Check an IP Address, Domain Name, Subnet, or ASN

77.50.252.71 was found in our database!

$ whois 77.50.252.71

country·🇷🇺 Russia

city·Moscow

isp·Megasvyaz LLC

asn·AS34602

network·Standard

$ sikker risk 77.50.252.71scoring →

confidence

88%Very High

first_seen·Mar 10, 2026

last_seen·10d ago

sessions·117

events·117

$ sikker protocols 77.50.252.71

SMB

117 / 117

$ sikker summary 77.50.252.71

77.50.252.71 has a threat confidence score of 88%. This IP address from Russia (AS34602, Megasvyaz LLC) has been observed in 117 honeypot sessions targeting SMB protocols. Detected attack patterns include smb remote service stager via mshta. First observed on March 10, 2026, most recently active March 10, 2026.

$ sikker behaviors 77.50.252.71catalog →

highSmb Remote Service Stager Via Mshta2x

Composite behavior indicating remote lateral movement over SMB followed by service-based execution of a staged payload delivered through mshta invoking msiexec from remote infrastructure. The sequence combines IPC$ share access, SAMR and SVCCTL RPC binding, service control pipe interaction, and remote command execution consistent with administrative service creation or modification to execute a downloaded installer. This pattern is strongly associated with hands-on-keyboard intrusion activity and automated lateral propagation frameworks leveraging Windows service execution for payload deployment.

$ sikker primitives 77.50.252.71

smb_svcctl_rpc_bind9 smb_root_read2 smb_samr_rpc_bind2 smb_ipc_share_access2 smb_svcctl_pipe_open2 mshta_vbscript_msiexec_fetch2

$ sikker related 77.50.252.71

🇷🇺·More threats fromRussia→AS·More threats fromMegasvyaz LLC→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
77.50.253.55	63%	35
77.50.253.35	80%	42
77.50.252.148	39%	4
77.50.252.127	17%	9
77.50.249.192	79%	34

IP Address	Confidence	Events
77.50.253.55	63%	35
176.111.64.19	58%	1
81.29.142.100	100%	27,190
95.154.73.92	16%	27
109.94.3.212	21%	48