IOC Radar
IPMediumSignal 83/100

92.63.197.97

Location
The NetherlandsThe Netherlands
Amsterdam, North Holland
ASN
AS211736
Korotkij Denis Aleksandrovich
First Seen
Sep 14, 2020
Last Seen
May 1, 2026
Sep 14
First Seen
2107d ago
May 1
Last Seen
53d ago
3
Reports
source reports
83%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
83%
Signal Score
83 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

5 techniques

Network Information

CountryNLThe Netherlands
RegionAmsterdam, North Holland
ASNAS211736
OrganizationKorotkij Denis Aleksandrovich

Feed Intelligence Summary

3 reports83% confidence
3
Source reports
83%
Confidence score
Category tags
active scanactive scanningapi keydefault companyfin scanfirstgraph summaryindicatorjoinnetworknetwork probingnetwork scanningnull scanreconnaissanceresearchedservice discoverysyn scant1046t1595t1595.001t1595.002t1595.003threat actorudp port scanvalue aweb application attackwhois lookupsxmas scan

Activity Timeline

1 total obs
May 1May 1

Threat Activity Heatmap

· Peak: 2026-05-01
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
83
SIGNAL
Signal Score
83%
Confidence
3
Reports
First seenSep 14, 2020
Last seenMay 1, 2026
GeolocationNL
CountryThe Netherlands
LocationAmsterdam, North Holland
ASNAS211736
OrgKorotkij Denis Aleksandrovich
Coords52.3676, 4.9041

VirusTotal

Not checked

WHOIS

description
Monitoring systems have identified a massive infrastructure linked to the domain blockmmms.[eu] and mmms.[eu] This network utilizes 300+ rotating IP addresses (A-Records) to maintain persistence. This behavior is consistent with high-level botnet Command & Control (C2) activity, potentially linked to malware delivery (e.g., Mirai, QakBot).2. Technical DetailsTarget Domain: mmms.eu / network.block.mmms.euInfrastructure Pattern: Fast-Flux DNS (IPs rotate every 59 seconds).Hosting Providers: High density across DigitalOcean, AWS, Linode, and various offshore VPS providers. The classification as "Vehicles" on alphaMountain.ai is a significant detail, as it likely represents a category cloaking tactic designed to bypass web filters that allow benign traffic. By masquerading as an automotive-related site, the domain can maintain its Command & Control connections while hiding in plain sight from automated security tools. Network Team: Implement an immediate DNS-level block for [block.mmms.eu] [mmms.eu]

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 1 month ago
Appeared in 3 threat reports