IOC Radar
IPMediumSignal 98/100

104.234.115.33

Location
United StatesUnited States
Port Edwards, Wisconsin
First Seen
Nov 5, 2024
Last Seen
Jan 27, 2026
Nov 5
First Seen
598d ago
Jan 27
Last Seen
149d ago
24
Reports
source reports
98%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
98%
Signal Score
98 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

69 techniques

Network Information

CountryUSUnited States
RegionPort Edwards, Wisconsin
OrganizationCyberOneData LLC

Feed Intelligence Summary

24 reports98% confidence
24
Source reports
98%
Confidence score
Category tags
abuseactive scanningadbhoney honeypotamerican express companyapacheapache attackerasiaattackauto-generated securitybad web botbeningbening scannerblacklisted ipblock listbotnetbotnet activitybrute forcebrute force attackbrute force attemptsc2 communicationc2 servercanadachina mobileciscocisco devicecitrix exploitationcitrix securitycolumnscommand and controlcommon ports scancommunication protocolcompany limitedcompromised hostcompromised hostscompromised systemscowriecowrie honeypotcredential accesscredential harvestingcredential stuffingcsvctadata exfiltrationdata theftdatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaeadionaea honeypotdistributed attacksemailenterprise networkingenterprise securityenumerationexploit attemptexploit attemptsexploitation attemptsfinance and insuranceftp brute forcegithubhackinghk abusehandlerhoneytrap honeypothong konghttp brute forcehttp scanninghuaweiindicatorinformation technologyiocioslamplamp exploitlogin attemptmailoney honeypotmalicious activitymalicious ip activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware distribution attemptsnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnokia_deepfield-benignnorth americaobserved malicious activitypassword attackpassword attackspassword crackingpgp signphishingphishing attackphishing trapprocess injectionpythonreconnaissanceredis honeypotremote accessremote servicesresearchedresource hijackingsansscannerscanning activityscripting attackssecurity operationssentrypeer botnetservice enumerationsftpsftp attacksftp scanningsipsip exploitationsip scanningslugsmtp brute forcesmtp scanningsocial engineeringspamsshssh attackssh monitoringsurface websyn scant1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.006t1021.007t1021.008t1040t1041t1046t1047t1053t1055t1056t1059t1059.001t1059.004t1059.007t1068t1071t1071.001t1076t1078t1078.002t1078.003t1078.004t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1592t1595t1595.001t1595.002t1595.003tannertcp scanningtelecommunicationtelecommunicationstextthreat actorthreat detectionthreat intelligencethreat intelligence feedtimeoutudp port scanunauthorized accessunited statesunited states of americausus noneverified-benignvoipvoip attackweb application attackweb attackweb exploitationweb scannerweb spamwells fargo bank

Activity Timeline

1 total obs
Jan 27Jan 27

Threat Activity Heatmap

· Peak: 2026-01-27
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
98
SIGNAL
Signal Score
98%
Confidence
24
Reports
First seenNov 5, 2024
Last seenJan 27, 2026
GeolocationUS
CountryUnited States
LocationPort Edwards, Wisconsin
OrgCyberOneData LLC
Coords44.3426, -89.8597

VirusTotal

Not checked

WHOIS

description
The following is the full text of the DShield.org block list, compiled by the organisation's own staff and copyrighted by its own developers, subject to copyright and other conditions, and is copyrighted. Data Sources: https://feeds.dshield.org/feeds/topips.txt https://feeds.dshield.org/feeds/top10.txt https://feeds.dshield.org/feeds/block.txt https://feeds.dshield.org/feeds/daily_sources THIS IS NOT A BLOCKLIST! DATA IS UNFILTERED AND CONTAINS FALSE POSITIVES.
raw
Velcom VELCOM-16 (NET-104-234-0-0-1) 104.234.0.0 - 104.234.255.255 IPXO LLC 104-234-0-0-17 (NET-104-234-0-0-2) 104.234.0.0 - 104.234.127.255 Internet Utilities NA LLC NETUTILS (NET-104-234-0-0-3) 104.234.0.0 - 104.234.127.255 CyberOneData LLC NET-104-234-115-0-24 (NET-104-234-115-0-1) 104.234.115.0 - 104.234.115.255
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 24 threat reports