IPMediumSignal 68/100

`66.228.36.223`

Location

United States

Cedar Knolls, NJ

ASN

AS63949

Linode

First Seen

Aug 6, 2025

Last Seen

Jun 9, 2026

Aug 6

First Seen

308d ago

Jun 9

Last Seen

yesterday

Reports

source reports

68%

Confidence

medium

Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

68%

Signal Score

68 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

44 techniques

Network Information

Country

United States

RegionCedar Knolls, NJ

ASNAS63949

OrganizationLinode

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

23 reports68% confidence

Source reports

68%

Confidence score

Category tags

abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadminadministrative accessapi keyasiaattackaustraliaback orificebad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute-forcebruteforceciscocisco devicecisco device targetingcisco exploitationcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommunication protocolconpotconpot honeypotcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdefault companydenial of servicedevice managementdigital oceandigitalocean infrastructuredionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingexploitexploit attemptexploitationexploitation activityexploited hostfattfirstfraud voipftpftp brute forceftp brute-forcegraph summaryhackinghoneytrap datahoneytrap honeypothttp scannerhttp scanningics securityidentity & access exploitationimapimap attackindicatorindustrial control systemsinfrastructure reconnaissanceinfrastructure targetinginjection activityinjection attacksinput validation bypassinternet of thingsintrusion detectioniot botnetiot securityiot targetediot/ics attackipv4 port scanningjoinkill-chain exploitationkill-chain reconnaissancelamplamp exploitationlamp exploitation attemptslamp server attacklamp stack targetinglamp vulnerability scanlateral movementlow-riskmailoney honeypotmalaysiamalicious activitymalicious ipmalicious ip listmalicious ipv4malwaremalware behaviourmalware capturemalware detectionmalware distributionmalware propagationmiraimirai botnetmssqlnetworknetwork attacksnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnorth americaoceaniaopen proxyopenctioperating systemoperating system securityosintp0fpassword attackpassword attackspath traversalphishingphishing attackphishing trapportscanpossible mirai variantpotential credential stuffingpotential vulnerability scanprivilege escalationprotocol exploitationproxyransomwarerdprdp scanningreconnaissanceremote accessremote service exploitationremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionservice scansftpsftp access attemptsftp attacksftp exploitation attemptsipsip brute forcesip scanningsmtpsmtp attackersocial engineeringspamsshssh attackssh monitoringsystem accesssystembct1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1069.001t1071.001t1076t1077t1078t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1566.001t1566.002t1566.003t1566.004t1583t1589t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanunauthorized accessunited statesusvalue avoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb application exploitationweb attackweb exploitweb exploitationweb spamweb trafficwhois lookupswinwindows

Activity Timeline

1 total obs

Jun 9Jun 9

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

68%

Confidence

Reports

First seenAug 6, 2025

Last seenJun 9, 2026

GeolocationUS

CountryUnited States

LocationCedar Knolls, NJ

ASNAS63949

OrgLinode

Coords40.8229, -74.4592

Proxy

VirusTotal

Not checked

WHOIS

description: Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]
raw: Akamai Technologies, Inc. LINODE-US (NET-66-228-32-0-1) 66.228.32.0 - 66.228.63.255 Linode LINODE (NET-66-228-32-0-2) 66.228.32.0 - 66.228.63.255
references: block2.mmms.eu mail.mmms.eu mmms.eu www.mmms.eu www2.mmms.eu [siblings], https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-22/, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7358525198976868352-vdpo?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM

`66.228.36.223`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy