IOC Radar
IPMediumSignal 26/100

45.142.193.42

Location
RomaniaRomania
London, England
ASN
AS214295
Limited Network LTD
First Seen
Jan 12, 2025
Last Seen
Jun 3, 2026
Jan 12
First Seen
518d ago
Jun 3
Last Seen
11d ago
12
Reports
source reports
26%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
26%
Signal Score
26 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

30 techniques

Network Information

CountryRORomania
RegionLondon, England
ASNAS214295
OrganizationLimited Network LTD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

12 reports26% confidence
12
Source reports
26%
Confidence score
Category tags
abuseaccessactive scanactive scanningapi keyauthentication attemptsbad reputationbotnetbotnet activitybrute forcebrute force attackcommand and controlcommentcommunication protocolcredential accesscredential stuffingdata exfiltrationdata store exposuredatabase securityddosdefault companydenial of servicedistributed attackseuropeexecutable fileexploitation activityfirstftpftp brute forcegbgraph summarygroupshttp brute forcehttp scannerhttpshunteridentity & access exploitationimagesimapinjection activityinjection attacksjoinmalicious softwaremalwarenetnetherlandsnetworknetwork attacksnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnlpassword attackpassword attackspngpossible intrusion attemptprocess injectionprotocol exploitationproxyreconnaissanceremote accessremote servicesresearchedromaniascannerscriptserverslugsmtpsmtp brute forcessh attacksurface websynt1018t1021t1021.001t1040t1046t1055t1059t1059.001t1059.003t1059.004t1071.001t1076t1078t1078.002t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.002t1499.003t1563t1565t1595t1595.001t1595.002t1595.003tcp protocoltelnet threattftpthreatthreat actortor nodeunited kingdomvalidatorvalue aweb application attackweb trafficwhois lookups

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
26
SIGNAL
Signal Score
26%
Confidence
12
Reports
First seenJan 12, 2025
Last seenJun 3, 2026
GeolocationRO
CountryRomania
LocationLondon, England
ASNAS214295
OrgLimited Network LTD
Coords53.4809, -2.2374
Proxy

VirusTotal

Not checked

WHOIS

description
Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]
raw
inetnum: 45.142.193.0 - 45.142.193.255 org: ORG-LA1969-RIPE netname: LIMITED-NETWORK country: GB admin-c: RA12012-RIPE tech-c: RA12012-RIPE status: ASSIGNED PA mnt-by: LimitedNetwork-MNT created: 2024-11-19T17:16:38Z last-modified: 2024-11-19T17:28:20Z source: RIPE organisation: ORG-LA1969-RIPE org-name: Limited Network LTD org-type: OTHER address: Apartment 1121 Jefferson Place 1 Fernie Street, Manchester, England, M4 4BN country: GB abuse-c: ACRO58261-RIPE mnt-ref: LimitedNetwork-MNT mnt-by: LimitedNetwork-MNT created: 2024-11-19T13:19:56Z last-modified: 2025-01-25T12:51:59Z source: RIPE # Filtered role: RipeDB address: Apartment 1121 Jefferson Place 1 Fernie Street, Manchester, England, M4 4BN nic-hdl: RA12012-RIPE mnt-by: LimitedNetwork-MNT created: 2024-11-19T13:16:57Z last-modified: 2025-01-24T14:05:17Z source: RIPE # Filtered route: 45.142.193.0/24 origin: AS214295 mnt-by: LimitedNetwork-MNT created: 2024-12-27T17:26:35Z last-modified: 2025-01-14T15:33:35Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 11 days ago
Appeared in 12 threat reports