Check an IP Address, Domain Name, Subnet, or ASN

103.110.102.20 was found in our database!

$ whois 103.110.102.20

country·🇮🇳 India

isp·Airnet Cable And Datacom Pvt Ltd

asn·AS133001

network·Standard

$ sikker risk 103.110.102.20scoring →

confidence

94%Very High

first_seen·Mar 22, 2026

last_seen·2h ago

sessions·21

events·21

$ sikker protocols 103.110.102.20

FTP

21 / 21

$ sikker summary 103.110.102.20

103.110.102.20 has a threat confidence score of 94%. This IP address from India (AS133001, Airnet Cable And Datacom Pvt Ltd) has been observed in 21 honeypot sessions targeting FTP protocols. Detected attack patterns include ftp authenticated upload to pub vendor, ftp authenticated upload to reports directory, ftp authenticated upload to scripts directory. First observed on March 22, 2026, most recently active March 22, 2026.

$ sikker behaviors 103.110.102.20catalog →

highFtp Authenticated Upload To Pub Vendor1x

FTP session where a client probes for valid usernames, attempts authentication, enters passive mode, negotiates transfer modes (ASCII/Binary), enumerates the /pub/vendor directory, and attempts to upload info.zip. This sequence reflects authenticated directory reconnaissance followed by file placement into a publicly accessible path, consistent with staged content deployment.

highFtp Authenticated Upload To Reports Directory1x

FTP session where a client probes for valid users, attempts authentication, negotiates transfer modes (ASCII/Binary), enumerates the /reports directory, and attempts to upload info.zip in passive mode. This sequence reflects an authenticated file placement attempt following directory discovery, consistent with staged content deployment onto a writable path.

highFtp Authenticated Upload To Scripts Directory1x

FTP session where a client probes for valid users, attempts authentication, switches transfer modes (ASCII/Binary), enumerates the /scripts directory, and attempts to upload info.zip via STOR in passive mode. This sequence reflects an authenticated file placement attempt following directory discovery, consistent with efforts to deploy content onto a remotely accessible scripts path.

$ sikker primitives 103.110.102.20

ftp_enter_passive_mode42 ftp_user_probe21 ftp_set_ascii_mode21 ftp_set_binary_mode21 ftp_password_attempt21 ftp_list_directory1 ftp_stor_reports_info_zip1 ftp_stor_scripts_info_zip1 ftp_list_directory_reports1 ftp_list_directory_scripts1 ftp_stor_pub_vendor_info_zip1 ftp_list_directory_pub_vendor1

$ sikker related 103.110.102.20

🇮🇳·More threats fromIndia→AS·More threats fromAirnet Cable And Datacom Pvt Ltd→FTP·More threats targetingFTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
103.124.204.198	62%	2
45.119.45.32	52%	12
202.94.160.55	74%	4
43.225.160.113	85%	348
43.251.218.152	16%	4

IP Address	Confidence	Events
43.248.236.86	99%	8
34.0.13.61	100%	174
27.107.63.206	28%	31
103.3.43.242	75%	1,203
182.95.223.90	46%	273