JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.152.52.235

104.152.52.235 was found in our database!

This IP was reported 1,963 times. Confidence of Abuse is 100%: ?

100%

ISP	Rethem Hosting LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14987
Hostname(s)	internettl.org
Domain Name	rethemhosting.net
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.152.52.235

Whois 104.152.52.235

IP Abuse Reports for 104.152.52.235:

This IP address has been reported a total of 1,963 times from 535 distinct sources. 104.152.52.235 was first reported on October 26th 2021, and the most recent report was 39 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 gbzret4d	2026-06-07 19:22:02 (39 minutes ago)	Honeypot [uk-production01]: Large payload (1487 bytes); 8563 [4], 8008 [2], 2093 [2], 49525 [2], 836 ... show more Honeypot [uk-production01]: Large payload (1487 bytes); 8563 [4], 8008 [2], 2093 [2], 49525 [2], 8362 [1], 2902 [1] TCP show less	Bad Web Bot
🇩🇪 Mailguard-FRD	2026-06-07 07:44:04 (12 hours ago)	1780818236 - 06/07/2026 09:43:56 Host: 104.152.52.235/104.152.52.235 Port: 5742 TCP Blocked ...	Port Scan
🇬🇧 gbzret4d	2026-06-07 07:33:57 (12 hours ago)	Honeypot [uk-production01]: HTTP/1.1 request on 2112 GET / User-Agent: curl/7.61.1 Accept: /; 211 ... show more Honeypot [uk-production01]: HTTP/1.1 request on 2112 GET / User-Agent: curl/7.61.1 Accept: /; 2112 [2], 2233 [2], 8659 [1], 8047 [1], 8186 [1], 8090 [1] TCP show less	Hacking Bad Web Bot
🇳🇱 donarev419	2026-06-07 02:29:44 (17 hours ago)	Connection to port 2716 with data transfer. Data preview: �	Port Scan Hacking
🇩🇪 NetShield-DE	2026-06-06 23:07:54 (20 hours ago)	Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-07T ... show more Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-07T01:07:01+0200. Last: 2026-06-07T01:07:01+0200. Samples: - 2026-05-31 05:30:21,831 fail2ban.actions [1405153]: NOTICE [abuseipdb] Ban 104.152.52.235 show less	Web App Attack
🇳🇱 ras07	2026-06-06 22:00:19 (22 hours ago)	Brute force SSH login attempts.	Brute-Force SSH
🇬🇧 gbzret4d	2026-06-06 20:57:55 (23 hours ago)	Honeypot [uk-production01]: HTTP/1.1 request on 49164 GET / User-Agent: curl/7.61.1 Accept: /; 49 ... show more Honeypot [uk-production01]: HTTP/1.1 request on 49164 GET / User-Agent: curl/7.61.1 Accept: /; 49164 [5], 2497 [4], 49863 [4], 49668 [4], 49248 [3], 2271 [3] TCP show less	Hacking Bad Web Bot
🇩🇪 NetShield-DE	2026-06-06 19:07:33 (1 day ago)	Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-06T ... show more Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-06T21:07:01+0200. Last: 2026-06-06T21:07:01+0200. Samples: - 2026-05-31 05:30:21,831 fail2ban.actions [1405153]: NOTICE [abuseipdb] Ban 104.152.52.235 show less	Web App Attack
🇺🇸 chronos	2026-06-06 18:40:04 (1 day ago)	[AUTORAVALT][[06/06/2026 - 15:40:02 -03:00 UTC] Attack from [Rethem Hosting LLC] [104.152.52.235][in ... show more [AUTORAVALT][[06/06/2026 - 15:40:02 -03:00 UTC] Attack from [Rethem Hosting LLC] [104.152.52.235][internettl.org] Action: BLocKed Phishing -> Phishing websites and/or email. Email Spam -> Spam email content, infected attachments, and phishing emails. Hacking... Unauthorized attempts to access the server. Spoofing -> Email sender spoofing. Brute-Force -> Crede] ... show less	Brute-Force Email Spam Spoofing Phishing Hacking
🇩🇪 NetShield-DE	2026-06-06 14:07:33 (1 day ago)	Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-06T ... show more Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-06T16:07:01+0200. Last: 2026-06-06T16:07:01+0200. Samples: - 2026-05-31 05:30:21,831 fail2ban.actions [1405153]: NOTICE [abuseipdb] Ban 104.152.52.235 show less	Web App Attack
🇩🇪 Axel	2026-06-06 11:56:29 (1 day ago)	[2026-06-06 11:56:29 UTC] Honeypot Flask connection attempt \| AXFRA HONEYPOT	Web App Attack
🇩🇪 NetShield-DE	2026-06-06 09:07:34 (1 day ago)	Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-06T ... show more Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-06T11:07:02+0200. Last: 2026-06-06T11:07:02+0200. Samples: - 2026-05-31 05:30:21,831 fail2ban.actions [1405153]: NOTICE [abuseipdb] Ban 104.152.52.235 show less	Web App Attack
🇺🇸 donarev419	2026-06-06 07:14:32 (1 day ago)	Connection to port 898 with data transfer. Data preview: GET / HTTP/1.1 Host: 107.175.212.44 User- ... show more Connection to port 898 with data transfer. Data preview: GET / HTTP/1.1 Host: 107.175.212.44 User-Agent: curl/7.61.1 Accept: / Connection: close show less	Port Scan Hacking
🇦🇹 begou.dev	2026-06-06 06:38:20 (1 day ago)	[Threat Intelligence] Port Scanning and/or Unauthorized access -> TCP/23	Port Scan
🇺🇸 donarev419	2026-06-06 05:45:36 (1 day ago)	Port scan detected on port 5902 (connection without data transfer)	Port Scan

Showing 1 to 15 of 1963 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇶 178.210.226.186

🇺🇸 3.19.141.173

🇯🇴 212.34.13.188

🇺🇸 205.210.31.46

🇺🇸 185.8.107.58

🇺🇸 172.98.33.121

🇨🇦 167.99.184.239

🇨🇦 144.217.76.59

🇳🇱 142.93.137.232

🇺🇸 109.105.210.67

🇳🇬 102.212.40.244

🇵🇱 83.28.216.181

🇷🇴 80.94.92.167

🇲🇾 47.250.43.129

🇺🇦 37.221.128.240

🇮🇳 2a02:4780:11:1778:0:dfd:f0ab:1

🇨🇱 190.160.155.190

🇺🇸 185.8.107.219

🇮🇩 139.255.254.163

🇨🇳 124.223.19.47