Check an IP Address, Domain Name, Subnet, or ASN

103.84.57.50 was found in our database!

$ whois 103.84.57.50

country·🇵🇰 Pakistan

city·Multan

isp·MUX BROADBAND PRIVATE LIMITED

asn·AS141421

network·Standard

$ sikker risk 103.84.57.50scoring →

confidence

96%Very High

first_seen·Mar 18, 2026

last_seen·2d ago

sessions·18

events·18

$ sikker protocols 103.84.57.50

FTP

18 / 18

$ sikker summary 103.84.57.50

103.84.57.50 has a threat confidence score of 96%. This IP address from Pakistan (AS141421, MUX BROADBAND PRIVATE LIMITED) has been observed in 18 honeypot sessions targeting FTP protocols. Detected attack patterns include ftp authenticated upload to pub vendor, ftp authenticated upload to reports directory, ftp authenticated upload to scripts directory. First observed on March 18, 2026, most recently active March 18, 2026.

$ sikker behaviors 103.84.57.50catalog →

highFtp Authenticated Upload To Pub Vendor1x

FTP session where a client probes for valid usernames, attempts authentication, enters passive mode, negotiates transfer modes (ASCII/Binary), enumerates the /pub/vendor directory, and attempts to upload info.zip. This sequence reflects authenticated directory reconnaissance followed by file placement into a publicly accessible path, consistent with staged content deployment.

highFtp Authenticated Upload To Reports Directory1x

FTP session where a client probes for valid users, attempts authentication, negotiates transfer modes (ASCII/Binary), enumerates the /reports directory, and attempts to upload info.zip in passive mode. This sequence reflects an authenticated file placement attempt following directory discovery, consistent with staged content deployment onto a writable path.

highFtp Authenticated Upload To Scripts Directory1x

FTP session where a client probes for valid users, attempts authentication, switches transfer modes (ASCII/Binary), enumerates the /scripts directory, and attempts to upload info.zip via STOR in passive mode. This sequence reflects an authenticated file placement attempt following directory discovery, consistent with efforts to deploy content onto a remotely accessible scripts path.

mediumFtp Authenticated Session Establishment1x

FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.

$ sikker primitives 103.84.57.50

ftp_enter_passive_mode35 ftp_user_probe18 ftp_set_ascii_mode18 ftp_password_attempt18 ftp_set_binary_mode17 ftp_list_directory1 ftp_stor_reports_info_zip1 ftp_stor_scripts_info_zip1 ftp_list_directory_reports1 ftp_list_directory_scripts1 ftp_stor_pub_vendor_info_zip1 ftp_list_directory_pub_vendor1

$ sikker related 103.84.57.50

🇵🇰·More threats fromPakistan→AS·More threats fromMUX BROADBAND PRIVATE LIMITED→FTP·More threats targetingFTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
103.84.57.21	100%	154
163.61.227.49	20%	6
103.84.57.215	100%	43
103.84.56.89	100%	21
103.84.56.88	92%	2

IP Address	Confidence	Events
14.1.104.57	92%	2
175.107.237.64	100%	1,190
14.1.104.12	100%	53
43.228.157.57	87%	788
203.130.24.42	56%	994