176.103.68.137 — FOP Makurin Stanislav Volodimirovich, UA — High (77%)

Check an IP Address, Domain Name, Subnet, or ASN

176.103.68.137 was found in our database!

Confidence Level

77%

High?

Geolocation

🇺🇦

UkraineKyiv

ISPFOP Makurin Stanislav Volodimirovich

ASNAS42510

Activity Timeline

First seenFeb 18, 2026, 10:27 PM

Last seen1h ago

22Sessions

22Events

Protocol Breakdown

SMB

22 / 22

176.103.68.137 has a high threat confidence level of 77%, originating from Kyiv, Ukraine, on the FOP Makurin Stanislav Volodimirovich network (42510). It has been observed across 22 sessions targeting SMB, with detected attack patterns including smb remote service stager via mshta, First observed on February 18, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Smb Remote Service Stager Via Mshta

high4x

Composite behavior indicating remote lateral movement over SMB followed by service-based execution of a staged payload delivered through mshta invoking msiexec from remote infrastructure. The sequence combines IPC$ share access, SAMR and SVCCTL RPC binding, service control pipe interaction, and remote command execution consistent with administrative service creation or modification to execute a downloaded installer. This pattern is strongly associated with hands-on-keyboard intrusion activity and automated lateral propagation frameworks leveraging Windows service execution for payload deployment.

Primitives

Individual actions observed

Smb Svcctl Rpc Bind20 Smb Root Read4 Smb Samr Rpc Bind4 Smb Ipc Share Access4 Smb Svcctl Pipe Open4 Mshta Vbscript Msiexec Fetch4

Related Threats

Explore related threat intelligence

🇺🇦More threats fromUkraine ASMore threats fromFOP Makurin Stanislav Volodimirovich SMBMore threats targetingSMB { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
62.149.25.72	91%	26,272
77.83.39.169	81%	103
217.196.163.23	20%	11
95.214.232.18	89%	9,913
91.232.238.112	44%	6