IOC Radar
IPMediumSignal 50/100

89.248.163.42

Location
NetherlandsNetherlands
Amsterdam, North Holland
ASN
AS202425
Quasi Networks LTD.
First Seen
Mar 31, 2023
Last Seen
Jun 12, 2026
Mar 31
First Seen
1184d ago
Jun 12
Last Seen
15d ago
11
Reports
source reports
50%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

6 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, North Holland
ASNAS202425
OrganizationQuasi Networks LTD.

Feed Intelligence Summary

11 reports50% confidence
11
Source reports
50%
Confidence score
Category tags
abuseactive scanactive scanningapi keybad reputationbad web botbotnet activitybrute forcecredential harvestingcredential stuffingdefault companyeuropefirstgraph summaryidentity & access exploitationindicatorjoinnetherlandsnetworknlphishingphishing attackreconnaissancerecyber_project-benignresearchedsansscannersocial engineeringt1566.001t1566.002t1566.003t1595.001t1595.002t1595.003threat actorvalue averified-benignweb application attackwhois lookups

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
11
Reports
First seenMar 31, 2023
Last seenJun 12, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, North Holland
ASNAS202425
OrgQuasi Networks LTD.
Coords52.3676, 4.9041

VirusTotal

Not checked

WHOIS

description
Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]
raw
inetnum: 89.248.163.0 - 89.248.163.127 netname: NET-3-163 descr: RECYBER PROJECT NETBLOCK remarks: +----------------------------------------------- remarks: | This net-block is not trying to hack you, we are only scanning remarks: | for LEGIT purposes ONLY. This scanning is done by multiple remarks: | security organizations. remarks: | Please use https://www.recyber.net/opt-out remarks: | to have your ip-address and/or netblock/as number white-listed remarks: | and excluded from this project. remarks: | If you have any further questions please contact [email protected] remarks: +----------------------------------------------- country: NL org: ORG-IVI1-RIPE geoloc: 52.370216 4.895168 admin-c: RR13369-RIPE abuse-c: RR13369-RIPE tech-c: RR13369-RIPE status: ASSIGNED PA mnt-by: IPV mnt-lower: IPV mnt-routes: IPV created: 2021-11-29T15:58:22Z last-modified: 2022-12-10T15:33:54Z source: RIPE organisation: ORG-IVI1-RIPE org-name: IP Volume inc country: SC org-type: OTHER address: Seychelles abuse-c: IVNO1-RIPE mnt-ref: IPV mnt-by: IPV created: 2018-05-14T11:46:50Z last-modified: 2023-09-08T14:13:20Z source: RIPE # Filtered role: RECYBER ROLE address: 35 Firs Avenue, London, England, N11 3NE abuse-mailbox: [email protected] nic-hdl: RR13369-RIPE mnt-by: IPV created: 2021-01-27T15:12:59Z last-modified: 2021-01-27T15:12:59Z source: RIPE # Filtered route: 89.248.163.0/24 origin: AS202425 remarks: +----------------------------------------------- remarks: | For abuse e-mail [email protected] remarks: | We do not always reply to abuse. remarks: | But we do take care your report is dealt with! remarks: +----------------------------------------------- mnt-by: IPV created: 2019-02-08T15:41:19Z last-modified: 2019-02-08T15:41:19Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 15 days ago
Appeared in 11 threat reports