IPMediumSignal 60/100

`104.152.52.242`

Location

United States

Chicago, Illinois

ASN

AS51088

Rethem Hosting LLC

First Seen

Sep 6, 2022

Last Seen

Jun 16, 2026

Sep 6

First Seen

1389d ago

Jun 16

Last Seen

10d ago

Reports

source reports

60%

Confidence

medium

Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

60%

Signal Score

60 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

65 techniques

Network Information

Country

United States

RegionChicago, Illinois

ASNAS51088

OrganizationRethem Hosting LLC

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

31 reports60% confidence

Source reports

60%

Confidence score

Category tags

abuseaccessaccess controlaccount compromiseaccount securityactive scanactive scanningadministrative accessaerospace & defenseaptasiaattackattacker ipsattacker-ipaustraliaauthentication abuseauthentication attemptsauto-generated securityautomated attacksautomated threatautomotive manufacturingbad reputationbad web botblacklist candidateblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcebrute-force attackbruteforcecanadacisco devicecisco exploitation attemptcisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud providercloud servicescommand and controlcommand injectioncommunication protocolcowriecowrie activitycowrie honeypotcowrie interactionscowrie ssh attackcredential accesscredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingctadata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdigital oceandigitalocean environmentdionaeadionaea activitydionaea honeypotdionaea interactionsdistributed attacksdnsdns attackelectronics manufacturingencryptionenterprise networkingeuropeexploitexploitationexploitation activityexploited hostexternal access attemptsfailed login attemptsfattfatt signaturesfinlandfranceftpftp brute forcegermanygovernment technologygroupshackinghoneynet connecthoneytrap datahoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/sidentity & access exploitationindexindicatorindustrial automationindustrial iotindustrial productioninformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinitial access vectorinitiator ipinjection activityinjection attacksinternet of thingsinternet-scanningintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4ipv4-scanningjapanlamplamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlateral movement techniqueslinux serverslinux systemslogin attacklogin attemptlogin_attemptmailoney attackmailoney honeypotmailoney interactionsmalicious activitymalicious email detectionmalicious login attemptsmalicious network activitymalicious payload detectionmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemanualmanufacturing technologymass-scanningmilitary operationsmirai botnetmssqlmssql brute forcenational securitynetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork servicesnetwork traffic analysisnetwork_activitynextraynorth americaoceaniaopen proxyoperating systemoperating system securityp0fp0f signaturespassword attackpassword attackspassword crackingphishingphishing attackphishing trappolandportscanpossible mirai variantpotential exploit attemptspotential intrusionpre-attackprivilege escalationprocess injectionprocess manufacturingprotocol exploitationproxypublic administrationpublic infrastructurepublic policyquality controlransomwarereconnaissanceregulatory agenciesremote accessremote servicesresearchresearchedresource hijackingsansscanscannerscanner activityscanner ipsscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer interactionsservice scanservice scanningsftpsftp access attemptsftp activitysftp attacksingaporesip brute forcesip scanningslugsmb brute forcesmtpsmtp brute forcesmtp probingsocial engineeringspamsshssh attackssh monitoringssh-brutesupply chain attacksupply chain managementsurface websuricata alertssynsyn scansystem accesst1016t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550.003t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1588t1589t1590t1590.001t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp/23telecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetorontotpotudp port scanudp scanunattributed activityunauthorized accessunauthorized access attemptunited statesunited states of americaunknown threat actorusvoidtrapvoipvoip attackvulnerability scanvulnerability-scanningvultrweb app attackweb application attackweb application scanningweb attackweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs

Jun 16Jun 16

Threat Activity Heatmap

· Peak: 2026-06-16

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

60%

Confidence

Reports

First seenSep 6, 2022

Last seenJun 16, 2026

GeolocationUS

CountryUnited States

LocationChicago, Illinois

ASNAS51088

OrgRethem Hosting LLC

Coords41.8911, -87.6246

Proxy

VirusTotal

Not checked

WHOIS

description: seen in Dionaea honeypot logs; events=2; services=smbd; ports=445; cc=US; asn=14987; asn_org=Rethem Hosting LLC
raw: NetRange: 104.152.52.0 - 104.152.55.255 CIDR: 104.152.52.0/22 NetName: RETHEM-HOSTING NetHandle: NET-104-152-52-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: AS14987 Organization: Rethem Hosting LLC (RHL-18) RegDate: 2014-07-11 Updated: 2014-07-11 Ref: https://rdap.arin.net/registry/ip/104.152.52.0 OrgName: Rethem Hosting LLC OrgId: RHL-18 Address: 500 N. Michigan Ave Address: Suite 300 City: Chicago StateProv: IL PostalCode: 60611 Country: US RegDate: 2011-03-16 Updated: 2012-05-25 Ref: https://rdap.arin.net/registry/entity/RHL-18 OrgTechHandle: NOC11885-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-212-257-2998 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgAbuseHandle: NOC11885-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-212-257-2998 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgNOCHandle: NOC11885-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-212-257-2998 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN

`104.152.52.242`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey