IPMediumSignal 100/100

`104.234.115.159`

Location

United States

Port Edwards, Wisconsin

First Seen

Dec 18, 2024

Last Seen

May 31, 2026

Dec 18

First Seen

557d ago

May 31

Last Seen

27d ago

Reports

source reports

99%

Confidence

medium

Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

64 techniques

Network Information

Country

United States

RegionPort Edwards, Wisconsin

OrganizationCyberOneData LLC

Feed Intelligence Summary

27 reports99% confidence

Source reports

99%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanningadbhoney activityadbhoney honeypotasiaattackauthentication attackbad reputationbad web botbankingbeningbening scannerblacklist candidateblacklist ipblacklisted ipblock listbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute force ftpbrute force sshbrute-forcec2 communicationc2 servercanadachina mobilecolumnscommand & controlcommand and controlcommunication protocolcommunication securitycompany limitedcompromised hostcompromised hostscompromised systemsconpot activityconpot honeypotconpot ics attackcowriecowrie activitycowrie honeypotcowrie ssh attackcredential accesscredential harvestingcredential sprayingcredential stuffingcredit card servicesctadata exfiltrationdata store exposuredata theftdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedictionary attackdionaeadionaea activitydionaea honeypotdionaea malware detectiondirectory traversaldistributed attacksemailexploit attemptsexploitation activityexploitation attemptsfinancefinancial servicesfinancial technologyftpftp brute forceftp brute-forcegithubhackingheralding activityhk abusehandlerhoneytrap activityhoneytrap honeypothong konghttp scannerhttpsics securityidentity & access exploitationindicatorindustrial control systemsinfrastructure acquisitionreconnaissanceinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attacklamplamp exploitation attemptsmailoney activitymailoney email spoofingmailoney honeypotmalicious activitymalicious email activitymalicious ip activitymalicious scanmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmirai botnetnetworknetwork attacksnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnokia_deepfield-benignnorth americaobserved malicious activityopen port detectionpassword attackspayment processingpgp signphishingphishing attackphishing trapping of deathpotential intrusionprocess injectionprotocol exploitationproxyproxy protocolpythonransomwarereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingsansscanscannerscanning activitysecurity operationssecurity policysentrypeer activitysentrypeer botnetsentrypeer p2p attackservice scansftpsftp activitysftp attacksftp scanningsipsip brute forcesip scanningslugsmtpsocial engineeringsocradar honeypotspamsshssh attackssh monitoringsurface webt1005t1016t1018t1021t1021.001t1021.002t1021.004t1021.006t1021.007t1040t1041t1046t1047t1053t1055t1056t1059t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.004t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner web attacktcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontimeouttor nodeunited statesunited states of americausus noneverified-benignvoipvoip attackvulnerability scanwealth managementweb application attackweb exploitationweb scannerweb traffic

Activity Timeline

1 total obs

May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenDec 18, 2024

Last seenMay 31, 2026

GeolocationUS

CountryUnited States

LocationPort Edwards, Wisconsin

OrgCyberOneData LLC

Coords44.3426, -89.8597

VirusTotal

Not checked

WHOIS

description: Scans hitting the server at TCP port 81 Skype. Same IP should not appear more than once in 96 hours in our lists S3#.
raw: Velcom VELCOM-16 (NET-104-234-0-0-1) 104.234.0.0 - 104.234.255.255 IPXO LLC 104-234-0-0-17 (NET-104-234-0-0-2) 104.234.0.0 - 104.234.127.255 Internet Utilities NA LLC NETUTILS (NET-104-234-0-0-3) 104.234.0.0 - 104.234.127.255 CyberOneData LLC NET-104-234-115-0-24 (NET-104-234-115-0-1) 104.234.115.0 - 104.234.115.255
references: https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

`104.234.115.159`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey