IOC Radar
IPMediumSignal 100/100

208.109.173.103

Location
United StatesUnited States
Tempe, Arizona
ASN
AS398101
GoDaddy.com, LLC
First Seen
Jul 26, 2024
Last Seen
Feb 12, 2026
Jul 26
First Seen
685d ago
Feb 12
Last Seen
118d ago
18
Reports
source reports
99%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryUSUnited States
RegionTempe, Arizona
ASNAS398101
OrganizationGoDaddy.com, LLC

Feed Intelligence Summary

18 reports99% confidence
18
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanningakiraamadeyantispamapacheapache attackerasiaasyncratatif feedattackbanlist feedbelarusbinary defensebotnetbrute forcebrute force attackchinacommand and controlcommunication protocolcompromised credentialscowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingcryptocurrency threatscryptojackingctadata encryptiondata exfiltrationdecoy systemdistributed attackseuropeexploit probingextortionfinanceftp brute forcegermanygroupgroupedindiaindicatorindonesiainfostealerinfrastructure acquisitionreconnaissanceingress tool transferlinuxlockbitlog4jmailoney email attacksmailoney honeypotmalicious activitymalicious python scriptsmalicious softwaremalwaremalware hostingmalware threat activitymanualmexicomozinetworknetwork intrusion attemptsnetwork scanningnetwork securitynorth americapassword attacksphishingphishing attackphishing trapprocess injectionransomwareratreconnaissanceremcos trojanremote accessremote servicesresearchedresource hijackingscannersecurity policyself-signedsentrypeer attackssentrypeer botnetsftp access attemptsftp attacksingaporesip attackssip brute forcesmartloadersocial engineeringspamssh attackssh monitoringstealcsystem disruptiont1021t1021.001t1036t1040t1041t1053t1055t1059t1059.003t1068t1071t1071.001t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1204t1486t1490t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1589t1590t1590.001t1595t1595.001t1595.002t1595.003tannertelecommunicationsthreat actorthreat preventiontrojan malwareukraineunited kingdomunited statesurlhaususvietnamvoipvoip attackweek

Activity Timeline

1 total obs
Feb 12Feb 12

Threat Activity Heatmap

· Peak: 2026-02-12
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
18
Reports
First seenJul 26, 2024
Last seenFeb 12, 2026
GeolocationUS
CountryUnited States
LocationTempe, Arizona
ASNAS398101
OrgGoDaddy.com, LLC
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
2025-03-12T05:21:04.434Z Honeypot : Tanner : Source: 208.109.173.103 : Port: 80 Post Data: {'response': {'message': {'sess_uuid': 'bea71a40-93d4-425a-87fc-7142e47b89f2', 'detection': {'version': '0.6.0', 'order': 0, 'name': 'unknown', 'type': 1}}}, 'version': '0.6.0'}
raw
NetRange: 208.109.0.0 - 208.109.255.255 CIDR: 208.109.0.0/16 NetName: GO-DADDY-COM-LLC NetHandle: NET-208-109-0-0-1 Parent: NET208 (NET-208-0-0-0-0) NetType: Direct Allocation OriginAS: AS26496 Organization: GoDaddy.com, LLC (GODAD) RegDate: 2006-04-12 Updated: 2014-02-25 Comment: Please send abuse complaints to [email protected] Ref: https://rdap.arin.net/registry/ip/208.109.0.0 OrgName: GoDaddy.com, LLC OrgId: GODAD Address: 2155 E GoDaddy Way City: Tempe StateProv: AZ PostalCode: 85284 Country: US RegDate: 2007-06-01 Updated: 2024-11-25 Comment: Please send abuse complaints to [email protected] Ref: https://rdap.arin.net/registry/entity/GODAD OrgNOCHandle: NOC124-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-480-505-8809 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC124-ARIN OrgTechHandle: NOC124-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-480-505-8809 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC124-ARIN OrgAbuseHandle: ABUSE51-ARIN OrgAbuseName: Abuse Department OrgAbusePhone: +1-480-624-2505 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE51-ARIN RNOCHandle: NOC124-ARIN RNOCName: Network Operations Center RNOCPhone: +1-480-505-8809 RNOCEmail: [email protected] RNOCRef: https://rdap.arin.net/registry/entity/NOC124-ARIN RAbuseHandle: ABUSE51-ARIN RAbuseName: Abuse Department RAbusePhone: +1-480-624-2505 RAbuseEmail: [email protected] RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE51-ARIN RTechHandle: NOC124-ARIN RTechName: Network Operations Center RTechPhone: +1-480-505-8809 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/NOC124-ARIN
references
https://urlhaus.abuse.ch/, https://any.run/malware-trends/, https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 18 threat reports