Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
182.177.52.49 has a very high threat confidence level of 94%, originating from Islamabad, Pakistan, on the Pakistan Telecommunication Company Limited network (17557). It has been observed across 19 sessions targeting FTP, with detected attack patterns including ftp authenticated upload to pub vendor, ftp authenticated upload to reports directory, ftp authenticated upload to scripts directory, First observed on February 19, 2026, most recently active February 23, 2026.
FTP session where a client probes for valid usernames, attempts authentication, enters passive mode, negotiates transfer modes (ASCII/Binary), enumerates the /pub/vendor directory, and attempts to upload info.zip. This sequence reflects authenticated directory reconnaissance followed by file placement into a publicly accessible path, consistent with staged content deployment.
FTP session where a client probes for valid users, attempts authentication, negotiates transfer modes (ASCII/Binary), enumerates the /reports directory, and attempts to upload info.zip in passive mode. This sequence reflects an authenticated file placement attempt following directory discovery, consistent with staged content deployment onto a writable path.
FTP session where a client probes for valid users, attempts authentication, switches transfer modes (ASCII/Binary), enumerates the /scripts directory, and attempts to upload info.zip via STOR in passive mode. This sequence reflects an authenticated file placement attempt following directory discovery, consistent with efforts to deploy content onto a remotely accessible scripts path.
FTP session where a client probes for valid usernames, attempts authentication, switches to ASCII mode, and enters passive mode without performing explicit file listing or transfer operations. This reflects a completed login and session setup sequence, often observed during credential validation or preparatory access prior to further activity.