Check an IP Address, Domain Name, Subnet, or ASN

77.50.253.39 was found in our database!

$ whois 77.50.253.39

country·🇷🇺 Russia

city·Moscow

isp·Megasvyaz LLC

asn·AS34602

network·Standard

$ sikker risk 77.50.253.39scoring →

confidence

84%Very High

first_seen·Mar 14, 2026

last_seen·6d ago

sessions·36

events·36

$ sikker protocols 77.50.253.39

SMB

36 / 36

$ sikker summary 77.50.253.39

77.50.253.39 has a threat confidence score of 84%. This IP address from Russia (AS34602, Megasvyaz LLC) has been observed in 36 honeypot sessions targeting SMB protocols. Detected attack patterns include smb remote service stager via mshta. First observed on March 14, 2026, most recently active March 14, 2026.

$ sikker behaviors 77.50.253.39catalog →

highSmb Remote Service Stager Via Mshta2x

Composite behavior indicating remote lateral movement over SMB followed by service-based execution of a staged payload delivered through mshta invoking msiexec from remote infrastructure. The sequence combines IPC$ share access, SAMR and SVCCTL RPC binding, service control pipe interaction, and remote command execution consistent with administrative service creation or modification to execute a downloaded installer. This pattern is strongly associated with hands-on-keyboard intrusion activity and automated lateral propagation frameworks leveraging Windows service execution for payload deployment.

$ sikker primitives 77.50.253.39

smb_svcctl_rpc_bind9 smb_root_read2 smb_samr_rpc_bind2 smb_ipc_share_access2 smb_svcctl_pipe_open2 mshta_vbscript_msiexec_fetch2

$ sikker related 77.50.253.39

🇷🇺·More threats fromRussia→AS·More threats fromMegasvyaz LLC→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
77.50.253.55	63%	35
77.50.253.35	80%	42
77.50.252.148	39%	4
77.50.252.127	17%	9
77.50.249.192	79%	34

IP Address	Confidence	Events
109.73.196.76	99%	63
81.29.142.6	100%	20,260
178.45.89.125	90%	22
2.63.211.145	79%	19,782
77.50.253.55	63%	35