IPMediumSignal 100/100
104.152.52.157
Location
United StatesChicago, Illinois
ASN
AS51088
Rethem Hosting LLC
First Seen
Nov 4, 2021
Last Seen
Jun 10, 2026
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionChicago, Illinois
ASNAS51088
OrganizationRethem Hosting LLC
Feed Intelligence Summary
24 reports99% confidence
24
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney activityadbhoney honeypotaerospace & defenseattackauto-generated securityautomotive manufacturingbotnetbrute forcebrute force attackbrute force attemptsbrute_forcecisco attackcisco devicecisco exploit attemptscisco exploitation attemptcisco_exploitcivil servicescommand and controlcommunication protocolcowrie activitycowrie honeypotcowrie_attackcredential accesscredential harvestingcredential stuffingcredential_accessdata exfiltrationdatabase attackdatabase exploitation attemptsdatabase probingdatabase scandatabase securityddosddos attackddos attacksdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdionaea activitydionaea honeypotdistributed attackselectronics manufacturingenterprise networkingeuropeexploit attemptexploited hostfinlandfranceftp brute forcegermanygovernment technologyhackinghoneynet connecthoneytrap activityhoneytrap honeypothttp brute forcehttp scannerindicatorindustrial automationindustrial iotindustrial productioninfrastructure acquisitionreconnaissanceinitial_accessinitiator ipinternet of thingsintrusion detectioniociot botnetiot/ics attacklamplamp attacklamp exploitlamp exploit attemptslamp_exploitlateral movementlinux system targetingloginlogin attemptmailoney honeypotmalicious activitymalicious payloadmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmanufacturing technologymariadbmilitary operationsmirai botnetnational securitynetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynextraynorth americapassword attackpassword attacksphishingphishing attackphishing trappolandpotential vulnerability exploitationprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlreconnaissanceredis honeypotredishoneypot activityregulatory agenciesremote accessremote servicesresearchedresource hijackingsansscanscannerscanning activityscripting attackssecurity operationssecurity policysentrypeer activitysentrypeer botnetserver exploitationsftp attacksftp_attacksip brute forcesip scanningsip_attacksmb brute forcesmtp brute forcesocial engineeringsql injectionssh attackssh monitoringssh_bruteforcesupply chain managementt1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytcp protocoltcp scantcp/23tcp/3306tcp/80telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionudp scanunauthorized access attemptunited statesunited states of americausvoipvoip attackweb application attackweb application scanweb attackweb exploitationweb scannerweb spamweb trafficwindows system targeting
Activity Timeline
Jun 10Jun 10
Threat Activity Heatmap
· Peak: 2026-06-10LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
24
Reports
First seenNov 4, 2021
Last seenJun 10, 2026
GeolocationUS
CountryUnited States
LocationChicago, Illinois
ASNAS51088
OrgRethem Hosting LLC
Coords41.8911, -87.6246
VirusTotal
Not checked
WHOIS
- description
- 2025-07-07T17:24:52.537Z Honeypot : Tanner : Source: 104.152.52.157 : Port: 80 Post Data: {'response': {'message': {'detection': {'type': 1, 'version': '0.6.0', 'order': 1, 'name': 'index'}, 'sess_uuid': '8bbcb9d6-1a3d-453e-ba41-c346481c813c'}}, 'version': '0.6.0'}
- raw
- NetRange: 104.152.52.0 - 104.152.55.255 CIDR: 104.152.52.0/22 NetName: RETHEM-HOSTING NetHandle: NET-104-152-52-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: AS14987 Organization: Rethem Hosting LLC (RHL-18) RegDate: 2014-07-11 Updated: 2014-07-11 Ref: https://rdap.arin.net/registry/ip/104.152.52.0 OrgName: Rethem Hosting LLC OrgId: RHL-18 Address: 500 N. Michigan Ave Address: Suite 300 City: Chicago StateProv: IL PostalCode: 60611 Country: US RegDate: 2011-03-16 Updated: 2012-05-25 Ref: https://rdap.arin.net/registry/entity/RHL-18 OrgNOCHandle: NOC11885-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-212-257-2998 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgTechHandle: NOC11885-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-212-257-2998 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgAbuseHandle: NOC11885-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-212-257-2998 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN
- references
- https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 13 days ago
Appeared in 24 threat reports