77.73.134.2 Threat Intelligence and Host Information

Aug 12, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 77.73.134.2 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 80/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1049 - System Network Connections Discovery, T1055 - Process Injection, T1056 - Input Capture, T1082 - System Information Discovery, T1102 - Web Service, T1104 - Multi-Stage Channels, T1106 - Native API, T1127 - Trusted Developer Utilities Proxy Execution, T1134 - Access Token Manipulation, T1140 - Deobfuscate/Decode Files or Information, T1218 - Signed Binary Proxy Execution, T1496 - Resource Hijacking, T1548 - Abuse Elevation Control Mechanism, T1553 - Subvert Trust Controls, T1562 - Impair Defenses, T1566 - Phishing

  • Tags: AgentTesla, antivm, anydesk, ArrowRAT, asmresolver, assembly, asyncrat, AsyncRAT, BitRAT, bypass, C2, click, computer security, config, confuserex, crowdstrike, cyber attacks, cyber news, cyber security, cyber security news, cyber security news today, cyber security updates, cyber updates, daemonset, data breach, decoy, dero, dinvoke, docker image, DorRunpeX, dotrunpex, dword, error, falcon platform, february, figure, final, first, Formbook, hacker news, hacking news, how to hack, implmap, information security, ioc, koivm, kubernetes, kubernetes api, LastPass, lemonduck, loader, Lokibot, main, malicious, masquerading, miner, monero, monero campaign, .net, Netwire, network security, Nextray, nt api, null, phishing, pinvoke, powershell, PrivateLoader, raccoon, ransomware malware, rats, RecordBreaker, redline, Redline, RedLine, Rhadamanthys, signs, snakekeylogger, SnakeKeyLogger, software vulnerability, stealer, Stealer, strings, syscall, the hacker news, tools, trojan, twitter, Vidar, WarzoneRAT, win api, XWorm, yaml file

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: botscout_30d, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, vxvault

  • Country: Kazakhstan
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: spam
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 12 1fa3a22c3123351e368f372957ed3c063c2fba7b29822301178fabf8d0da35ae b8c9270c94dc9c41d9c09a90fa8dd74340e95b4ee2e2334829066d65502f968b 99dcc6f5c1cd375d1b0c58a03f8a9c522b4a4653ab6709a8a42a7179dbe65f4e 2735e613d40f48f4a037d92b148a64ab62751ac96d41ae5446af0fa217dd4393 e37ac92f4a02f85b0c054a3fcd8cb4e0adb0f9e08d3368988900a7020e4ac9c2 d618e76a018707e3e410b446958e54b54e22fa3b00a34a589b5da5a7330633e5 a61e43606cdbad0437237bb8a2870fdb0ad29af3de6792737fe27b7b4d22fb96 dda0278e59aaca4040c51fb8e5bed5f312162b6e8f06bac93bf5e1f2fbcf11ad 3aa7e400582b81896ae848500d30d29224293b746ecbfa2b2f086358a493ef97 6e6be2956fb032660ce812f7b61f917c4e2c1fa18c5b3c379654a486a7d8d2dc

Open Ports Detected

8000

Map

Whois Information

  • inetnum: 77.73.134.0 - 77.73.134.255
  • netname: NET-134
  • country: DE
  • admin-c: IM6682-RIPE
  • abuse-c: AIM51-RIPE
  • tech-c: IM6682-RIPE
  • status: ASSIGNED PA
  • mnt-by: cicnet-mnt
  • created: 2020-12-06T17:43:27Z
  • last-modified: 2024-04-30T06:01:58Z
  • mnt-routes: cicnet-mnt
  • mnt-domains: cicnet-mnt
  • org: ORG-PL536-RIPE
  • organisation: ORG-PL536-RIPE
  • org-name: PROXY6 LLC
  • org-type: OTHER
  • address: RUSSIAN FEDERATION
  • address: Elektrostal
  • address: 144002
  • address: Gorkogo 14-211
  • admin-c: PL14494-RIPE
  • tech-c: PL14494-RIPE
  • abuse-c: APL61-RIPE
  • mnt-ref: lir-ru-inetllc-1-MNT
  • mnt-ref: INETTECH-MNT
  • mnt-ref: INETTECHLTD-MNT
  • mnt-ref: cicnet-mnt
  • mnt-ref: PROEKT-MNT
  • mnt-ref: INTERLAN-MNT
  • mnt-ref: MNT-INTERLAN
  • mnt-ref: IPSMAIN
  • mnt-ref: IP-RIPE
  • mnt-ref: proxy-six-mnt
  • mnt-ref: ROSNIIROS-MNT
  • mnt-ref: MNT-GCX
  • mnt-by: lir-ru-inetllc-1-MNT
  • created: 2023-05-18T15:58:11Z
  • last-modified: 2024-11-02T08:31:50Z
  • role: INHOST MCHJ
  • address: UZ, Tashkent City, Shajhantahur district, Labzak MFJ, Labzak St., 64a-uj
  • nic-hdl: IM6682-RIPE
  • mnt-by: lir-ru-inetllc-1-MNT
  • created: 2024-04-25T18:28:23Z
  • last-modified: 2024-04-25T18:28:23Z
  • route: 77.73.134.0/24
  • origin: AS212496
  • mnt-by: cicnet-mnt
  • created: 2024-05-03T05:53:08Z
  • last-modified: 2024-05-03T05:53:08Z

Links to attack logs

forum-spam-ip-list-2023-05-14 ****** ****** ******

Share on: