IOC Radar
IPMediumSignal 69/100

204.8.98.95

Location
United StatesUnited States
Dallas, Texas
ASN
AS62744
AirVPN.org exit server (Volans)
First Seen
May 2, 2024
Last Seen
May 29, 2026
May 2
First Seen
786d ago
May 29
Last Seen
29d ago
19
Reports
source reports
69%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryUSUnited States
RegionDallas, Texas
ASNAS62744
OrganizationAirVPN.org exit server (Volans)

Feed Intelligence Summary

19 reports69% confidence
19
Source reports
69%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningantispamapplication layer protocolattackauto-generated securitybad web botbankingbotnetbrazilbrute forcebrute force attackcommand and controlconnect scancredential accesscredential harvestingcredential stuffingcredit card servicesdata exfiltrationddos attackdenial of servicedistributed attacksexploitation activityfin scanfinancefinancial servicesfinancial technologyhackingimapimap attackinjection activitylog4jmalicious activitymalicious softwaremalwarenetworknetwork probingnetwork reconnaissancenetwork scanningnorth americanull scanopen port detectionpassword attackspayment processingphishingphishing attackping of deathprocess injectionproxyreconnaissancereconnaissance activityremote servicesresearchedscannerscanning activitysecurity policyservice enumerationservice scansmtpsmtp attackersocial engineeringstealth scansyn scansystem administrationt1016t1018t1021t1040t1046t1053t1055t1059t1071.001t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1589t1592t1595t1595.001t1595.002t1595.003threat actorthreat preventiontor nodeudp port scanunited statesusvalid accountswealth managementweb application attackweb exploitationweb scannerxmas scan

Activity Timeline

1 total obs
May 29May 29

Threat Activity Heatmap

· Peak: 2026-05-29
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
19
Reports
First seenMay 2, 2024
Last seenMay 29, 2026
GeolocationUS
CountryUnited States
LocationDallas, Texas
ASNAS62744
OrgAirVPN.org exit server (Volans)
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
Port Scan 2024-10-02T22:08:28.000Z -> 204.8.98.95 scanned port 6881 on one of our servers
raw
NetRange: 204.8.96.0 - 204.8.99.255 CIDR: 204.8.96.0/22 NetName: QUINTEX96 NetHandle: NET-204-8-96-0-1 Parent: NET204 (NET-204-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Quintex Alliance Consulting (QAC-4) RegDate: 2022-12-19 Updated: 2022-12-19 Ref: https://rdap.arin.net/registry/ip/204.8.96.0 OrgName: Quintex Alliance Consulting OrgId: QAC-4 Address: 6730 Goodland Loop City: San Angelo StateProv: TX PostalCode: 76901 Country: US RegDate: 1994-06-03 Updated: 2022-01-04 Ref: https://rdap.arin.net/registry/entity/QAC-4 OrgNOCHandle: JR125-ARIN OrgNOCName: Ricketts, John L OrgNOCPhone: +1-325-304-1600 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/JR125-ARIN OrgDNSHandle: JR125-ARIN OrgDNSName: Ricketts, John L OrgDNSPhone: +1-325-304-1600 OrgDNSEmail: [email protected] OrgDNSRef: https://rdap.arin.net/registry/entity/JR125-ARIN OrgTechHandle: JR125-ARIN OrgTechName: Ricketts, John L OrgTechPhone: +1-325-304-1600 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/JR125-ARIN OrgAbuseHandle: JR125-ARIN OrgAbuseName: Ricketts, John L OrgAbusePhone: +1-325-304-1600 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/JR125-ARIN OrgRoutingHandle: JR125-ARIN OrgRoutingName: Ricketts, John L OrgRoutingPhone: +1-325-304-1600 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/JR125-ARIN
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, Bruteforce.pdf, https://s3.i02.estaleiro.serpro.gov.br/blocklist/blocklist.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 29 days ago
Appeared in 19 threat reports