IPMediumSignal 0/100
104.152.52.55
Location
United StatesChicago, Illinois
ASN
AS51088
Rethem Hosting LLC
First Seen
Sep 25, 2020
Last Seen
Jun 12, 2026
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags
Network Information
CountryUnited States
United StatesRegionChicago, Illinois
ASNAS51088
OrganizationRethem Hosting LLC
Feed Intelligence Summary
2 reports0% confidence
2
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched
Activity Timeline
Jun 12Jun 12
Threat Activity Heatmap
· Peak: 2026-06-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
2
Reports
First seenSep 25, 2020
Last seenJun 12, 2026
GeolocationUS
CountryUnited States
LocationChicago, Illinois
ASNAS51088
OrgRethem Hosting LLC
Coords41.8911, -87.6246
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- NetRange: 104.152.52.0 - 104.152.55.255 CIDR: 104.152.52.0/22 NetName: RETHEM-HOSTING NetHandle: NET-104-152-52-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Rethem Hosting LLC (RHL-18) RegDate: 2014-07-11 Updated: 2014-07-11 Ref: https://rdap.arin.net/registry/ip/104.152.52.0 OrgName: Rethem Hosting LLC OrgId: RHL-18 Address: 500 N. Michigan Ave Address: Suite 300 City: Chicago StateProv: IL PostalCode: 60611 Country: US RegDate: 2011-03-16 Updated: 2012-05-25 Ref: https://rdap.arin.net/registry/entity/RHL-18 OrgAbuseHandle: NOC11885-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-212-257-2998 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgNOCHandle: NOC11885-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-212-257-2998 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN OrgTechHandle: NOC11885-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-212-257-2998 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC11885-ARIN
- references
- https://github.com/telekom-security/tpotce, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7171890040581607424--wc3?utm_source=share&utm_medium=member_desktop, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7154128502500298752-PJtq?utm_source=share&utm_medium=member_desktop, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7142714035363270656-3B9R?utm_source=share&utm_medium=member_desktop, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7135637927430148096-xRCs?utm_source=share&utm_medium=member_desktop, https://raw.githubusercontent.com/duggytuxy/malicious_ip_addresses/main/botnets_zombies_scanner_spam_ips.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7096882984280059904-Fzum?utm_source=share&utm_medium=member_desktop, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7038897191452635138-KEJI?utm_source=share&utm_medium=member_desktop, IpList.txt, https://www.csa.gov.sg/singcert/Alerts/AL-2023-015, https://twitter.com/_SaxX_/status/1621762107422261249, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-6981546261883617280-nSIO?utm_source=share&utm_medium=member_desktop, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-6971479281830952960-K2f-?utm_source=share&utm_medium=member_desktop
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 12 days ago
Appeared in 2 threat reports