IPMediumSignal 62/100
104.152.52.238
Location
United StatesChicago, Illinois
ASN
AS51088
Rethem Hosting LLC
First Seen
Sep 1, 2022
Last Seen
Jun 19, 2026
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionChicago, Illinois
ASNAS51088
OrganizationRethem Hosting LLC
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
32 reports62% confidence
32
Source reports
62%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney honeypotaerospace & defenseaptasiaattackattacker ipsaustraliaauthentication attemptauto-generated securityautomated attacksautomated threatautomotive manufacturingbad reputationbad web botblacklist candidateblacklist ipblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebruteforcecisco asacisco devicecisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncommand and controlcommand executioncommand injectioncommon web exploitscommunication protocolcompromised credentialsconnected devicesconpot honeypotcowriecowrie activitycowrie datacowrie honeypotcowrie ssh attackscredential accesscredential attackscredential brute forcecredential harvestingcredential stuffingctadata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksddos reflectiondecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdigital oceandigitalocean environmentdionaeadionaea activitydionaea honeypotdirectory traversaldistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringelectronics manufacturingencryptionenterprise networkingeuropeexploitexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal access attemptsfattfinlandfrancefraud voipftpftp brute forceftp brute-forcegermanygovernment technologyhackinghoneynet connecthoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttp/shttpsics securityidentity & access exploitationidsindicatorindustrial automationindustrial control systemsindustrial iotindustrial productioninfrastructure acquisitionreconnaissanceinitial accessinitial access vectorinjection activityinjection attacksinternet of thingsintrusion detectioniociot analyticsiot applicationsiot botnetiot platformsiot securityiot targetediot/ics attackipphoney honeypotipsipv4japanlamplamp exploitationlamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlateral movement attemptlfilinux serverslinux systemslogin attemptlogin_attemptmailoney honeypotmalaysiamalicious activitymalicious emailmalicious payload detectionmalicious scanmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmanualmanufacturing technologymilitary operationsmirai botnetmonthlymssqlmssql brute forcenational securitynetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusionsnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork_activitynextraynorth americaoceaniaopencanaryp0fpassword attackpassword attackspassword sprayingphishingphishing attackphishing trappolandportscanpossible botnet activitypossible exploit attemptpossible malware distributionpossible malware infectionpossible mirai variantpotential exploit activityprocess injectionprocess manufacturingprotocol exploitationproxyproxy protocolpublic administrationpublic infrastructurepublic policyquality controlransomwareraspberry-pireconnaissancereconnaissance activityredis honeypotredishoneypot activityregulatory agenciesremote accessremote access attemptremote servicesresearchresearchedresource hijackingrfisansscams & fraudscanscannerscanner activityscanner ipsscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer sip attacksserver exploitationservice probingservice scanservice scanningsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsingaporesip attackssip brute forcesip scanningsip vulnerability scansmart devicessmb brute forcesmtpsmtp brute forcesocial engineeringsocradar honeypotspainspamsshssh attackssh monitoringssh-brutesupply chain attacksupply chain managementsynsystem accesst1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195t1199t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1588t1589t1590t1590.001t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003t1600tannertargeting databasetcp protocoltcp scantelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunited statesunited states of americausvoipvoip attackvulnerability scanvultrwafwaf bypassweb app attackweb application attackweb application scanningweb attackweb exploitweb exploit attemptweb exploitationweb spamweb trafficxss
Activity Timeline
Jun 19Jun 19
Threat Activity Heatmap
· Peak: 2026-06-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
32
Reports
First seenSep 1, 2022
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationChicago, Illinois
ASNAS51088
OrgRethem Hosting LLC
Coords37.7510, -97.8220
Proxy
VirusTotal
Not checked
WHOIS
- description
- seen in Dionaea honeypot logs; events=4; services=smbd; ports=445; cc=US; asn=14987; asn_org=Rethem Hosting LLC
- raw
- NetRange: 104.152.52.0 - 104.152.55.255 CIDR: 104.152.52.0/22 NetName: RETHEM-HOSTING NetHandle: NET-104-152-52-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Rethem Hosting LLC (RHL-18) RegDate: 2014-07-11 Updated: 2014-07-11 Ref: https://rdap.arin.net/registry/ip/104.152.52.0 OrgName: Rethem Hosting LLC OrgId: RHL-18 Address: 500 N. Michigan Ave Address: Suite 300 City: Chicago StateProv: IL PostalCode: 60611 Country: US RegDate: 2011-03-16 Updated: 2012-05-25 Ref: https://rdap.arin.net/registry/entity/RHL-18 OrgNOCHandle: NOC11885-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-212-257-2998 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgAbuseHandle: NOC11885-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-212-257-2998 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgTechHandle: NOC11885-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-212-257-2998 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN
- references
- https://github.com/telekom-security/tpotce, https://redpiranha.net, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 8 days ago
Appeared in 32 threat reports