IPMediumSignal 72/100
201.149.53.243
Location
MexicoMiguel Hidalgo, Mexico City
ASN
AS14178
Megacable Comunicaciones de Mexico, S.A. de C.V
First Seen
May 12, 2025
Last Seen
Jun 6, 2026
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryMexico
MexicoRegionMiguel Hidalgo, Mexico City
ASNAS14178
OrganizationMegacable Comunicaciones de Mexico, S.A. de C.V
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
30 reports72% confidence
30
Source reports
72%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningaggressive-detectionapacheapache attackeraptasiaattackattack attemptattack source: gbaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication brute forceauthentication failureauthentication_attackauthentication_failuresautomated attackautomated attacksautomated-attackautomated_attackbad reputationbad web botblocked eventblocklistblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2 communicationc2 servercisco devicecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud_environmentcloud_infrastructurecommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostsconnection-resetcowriecowrie honeypotcredential accesscredential attackcredential attackscredential brute forcecredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential_accesscredential_stuffingcyber reconnaissancedata exfiltrationdata store exposuredata theftdatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice compromise attemptsdevice managementdictionary attackdigital oceandigitalocean platformdionaeadionaea honeypotdiscovery phasedistributed attacksenterprise networkingeuropeexploitexploitation activityexploited hostexport-to-otxexternal threatexternal-scanningexternal-threatfailed loginsfattfinlandfranceftpftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneypot 24h activityhoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationimapimap attackindicatorindicators of compromiseinformation technologyinitial accessinitial access attemptinitial_accessinjection activityinjection attacksinternet-wide scaninternet_wide_scanintrusion detectioniociot securityiot targetedipv4ipv4-iocipv4_indicatorsipv4_iocipv4_trafficit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp stacklateral movementlinux systemlinux systemslogin attacklogin attemptlogin attemptslogin brute forcelow-riskmailoney honeypotmalaysiamalicious activitymalicious ipmalicious ip addressesmalicious ipsmalicious login attemptsmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmexicomispmxnetworknetwork accessnetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork traffic analysisnetwork-discoverynetwork-reconnaissancenorth americanoticeoceaniaopencanaryopportunistic attackosintp0fpassword attackpassword attackspassword_guessingphishingphishing attackphishing trapping of deathpolandprocess injectionprotocol exploitationprotocol-probingpublicly accessible infrastructureransomwareraspberry-pireconnaissanceremote accessremote access attemptremote servicesremote_accessresearchresearchedresource hijackings3saslscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetserver protectionserver securityservice enumerationservice scansftp attacksftp attackssftp exploitation attemptssmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh bruteforcessh monitoringssh-bruteswedensystem accesst-pott1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1550.002t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1588.004t1589t1589.002t1590t1590.002t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp port scanningtcp protocoltcp scantcp-scanningtelecommunicationstelnettelnet threatthreat actorthreat actor: unknownthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanningudp scanudp-scanningunauthorized access attemptunauthorized access attemptsunited kingdomunited statesvoipvoip attackvpnvpn ipvulnerability scanvultrvultr-platformweb app attackweb application attackweb crawlerweb crawlingweb exploitweb exploitationweb spamweb traffic
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
30
Reports
First seenMay 12, 2025
Last seenJun 6, 2026
GeolocationMX
CountryMexico
LocationMiguel Hidalgo, Mexico City
ASNAS14178
OrgMegacable Comunicaciones de Mexico, S.A. de C.V
Coords19.4341, -99.2002
VPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected attempting to brute force SSH on DigitalOcean Toronto (CA) honeypot
- raw
- Socket not responding: [Errno 111] Connection refused
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 7 days ago
Appeared in 30 threat reports