Substantial Risk
IP 208.109.188.137 is a high-risk address linked to automated brute-force attacks and credential stuffing, with a threat level of 8/10 confirmed by 479 abuse reports and a 100% confidence score. This GoDaddy.com LLC-operated address in the United States has been actively targeting authentication systems since January 2026, with activity persisting through June 2026 at an elevated frequency rating of 8/10.
The IP's threat profile reflects sustained, automated attack infrastructure spanning six months of reporting activity. Of the 479 total reports, 13 automated honeypot sensors and 7 community sources flagged the address across four threat categories: hacking intrusion attempts, general brute-force attacks, WordPress login brute-force campaigns, and distributed denial-of-service activity. The pattern analysis shows systematic credential stuffing behavior against common administrative paths, with submissions testing default and weak credential combinations. Geographically, the targeted victims include European organizations across Germany and other regions, indicating this address participates in broad, non-targeted scanning campaigns rather than focused attacks on specific sectors.
Brute-force and credential stuffing attacks represent serious authentication-layer threats that exploit weak or reused passwords to gain unauthorized administrative access. An address conducting these attacks at high frequency and volume dramatically increases the probability of compromising poorly secured web portals. Combined with the DDoS reports, this IP presents a dual threat to both authentication security and service availability. The sustained six-month activity window demonstrates persistent, automated attack infrastructure rather than opportunistic scanning.
Network defenders should immediately block or rate-limit traffic from 208.109.188.137 at the firewall level and implement fail2ban or equivalent intrusion prevention tools to automatically ban repeated authentication failures. Enforcing multi-factor authentication on all administrative interfaces eliminates the primary vector these attacks exploit. Organizations running web applications should audit authentication logs for attempts from this address and similar scanning patterns, ensuring account lockout thresholds are configured appropriately. Regular monitoring of abuse report feeds helps maintain updated blocking rules against confirmed threat sources.
VN 
ES 
NP 
KR 
ET 
GB