IPMediumSignal 65/100
177.229.197.38
Location
MexicoTapachula, Chiapas
ASN
AS13999
Mega Cable, S.A. de C.V
First Seen
Mar 11, 2024
Last Seen
Jun 9, 2026
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryMexico
MexicoRegionTapachula, Chiapas
ASNAS13999
OrganizationMega Cable, S.A. de C.V
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
29 reports65% confidence
29
Source reports
65%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccess control violationaccount compromiseactive scanactive scanningaggressive-detectionanomalous network connectionsapacheapache attackeraptasiaattackattack source identificationattack source: gbattack-attemptattacker-ipattempted accessattempted compromiseaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication-attemptsautomated activityautomated attackautomated attacksautomated brute forceautomated threatbad reputationbad web botbanner-grabbingblock listblock.txtblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute-force-ftpbrute-force-sshbrute-force-webbruteforcec2c2 communicationc2 serverchina mobilecisco devicecisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand-injectioncommunication protocolcommunity-sharedcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcowrie interactionscowrie ssh attackscredential accesscredential attackcredential attackscredential compromisecredential guessingcredential harvestingcredential stuffingcredential theft attemptcredential-accesscredential-stuffingctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attacksdatabase securityddosddos attackddos attemptddos preparationdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdigital oceandigitalocean cliftondigitalocean securitydigitalocean vpsdionaeadionaea honeypotdionaea interactionsdionaea malware samplesdirectory-bruteforcedistributed attacksdnsdns attackencryptionenterprise networkingenumerationeu cyber policieseuropeexecutable fileexploitexploit attemptsexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexport-to-otxexternal attackexternal remote servicesexternal threatfail2ban alertfail2ban alertsfail2ban blockfail2ban detectionfail2ban triggerfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfailed loginsfattfatt signaturesfilefinlandfrancefraud ordersfraud voipftpftp attackftp brute forceftp brute-forcegb-originating trafficgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usicmpidentity & access exploitationindiaindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial-accessinjection activityinjection attacksinternet-facingintrusion detectioniociot securityiot targetedip-addressipv4ipv4 attacksipv4-indicatorsit infrastructurekill-chain exploitationkill-chain reconnaissanceknown malicious iplamplamp server targetinglateral movementlinux-server-attackslog analysislogin attacklogin attackslogin attemptlogin attemptslogin brute forcelogin brute-forcelondonlow-riskmailmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious file transfermalicious ipmalicious ip activitymalicious loginmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious ssh loginmalicious trafficmalicious-activitymalwaremalware analysismalware behaviourmalware capturemalware distributionmalware propagationmanualmexicomispmod securitymultiple failed loginsmxnetworknetwork accessnetwork activitynetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service attacknetwork service scanningnetwork sniffingnetwork traffic analysisnorth americanoticenull scanoceaniaopen proxyosintp0fp0f network fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanport-scanningportscanpossible botnet activitypossible malware distributionpotential botnetpotential malware uploadprocess injectionprotocol exploitationprotocol-probingproxypublicly accessible infrastructureransomwarereconnaissancereconnaissance activityregional securityremote accessremote access attemptremote servicesremote-accessresearchresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity eventsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserver securityservice discoveryservice enumerationservice exploitationservice scansftp access attemptsftp access attemptssftp attacksftp exploitation attemptssip brute forcesip scanningsmb brute forcesmtpsmtp attacksmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql injectionsql-injectionsshssh attackssh bruteforcessh monitoringssh-brutesuricata alertsswedensyn scant-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.004t1083t1087t1105t1110t1110.001t1110.001 password guessingt1110.002t1110.003t1110.003 credential stuffingt1110.004t1133t1187t1189t1190t1195t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1552.001t1555t1563t1565t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003ta0043 - reconnaissancetannertanner interactionstargeting databasetcptcp protocoltcp scantcp/22telecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized-accessunited kingdomunited statesus abuseus noneutc+1:00valid accountsvoidtrapvoipvoip attackvpnvpn ipvpsvps securityvulnerability scanvulnerability-scanvultrweb app attackweb applicationweb application attackweb application attacksweb attackweb brute forceweb exploitationweb login attackweb shell detectionweb spamweb trafficweb-attackxmas scan
Activity Timeline
Jun 9Jun 9
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
29
Reports
First seenMar 11, 2024
Last seenJun 9, 2026
GeolocationMX
CountryMexico
LocationTapachula, Chiapas
ASNAS13999
OrgMega Cable, S.A. de C.V
Coords14.9357, -92.2508
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- timestamp=2026-04-08 09:38:53,762 CC=MX ASN=13999 Mega Cable, S.A. de C.V. latitude=14.8852 longitude=-92.277
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 5 days ago
Appeared in 29 threat reports