IPMediumSignal 59/100

`104.152.52.231`

Location

United States

Chicago, Illinois

ASN

AS51088

Rethem Hosting LLC

First Seen

Sep 3, 2022

Last Seen

Jun 16, 2026

Sep 3

First Seen

1388d ago

Jun 16

Last Seen

7d ago

Reports

source reports

59%

Confidence

medium

Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

59%

Signal Score

59 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

53 techniques

Network Information

Country

United States

RegionChicago, Illinois

ASNAS51088

OrganizationRethem Hosting LLC

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

29 reports59% confidence

Source reports

59%

Confidence score

Category tags

abuseabuseipdbaccess controlaccount compromiseactive scanactive scanningaerospace & defenseapplication layer protocolaptasiaattackattack source ipattacker ipattacker ipsattacker-ipattacker_ipaustraliaauthenticationauto-generated securityautomated attackautomated attacksautomated threatautomotive manufacturingbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcechinacisco asacisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommunication protocolcowriecowrie attackscowrie datacowrie honeypotcowrie ssh honeypotcredential accesscredential access attemptscredential attackscredential brute forcecredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdigital oceandigitalocean environmentdionaeadionaea attacksdionaea honeypotdistributed attackselectronics manufacturingencryptionenterprise networkingeuropeexploitexploitationexploitation activityexploited hostexport-to-otxexternal access attemptsexternal ipfattfinlandfranceftpftp brute forceftp brute-forcegermanygovernment technologyhackinghoneynet connecthoneypot 24h activityhoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttp/sidentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinitial access vectorinjection activityinternet of thingsinternet-scanninginternet-wide scanintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4ipv4-scanningjapankfsensor honeypotlamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlcialinux serverslinux systemslogin attemptlogin_attemptmailoney honeypotmalicious activitymalicious activity detectedmalicious payload detectionmalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware distributionmanualmanufacturing technologymass-scanningmilitary operationsmirai botnetmispmssqlmssql brute forcenational securitynetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork monitoringnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork_activitynextraynorth americaoceaniaopen proxyos credential dumpingp0fpassword attackpassword attacksphishingphishing attackphishing trappolandportscanpossible botnet activitypossible exploit attemptpossible malware distributionpossible mirai variantpotential exploit activitypotential_compromisepre-attackprocess injectionprocess manufacturingprotocol exploitationproxypublic administrationpublic infrastructurepublic policyquality controlransomwarereconnaissanceregulatory agenciesremote accessremote servicesresearchresearchedresource hijackingsansscanscannerscanner activityscanner ipsscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionserver exploitationservice scanservice scanningsftp access attemptsftp activitysftp attacksftp exploitation attemptssingaporesip brute forcesip scanningsmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringspamsql injectionsshssh attackssh bruteforcessh monitoringssh-brutesupply chain attacksupply chain managementsynsystem accesssystem discoveryt-pott1016t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071.001t1076t1077t1078t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1587.001t1590t1590.001t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp/3306telecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottsecudp port scanudp scanudp/161unauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptunited kingdomunited statesusvoipvoip attackvulnerability scanvulnerability-scanningvultrweb app attackweb application attackweb application scanningweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs

Jun 16Jun 16

Threat Activity Heatmap

· Peak: 2026-06-16

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

59%

Confidence

Reports

First seenSep 3, 2022

Last seenJun 16, 2026

GeolocationUS

CountryUnited States

LocationChicago, Illinois

ASNAS51088

OrgRethem Hosting LLC

Coords37.7510, -97.8220

Proxy

VirusTotal

Not checked

WHOIS

description: seen in Dionaea honeypot logs; events=1; services=smbd; ports=445; cc=US; asn=14987; asn_org=Rethem Hosting LLC
raw: NetRange: 104.152.52.0 - 104.152.55.255 CIDR: 104.152.52.0/22 NetName: RETHEM-HOSTING NetHandle: NET-104-152-52-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Rethem Hosting LLC (RHL-18) RegDate: 2014-07-11 Updated: 2014-07-11 Ref: https://rdap.arin.net/registry/ip/104.152.52.0 OrgName: Rethem Hosting LLC OrgId: RHL-18 Address: 500 N. Michigan Ave Address: Suite 300 City: Chicago StateProv: IL PostalCode: 60611 Country: US RegDate: 2011-03-16 Updated: 2012-05-25 Ref: https://rdap.arin.net/registry/entity/RHL-18 OrgTechHandle: NOC11885-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-212-257-2998 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgNOCHandle: NOC11885-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-212-257-2998 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgAbuseHandle: NOC11885-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-212-257-2998 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN
references: https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://redpiranha.net, http://cinsscore.com/list/ci-badguys.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

`104.152.52.231`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey