IOC Radar
IPMediumSignal 52/100

104.247.81.99

Location
CanadaCanada
Windsor, Ontario
ASN
AS206834
Next Dimension Inc
First Seen
Nov 5, 2025
Last Seen
Jun 4, 2026
Nov 5
First Seen
212d ago
Jun 4
Last Seen
2d ago
14
Reports
source reports
52%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
52%
Signal Score
52 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

118 techniques

Network Information

CountryCACanada
RegionWindsor, Ontario
ASNAS206834
OrganizationNext Dimension Inc

Feed Intelligence Summary

14 reports52% confidence
14
Source reports
52%
Confidence score
Category tags
aaaaabuseacademic institutionsacceptaccess ta0001access typeacoustic exfiltrationactive scanactive scanningadded activeaddressadornoaerospace & defenseahost.exe abuseai applicationsai researchai solutionsalbertaalbertandpalbertaucpalertsalerts explorealibaba cloudalienvault_ransomwareall domainall hostnameall reportall urlallegroanalysis dateanalysis tipanchoranchor httpsantivmapache upgradeapi keyapisappleapple subdomain c2aptapt41artifacts vartificial intelligenceascii textascioattackav detectionsbackdoorbad reputationbad trafficbankingbeenbillbodybotnetbotnet activitybrand impersonationbrian sabeysbrothbrute forcebrute force attackbrute-forcebt home hubbypassc2 masqueradingcacallscanadachecks creationchristopher ahmanncitycivil servicesck idck matrixclick-based attackcloud applicationscnamecode executioncode integritycommandcommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescompromised routerscomputer visioncredential accesscredential harvestingcredential stuffingcredit card servicescrypcryptocurrencycryptocurrency threatscryptojackingcyber-volksdata accessdata copyingdata encryptiondata exfiltrationdata manipulationdata store exposuredata transferdata uploadddosddos infrastructurede notede seende summarydeadlock ransomwaredeep learningdefensedefense contractingdefense evasiondefense logisticsdefense systemsdefense technologydelete servicedenial of servicedenmarkdetections nonedfn vereindirectdistributed attacksdnsdns attackdockdoin itdomaindomains rulesdonedopple aidprkdynadot llcdynamicloadereducational resourceseducational serviceseducational technologyelectronic health recordsemailsencryptencryptionenter scerroret infoeuropeevidence destructionexclude dataexclude suggesexecutable fileexpiration httpexploitation activityexploited hostextortionextr dataextr pleaseextra datafailedfailurefbifilesfiles domainfiles relatedfinalfinancefinancial servicesfinancial technologyflagformformatfoundfoundryfranasftp attackfull reportsgardengeneral infogermanyget httpget naginkogoagooglegovernment entitiesgovernment of albertagovernment technologyguardguid trackinghackinghall evanshealth care and social assistancehealth information technologyhealthcare information systemshelp dnshelp toggleheuristic matchhichinahighhigher educationhomograph attackhospital managementhostname enumerationhtml documenthtml internethttp attackhttp scannerhttpshunterhybridhybrid analysisidentity & access exploitationidron anvids detectionsiframeinclude datainclude reviewindicators showinfo initialinformation gatheringinformation systeminformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinput validation bypassinquest labsintelligence gatheringintrusion detectioniocsiot compromiseiot securityipv6ipv6 addressit infrastructurek-12 educationkeywordkimwolflearnlearn moreless ipliberalliberal friendslink initiallinuxlocallogo.pnglooklookuplucas achamachine learningmalicious activitymalicious domainmalicious downloadmalicious linksmalicious softwaremalicious yaramalwaremalware analysismalware deploymentmalware distributionmastodon-benignmedia centermedical servicesmediummetadata analysismilitary operationsmisc attackmitre