IPMediumSignal 69/100
104.152.52.137
Location
United StatesChicago, Illinois
ASN
AS51088
Rethem Hosting LLC
First Seen
Dec 30, 2021
Last Seen
Jun 17, 2026
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionChicago, Illinois
ASNAS51088
OrganizationRethem Hosting LLC
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
30 reports69% confidence
30
Source reports
69%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningaerospace & defenseasiaatif feedattackattack sourceattacker ipsattacker-ipaustraliaauto-generated securityautomated attackautomated attacksautomated threatautomated-attackautomotive manufacturingbad reputationbad web botbanlist feedbinary defenseblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcebrute-force attackbruteforcecanadacisco asacisco asa targetedcisco devicecisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommand executioncommunication protocolcompromised hostcowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscredential accesscredential attackscredential brute forcecredential compromisecredential harvestingcredential stuffingcredential-bruteforcingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdistributed attackselectronics manufacturingencryptionenterprise networkingeuropeexploitexploit probingexploitationexploitation activityexploitation attemptsexploited hostexternal access attemptsexternal threatexternal_threatfattfatt analysisfinlandfranceftpftp attacksftp brute forcegermanygovernment technologyhackinghoneynet connecthoneytrap activityhoneytrap datahoneytrap honeypothttp brute forcehttp probinghttp scannerhttp scanninghttp/shttps probingidentity & access exploitationimapimap attackindustrial automationindustrial iotindustrial productioninformation gatheringinfrastructure acquisitionreconnaissanceinjection activityinjection attacksintrusion detectioniociot securityiot targetedip-addressesipv4ipv4 threatsipv4_addresskfsensor honeypotlamplamp attacklamp exploitation attemptslamp stack attacklamp stack targetinglateral movementlinux serverslinux systemsloginlogin attacklogin attemptmailoney activitymailoney honeypotmalaysiamalicious activitymalicious ipsmalicious login attemptsmalicious softwaremalwaremalware behaviourmalware capturemalware deliverymanualmanufacturing technologymilitary operationsmssqlnational securitynetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynetwork servicesnetwork traffic analysisnetwork-reconnaissancenetwork_scanningnextraynorth americaoceaniaopportunistic-attackp0fp0f signaturespassword attackpassword attacksphishingphishing attackphishing trappolandportscanpossible credential stuffingpossible malware distributionpossible mirai variantpotential lateral movementprocess injectionprocess manufacturingprotocol exploitationproxypublic administrationpublic infrastructurepublic policyquality controlransomwarerdp scanningreconnaissanceredis honeypotregulatory agenciesremote accessremote service exploitationremote servicesresearchresearchedresource hijackingsansscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionserver exploitationservice discoveryservice scanservice scanningsftp access attemptsftp activitysftp attacksftp probingsip attackssip scanningsmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesocial engineeringspamsql injectionsshssh attackssh attacksssh monitoringssh-brutesupply chain attacksupply chain managementsuricata alertssystem accesst1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1590t1590.001t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetcp protocoltcp scantcp/21tcp/23tcp/3306tcp/5900telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat_intelligencetor nodetorontotpotudp port scanudp scanudp/161unattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunited statesunited states of americaunknown threat actorusvnc protocolvoidtrapvoipvoip attackvoip systemsvulnerability scanvultrweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitweb exploitationweb serversweb spamweb traffic
Activity Timeline
Jun 17Jun 17
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
30
Reports
First seenDec 30, 2021
Last seenJun 17, 2026
GeolocationUS
CountryUnited States
LocationChicago, Illinois
ASNAS51088
OrgRethem Hosting LLC
Coords41.8911, -87.6246
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 4 days ago
Appeared in 30 threat reports