IPMediumSignal 59/100
77.90.185.52
Location
GermanyAugsburg, Bavaria
ASN
AS213790
Limited Network LTD
First Seen
Jul 18, 2023
Last Seen
Jun 3, 2026
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionAugsburg, Bavaria
ASNAS213790
OrganizationLimited Network LTD
Feed Intelligence Summary
22 reports59% confidence
22
Source reports
59%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive reconnaissanceactive scanactive scanningadministrative accessapi keyaptasiaattackattack vectorsattacker-ipaustraliaauthentication attacksauthentication attemptsautomated attackautomated attacksbad ip'sbad reputationbad web botbelarusbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forcebrute_force_attackbruteforcec2canadacloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud-infrastructurecode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised hostcompromised hostscowrie honeypotcowrie interactionscredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential compromisecredential guessingcredential harvestingcredential stuffingcredential_attackdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackddos attack indicatorsddos attacksdecoy systemdefault companydenial of servicedictionary_attackdigital oceandigitalocean infrastructuredionaea honeypotdionaea interactionsdionaea payloadsdistributed attacksdnsdns attackencryptioneuropeexploitexploit attemptsexploit kit activityexploit public-facing applicationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal attackexternal scanningexternal threatexternal-threatexternal_threatfattfatt detectionsfatt signaturesfirstfranceftpftp attacksftp brute forceftp brute-forceftp_scangermanygraph summaryhackinghoneytrap eventshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp_scanhttpsicmpidentity & access exploitationimapimap attackindicatorindicators of compromiseinfrastructure targetinginitial accessinitial_access_attemptinjection activityinjection attacksinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-scanninginternet-wide observationinternet-wide scaninternet_wide_scanintrusion detectionioc.ipiot botnetiot securityiot/ics attackipv4ipv4 activityipv4 indicatorsipv4 scanningipv4-addressesipv4-scanningipv4_scanningiriranjapanjoinlateral movementlithuanialogin attacklogin failurelondonltmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious infrastructuremalicious ipsmalicious ipv4malicious softwaremalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmass-scanningmirai botnetnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork trafficnetwork-based attack attemptsnetwork-reconnaissancenetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnorth americaoceaniaopenctioperating systemoperating system securityp0fp0f signaturespassword attackpassword attackspassword_attackphishingphishing attackphishing trapport-scanningportscanpotential vulnerability scanpre-attackprivilege escalationprocess injectionprotocol exploitationpublic cloud targetingransomwareransomware activityrdp attacksrdp scanningrdp_scanreconnaissanceremote accessremote access attackremote servicesresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice scanservice_enumerationsingaporesipsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringspamsql injectionsql injection attemptssshssh attackssh attacksssh monitoringssh_scansuricata alertssynsyn_scansystem discoveryt1005t1016t1018t1020t1021t1021.001t1021.002t1021.004t1040t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1566.001t1566.002t1566.003t1573t1589t1590t1592t1595t1595.001t1595.002t1595.003tannertanner eventstanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet attackstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat_actor_unknownthreat_intelligencetokyotor nodetorontotpotudp scanunattributed activityunauthorized access attemptunauthorized probingunited kingdomunknown threat actorurlsvalue avnc protocolvoidtrapvoipvoip attackvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr tokyovultr_platform_activityweb app attackweb application attackweb application attacksweb attackweb exploitationweb exploitsweb spamweb trafficwhois lookupsxmas_scan
Activity Timeline
Jun 3Jun 3
Threat Activity Heatmap
· Peak: 2026-06-03LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
22
Reports
First seenJul 18, 2023
Last seenJun 3, 2026
GeolocationDE
CountryGermany
LocationAugsburg, Bavaria
ASNAS213790
OrgLimited Network LTD
Coords51.2993, 9.4910
VirusTotal
Not checked
WHOIS
- description
- Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]
- raw
- inetnum: 77.90.185.0 - 77.90.185.255 netname: LIMITED-NETWORK country: GB admin-c: RA12012-RIPE tech-c: RA12012-RIPE org: ORG-LA1969-RIPE status: SUB-ALLOCATED PA mnt-by: LimitedNetwork-MNT created: 2023-07-03T15:24:12Z last-modified: 2026-03-11T13:42:51Z source: RIPE organisation: ORG-LA1969-RIPE org-name: Limited Network LTD org-type: OTHER address: Jefferson Place 1 Fernie Street, Manchester, England, M4 4BN country: GB abuse-c: ACRO58261-RIPE mnt-ref: LimitedNetwork-MNT mnt-ref: wcd mnt-by: LimitedNetwork-MNT created: 2024-11-19T13:19:56Z last-modified: 2025-12-31T09:38:17Z source: RIPE # Filtered role: RipeDB address: Jefferson Place 1 Fernie Street, Manchester, England, M4 4BN nic-hdl: RA12012-RIPE mnt-by: LimitedNetwork-MNT created: 2024-11-19T13:16:57Z last-modified: 2025-04-23T09:32:15Z source: RIPE # Filtered route: 77.90.185.0/24 origin: AS213790 created: 2026-02-20T19:54:56Z last-modified: 2026-03-12T17:57:51Z source: RIPE mnt-by: LimitedNetwork-MNT
- references
- https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-21/, https://voidvendor.com/intel, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-18/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-18/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-15/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-02-28/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-02-28/, https://redpiranha.net, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-24/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-24/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-23/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 12 days ago
Appeared in 22 threat reports