IPMediumSignal 57/100
77.90.185.235
Location
GermanyAugsburg, Bavaria
ASN
AS213790
Limited Network LTD
First Seen
Sep 20, 2023
Last Seen
Jun 22, 2026
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionAugsburg, Bavaria
ASNAS213790
OrganizationLimited Network LTD
Feed Intelligence Summary
14 reports57% confidence
14
Source reports
57%
Confidence score
Category tags
abuseabuse detectionaccess controlaccount compromiseaccount securityactive scanactive scanningadminadministrative accessaerospace & defenseapi keyaptasiaattackattack surface discoveryattacker ipattacker-ipaustraliaauthentication attacksauthentication attemptsautomated attack attemptsautomated attacksbad ip'sbad reputationbad web botbankingbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebruteforcecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncommand and controlcommand executioncommand injectioncommunication protocolcommunication technologiescompromised hostconsumer goodscowriecowrie honeypotcredential accesscredential access attemptcredential attackcredential brute forcecredential guessingcredential harvestingcredential stuffingcredential theftcredentialaccesscredit card servicescyberattackdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdefault companydefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedigital oceandigitalocean infrastructuredionaeadionaea honeypotdistributed attacksdnsdns attackenumerationeuropeexploitexploit attemptsexploitation activityexploitation attemptsexploited hostexternal attackexternal scanningexternal threatfattfinancefinance and insurancefinancial servicesfinancial technologyfirstfrancefraudfraud detectionftpftp attacksftp brute forcegermanygraph summaryhackinghoneytrap honeypothttp brute forcehttp scannerhttp scanninghttpsidentity & access exploitationindicatorindicators of compromiseinformation technologyinfrastructure scanninginitial accessinjection activityinjection attacksinternet facing systemsinternet of thingsinternet-facing serviceinternet-wide monitoringinternet-wide scaninternet_scanintrusion detectioniociocsiot botnetiot securityiot/ics attackipqsipv4ipv4 activityipv4 addressesipv4 indicatorsipv4 scanningiriranit infrastructurejapanjoinlateral movementlithuanialoginattackltmailoney honeypotmalicious activitymalicious ipmalicious ip addressesmalicious softwaremalwaremalware activitymalware behaviourmalware capturemalware deliverymalware distributionmediamilitary operationsmiraimirai botnetmobile carriersmobile networksnational securitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork-based attack attemptsnetwork_reconnaissanceoceaniaopen_port_discoveryopenctioperating systemoperating system securityp0fpassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathportscanpotential credential stuffingpotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationransomwarerdprdp attacksreconnaissanceremote accessremote servicesresearchedresource hijackingretail tradescams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationservice discoveryservice enumerationservice scanservice_enumerationsipsmtpsmtp attackssmtp brute forcesocial engineeringsoftware developmentspamsql injectionsshssh attackssh attacksssh monitoringsyn scansystem discoveryt-pott1018t1021t1021.001t1040t1046t1055t1059t1059.001t1059.003t1059.007t1069.001t1071t1071.001t1076t1078t1087t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1567.001t1583t1589t1590t1590.002t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltcp scantcp scanningtcp_scantelecom servicestelecommunicationstelnet attackstelnet threatthreat actorthreat actor: unknownthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencetokyotor nodetpotudp port scanudp scanudp_scanunauthorized activityvalue avnc protocolvoidtrapvoipvoip attackvulnerability scanvultrwealth managementweb app attackweb application attackweb attackweb exploitationweb spamweb trafficwhois lookupswinwindows
Activity Timeline
Jun 22Jun 22
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
14
Reports
First seenSep 20, 2023
Last seenJun 22, 2026
GeolocationDE
CountryGermany
LocationAugsburg, Bavaria
ASNAS213790
OrgLimited Network LTD
Coords51.2993, 9.4910
VirusTotal
Not checked
WHOIS
- description
- Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]
- raw
- inetnum: 77.90.185.0 - 77.90.185.255 netname: LIMITED-NETWORK country: GB admin-c: RA12012-RIPE tech-c: RA12012-RIPE org: ORG-LA1969-RIPE status: SUB-ALLOCATED PA mnt-by: LimitedNetwork-MNT created: 2023-07-03T15:24:12Z last-modified: 2026-03-11T13:42:51Z source: RIPE organisation: ORG-LA1969-RIPE org-name: Limited Network LTD org-type: OTHER address: Jefferson Place 1 Fernie Street, Manchester, England, M4 4BN country: GB abuse-c: ACRO58261-RIPE mnt-ref: LimitedNetwork-MNT mnt-ref: wcd mnt-by: LimitedNetwork-MNT created: 2024-11-19T13:19:56Z last-modified: 2025-12-31T09:38:17Z source: RIPE # Filtered role: RipeDB address: Jefferson Place 1 Fernie Street, Manchester, England, M4 4BN nic-hdl: RA12012-RIPE mnt-by: LimitedNetwork-MNT created: 2024-11-19T13:16:57Z last-modified: 2025-04-23T09:32:15Z source: RIPE # Filtered route: 77.90.185.0/24 origin: AS213790 created: 2026-02-20T19:54:56Z last-modified: 2026-03-12T17:57:51Z source: RIPE mnt-by: LimitedNetwork-MNT
- references
- https://www.ipqualityscore.com/sample-ip-blacklist.txt, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-09/, https://voidvendor.com/intel, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-01/, https://redpiranha.net, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-23/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-22/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-22/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-19/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 5 days ago
Appeared in 14 threat reports