IOC Radar
IPMediumSignal 0/100

195.181.174.227

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS60068
CDN77 - Frankfurt POP
First Seen
Jan 2, 2021
Last Seen
Jun 14, 2026
Jan 2
First Seen
1998d ago
Jun 14
Last Seen
10d ago
2
Reports
source reports
0%
Confidence
medium
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS60068
OrganizationCDN77 - Frankfurt POP

Feed Intelligence Summary

2 reports0% confidence
2
Source reports
0%
Confidence score
Category tags
networkproxyresearched

Activity Timeline

1 total obs
Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This report details an Indicator of Compromise (IOC) identified as `195.181.174.227`. Based on its explicit whitelisting status and an exceptionally low score of 0.0, this IP address is considered benign and poses no immediate threat to the organization. Its inclusion in certain threat intelligence feeds is primarily due to its presence in whitelist services like 'Appealer Whitelist Service' and 'StopForumSpam-Firehol', indicating its legitimate and non-malicious nature. There is no corroboratin…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
2
Reports
First seenJan 2, 2021
Last seenJun 14, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS60068
OrgCDN77 - Frankfurt POP
Coords50.1109, 8.6821

VirusTotal

Not checked

WHOIS

description
Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]
raw
inetnum: 195.181.174.0 - 195.181.175.255 netname: CDN77-FRANKFURT country: DE admin-c: DLTS1-RIPE tech-c: DLTS1-RIPE status: ASSIGNED PA mnt-by: DATACAMP-MNT created: 2017-02-24T13:34:51Z last-modified: 2017-03-16T16:31:18Z source: RIPE role: Datacamp Ltd. technical staff address: DataCamp Limited address: Coldbath Square 9 address: London address: United Kingdom nic-hdl: DLTS1-RIPE abuse-mailbox: [email protected] mnt-by: DATACAMP-MNT tech-c: JP4750-RIPE admin-c: JP4750-RIPE created: 2014-06-23T09:09:30Z last-modified: 2025-01-27T12:54:11Z source: RIPE # Filtered route: 195.181.174.0/23 descr: CDN77 - Frankfurt POP origin: AS60068 mnt-by: DATACAMP-MNT created: 2017-02-24T14:17:22Z last-modified: 2017-02-24T14:17:22Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 10 days ago
Appeared in 2 threat reports