IPMediumSignal 100/100
83.222.190.254
Location
BulgariaKarlovo, 22
First Seen
Aug 3, 2024
Last Seen
May 1, 2026
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryBulgaria
BulgariaRegionKarlovo, 22
Organization4Media Ltd
Feed Intelligence Summary
17 reports99% confidence
17
Source reports
99%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadb exploit attemptsadbhoney activityadbhoney honeypotadministrative accessapi keyattackauthentication attackauthentication attemptauthentication failurebad web botbgblog spambotnetbrute forcebrute force attackbrute force attemptsbulgariac2 communicationcommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostconpot honeypotcowrie activitycowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingdata exfiltrationdatabase securityddosddos attackddos attacksdecoy systemdefault companydenial of servicedionaea activitydionaea honeypotdionaea malware collectiondistributed attackselasticpot activityelasticpot exploitationelasticpot honeypotelasticsearch monitoringeuropeexfiltrationexploit attemptexploit attemptsexploit public-facing applicationexploitationexternal remote servicesfirstftpftp brute forcegraph summaryhackingheralding activityheralding probinghttp brute forceics securityindicatorindustrial control systemsinitial accessinternet of thingsintrusion detectioniociot botnetiot/ics attackipphoney activityipphoney honeypotjoinlateral movementloginmailoney honeypotmalicious activitymalicious code detectionmalicious softwaremalicious sshmalwaremalware behaviourmalware capturemalware distributionmalware propagationmalware scanningmirai botnetnetworknetwork activitynetwork attacksnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaoperating systemoperating system securitypassword attackpassword attackspassword sprayingphishingphishing attackphishing trappotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationreconnaissanceredis brute forceredis honeypotremote accessremote servicesresearchedresource hijackingromaniascanscannerscanning activitysecurity operationssecurity policysentrypeer botnetserver exploitationsftp attacksip attackssip brute forcesip scanningsmtp brute forcesocial engineeringsql injection attemptsssh attackssh monitoringt1016t1016.001t1018t1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.001t1059.004t1059.005t1069.001t1071t1071.001t1076t1078t1078.002t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505.004t1550t1550.002t1550.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1583.001t1588t1589t1595t1595.001t1595.002t1595.003tannertcp protocoltelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontpotceunauthorized access attemptsunited statesus source ipvalid accountsvalue avoipvoip attackweb application attackweb exploitationweb scannerweb spamwhois lookups
Activity Timeline
May 1May 1
Threat Activity Heatmap
· Peak: 2026-05-01LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
17
Reports
First seenAug 3, 2024
Last seenMay 1, 2026
GeolocationBG
CountryBulgaria
LocationKarlovo, 22
Org4Media Ltd
Coords42.6951, 23.3250
VirusTotal
Not checked
WHOIS
- description
- Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]
- raw
- inetnum: 83.222.190.0 - 83.222.191.255 netname: Net_4Media org: ORG-AA2048-RIPE country: BG admin-c: PD8817-RIPE tech-c: PD8817-RIPE status: ASSIGNED PA mnt-by: MNT-LIR-BG created: 2024-07-03T10:05:33Z last-modified: 2024-07-03T10:05:33Z source: RIPE organisation: ORG-AA2048-RIPE org-name: 4Media Ltd. country: BG org-type: OTHER address: 35, Ivan Vazov str, Sopot, Bulgaria abuse-c: AA33554-RIPE mnt-ref: TAMATYA-MNT mnt-ref: MNT-LIR-BG mnt-by: MNT-LIR-BG created: 2018-05-31T08:09:29Z last-modified: 2022-12-01T17:00:25Z source: RIPE # Filtered person: Petar Dimov address: [email protected] address: [email protected] phone: +359988865442 nic-hdl: PD8817-RIPE mnt-by: TAMATYA-MNT created: 2016-11-06T19:36:43Z last-modified: 2022-12-20T20:23:46Z source: RIPE route: 83.222.190.0/24 origin: AS204428 mnt-by: MNT-LIR-BG created: 2024-07-03T10:05:33Z last-modified: 2024-07-03T10:05:33Z source: RIPE
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://example.com, https://redpiranha.net
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 17 threat reports