204.11.56.50 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 204.11.56.50 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: British Virgin Islands
  • Noticed: 5 times
  • Protocols Attacked: SSH
  • Countries Attacked: United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 443, 53, 80
  • Tor Node: No
  • Associated Malware Samples: 8

Tags

  • aaaa
  • actors
  • admin cmd
  • age86400 set
  • alibaba cloud
  • all scoreblue
  • ans core
  • as1321
  • as14627
  • as15169 google
  • as20940
  • as2914 ntt
  • as33438
  • as44273 host
  • as46691
  • as6461 zayo
  • as701 orgnocref
  • bad domains
  • beijing
  • body
  • cachecontrol
  • cape
  • china telecom
  • cloudflarenet
  • code
  • comcast
  • computing
  • cookie
  • copy
  • created
  • creation date
  • csc corporate
  • cve1102
  • cyber
  • date
  • date thu
  • delete
  • dns query
  • dock
  • domain
  • domains
  • dynadot
  • email
  • emotet
  • emotet am
  • emotet malware
  • entries
  • execution
  • filehash
  • first
  • glupteba
  • gmo internet
  • gmt server
  • google
  • graph community
  • group
  • high
  • historical ssl
  • hostname
  • hostnames
  • hungary unknown
  • icmp traffic
  • ie script
  • installer
  • intel
  • investigation
  • iocs
  • ip country
  • ipv4
  • i span
  • jid1886833764
  • jid882556742
  • june
  • kb txtresse
  • levelblue labs
  • location https
  • loudoun county
  • ltd dba
  • malware
  • mb gadget
  • mb history
  • mb smartsaver
  • mb threatsniper
  • media center
  • medium
  • meta
  • method status
  • modified
  • months ago
  • msie
  • name servers
  • nastya
  • net152
  • net1520000
  • nethandle
  • next
  • nxdomain
  • object
  • open
  • parkway city
  • passive dns
  • path max
  • port
  • pulse pulses
  • pulses
  • read
  • read c
  • referrer
  • samples
  • scan endpoints
  • script domains
  • script script
  • script urls
  • search
  • show
  • showing
  • slcc2
  • slfrd1
  • span
  • status
  • styes worm
  • submitters
  • summary iocs
  • swipper
  • trojan
  • type get
  • uagdaaeqcqaaaag
  • ukgbagaqcq
  • ukgbagaqcqaaaae
  • united
  • united kingdom
  • unknown
  • url hostname
  • urls
  • urls http
  • utc submissions
  • ve234 server
  • verizon
  • vj92
  • webcc
  • whitelisted
  • win32
  • win64
  • windows nt
  • wow64
  • write

MITRE ATT&CK TTPs

  • T1053 - Scheduled Task/Job
  • T1055 - Process Injection
  • T1082 - System Information Discovery
  • T1119 - Automated Collection
  • T1129 - Shared Modules
  • T1143 - Hidden Window

Passive DNS

  • depastas.com

Attack Log References

Whois Information

NetRange: 204.11.56.0 - 204.11.57.255 CIDR: 204.11.56.0/23 NetName: CONFLUENCE-NETWORKS--TX3 NetHandle: NET-204-11-56-0-1 Parent: NET204 (NET-204-0-0-0-0) NetType: Direct Allocation OriginAS: AS40034 Organization: Confluence Networks Inc (CN) RegDate: 2012-09-24 Updated: 2015-11-23 Comment: Hosted in Austin TX. Comment: Abuse : Comment: abuse@confluence-networks.com Comment: +1-917-386-6118 Ref: https://rdap.arin.net/registry/ip/204.11.56.0 OrgName: Confluence Networks Inc OrgId: CN Address: 3rd Floor, J & C Building, P.O. Box 362 City: Road Town StateProv: Tortola PostalCode: VG1110 Country: VG RegDate: 2011-04-07 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/CN OrgNOCHandle: NOCAD51-ARIN OrgNOCName: NOC Admin OrgNOCPhone: +1-415-358-0891 OrgNOCEmail: noc@confluence-networks.com OrgNOCRef: https://rdap.arin.net/registry/entity/NOCAD51-ARIN OrgAbuseHandle: ABUSE3065-ARIN OrgAbuseName: Abuse Admin OrgAbusePhone: +1-415-449-4704 OrgAbuseEmail: abuse@confluence-networks.com OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3065-ARIN OrgTechHandle: TECHA29-ARIN OrgTechName: Tech Admin OrgTechPhone: +1-415-358-0891 OrgTechEmail: noc@confluence-networks.com OrgTechRef: https://rdap.arin.net/registry/entity/TECHA29-ARIN