IOC Radar
IPMediumSignal 55/100

77.90.185.43

Location
GermanyGermany
Augsburg, Bavaria
ASN
AS213790
Limited Network LTD
First Seen
Jul 18, 2023
Last Seen
Jun 6, 2026
Jul 18
First Seen
1061d ago
Jun 6
Last Seen
7d ago
22
Reports
source reports
55%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

58 techniques

Network Information

CountryDEGermany
RegionAugsburg, Bavaria
ASNAS213790
OrganizationLimited Network LTD

Feed Intelligence Summary

22 reports55% confidence
22
Source reports
55%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadminadministrative accessapi keyasiaattachment phishingattackattacker ip addressesaustraliaautomated attackautomated emailautomated_attackbad ip'sbad reputationbad web botbase64base64 encodingbecbelarusbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attackbruteforcebulk emailc2canadacloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostscowriecowrie honeypotcredential accesscredential attackcredential guessingcredential harvestingcredential phishingcredential stuffingcredentialaccessdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackddos attacksdedecoy systemdefault companydenial of servicedigital oceandigitalocean ipsdionaeadionaea honeypotdistributed attacksdnsdns attackencryptionenumerationeuropeexploitexploit attemptsexploitation activityexploitation attemptexploited hostexternal threatfattfirstftpftp brute forceftp brute-forcegermanygraph summaryhackinghoneytrap honeypothttp brute forcehttp scannerhttpsidentity & access exploitationindicatorinfected hostinfrastructure scanninginitial accessinitial_accessinjection activityinjection attacksinternet of thingsinternet-facinginternet-facing serviceinternet-wide scaninternet_scannersinternet_wide_scanintrusion detectioniociot botnetiot securityiot/ics attackip-addressesipv4ipv4 scanningipv4_addressipv4_indicatorsiriranjapanjoinlateral movementlithuanialoginlogin attackloginattacklondonltmailoney honeypotmalicious activitymalicious ipmalicious softwaremalicious trafficmalwaremalware behaviourmalware botnet activitymalware capturemalware distributionmiraimirai botnetnetworknetwork attacksnetwork discoverynetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork_enumerationnetwork_reconnaissancenetwork_scanningnorth americaoceaniaopenctioperating systemoperating system securityp0fpasswordpassword attackspassword crackingpassword theftpayment fraudphishingphishing attackphishing campaignphishing trapportscanpotential vulnerability scanprice requestprice request scamprivilege escalationprobingprocess injectionproduction_environment_threatprotocol exploitationpublic cloudransomwarerdpreconnaissanceremote accessremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activityschedule themescheduled task abusesecurity eventsecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationservice enumerationservice scansftp attacksipsip_brute_forcesip_vicioussmtpsocial engineeringspamsql injectionsshssh attackssh monitoringssh_brute_forcet-pott1003t1003.001t1018t1021t1021.001t1021.002t1040t1041t1046t1053t1055t1059t1059.003t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1192t1203t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1589t1590t1590.005t1592t1595t1595.001t1595.002t1595.003t1598t1598.003tannertargeting databasetariff server compromisetariff server themetariffs servertcptcp protocoltcp scantcp scanningtelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat_discoverytor nodetorontotpottpotceudp port scanudp scanunauthorized accessunauthorized_access_attemptunited kingdomunknown threat actorvalue avnc protocolvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb exploitationweb scannerweb spamweb trafficwebscanwebscannerwetransfer abusewhois lookupswinwindows

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
22
Reports
First seenJul 18, 2023
Last seenJun 6, 2026
GeolocationDE
CountryGermany
LocationAugsburg, Bavaria
ASNAS213790
OrgLimited Network LTD
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

description
Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]
raw
inetnum: 77.90.185.0 - 77.90.185.255 netname: InsideNetwork country: GB admin-c: ACRO55396-RIPE tech-c: ACRO55396-RIPE org: ORG-IA2049-RIPE status: SUB-ALLOCATED PA mnt-by: InsideNetworks-MNT mnt-by: InsideNetworkLTD-MNT created: 2023-07-03T15:24:12Z last-modified: 2024-05-27T10:46:20Z source: RIPE organisation: ORG-IA2049-RIPE org-name: Inside Network LTD country: GB org-type: OTHER address: 16 KERFIELD PLACE LONDON abuse-c: ACRO55592-RIPE mnt-ref: InsideNetworkLTD-MNT mnt-by: InsideNetworkLTD-MNT created: 2024-02-13T21:46:27Z last-modified: 2024-05-27T10:45:04Z source: RIPE # Filtered role: Abuse contact role object address: 16 KERFIELD PLACE LONDON ENGLAND SE5 8SX abuse-mailbox: [email protected] nic-hdl: ACRO55396-RIPE mnt-by: InsideNetworkLTD-MNT created: 2024-01-28T18:21:02Z last-modified: 2024-01-28T18:21:21Z source: RIPE # Filtered route: 77.90.185.0/24 origin: AS215476 mnt-by: InsideNetworkLTD-MNT created: 2024-06-12T20:16:39Z last-modified: 2024-06-12T20:16:39Z source: RIPE
references
https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-15/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-15/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-23/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-02-23/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-23/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-02-22/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-22/, https://redpiranha.net, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-16/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 7 days ago
Appeared in 22 threat reports