Check an IP Address, Domain Name, Subnet, or ASN

77.50.252.248 was found in our database!

$ whois 77.50.252.248

country·🇷🇺 Russia

city·Moscow

isp·Megasvyaz LLC

asn·AS34602

network·Standard

$ sikker risk 77.50.252.248scoring →

confidence

87%Very High

first_seen·Feb 20, 2026

last_seen·28d ago

sessions·94

events·94

$ sikker protocols 77.50.252.248

SMB

94 / 94

$ sikker summary 77.50.252.248

77.50.252.248 has a threat confidence score of 87%. This IP address from Russia (AS34602, Megasvyaz LLC) has been observed in 94 honeypot sessions targeting SMB protocols. Detected attack patterns include smb remote service stager via mshta. First observed on February 20, 2026, most recently active February 20, 2026.

$ sikker behaviors 77.50.252.248catalog →

highSmb Remote Service Stager Via Mshta2x

Composite behavior indicating remote lateral movement over SMB followed by service-based execution of a staged payload delivered through mshta invoking msiexec from remote infrastructure. The sequence combines IPC$ share access, SAMR and SVCCTL RPC binding, service control pipe interaction, and remote command execution consistent with administrative service creation or modification to execute a downloaded installer. This pattern is strongly associated with hands-on-keyboard intrusion activity and automated lateral propagation frameworks leveraging Windows service execution for payload deployment.

$ sikker primitives 77.50.252.248

smb_svcctl_rpc_bind10 smb_root_read2 smb_samr_rpc_bind2 smb_ipc_share_access2 smb_svcctl_pipe_open2 mshta_vbscript_msiexec_fetch2

$ sikker related 77.50.252.248

🇷🇺·More threats fromRussia→AS·More threats fromMegasvyaz LLC→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
77.50.253.55	63%	35
77.50.253.35	80%	42
77.50.252.148	39%	4
77.50.252.127	17%	9
77.50.249.192	79%	34

IP Address	Confidence	Events
77.50.253.55	63%	35
176.111.64.19	58%	1
81.29.142.100	100%	27,190
95.154.73.92	16%	27
109.94.3.212	21%	48