IOC Radar
IPMediumSignal 47/100

104.234.115.123

Location
United StatesUnited States
Port Edwards, ON
ASN
AS396982
CyberOneData LLC
First Seen
Dec 18, 2024
Last Seen
Mar 24, 2026
Dec 18
First Seen
545d ago
Mar 24
Last Seen
84d ago
28
Reports
source reports
47%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

48 techniques

Network Information

CountryUSUnited States
RegionPort Edwards, ON
ASNAS396982
OrganizationCyberOneData LLC

Feed Intelligence Summary

28 reports47% confidence
28
Source reports
47%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanningadministrative accessapacheapache attackeraptattackbad web botbankingbeningbening scannerblacklist ipbotnetbrute forcebrute force attackbrute force attemptc2c2 communicationcanadacisco devicecommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostcompromised systemconpotconpot activityconpot honeypotcowriecowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcredit card servicescross-site scriptingctadata encryptiondata exfiltrationdatabase exploitation attemptsdatabase securityddosddos attackddos attacksddos participationdecoy systemdenial of servicedevice managementdionaeadionaea honeypotdionaea interactionsdistributed attacksdnsemailenterprise networkingexploitexploit activityexploit kit activityexploited hostextortionfinancefinancial servicesfinancial technologyftpftp brute forcegithubhackinghoneytrap honeypothttp scannerhttp scanninghttpsics securityimapimap attackindicatorindustrial control systemsinjection attacksinternet of thingsintrusion detectioniociot botnetiot/ics attackipphoney activityipphoney honeypotlamplateral movementmailoney honeypotmalicious activitymalicious domainmalicious scanmalicious softwaremalwaremalware behaviourmalware capturemirai botnetnetworknetwork activitynetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnokia_deepfield-benignnorth americaoperating systemoperating system securitypassword attackspayment processingphishingphishing attackphishing trapping of deathpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationproxy protocolpythonransomwarereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingsansscanscannerscanning activitysecurity operationssecurity policysentrypeer botnetsftpsftp activitysftp attackslugsmtpsocial engineeringsocradar honeypotsshssh attackssh monitoringsurface websystem disruptiont1018t1021t1021.001t1021.002t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1069.001t1071t1071.001t1076t1078t1083t1088t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1589t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionunauthorized accessunauthorized access attemptunited statesunited states of americausverified-benignvoipvoip attackwealth managementweb application attackweb application attacksweb exploitationweb scannerweb traffic

Activity Timeline

1 total obs
Mar 24Mar 24

Threat Activity Heatmap

· Peak: 2026-03-24
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
28
Reports
First seenDec 18, 2024
Last seenMar 24, 2026
GeolocationUS
CountryUnited States
LocationPort Edwards, ON
ASNAS396982
OrgCyberOneData LLC
Coords43.6311, -79.4950

VirusTotal

Not checked

WHOIS

description
2025-02-26T08:35:48.674Z Honeypot : ConPot : Source: 104.234.115.123 : Port: 161 Data Type: snmp Event Type: SNMPv1 Get
raw
Velcom VELCOM-16 (NET-104-234-0-0-1) 104.234.0.0 - 104.234.255.255 IPXO LLC 104-234-0-0-17 (NET-104-234-0-0-2) 104.234.0.0 - 104.234.127.255 Internet Utilities NA LLC NETUTILS (NET-104-234-0-0-3) 104.234.0.0 - 104.234.127.255 CyberOneData LLC NET-104-234-115-0-24 (NET-104-234-115-0-1) 104.234.115.0 - 104.234.115.255
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://example.com

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 28 threat reports