77.91.68.48 Threat Intelligence and Host Information

Aug 14, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 77.91.68.48 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

  • Mitre ATT&CK IDs: T1566 - Phishing

  • Tags: agent tesla, amadey, android, august, belarus, blacklist host, bladabindi, C2, cisa, cvss, cvss base, cyberpower, domain, domains, downfall, first, gafgyt, ip address, june, kb5029244, kb5029263, knight, light, malware, malware url, merlin, microsoft, njw0rm, patch tuesday, qakbot, qbot, rats, RedLine, rhysida, skidmap, skidmap linux, statc, Stealer, ukraine, url http, url https, week rank, whirlpool, windows, xworm, yashma

  • View other sources: Spamhaus VirusTotal

  • Country: Russia
  • Network:
  • Noticed: 6 times
  • Protocols Attacked: SSH
  • Countries Attacked: Belarus, Bulgaria, China, Ukraine, United States of America, Viet Nam

Malware Detected on Host

Count: 190 c22f5c621dc4c9aabf52af35e3d0befb10cd3ef2548ac58fed4e0b4efc403025 364d829bc3e5b1848283c8f1a1f41f20abfa5756bfc4c930c380e85b0500a9bb f99854ef8aa04d80bae38c411e5f84690cfab289ed6fd801b6f78f1613b44b23 799e95bf2d58b78f3465dcb9b870b77f88a6726049b4e7a232f612f53a29a3a0 ded001f9356edc0a1fdc133a20876f12744d316df690af7d25f9ecee4cc22298 9dab51aca6c8f48ebecd6500c604ee1d8c464e7374bf534505fc219f45c5d16e 8dffbfca7fa69eced24c50f1ada8d94d5b96f96a8563a101682a9dfba75b2677 082e227b12d698892383720c906718b4aefd4cf551aacab31353b488677ddcf3 a470d5d756883b56f1b8cd0098c8a8fec4da4ee1c8904fe76cfb3ffe50679fde 070211a172abe8aa3ca7f24787e21076a7db1b75c95c1f036a95d5e441312c2f

Open Ports Detected

22 443 80

Map

Whois Information

  • inetnum: 77.91.68.0 - 77.91.68.255
  • netname: Partners_INC
  • geofeed: https://webhost1.ru/upload/geoip/geofeed.csv
  • country: AM
  • admin-c: CA11018-RIPE
  • tech-c: CA11018-RIPE
  • status: SUB-ALLOCATED PA
  • mnt-by: INC-PARTNERS-365-MNT
  • mnt-by: lir-us-365hosting-1-MNT
  • mnt-by: lir-ge-fast-1-MNT
  • created: 2024-07-11T19:05:04Z
  • last-modified: 2024-11-05T08:34:35Z
  • abuse-c: CA11018-RIPE
  • descr: 365.partners INC
  • role: CEO
  • address: 30 N GOULD ST, STE R, SHERIDAN WY 82801
  • abuse-mailbox: support@365.hosting
  • nic-hdl: CA11018-RIPE
  • mnt-by: CORP-365-PARTNERS-MNT
  • created: 2023-04-19T14:26:56Z
  • last-modified: 2023-04-19T16:12:40Z
  • route: 77.91.68.0/24
  • origin: as198178
  • mnt-by: lir-ge-fast-1-MNT
  • mnt-by: lir-us-365hosting-1-MNT
  • created: 2024-11-02T10:54:35Z
  • last-modified: 2024-11-02T10:55:08Z

Links to attack logs

****** ****** ******

Share on: