry/entity/GODAD
OrgAbuseHandle: ABUSE51-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-480-624-2505
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE51-ARIN
OrgNOCHandle: NOC124-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-480-505-8809
OrgNOCEmail: [email protected]
OrgNOCRef: https://rdap.arin.net/registry/entity/NOC124-ARIN
OrgTechHandle: NOC124-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-480-505-8809
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/NOC124-ARIN
RAbuseHandle: ABUSE51-ARIN
RAbuseName: Abuse Department
RAbusePhone: +1-480-624-2505
RAbuseEmail: [email protected]
RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE51-ARIN
RNOCHandle: NOC124-ARIN
RNOCName: Network Operations Center
RNOCPhone: +1-480-505-8809
RNOCEmail: [email protected]
RNOCRef: https://rdap.arin.net/registry/entity/NOC124-ARIN
RTechHandle: NOC124-ARIN
RTechName: Network Operations Center
RTechPhone: +1-480-505-8809
RTechEmail: [email protected]
RTechRef: https://rdap.arin.net/registry/entity/NOC124-ARIN

Links to attack logs