IOC Radar
IPMediumSignal 52/100

104.234.115.91

Location
United StatesUnited States
Port Edwards, ON
First Seen
Dec 13, 2024
Last Seen
Apr 12, 2026
Dec 13
First Seen
557d ago
Apr 12
Last Seen
72d ago
27
Reports
source reports
52%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
52%
Signal Score
52 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

55 techniques

Network Information

CountryUSUnited States
RegionPort Edwards, ON
OrganizationCyberOneData LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

27 reports52% confidence
27
Source reports
52%
Confidence score
Category tags
abuseaccessaccess controlactive scanactive scanningadbhoney activityadbhoney honeypotanomalous network connectionsasiaattackaustraliabad reputationbad web botbankingbeningbening scannerblacklist ipblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attemptsc2c2 communicationc2 servercanadachina mobilecisco devicecolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised hostcompromised hostscowriecowrie activitycowrie attackcowrie honeypotcredential accesscredential harvestingcredential stuffingcredit card servicesctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftddosddos attackddos attacksdecoy systemdenial of servicedenial-of-service attemptdevice managementdionaea activitydionaea attackdionaea honeypotdistributed attacksemailenterprise networkingexecutable fileexploitation activityexploitation attemptsexploited hostfinancefinancial servicesfinancial technologyftp brute forcegithubgroupshackinghk abusehandlerhoneytrap activityhoneytrap honeypothong konghttp request anomalieshttp scannerhurricane usidentity & access exploitationindicatorinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attacklamplamp attacklamp stack attacklateral movementmailoney activitymailoney honeypotmalicious activitymalicious scanmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmirai botnetnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynetwork traffic analysisnokia_deepfield-benignnorth americaoceaniapassword attackspayment processingpgp signphishingphishing attackphishing trapping of deathpossible botnet activitypossible malware distributionpotential malicious activityprocess injectionprotocol exploitationproxyproxy protocolpythonransomwarereconnaissancereconnaissance activityresearchedresource hijackingsansscanscannerscanning activityscriptscripting attackssecurity operationssecurity policysentrypeer activitysentrypeer botnetservice enumerationsftpsftp activitysftp attacksip brute forcesip scanningslugsmtpsmtp attackersmtp brute forcesocial engineeringsocradar honeypotspamsshssh attackssh monitoringsurface webt1016t1018t1021t1021.001t1021.002t1021.004t1021.006t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.004t1059.007t1065t1068t1071t1071.001t1078t1078.001t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1589t1592t1595t1595.001t1595.002t1595.003tannertanner attacktcp protocoltelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpotceunauthorized access attemptsunidentified attackerunited statesunited states of americausus noneverified-benignvoipvoip attackvulnerability scanwealth managementweb application attackweb attackweb exploitationweb scannerweb traffic

Activity Timeline

1 total obs
Apr 12Apr 12

Threat Activity Heatmap

· Peak: 2026-04-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
52
SIGNAL
Signal Score
52%
Confidence
27
Reports
First seenDec 13, 2024
Last seenApr 12, 2026
GeolocationUS
CountryUnited States
LocationPort Edwards, ON
OrgCyberOneData LLC
Coords43.6311, -79.4950
Proxy

VirusTotal

Not checked

WHOIS

description
The following is the full text of the DShield.org block list, compiled by the organisation's own staff and copyrighted by its own developers, subject to copyright and other conditions, and is copyrighted. Data Sources: https://feeds.dshield.org/feeds/topips.txt https://feeds.dshield.org/feeds/top10.txt https://feeds.dshield.org/feeds/block.txt https://feeds.dshield.org/feeds/daily_sources THIS IS NOT A BLOCKLIST! DATA IS UNFILTERED AND CONTAINS FALSE POSITIVES.
raw
Velcom VELCOM-16 (NET-104-234-0-0-1) 104.234.0.0 - 104.234.255.255 IPXO LLC 104-234-0-0-17 (NET-104-234-0-0-2) 104.234.0.0 - 104.234.127.255 Internet Utilities NA LLC NETUTILS (NET-104-234-0-0-3) 104.234.0.0 - 104.234.127.255 CyberOneData LLC NET-104-234-115-0-24 (NET-104-234-115-0-1) 104.234.115.0 - 104.234.115.255
references
https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 27 threat reports