Check an IP Address, Domain Name, Subnet, or ASN

104.152.52.214 was found in our database!

$ whois 104.152.52.214

country·🇺🇸 United States

isp·Rethem Hosting LLC

asn·AS14987

network·Standard

$ sikker risk 104.152.52.214scoring →

confidence

77%High

first_seen·Jan 23, 2026

last_seen·1d ago

sessions·136

events·176

$ sikker protocols 104.152.52.214

SMB

29 / 31

HTTPS

20 / 31

SIP

22 / 28

SSH

17 / 23

TELNET

13 / 16

RDP

11 / 11

POSTGRES

9 / 9

SMTP

3 / 8

FTP

2 / 6

HTTP

4 / 4

IMAP

2 / 3

REDIS

1 / 3

MONGODB

2 / 2

DOCKER

1 / 1

$ sikker summary 104.152.52.214

104.152.52.214 has a threat confidence score of 77%. This IP address from United States (AS14987, Rethem Hosting LLC) has been observed in 136 honeypot sessions targeting SMB, HTTPS, SIP, SSH, TELNET and 9 other protocols. First observed on January 23, 2026, most recently active March 21, 2026.

$ sikker behaviors 104.152.52.214catalog →

mediumMongodb Version Fingerprinting Reconnaissance1x

Remote client performs MongoDB service validation and environment fingerprinting by first initiating a wire-protocol handshake (ismaster / hello) followed by execution of the buildInfo command against the admin database. This sequence indicates targeted reconnaissance to determine server role, software version, build characteristics, and platform details. Such activity is commonly associated with automated scanning frameworks and pre-exploitation tooling used to assess exposure and identify version-specific vulnerabilities prior to authentication attempts or database enumeration

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 104.152.52.214

smtp_ehlo_greeting8 smtp_starttls_upgrade_request8 smtp_mail_from_envelope_sender8 smtp_rcpt_to_recipient_declaration8 http_method_get2 ftp_help_request2 ftp_system_type_request2 ftp_feature_list_request2 https_path_root1 mongodb_ismaster1 docker_get_method1 redis_info_uppercase1 imap_capability_probe1 mongodb_buildinfo_admin_command1 sip_call_id_alphanumeric_entropy1

$ sikker related 104.152.52.214

Report IP WHOIS Lookup →

IP Address	Confidence	Events
104.152.52.235	74%	97
104.152.52.144	68%	121
104.152.52.221	80%	124
104.152.52.114	47%	122
104.152.52.125	58%	162

IP Address	Confidence	Events
162.254.3.130	86%	17,995
185.218.138.19	97%	6,618
5.253.86.23	97%	5,557
92.118.39.95	100%	82,457
45.131.194.105	85%	4,375