208.91.199.152 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 208.91.199.152 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 69/100

Geographic Location

Host and Network Information

View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
Country: United States
Noticed: 2 times
Protocols Attacked: SSH
Open Ports: 110, 143, 2082, 2083, 2086, 2087, 2095, 21, 22, 2222, 26, 3306, 443, 53, 587, 80, 993, 995
Tor Node: No
Associated Malware Samples: 17

MITRE ATT&CK TTPs

T1021.001 - Remote Desktop Protocol
T1027 - Obfuscated Files or Information
T1056 - Input Capture
T1110 - Brute Force
T1114 - Email Collection
T1184 - SSH Hijacking
T1192 - Spearphishing Link
T1194 - Spearphishing via Service
T1442 - Fake Developer Accounts
T1454 - Malicious SMS Message
T1564 - Hide Artifacts
T1566 - Phishing
T1569 - System Services
T1583.001 - Domains
T1583.006 - Web Services
T1585.001 - Social Media Accounts
T1586 - Compromise Accounts
T1591.002 - Business Relationships

Associated CVEs

CVE-2007-2768

Passive DNS

getwebhostingcoupons.com

Attack Log References

Whois Information

NetRange: 208.91.198.0 - 208.91.199.255 CIDR: 208.91.198.0/23 NetName: PUBLICDOMAINREGISTRY-NETWORKS NetHandle: NET-208-91-198-0-1 Parent: NET208 (NET-208-0-0-0-0) NetType: Direct Allocation OriginAS: AS394695 Organization: PDR (PSUL-1) RegDate: 2011-04-15 Updated: 2018-11-29 Ref: https://rdap.arin.net/registry/ip/208.91.198.0 OrgName: PDR OrgId: PSUL-1 Address: P.D.R Solutions LLC, 10, Corporate Drive, Suite 300 City: Burlington StateProv: MA PostalCode: 01803 Country: US RegDate: 2015-08-04 Updated: 2019-11-07 Ref: https://rdap.arin.net/registry/entity/PSUL-1 OrgNOCHandle: NOC32406-ARIN OrgNOCName: NOC OrgNOCPhone: +1-415-230-0680 OrgNOCEmail: noc@publicdomainregistry.com OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32406-ARIN OrgAbuseHandle: ABUSE5185-ARIN OrgAbuseName: Abuse Admin OrgAbusePhone: +1-415-230-0648 OrgAbuseEmail: abuse@publicdomainregistry.com OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5185-ARIN OrgNOCHandle: EIGAR-ARIN OrgNOCName: eig-arin OrgNOCPhone: +1-866-897-5421 OrgNOCEmail: eig-net-team@endurance.com OrgNOCRef: https://rdap.arin.net/registry/entity/EIGAR-ARIN OrgTechHandle: EIGAR-ARIN OrgTechName: eig-arin OrgTechPhone: +1-866-897-5421 OrgTechEmail: eig-net-team@endurance.com OrgTechRef: https://rdap.arin.net/registry/entity/EIGAR-ARIN OrgDNSHandle: EIGAR-ARIN OrgDNSName: eig-arin OrgDNSPhone: +1-866-897-5421 OrgDNSEmail: eig-net-team@endurance.com OrgDNSRef: https://rdap.arin.net/registry/entity/EIGAR-ARIN OrgRoutingHandle: EIGAR-ARIN OrgRoutingName: eig-arin OrgRoutingPhone: +1-866-897-5421 OrgRoutingEmail: eig-net-team@endurance.com OrgRoutingRef: https://rdap.arin.net/registry/entity/EIGAR-ARIN OrgTechHandle: TECH953-ARIN OrgTechName: Tech OrgTechPhone: +1-415-230-0680 OrgTechEmail: ipadmin@publicdomainregistry.com OrgTechRef: https://rdap.arin.net/registry/entity/TECH953-ARIN