attmkqzmobile carriersmobile networksmodelmodule loadmovedmsiename serversname tacticsnamecheap incnation-state activitynational securitynatural language processingnetworknetwork scanningnetwork securitynextnode trafficnone googlenone nonenorth americanorth korea aptonlineopenopenurl cotx descriptionotx logooverpackingpage urlpalantirian abuseparis adminpartpassive dnspassword attackspath traversalpatient carepattern matchpayment processingperlphishingphishing attackphishing campaignsphonephysical threatspleaseplease noteplease subpoempolandpolish domainsporkbun llcporn revengepostal codepresent decpresent febpresent janprivacy adminprocess injectionprotectprotocol exploitationproxypublic administrationpublic infrastructurepublic policypulse pulsespulses otxpushquasi governmentralordransomwareread creadsreconnaissancereferenrefreshregexpregularregulatory agenciesreimerrelated pulsesrelated tagsremote accessremote servicesreport spamresearchedresidential bridgeresource hijackingrestartrgbarl httprnloaderrnstealerrocky linuxrole titlerootrouterouter hijackingsabeysabey data centerssabey pornsafe browsingsafelysandboxsanselosc datasc pulsescanscannerscanning activityse httpse sourcesearchshowshow techniquesicarii ransomwaresignsizeslcc2snitsocial engineeringsocial media securitysoftware developmentsoftware exploitationspamspam brianspam deletespanspawnssquat analyzessh attackssl certificatestopstop showstringsstyle.csssubmitsummarysupply chain attacksuricata alerts eventswippersystem disruptiont1003t1005t1007t1010t1011.001t1012t1021t1021.001t1027t1027.002t1030t1036t1036.004t1040t1041t1045t1048t1048.003t1053t1055t1055.001t1055.004t1055.011t1055.014t1057t1059t1059.002t1059.006t1060t1068t1069t1069.002t1070t1071t1071.001t1071.004t1076t1078t1080t1082t1083t1090t1090.001t1105t1106t1110.001t1110.002t1110.003t1110.004t1112t1113t1114t1119t1125t1129t1132t1132.001t1133t1140t1143t1176t1189t1189 networkt1190t1195t1195.002t1203t1204t1204 user executiont1204.001t1204.002t1210t1480t1480 executiont1486t1490t1495t1496t1497t1499.001t1499.002t1499.003t1546t1547t1553t1553.002t1555t1562t1563t1564t1565t1566t1566 phishingt1566.001t1566.002t1566.003t1568t1568.002t1572t1573t1574t1583t1583.001t1583.003t1583.005t1584t1584.005t1586t1586.001t1587.001t1588t1588.002t1589.001t1590t1590.001t1592t1593.001t1595.001t1595.002t1595.003t1608.001t1614tagstakedowns toolstargeted harassmenttargeted threat campaigntbmvidtelecom servicestelecommunicationstelnet threatthe brother sabeythreat actorthreat intelligencetitletls handshaketlsv1tmobiletoken harvestertooltoolstortor network activitytor nodetrojan malwaretyp domaintype indicatortyposquattingualbertaunc4899unicode textunitedunited statesuofaupgradeupgrade upgradeurlsuser executionutf8 textvaluevaryverified-benignverifyvessel statevetting processvictim won casevirtoolvirtual disk drivevoidlinvowelwealth managementweb application attackweb application exploitationweb exploitationweb impersonationweb securityweb spamweb trafficwin32 malwarewindirwindows malwarewindows ntwormwritexlsmxlsxxxx videosyarayara detectionyara detectionsyara rule matchzur foerderung

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
52
SIGNAL
Signal Score
52%
Confidence
14
Reports
First seenNov 5, 2025
Last seenJun 4, 2026
GeolocationCA
CountryCanada
LocationWindsor, Ontario
ASNAS206834
OrgNext Dimension Inc
Coords42.3066, -83.0303

VirusTotal

Not checked

WHOIS

description
alberta.ca › Lookup › Tools — Have I Been Squatted
raw
NEXT DIMENSION INC NEXTD (NET-104-247-80-0-1) 104.247.80.0 - 104.247.85.255 Team Internet AG TEAM-INTERNET-AG-2 (NET-104-247-81-0-1) 104.247.81.0 - 104.247.81.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 7 months ago · Last seen 2 days ago
Appeared in 14 threat reports