IPMediumSignal 72/100
45.148.10.218
Location
AndorraAmsterdam, Bucuresti
ASN
AS48090
Techoff SRV Limited
First Seen
Jun 14, 2023
Last Seen
Jun 5, 2026
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryAndorra
AndorraRegionAmsterdam, Bucuresti
ASNAS48090
OrganizationTechoff SRV Limited
Feed Intelligence Summary
18 reports72% confidence
18
Source reports
72%
Confidence score
Category tags
abuseactive scanandorraapacheapache attackerapi keyaptbad reputationbad web botblocklistbotnetbotnet activitybrute forcebrute-forcebruteforcecommand and controldata exfiltrationdata store exposureddosddos attackdefault companydistributed attackselfeuropeexecutable fileexploitexploitation activityexploited hostfirstfraud voipgraph summaryhackingindicatorinjection activityjoinmalicious softwaremalwarenetherlandsnetworknlprocess injectionresearchedroromaniascams & fraudscannerspamsql injectionssht1055t1071.001t1486t1496t1499.002t1499.003t1565targeting databasethreat actortpotua-wgetvalue avulnerability scanvulnerability-exploitationweb app attackweb application attackweb spamwhois lookups
Activity Timeline
Jun 5Jun 5
Threat Activity Heatmap
· Peak: 2026-06-05LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
18
Reports
First seenJun 14, 2023
Last seenJun 5, 2026
GeolocationAD
CountryAndorra
LocationAmsterdam, Bucuresti
ASNAS48090
OrgTechoff SRV Limited
Coords44.4323, 26.1061
VirusTotal
Not checked
WHOIS
- description
- Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]
- raw
- inetnum: 45.148.10.0 - 45.148.10.255 org: ORG-TSL73-RIPE mnt-domains: TECHOFF-MNT mnt-domains: TECHOFF-MNT netname: DMZHOST descr: country: AD admin-c: AD18161-RIPE tech-c: AD18161-RIPE status: ASSIGNED PA mnt-by: TECHOFF-MNT created: 2019-09-02T15:08:45Z last-modified: 2024-11-21T09:43:56Z source: RIPE organisation: ORG-TSL73-RIPE org-name: TECHOFF SRV LIMITED country: GB org-type: OTHER address: 35 Firs Avenue, London N11 3NE reg-nr: 16090235 abuse-c: AD18161-RIPE mnt-ref: TECHOFF-MNT mnt-ref: MNT-NETERRA mnt-by: TECHOFF-MNT created: 2024-11-20T13:01:40Z last-modified: 2026-04-29T06:56:13Z source: RIPE # Filtered role: ABUSE DEP address: 35 Firs Avenue, London N11 3NE abuse-mailbox: [email protected] nic-hdl: AD18161-RIPE mnt-by: TECHOFF-MNT created: 2024-11-20T13:00:28Z last-modified: 2024-11-21T09:45:52Z source: RIPE # Filtered route: 45.148.10.0/24 origin: AS48090 mnt-by: TECHOFF-MNT created: 2019-09-05T14:32:45Z last-modified: 2024-11-21T09:44:13Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 9 days ago
Appeared in 18 threat reports