Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
103.152.117.211 has a very high threat confidence level of 92%, originating from Faisalabad, Pakistan, on the Pace Telecom and Brodcasting Private Limited network (150371). It has been observed across 18 sessions targeting FTP, with detected attack patterns including ftp authenticated upload to reports directory, ftp authenticated upload to scripts directory, First observed on February 27, 2026, most recently active February 27, 2026.
FTP session where a client probes for valid users, attempts authentication, negotiates transfer modes (ASCII/Binary), enumerates the /reports directory, and attempts to upload info.zip in passive mode. This sequence reflects an authenticated file placement attempt following directory discovery, consistent with staged content deployment onto a writable path.
FTP session where a client probes for valid users, attempts authentication, switches transfer modes (ASCII/Binary), enumerates the /scripts directory, and attempts to upload info.zip via STOR in passive mode. This sequence reflects an authenticated file placement attempt following directory discovery, consistent with efforts to deploy content onto a remotely accessible scripts path.
FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.