IPMediumSignal 57/100
104.152.52.222
Location
United StatesChicago, Illinois
ASN
AS51088
Rethem Hosting LLC
First Seen
Sep 6, 2022
Last Seen
Jun 15, 2026
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionChicago, Illinois
ASNAS51088
OrganizationRethem Hosting LLC
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
29 reports57% confidence
29
Source reports
57%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseaccount securityactive scanactive scanningadministrative accessaerospace & defenseaptasiaattackattacker-ipaustraliaauto-generated securityautomated attacksautomated threatautomated threatsautomotive manufacturingbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbruteforcecisco attackcisco devicecisco device targetingcisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommunication protocolcommunication securitycowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential attackscredential brute forcecredential harvestingcredential stuffingcredential-harvestingdata encryptiondata exfiltrationdata store exposuredatabase attackddosddos attackddos attacksdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdigital oceandionaeadionaea attacksdionaea capturedionaea honeypotdionaea interactionsdistributed attackselectronics manufacturingencryptionenterprise networkingenv-huntingeuropeexploitexploit attemptsexploitationexploitation activityexploited hostexternal access attemptsfattfatt signaturesfinlandfrancefraud voipftpftp attacksftp brute forcegermanygovernment technologyhackingheralding behaviorhoneynet connecthoneytrap datahoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/sidentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackjapanlamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlcialinux serverslinux systemslogin attacklogin attemptmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious login attemptsmalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemalware detectionmanualmanufacturing technologymilitary operationsmirai botnetmssqlmssql brute forcenational securitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork traffic analysisnextraynginxnorth americaoceaniaopen proxyoperating systemoperating system securityp0fp0f signaturespassword attackpassword attacksphishingphishing attackphishing trappolandportscanpossible malware distributionpossible mirai variantprivilege escalationprocess injectionprocess manufacturingprotocol exploitationproxypublic administrationpublic infrastructurepublic policyquality controlransomwarereconnaissanceregulatory agenciesremote accessremote servicesresearchresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer interactionsservice enumerationservice scanservice scanningsftp access attemptsftp activitysftp attacksip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesmtp probingsocial engineeringspamsshssh attackssh attacksssh monitoringssh-brutesupply chain attacksupply chain managementsuricata alertssynsystem accesst-pott1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071.001t1076t1077t1078t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1590.001t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp/23tcp/5900tcp/80telecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottpotceudp port scanudp scanudp/161unauthorized accessunauthorized access attemptunauthorized loginunited statesusvnc protocolvoipvoip attackvoip systemsvulnerability scanvultrweb app attackweb application attackweb application scanningweb attackweb exploitweb exploitationweb exploitsweb serversweb spamweb traffic
Activity Timeline
Jun 15Jun 15
Threat Activity Heatmap
· Peak: 2026-06-15LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
29
Reports
First seenSep 6, 2022
Last seenJun 15, 2026
GeolocationUS
CountryUnited States
LocationChicago, Illinois
ASNAS51088
OrgRethem Hosting LLC
Coords41.8911, -87.6246
Proxy
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=honeytrap, p0f; threshold?1; private IPs excluded. geo=US; ports=4200 Location=Sydney, Australia.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 6 days ago
Appeared in 29 threat reports