JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.152.52.219

104.152.52.219 was found in our database!

This IP was reported 1,826 times. Confidence of Abuse is 100%: ?

100%

ISP	Rethem Hosting LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14987
Hostname(s)	internettl.org
Domain Name	rethemhosting.net
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.152.52.219

Whois 104.152.52.219

IP Abuse Reports for 104.152.52.219:

This IP address has been reported a total of 1,826 times from 535 distinct sources. 104.152.52.219 was first reported on August 29th 2022, and the most recent report was 2 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 anycast_ac	2026-06-06 04:25:57 (2 minutes ago)	[mirai-detector honeypot] Inbound attack against our honeypot on tcp/88 (generic). Commands captured ... show more [mirai-detector honeypot] Inbound attack against our honeypot on tcp/88 (generic). Commands captured: $ @RSYTCD: 29 show less	DDoS Attack IoT Targeted Brute-Force
🇨🇭 m_vlasov	2026-06-06 03:09:48 (1 hour ago)	SSH/Telnet honeypot: 0 login attempts, 1 sessions, 0 shell commands.	Port Scan IoT Targeted
🇺🇸 sandra361	2026-06-06 02:09:18 (2 hours ago)	Port scan detected: 52 attempts across 31 ports (200,2030,2115,2319,2711,5054,5066,5080,5103,5117,53 ... show more Port scan detected: 52 attempts across 31 ports (200,2030,2115,2319,2711,5054,5066,5080,5103,5117,5325,547,5503,5592,5779,704,8020,8033,8097,8113,8186,8391,84,8680,8724,876,8774,8789,8804,8816,987). \| Evidence: REAPER_TARPIT:IN=enp1s0 OUT= SRC=104.152.52.219 LEN=56 TOS=0x00 PREC=0x00 TTL=56 ID=27588 DF PROTO=TCP SPT=59203 DPT=5779 WINDOW=42340 RES=0x00 ACK PSH URGP=0 show less	Port Scan
Anonymous	2026-06-06 01:36:33 (2 hours ago)	Port Scan detected from 104.152.52.219 (US/United States/internettl.org). 16 hits in the last 20 s ... show more Port Scan detected from 104.152.52.219 (US/United States/internettl.org). 16 hits in the last 20 seconds show less	Web App Attack
🇩🇪 Axel	2026-06-06 01:00:37 (3 hours ago)	[2026-06-06 01:00:36 UTC] Honeypot Metasploit Handler connection attempt \| AXFRA HONEYPOT	Exploited Host
🇪🇸 el-brujo	2026-06-06 00:46:40 (3 hours ago)	06/06/2026-02:46:39.682438 104.152.52.219 Protocol: 6 ET DROP Spamhaus DROP Listed Traffic Inbound g ... show more 06/06/2026-02:46:39.682438 104.152.52.219 Protocol: 6 ET DROP Spamhaus DROP Listed Traffic Inbound group 21 show less	Hacking
🇺🇸 Xarcotic	2026-06-06 00:28:06 (3 hours ago)	SSH login on honeypot.	Brute-Force SSH
🇦🇺 LiftUp Hosting	2026-06-05 13:22:08 (15 hours ago)	Honeypot hit: Large payload (1487 bytes); 49026 [1], 49590 [1], 49177 [1], 9917 [1], 5233 [1] TCP	Bad Web Bot
🇲🇳 Public CSIRT/CC of Mongolia	2026-06-05 11:05:48 (17 hours ago)	Honeypot hit: Large payload (1487 bytes); 49715 [1] TCP	Hacking
🇵🇱 axiomofchoice.xyz	2026-06-04 22:38:22 (1 day ago)	endlessh trap: attempts=1 total_time_stuck=20.019s	Port Scan SSH Hacking
🇵🇱 axiomofchoice.xyz	2026-06-04 22:38:22 (1 day ago)	endlessh trap: attempts=1 total_time_stuck=20.019s	Port Scan SSH Hacking
🇳🇱 BIV	2026-06-04 13:09:58 (1 day ago)	Honeypot multi-source hit. Sources: tpot:Honeytrap,tpot:P0f,tpot:Suricata. Ports: 10478,10881. Autom ... show more Honeypot multi-source hit. Sources: tpot:Honeytrap,tpot:P0f,tpot:Suricata. Ports: 10478,10881. Automated tiered (T-Pot+DShield). show less	Port Scan Hacking
🇩🇪 anycast_ac	2026-06-04 07:25:39 (1 day ago)	[mirai-detector honeypot] Inbound attack against our honeypot on tcp/9200 (generic).	DDoS Attack IoT Targeted Brute-Force
🇺🇦 llighthunter	2026-06-04 05:29:19 (1 day ago)	Jun 4 08:28:53 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10 ... show more Jun 4 08:28:53 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=104.152.52.219, lip=192.168.1.80, TLS handshaking: Connection closed, session=<CI7j0WZTUaJomDTb> Jun 4 08:28:54 mail dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=104.152.52.219, lip=192.168.1.80, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, session=<VBHt0WZTo7xomDTb> Jun 4 08:29:04 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=104.152.52.219, lip=192.168.1.80, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, session=<JyCI0mZTmdVomDTb> show less	Port Scan Hacking Spoofing
Anonymous	2026-06-04 05:24:10 (1 day ago)	Email auth - postfix SASL authentication failed	Brute-Force

Showing 1 to 15 of 1826 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 204.76.203.214

🇩🇪 139.19.117.197

🇰🇷 220.92.117.221

🇭🇰 199.45.155.71

🇪🇹 196.189.236.216

🇨🇴 181.51.189.171

🇳🇱 176.65.139.11

🇩🇪 162.19.243.145

🇺🇸 135.237.123.204

🇨🇳 121.27.238.107

🇸🇬 51.79.168.101

🇺🇸 44.220.188.5

🇬🇧 35.203.210.101

🇷🇴 2.57.122.177

🇨🇳 180.112.148.224

🇳🇬 102.90.80.100

🇫🇷 91.231.89.91

🇺🇸 74.125.184.147

🇺🇸 66.228.41.127

🇺🇸 43.173.75.169