Check an IP Address, Domain Name, Subnet, or ASN

77.52.72.26 was found in our database!

$ whois 77.52.72.26

country·🇺🇦 Ukraine

city·Dnipro

isp·PrJSC VF UKRAINE

asn·AS21497

network·Standard

$ sikker risk 77.52.72.26scoring →

confidence

79%High

first_seen·Feb 16, 2026

last_seen·20h ago

sessions·87

events·87

$ sikker protocols 77.52.72.26

SMB

87 / 87

$ sikker summary 77.52.72.26

77.52.72.26 has a threat confidence score of 79%. This IP address from Ukraine (AS21497, PrJSC VF UKRAINE) has been observed in 87 honeypot sessions targeting SMB protocols. Detected attack patterns include smb remote service stager via mshta. First observed on February 16, 2026, most recently active March 20, 2026.

$ sikker behaviors 77.52.72.26catalog →

highSmb Remote Service Stager Via Mshta4x

Composite behavior indicating remote lateral movement over SMB followed by service-based execution of a staged payload delivered through mshta invoking msiexec from remote infrastructure. The sequence combines IPC$ share access, SAMR and SVCCTL RPC binding, service control pipe interaction, and remote command execution consistent with administrative service creation or modification to execute a downloaded installer. This pattern is strongly associated with hands-on-keyboard intrusion activity and automated lateral propagation frameworks leveraging Windows service execution for payload deployment.

$ sikker primitives 77.52.72.26

smb_svcctl_rpc_bind20 smb_root_read4 smb_samr_rpc_bind4 smb_ipc_share_access4 smb_svcctl_pipe_open4 mshta_vbscript_msiexec_fetch4

$ sikker related 77.52.72.26

🇺🇦·More threats fromUkraine→AS·More threats fromPrJSC VF UKRAINE→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
77.52.66.42	20%	46
178.136.96.249	35%	3
77.52.73.26	17%	12
77.52.196.206	44%	304
85.114.198.26	44%	6

IP Address	Confidence	Events
85.223.254.86	33%	11
45.12.1.19	88%	8,649
213.227.245.154	44%	224
188.163.42.85	19%	9
95.214.232.18	88%	11,114