IOC Radar
IPMediumSignal 100/100

104.234.115.239

Location
United StatesUnited States
Port Edwards, Wisconsin
First Seen
Dec 21, 2024
Last Seen
Jan 27, 2026
Dec 21
First Seen
548d ago
Jan 27
Last Seen
145d ago
23
Reports
source reports
99%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

61 techniques

Network Information

CountryUSUnited States
RegionPort Edwards, Wisconsin
OrganizationCyberOneData LLC

Feed Intelligence Summary

23 reports99% confidence
23
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanninganomalous network connectionsapacheapache attackerasiaattackauthentication attemptsbad web botbankingbeningbening scannerblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attemptsc2c2 communicationc2 servercanadachina mobilecolumnscommand and controlcommunication protocolcompany limitedcompromised hostcompromised hostscowrie activitycowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingcredit card servicesdaily_sourcesdata exfiltrationdata exfiltration attemptdata theftdatabase securitydcom exploitationddosddos attackddos attacksdecoy systemdenial of servicedenial-of-service attemptdionaea activitydionaea honeypotdionaea malware collectiondistributed attacksexploit attemptsexploitation attemptsexploited hostfinancefinancial servicesfinancial technologyftp brute forceftp brute-forcehackinghk abusehandlerhoneytrap honeypothong konghttp brute forcehttp request anomalieshurricane usindicatorinfrastructure acquisitionreconnaissanceinjection attacksinternet of thingsintrusion detectioniociot botnetiot/ics attacklamplateral movementmalicious activitymalicious scanmalicious sip activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware propagationmalware scanningmanualmicrosoft technologiesmirai botnetnetworknetwork attacksnetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork traffic analysisnokia_deepfield-benignnorth americapassword attackspayment processingpgp signphishing attackping of deathpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationreconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingrpcsansscanscannerscanning activitysecurity operationssecurity policysentrypeer activitysentrypeer botnetsftp access attemptssftp attacksip brute forcesip scanningsmtp brute forcesocial engineeringsocradar honeypotspamsql injection attemptsssh attackssh monitoringt1016t1018t1021t1021.001t1021.004t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1590.001t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat intelligencethreat preventiontimeouttop10.txttopips.txttpotunauthorized access attemptunited statesunited states of americausus noneverified-benignvoipvoip attackwealth managementweb application attackweb exploitationweb scannerweb spam

Activity Timeline

1 total obs
Jan 27Jan 27

Threat Activity Heatmap

· Peak: 2026-01-27
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
23
Reports
First seenDec 21, 2024
Last seenJan 27, 2026
GeolocationUS
CountryUnited States
LocationPort Edwards, Wisconsin
OrgCyberOneData LLC
Coords44.3426, -89.8597

VirusTotal

Not checked

WHOIS

description
The following is the full text of the DShield.org block list, compiled by the organisation's own staff and copyrighted by its own developers, subject to copyright and other conditions, and is copyrighted. Data Sources: https://feeds.dshield.org/feeds/topips.txt https://feeds.dshield.org/feeds/top10.txt https://feeds.dshield.org/feeds/block.txt https://feeds.dshield.org/feeds/daily_sources THIS IS NOT A BLOCKLIST! DATA IS UNFILTERED AND CONTAINS FALSE POSITIVES.
raw
Velcom VELCOM-16 (NET-104-234-0-0-1) 104.234.0.0 - 104.234.255.255 IPXO LLC 104-234-0-0-17 (NET-104-234-0-0-2) 104.234.0.0 - 104.234.127.255 Internet Utilities NA LLC NETUTILS (NET-104-234-0-0-3) 104.234.0.0 - 104.234.127.255 CyberOneData LLC NET-104-234-115-0-24 (NET-104-234-115-0-1) 104.234.115.0 - 104.234.115.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 23 threat reports