Check an IP Address, Domain Name, Subnet, or ASN

104.152.52.106 was found in our database!

$ whois 104.152.52.106

country·🇺🇸 United States

isp·Rethem Hosting LLC

asn·AS14987

network·Standard

$ sikker risk 104.152.52.106scoring →

confidence

73%High

first_seen·Jan 21, 2026

last_seen·4h ago

sessions·139

events·167

$ sikker protocols 104.152.52.106

SMB

32 / 32

SSH

18 / 25

HTTPS

20 / 22

SMTP

5 / 17

RDP

15 / 15

TELNET

8 / 12

POSTGRES

11 / 11

IMAP

10 / 10

SIP

6 / 6

HTTP

5 / 5

MONGODB

2 / 5

MSSQL

4 / 4

FTP

1 / 1

RTSP

1 / 1

REDIS

1 / 1

$ sikker summary 104.152.52.106

104.152.52.106 has a threat confidence score of 73%. This IP address from United States (AS14987, Rethem Hosting LLC) has been observed in 139 honeypot sessions targeting SMB, SSH, HTTPS, SMTP, RDP and 10 other protocols. First observed on January 21, 2026, most recently active April 21, 2026.

$ sikker behaviors 104.152.52.106catalog →

mediumMongodb Version Fingerprinting Reconnaissance1x

Remote client performs MongoDB service validation and environment fingerprinting by first initiating a wire-protocol handshake (ismaster / hello) followed by execution of the buildInfo command against the admin database. This sequence indicates targeted reconnaissance to determine server role, software version, build characteristics, and platform details. Such activity is commonly associated with automated scanning frameworks and pre-exploitation tooling used to assess exposure and identify version-specific vulnerabilities prior to authentication attempts or database enumeration

lowMongodb Version Probe1x

Client connects to a MongoDB instance and issues isMaster followed by buildinfo, indicating an attempt to identify server role, capabilities, and software version. This pattern is commonly associated with automated discovery or fingerprinting of exposed MongoDB services rather than normal application activity.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 104.152.52.106

mongodb_ismaster5 mongodb_buildinfo4 http_method_get2 smtp_ehlo_greeting2 smtp_starttls_upgrade_request2 smtp_mail_from_envelope_sender2 smtp_rcpt_to_recipient_declaration2 rtsp_options1 ftp_help_request1 redis_info_uppercase1 ftp_system_type_request1 ftp_feature_list_request1 https_favicon_ico_request1 mongodb_buildinfo_admin_command1

$ sikker related 104.152.52.106

Report IP WHOIS Lookup →

IP Address	Confidence	Events
104.152.52.240	60%	128
104.152.52.244	57%	139
104.152.52.112	58%	266
104.152.52.119	61%	164
104.152.52.105	78%	170

IP Address	Confidence	Events
74.208.27.88	94%	39
209.127.178.131	96%	6,202
185.218.138.16	97%	23,185
45.156.24.57	97%	166
147.185.132.222	99%	496