IPMediumSignal 39/100
45.142.193.196
Location
NetherlandsLondon, England
ASN
AS214295
Limited Network LTD
First Seen
Jan 12, 2025
Last Seen
Jun 3, 2026
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionLondon, England
ASNAS214295
OrganizationLimited Network LTD
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
19 reports39% confidence
19
Source reports
39%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotapi keyattackaustraliaauthentication attemptsauthentication failurebad reputationbad web botblacklist ipbotnetbotnet activitybrute forcebrute force attackcisco brute forcecisco devicecisco exploitation attemptscommand and controlcommunication protocolcompromised credentialscowrie honeypotcowrie ssh honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attacksddos reflectiondecoy systemdefault companydenial of servicedevice managementdionaea honeypotdionaea malware collectiondistributed attacksenterprise networkingeuropeexploitexploitationexploitation activityexploited hostfattfirstftpftp brute forcegbgraph summaryhackinghoneytrap datahoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackjoinlamplamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious emailmalicious payloadmalicious scanmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmirai botnetnetherlandsnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork traffic analysisoceaniaopenctioperating systemp0fpassword attacksphishingphishing attackphishing trappotential compromisepotential malware infectionprocess injectionprotocol exploitationproxyproxy protocolransomwarereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingroromaniascanscannerscanning activityscripting attackssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionservice scansftp attacksftp attackssip attackssip brute forcesip scanningsmtpsmtp brute forcesmtp probingsocial engineeringspamssh attackssh monitoringsyn port scant1021t1021.001t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1069.001t1071.001t1076t1078t1078.002t1083t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1587t1588.004t1592t1595t1595.001t1595.002t1595.003tannertanner http honeypottargeting databasetcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanunauthorized accessunited kingdomvalue avoipvoip attackvulnerability scanweb application attackweb attackweb exploit attemptweb exploitationweb spamweb trafficwhois lookups
Activity Timeline
Jun 3Jun 3
Threat Activity Heatmap
· Peak: 2026-06-03LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
19
Reports
First seenJan 12, 2025
Last seenJun 3, 2026
GeolocationNL
CountryNetherlands
LocationLondon, England
ASNAS214295
OrgLimited Network LTD
Coords45.9968, 24.9970
Proxy
VirusTotal
Not checked
WHOIS
- description
- Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]
- raw
- inetnum: 45.142.193.0 - 45.142.193.255 org: ORG-LA1969-RIPE netname: LIMITED-NETWORK country: GB admin-c: RA12012-RIPE tech-c: RA12012-RIPE status: ASSIGNED PA mnt-by: LimitedNetwork-MNT created: 2024-11-19T17:16:38Z last-modified: 2024-11-19T17:28:20Z source: RIPE organisation: ORG-LA1969-RIPE org-name: Limited Network LTD org-type: OTHER address: Jefferson Place 1 Fernie Street, Manchester, England, M4 4BN country: GB abuse-c: ACRO58261-RIPE mnt-ref: LimitedNetwork-MNT mnt-by: LimitedNetwork-MNT created: 2024-11-19T13:19:56Z last-modified: 2025-04-23T09:31:46Z source: RIPE # Filtered role: RipeDB address: Jefferson Place 1 Fernie Street, Manchester, England, M4 4BN nic-hdl: RA12012-RIPE mnt-by: LimitedNetwork-MNT created: 2024-11-19T13:16:57Z last-modified: 2025-04-23T09:32:15Z source: RIPE # Filtered route: 45.142.193.0/24 origin: AS214295 mnt-by: LimitedNetwork-MNT created: 2024-12-27T17:26:35Z last-modified: 2025-01-14T15:33:35Z source: RIPE
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 10 days ago
Appeared in 19 threat reports