IOC Radar
IPMediumSignal 100/100

104.234.115.84

Location
United StatesUnited States
Port Edwards, Wisconsin
First Seen
Dec 13, 2024
Last Seen
Feb 6, 2026
Dec 13
First Seen
560d ago
Feb 6
Last Seen
140d ago
26
Reports
source reports
99%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Network Information

CountryUSUnited States
RegionPort Edwards, Wisconsin
OrganizationCyberOneData LLC

Feed Intelligence Summary

26 reports99% confidence
26
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanningadbhoney attacksadbhoney honeypotamerican expressattackattacker ipattacker_ipaustraliabad web botbankingbeningbening scannerblacklist ipbotnetbrute forcebrute force attackbrute force attacksbrute force attemptsbrute_forcec2c2 servercanadacisco devicecisco exploitation attemptcisco exploitation attemptsclosecommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostscompromised systemsconpotconpot attacksconpot honeypotcowriecowrie activitycowrie attackcowrie attackscowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingcredit card servicesctadata exfiltrationdata theftdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea attackdionaea attacksdionaea honeypotdionaea malwaredionaea malware detectiondistributed attackselasticpot dataelasticpot honeypotelasticsearch monitoringemailenterprise networkingenumerationexploit attemptexploit kit activityexploit probingexploitationexploitation attemptexploited hostexternal ipfailed loginfinancefinance and insurancefinancial servicesfinancial technologyftpftp brute forcegeckogithubhackinghelloheralding protocol abusehoneytrap honeypothttp scannerhttp scanninghuaweiics securityindicatorindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessintel macinternet of thingsintrusion detectioniociot botnetiot/ics attackipphoney honeypotkhtmllamplamp exploit attemptlamp exploitation attemptslamp server targetlamp stack targetinglateral movementlinux x8664login attemptmailoney honeypotmalicious activitymalicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware distributionmanualmirai botnetmobilemobile securitynetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnokia_deepfield-benignnorth americaoceaniaos xpassword attackspassword sprayingpayment processingphishingphishing attackphishing trappotential compromisepotential credential compromisepotential malware downloadpotential malware uploadpotential_compromiseprocess injectionprotocol abuseprotocol exploitationproxy protocolpythonreconnaissancereconnaissance activityredis honeypotremote accessremote servicesresearchedresource developmentresource hijackingsansscanscannerscanning activitysecurity operationssecurity policysentrypeer activitysentrypeer botnetsftpsftp access attemptssftp activitysftp attacksftp attackssftp intrusion attemptsipsip attackssip brute forcesip scanningsip vulnerability exploitationslugsocial engineeringsocradar honeypotspamsql injection attemptssshssh attackssh monitoringsurface webt1016t1018t1021t1021.001t1021.002t1021.004t1021.006t1040t1041t1046t1053t1055t1059t1059.004t1064t1068t1071t1071.001t1076t1078t1078.001t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1587.001t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner attackstcp protocoltcp scantelecommunicationtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontpotubuntuudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized network activityunited statesunited states of americausverified-benignvoipvoip attackwealth managementweb application attackweb exploitationweb scannerweb shell attemptweb spamweb trafficwestpac new zealandwindows nt

Activity Timeline

1 total obs
Feb 6Feb 6

Threat Activity Heatmap

· Peak: 2026-02-06
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
26
Reports
First seenDec 13, 2024
Last seenFeb 6, 2026
GeolocationUS
CountryUnited States
LocationPort Edwards, Wisconsin
OrgCyberOneData LLC
Coords44.3426, -89.8597

VirusTotal

Not checked

WHOIS

description
Seen in CiscoASA honeypot logs within the configured window.
raw
Velcom VELCOM-16 (NET-104-234-0-0-1) 104.234.0.0 - 104.234.255.255 IPXO LLC 104-234-0-0-17 (NET-104-234-0-0-2) 104.234.0.0 - 104.234.127.255 Internet Utilities NA LLC NETUTILS (NET-104-234-0-0-3) 104.234.0.0 - 104.234.127.255 CyberOneData LLC NET-104-234-115-0-24 (NET-104-234-115-0-1) 104.234.115.0 - 104.234.115.255
references
https://github.com/telekom-security/tpotce, https://example.com

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 26 threat reports