IPMediumSignal 61/100

`104.152.52.60`

Location

United States

Chicago, Illinois

ASN

AS51088

Rethem Hosting LLC

First Seen

May 21, 2021

Last Seen

Jun 12, 2026

May 21

First Seen

1862d ago

Jun 12

Last Seen

14d ago

Reports

source reports

61%

Confidence

medium

Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

61%

Signal Score

61 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

66 techniques

Network Information

Country

United States

RegionChicago, Illinois

ASNAS51088

OrganizationRethem Hosting LLC

Feed Intelligence Summary

30 reports61% confidence

Source reports

61%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanningadbadb protocoladbhoney alertsadbhoney honeypotafricaand exploitation attemptsaptargentinaasiaattackattacker ipattacker-ipaustraliaauthentication attemptsauthentication-attemptsauto-generated securityautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botblog spambotnetbotnet activitybrazilbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackcanadachinacisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommand injectioncommunication protocolcompromised hostconpot honeypotcowriecowrie activitycowrie honeypotcowrie interactioncowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential harvestingcredential stuffingcredential-stuffingcvedata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase intrusion attemptdatabase securityddosddos attackddos probingdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea detectiondionaea honeypotdionaea interactionsdionaea malware collectiondirectory traversaldistributed attacksdnsdns attackegyptemerging threatsencryptionenterprise networkingenumerationeuropeexploitexploit attemptsexploit public-facing applicationexploitationexploitation activityexploitation attemptexploited hostexternal access attemptsexternal threatfattfatt signaturesfederationfinlandfranceftpftp brute forceftp brute-forcegeneric exploitgermanyhackinghoneynet connecthoneytrap datahoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpsics attacksics securityics/scada systemsidentity & access exploitationimapindiaindicatorindonesiaindustrial control systemsinfrastructure acquisitionreconnaissanceinfrastructure targetinginitial accessinitial access attemptinjection activityinjection attacksinternet facingintrusion detectioniociot attacksiot securityiot systemsiot targetediot/ics attackipphoney honeypotipv4italykorea republiclamplamp exploitation attemptslamp server attacklamp stack targetinglamp vulnerability scanlateral movementlcialinux serverslinux systemslinux-server-attacklinux-server-attackslogin attacklogin attemptmailoney activitymailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious ipv4malicious login attemptsmalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmanualmeshmodbusmodbus protocolmssqlmssql brute forcemulti-protocol network scanningnetherlandsnetworknetwork activitynetwork attacksnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnorth americanorwayoceaniaot attacksp0fp0f signaturespassword attackpassword attackspassword sprayingpassword-guessingphishingphishing attackphishing trappolandport-scanningportscanpossible credential reusepossible malware distributionpossible malware propagationpotential malware uploadprocess injectionprotocol exploitationprotocol-abuseransomwarerdp scanningreconnaissanceredis honeypotremote accessremote servicesresearchresearchedresource developmentresource hijackings7comms7comm protocolsansscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice scanservice scanningsftp access attemptsftp access attemptssftp activitysftp attacksftp attemptsftp protocolsftp-attacksingaporesip brute forcesip protocolsip scanningsmb brute forcesmtpsmtp brute forcesmtp probingsocial engineeringsouth americaspamsql injectionsshssh attackssh monitoringssh protocolssh-brutessh-brute-forcesuricata alertst1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1552.001t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1588t1588.002t1588.004t1590t1590.001t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottsecudp scanukraineunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunitedunited kingdomunited statesunknown threat actorusvalid accountsvietnamvnc protocolvoipvoip attackvoip attacksvulnerability scanvultrwannawannacryweb app attackweb application attackweb application attacksweb attackweb attacksweb exploitationweb scannerweb serversweb shell uploadsweb spamweb trafficweb-application-attack

Activity Timeline

1 total obs

Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

61%

Confidence

Reports

First seenMay 21, 2021

Last seenJun 12, 2026

GeolocationUS

CountryUnited States

LocationChicago, Illinois

ASNAS51088

OrgRethem Hosting LLC

Coords41.8911, -87.6246

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot

`104.152.52.60`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey