IOC Radar
IPMediumSignal 85/100

204.8.96.87

Location
United StatesUnited States
San Angelo, Texas
ASN
AS62744
Quintex Alliance Consulting
First Seen
Apr 15, 2024
Last Seen
Feb 15, 2026
Apr 15
First Seen
788d ago
Feb 15
Last Seen
117d ago
34
Reports
source reports
85%
Confidence
medium
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
85%
Signal Score
85 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Network Information

CountryUSUnited States
RegionSan Angelo, Texas
ASNAS62744
OrganizationQuintex Alliance Consulting

IP Category

Proxy
Proxy server

Feed Intelligence Summary

34 reports85% confidence
34
Source reports
85%
Confidence score
Category tags
abuseaccess controlactive scanningadbhoney honeypotanonymity network abuseantispamaptattackaustraliaauthenticationbad web botbotnetbrute forcebrute force attackbrute force attemptc2 communicationcisco devicecnccommand and controlcommunication protocolcompromised hostscowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdatabase securityddosddos attackddos preparationdecoy systemdenial of servicedevice managementdionaea honeypotdistributed attacksenterprise networkingexit nodeexploit attemptfirehol level1ftp brute forcehackinghoneytrap honeypotimapimap attackinfrastructure acquisitionreconnaissanceinjection attacksintrusion detectionlamplateral movementlog4jmalicious activitymalicious domainmalicious login attemptmalicious payloadmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualnetworknetwork infrastructurenetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnorth americaoceaniapassword attacksphishing attackprocess injectionproxyproxy abusereconnaissanceredis honeypotremote accessremote service exploitationremote servicesresearchedresource hijackingscannerscanning activitysecurity policysentrypeer botnetsftp attacksocial engineeringspamspamhaus dropssh attackssh monitoringt1016t1018t1021t1021.004t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1071.002t1071.004t1078t1078.002t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1587.001t1588t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertelecommunicationsthreat actorthreat detectionthreat intelligencethreat preventiontortor activitytor exit nodetor exitstor networkunauthorized accessunited statesvoipvoip attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Feb 15Feb 15

Threat Activity Heatmap

· Peak: 2026-02-15
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
85
SIGNAL
Signal Score
85%
Confidence
34
Reports
First seenApr 15, 2024
Last seenFeb 15, 2026
GeolocationUS
CountryUnited States
LocationSan Angelo, Texas
ASNAS62744
OrgQuintex Alliance Consulting
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
tor search result.
raw
NetRange: 204.8.96.0 - 204.8.99.255 CIDR: 204.8.96.0/22 NetName: QUINTEX96 NetHandle: NET-204-8-96-0-1 Parent: NET204 (NET-204-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Quintex Alliance Consulting (QAC-4) RegDate: 2022-12-19 Updated: 2022-12-19 Ref: https://rdap.arin.net/registry/ip/204.8.96.0 OrgName: Quintex Alliance Consulting OrgId: QAC-4 Address: 6730 Goodland Loop City: San Angelo StateProv: TX PostalCode: 76901 Country: US RegDate: 1994-06-03 Updated: 2022-01-04 Ref: https://rdap.arin.net/registry/entity/QAC-4 OrgNOCHandle: JR125-ARIN OrgNOCName: Ricketts, John L OrgNOCPhone: +1-325-304-1600 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/JR125-ARIN OrgDNSHandle: JR125-ARIN OrgDNSName: Ricketts, John L OrgDNSPhone: +1-325-304-1600 OrgDNSEmail: [email protected] OrgDNSRef: https://rdap.arin.net/registry/entity/JR125-ARIN OrgTechHandle: JR125-ARIN OrgTechName: Ricketts, John L OrgTechPhone: +1-325-304-1600 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/JR125-ARIN OrgAbuseHandle: JR125-ARIN OrgAbuseName: Ricketts, John L OrgAbusePhone: +1-325-304-1600 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/JR125-ARIN OrgRoutingHandle: JR125-ARIN OrgRoutingName: Ricketts, John L OrgRoutingPhone: +1-325-304-1600 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/JR125-ARIN
references
https://github.com/telekom-security/tpotce, https://check.torproject.org/torbulkexitlist, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://redpiranha.net, Exit_Nodes.csv, sblam.com

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 3 months ago
Appeared in 34 threat reports