IPMediumSignal 59/100

`104.152.52.218`

Location

United States

Chicago, Illinois

ASN

AS51088

Rethem Hosting LLC

First Seen

Sep 12, 2022

Last Seen

Jun 18, 2026

Sep 12

First Seen

1378d ago

Jun 18

Last Seen

2d ago

Reports

source reports

59%

Confidence

medium

Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

59%

Signal Score

59 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

68 techniques

Network Information

Country

United States

RegionChicago, Illinois

ASNAS51088

OrganizationRethem Hosting LLC

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

30 reports59% confidence

Source reports

59%

Confidence score

Category tags

abuseabuseipdbaccess controlaccount compromiseaccount securityactive scanactive scanningadbhoney honeypotadministrative accessaerospace & defenseapi keyaptasiaatif feedattackattack source ipattacker-ipaustraliaauthentication abuseauthentication attackauthentication failureauto-generated securityautomated attackautomated attacksautomated threatautomotive manufacturingbad reputationbad web botbanlist feedbinary defenseblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcechinaciscocisco asacisco devicecisco exploitationcisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostcowriecowrie activitycowrie attackscowrie honeypotcowrie honeypot detectioncowrie interactionscowrie ssh honeypotcredential accesscredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcyber securitydata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdefault companydefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdistributed attacksdnsdns attackelectronics manufacturingemailencryptionenterprise networkingeuropeexploitexploit attemptsexploitationexploitation activityexploited hostexternal access attemptsexternal threatexternal_threatfattfatt signaturesfinlandfirstfranceftpftp attacksftp brute forceftp_scangermanygovernment technologygraph summaryhackinghoneynet connecthoneytrap datahoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/shttp_scanidentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinjection activityinternet of thingsinternet-wide scaninternet_wide_scanintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4ipv4 scanipv4_scanningjapanjoinlamplamp exploitation attemptslamp server attacklamp stack attacklamp stack targetedlamp stack targetinglateral movementlcialinux serverslinux systemslogin attacklogin attemptmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious login attemptsmalicious softwaremalwaremalware behaviourmalware capturemalware detectionmalware distributionmalware propagationmalware scanningmanualmanufacturing technologymilitary operationsmirai botnetmonthlymssqlmssql brute forcenational securitynetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork_reconnaissancenetwork_scanningnextraynorth americaoceaniaopen proxyopenctioperating systemoperating system securityp0fp0f signaturespassword attackpassword attacksphishingphishing attackphishing trappolandportscanpossible mirai variantpotential compromisepotential exploitprivilege escalationprocess injectionprocess manufacturingprotocol exploitationproxypublic administrationpublic infrastructurepublic policypublicly accessible infrastructurequality controlransomwarerdp_scanreconnaissanceregulatory agenciesremote accessremote servicesresearchresearchedresource hijackingsansscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice enumerationservice scanservice scanningsftpsftp access attemptsftp activitysftp attacksftp attacksshell access attemptssingaporesipsip scanningsmb brute forcesmtpsmtp attackersmtp brute forcesmtp probingsocial engineeringsocradar honeypotspamsql injectionsql injection attemptssshssh attackssh attacksssh monitoringssh scanningssh-brutessh_scansupply chain attacksupply chain managementsuricata alertssynsystem accesst-pott1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1583.001t1583.002t1583.003t1583.004t1587.001t1588t1589t1590t1590.001t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp/23tcp/3306tcp/80telecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat_actor_unknowntor nodetpotudp port scanudp scanudp/161unauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunited kingdomunited statesunited states of americaunknown threat actorusvalid accountsvalue avoipvoip attackvulnerability scanvultrweb app attackweb application attackweb exploitweb exploitationweb exploitsweb scannerweb spamweb trafficwhois lookups

Activity Timeline

1 total obs

Jun 18Jun 18

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

59%

Confidence

Reports

First seenSep 12, 2022

Last seenJun 18, 2026

GeolocationUS

CountryUnited States

LocationChicago, Illinois

ASNAS51088

OrgRethem Hosting LLC

Coords37.7510, -97.8220

Proxy

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=honeytrap, p0f; threshold?1; private IPs excluded. geo=US; ports=2222 Location=Sydney, Australia.
raw: NetRange: 104.152.52.0 - 104.152.55.255 CIDR: 104.152.52.0/22 NetName: RETHEM-HOSTING NetHandle: NET-104-152-52-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Rethem Hosting LLC (RHL-18) RegDate: 2014-07-11 Updated: 2014-07-11 Ref: https://rdap.arin.net/registry/ip/104.152.52.0 OrgName: Rethem Hosting LLC OrgId: RHL-18 Address: 500 N. Michigan Ave Address: Suite 300 City: Chicago StateProv: IL PostalCode: 60611 Country: US RegDate: 2011-03-16 Updated: 2012-05-25 Ref: https://rdap.arin.net/registry/entity/RHL-18 OrgTechHandle: NOC11885-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-212-257-2998 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgNOCHandle: NOC11885-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-212-257-2998 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgAbuseHandle: NOC11885-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-212-257-2998 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN
references: https://github.com/telekom-security/tpotce, https://redpiranha.net, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, http://cinsscore.com/list/ci-badguys.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

`104.152.52.218`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey