IPMediumSignal 60/100
104.152.52.226
Location
United StatesChicago, Illinois
ASN
AS51088
Rethem Hosting LLC
First Seen
Sep 11, 2022
Last Seen
Jun 23, 2026
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionChicago, Illinois
ASNAS51088
OrganizationRethem Hosting LLC
Feed Intelligence Summary
31 reports60% confidence
31
Source reports
60%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseactive scanactive scanningadbhoney activityadbhoney honeypotaerospace & defenseapplication layer protocolaptasiaattackaustraliaauto-generated securityautomated attacksautomated threatautomated threatsautomotive manufacturingbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackbruteforcec2 communicationcisco devicecisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescommand & controlcommand and controlcommand injectioncommunication protocolcompromise attemptcompromised credentialscompromised ip addressesconpot activityconpot honeypotconpot ics attackcowriecowrie activitycowrie honeypotcowrie interactionscowrie ssh attackcredential accesscredential attackscredential brute forcecredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase enumerationdatabase exploitation attemptsdatabase securityddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdigital oceandionaeadionaea activitydionaea capturedionaea honeypotdionaea interactionsdionaea malware detectiondistributed attacksdnsdns attackelectronics manufacturingencryptionenterprise networkingeuropeexploitexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal access attemptsfattfatt signaturesfinlandfranceftpftp attacksftp brute forceftp brute-forceftp scangermanygovernment technologyhackinghoneynet connecthoneytrap datahoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/sics securityidentity & access exploitationindicatorindustrial automationindustrial control systemsindustrial iotindustrial productioninformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinitial access preparationinjection activityinjection attacksinternet facing assetsintrusion detectioniociot attackiot securityiot targetediot/ics attackjapankfsensor honeypotlamplamp exploit attemptslamp server attacklamp stack attacklamp stack attackslamp stack targetinglateral movementlinux serverslinux systemsloginlogin attacklogin attemptmailoney activitymailoney email spoofingmailoney honeypotmailoney interactionsmalicious activitymalicious emailmalicious login attemptsmalicious softwaremalicious software detectionmalicious software targetingmalwaremalware behaviourmalware capturemalware detectionmalware distributionmanualmanufacturing technologymilitary operationsmssqlmssql brute forcenational securitynetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnextraynorth americaoceaniaos credential dumpingp0fp0f signaturespassword attackpassword attacksphishingphishing attackphishing trappolandportscanpossible mirai variantpotential credential theftprocess injectionprocess manufacturingprotocol abuseprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlreconnaissanceredis exploitationredis honeypotregulatory agenciesremote accessremote access attemptsremote servicesresearchresearchedresource hijackingsansscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer interactionssentrypeer p2p attackservice enumerationservice scanservice scanningsftp access attemptsftp access attemptssftp activitysftp attacksftp attemptsftp scanningsip brute forcesip scansip scanningsip vulnerability probingsmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringspamsshssh attackssh attacksssh monitoringssh scanssh-brutesupply chain attacksupply chain managementsuricata alertssynsystem accesssystem discoveryt-pott1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.004t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1588t1589t1590t1590.001t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstanner web attacktargeting databasetcp protocoltcp scantcp/23tcp/iptelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunited kingdomunited statesunited states of americausvoipvoip attackvoip systemsvulnerability scanvultrweb app attackweb application attackweb application scanningweb attackweb exploitweb exploitationweb exploitsweb scannerweb serversweb spamweb traffic
Activity Timeline
Jun 23Jun 23
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
31
Reports
First seenSep 11, 2022
Last seenJun 23, 2026
GeolocationUS
CountryUnited States
LocationChicago, Illinois
ASNAS51088
OrgRethem Hosting LLC
Coords37.7510, -97.8220
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=honeytrap, p0f; threshold?1; private IPs excluded. geo=US; ports=4200 Location=Sydney, Australia.
- raw
- NetRange: 104.152.52.0 - 104.152.55.255 CIDR: 104.152.52.0/22 NetName: RETHEM-HOSTING NetHandle: NET-104-152-52-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Rethem Hosting LLC (RHL-18) RegDate: 2014-07-11 Updated: 2014-07-11 Ref: https://rdap.arin.net/registry/ip/104.152.52.0 OrgName: Rethem Hosting LLC OrgId: RHL-18 Address: 500 N. Michigan Ave Address: Suite 300 City: Chicago StateProv: IL PostalCode: 60611 Country: US RegDate: 2011-03-16 Updated: 2012-05-25 Ref: https://rdap.arin.net/registry/entity/RHL-18 OrgNOCHandle: NOC11885-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-212-257-2998 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgAbuseHandle: NOC11885-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-212-257-2998 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgTechHandle: NOC11885-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-212-257-2998 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN
- references
- https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://example.com, http://cinsscore.com/list/ci-badguys.txt, https://redpiranha.net, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7201245103183548416-F0Lm?utm_source=share&utm_medium=member_desktop, https://jamesbrine.com.au/vultrparis-snmp-bruteforce-ip-list-2024-01-24/, https://jamesbrine.com.au
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 3 days ago
Appeared in 31 threat reports