Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
84.54.70.61 has a very high threat confidence level of 90%, originating from Tashkent, Uzbekistan, on the Uzbektelekom Joint Stock Company network (8193). It has been observed across 17 sessions targeting FTP, SMB, with detected attack patterns including remcom remote execution, ftp authenticated upload to pub vendor, ftp authenticated upload to reports directory, First observed on February 5, 2026, most recently active February 18, 2026.
Sequential SMB session opening IPC$, accessing the svcctl pipe, issuing an RPC call, then opening the RemCom_communicaton pipe. Indicates remote service-based command execution.
FTP session where a client probes for valid usernames, attempts authentication, enters passive mode, negotiates transfer modes (ASCII/Binary), enumerates the /pub/vendor directory, and attempts to upload info.zip. This sequence reflects authenticated directory reconnaissance followed by file placement into a publicly accessible path, consistent with staged content deployment.
FTP session where a client probes for valid users, attempts authentication, negotiates transfer modes (ASCII/Binary), enumerates the /reports directory, and attempts to upload info.zip in passive mode. This sequence reflects an authenticated file placement attempt following directory discovery, consistent with staged content deployment onto a writable path.