IOC Radar
IPMediumSignal 41/100

104.234.115.139

Location
United StatesUnited States
Port Edwards, ON
First Seen
Dec 17, 2024
Last Seen
Apr 1, 2026
Dec 17
First Seen
556d ago
Apr 1
Last Seen
87d ago
24
Reports
source reports
41%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
41%
Signal Score
41 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Network Information

CountryUSUnited States
RegionPort Edwards, ON
OrganizationCyberOneData LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

24 reports41% confidence
24
Source reports
41%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotamerican expressattackauthentication failurebad reputationbad web botbankingbeningbening scannerblacklist candidateblacklist ipbotnetbotnet activitybrute forcebrute force attackc2 communicationc2 servercanadacisco devicecisco exploitation attemptscommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscowriecowrie activitycowrie honeypotcowrie ssh attackcredential accesscredential harvestingcredential stuffingcredit card servicesdata encryptiondata exfiltrationdata store exposuredata theftddosddos attacksdecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdistributed attacksemailencryptionenterprise networkingenumerationexploit attemptexploitation activityexploited hostfattfinancefinancial servicesfinancial technologyftp brute forcegithubhackinghoneytrap activityhoneytrap honeypothttp brute forcehttp scannerhuaweiidentity & access exploitationindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinternet of thingsintrusion detectioninvalid credentialsiociot botnetiot securityiot/ics attacklamplamp exploitationlamp server targetlamp stack targetinglateral movementlogin attemptmailoney activitymailoney honeypotmalicious activitymalicious activity detectedmalicious payload attemptsmalicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware distributionmanualmirai botnetnation-state activitynetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnokia_deepfield-benignnorth americap0fp0f os fingerprintingpassword attackpassword attackspayment processingphishingphishing attackphishing trappotential credential compromiseprocess injectionproxyproxy protocolpythonransomwarereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingsansscanscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetservice discoveryservice probingservice scansftpsftp attacksftp attemptssipsip brute forcesip scanningslugsmtp brute forcesmtp probingsocial engineeringsocradar honeypotspamsshssh attackssh monitoringsurface websuricata alertsyn scant1016t1018t1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.004t1059.007t1071t1071.001t1076t1077t1078t1078.002t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantelecommunicationtelecommunicationsthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanudp scanunauthorized network activityunited statesunited states of americausverified-benignvoipvoip attackvulnerability scanwealth managementweb application attackweb attackweb exploitationweb scannerweb trafficwestpac new zealand

Activity Timeline

1 total obs
Apr 1Apr 1

Threat Activity Heatmap

· Peak: 2026-04-01
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
41
SIGNAL
Signal Score
41%
Confidence
24
Reports
First seenDec 17, 2024
Last seenApr 1, 2026
GeolocationUS
CountryUnited States
LocationPort Edwards, ON
OrgCyberOneData LLC
Coords43.6311, -79.4950
Proxy

VirusTotal

Not checked

WHOIS

description
Scans hitting the server at TCP port 8080 HTTP and PROXY. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
Velcom VELCOM-16 (NET-104-234-0-0-1) 104.234.0.0 - 104.234.255.255 IPXO LLC 104-234-0-0-17 (NET-104-234-0-0-2) 104.234.0.0 - 104.234.127.255 Internet Utilities NA LLC NETUTILS (NET-104-234-0-0-3) 104.234.0.0 - 104.234.127.255 CyberOneData LLC NET-104-234-115-0-24 (NET-104-234-115-0-1) 104.234.115.0 - 104.234.115.255
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://example.com

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 24 threat reports