IPMediumSignal 64/100

`104.152.52.110`

Location

United States

Chicago, Illinois

ASN

AS51088

Rethem Hosting LLC

First Seen

Nov 3, 2021

Last Seen

Jun 18, 2026

Nov 3

First Seen

1697d ago

Jun 18

Last Seen

9d ago

Reports

source reports

64%

Confidence

medium

Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

64%

Signal Score

64 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

60 techniques

Network Information

Country

United States

RegionChicago, Illinois

ASNAS51088

OrganizationRethem Hosting LLC

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

31 reports64% confidence

Source reports

64%

Confidence score

Category tags

abuseackactive scanactive scanningaerospace & defenseaptattackattacker ipsaustraliaauthenticationauto-generated securityautomated attackautomated attacksautomated threatautomotive manufacturingbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbruteforcecanadacisco devicecisco exploitation attemptscivil servicescloud environmentcommand and controlcommunication protocolcompromised hostcowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcross-site scripting attemptdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdigital oceandigitalocean infrastructuredionaeadionaea activitydionaea attacksdionaea honeypotdionaea malware samplesdistributed attackselasticpot honeypotelasticsearch monitoringelectronics manufacturingencryptionenterprise networkingeuropeexploitexploit attemptexploit attemptsexploit probingexploitationexploitation activityexploited hostexternal access attemptsfailed login attemptsfattfatt analysisfilefin scanfinlandfranceftogftpftp attacksftp brute forceftp brute-forcegermanygovernment technologyhackinghoneynet connecthoneytrap activityhoneytrap datahoneytrap exploit attemptshoneytrap honeypothttp brute forcehttp scannerhttp scanninghttp/shttpshydraidentity & access exploitationimapindicatorindustrial automationindustrial iotindustrial productioninfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectioniociot device targetingiot securityiot targetedipv4 activitykfsensor honeypotlamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlinux serverslinux systemsloginlogin attacklogin attemptlogin_attemptmailoney activitymailoney honeypotmalicious activitymalicious activity detectedmalicious file transfermalicious login attemptsmalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware propagationmanualmanufacturing technologymasscanmilitary operationsmonthlymssqlmssql brute forcenational securitynetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork servicesnetwork traffic analysisnetwork_activitynextraynmapnorth americanull scanoceaniaopen proxyp0fp0f network fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trappolandportscanpossible malware distributionpossible mirai variantprocess injectionprocess manufacturingprotocol exploitationproxypublic administrationpublic infrastructurepublic policyquality controlransomwarereconnaissancereconnaissance activityregulatory agenciesremote accessremote servicesresearchresearchedresource hijackingsansscanscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionserver exploitationservice enumerationservice scanservice scanningsftp access attemptsftp activitysftp attacksftp exploitation attemptssip attackssip brute forcesip scanningsmb brute forcesmtpsmtp attackssmtp brute forcesocial engineeringspamsql injectionsql injection attemptsshssh attackssh attacksssh monitoringssh-brutesupply chain attacksupply chain managementsuricata alertssynsyn_scansystem accesst1005t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071.001t1076t1077t1078t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1572t1583t1587.001t1590t1590.001t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetcp protocoltcp scantcp/23tcp/80telecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunited kingdomunited statesunknown threat actorusvnc protocolvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application attacksweb application scanningweb attackweb exploitweb exploitationweb shell detectionweb spamweb trafficxmas scanxmas_scan

Activity Timeline

1 total obs

Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

64%

Confidence

Reports

First seenNov 3, 2021

Last seenJun 18, 2026

GeolocationUS

CountryUnited States

LocationChicago, Illinois

ASNAS51088

OrgRethem Hosting LLC

Coords37.7510, -97.8220

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: NetRange: 104.152.52.0 - 104.152.55.255 CIDR: 104.152.52.0/22 NetName: RETHEM-HOSTING NetHandle: NET-104-152-52-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Rethem Hosting LLC (RHL-18) RegDate: 2014-07-11 Updated: 2014-07-11 Ref: https://rdap.arin.net/registry/ip/104.152.52.0 OrgName: Rethem Hosting LLC OrgId: RHL-18 Address: 500 N. Michigan Ave Address: Suite 300 City: Chicago StateProv: IL PostalCode: 60611 Country: US RegDate: 2011-03-16 Updated: 2012-05-25 Ref: https://rdap.arin.net/registry/entity/RHL-18 OrgAbuseHandle: NOC11885-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-212-257-2998 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgNOCHandle: NOC11885-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-212-257-2998 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgTechHandle: NOC11885-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-212-257-2998 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN
references: https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://redpiranha.net, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7196920220958011392-tt6Q?utm_source=share&utm_medium=member_desktop

`104.152.52.110`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey