IOC Radar
IPMediumSignal 50/100

51.159.5.219

Location
FranceFrance
Paris, Ile-de-France
ASN
AS12876
ONLINE
First Seen
May 7, 2025
Last Seen
May 1, 2026
May 7
First Seen
403d ago
May 1
Last Seen
44d ago
9
Reports
source reports
50%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

10 techniques

Network Information

CountryFRFrance
RegionParis, Ile-de-France
ASNAS12876
OrganizationONLINE

Feed Intelligence Summary

9 reports50% confidence
9
Source reports
50%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapi keyattackbrute force attackcredential accesscredential harvestingcredential stuffingdefault companyeuropefirstfrancegraph summaryhackingindicatorjoinmalicious activitymalwarenetworkpassword attacksphishing attackreconnaissanceresearchedscannersecurity policysocial engineeringt1110.001t1110.002t1110.003t1110.004t1566.001t1566.002t1566.003t1595.001t1595.002t1595.003threat actorthreat preventionvalue aweb application attackwhois lookups

Activity Timeline

1 total obs
May 1May 1

Threat Activity Heatmap

· Peak: 2026-05-01
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
9
Reports
First seenMay 7, 2025
Last seenMay 1, 2026
GeolocationFR
CountryFrance
LocationParis, Ile-de-France
ASNAS12876
OrgONLINE
Coords48.8714, 2.3214

VirusTotal

Not checked

WHOIS

description
Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 9 threat reports