IPMediumSignal 34/100

`79.127.222.213`

Location

United States

McAllen, Texas

ASN

AS60068

CDN77-McAllen Texas

First Seen

Oct 26, 2024

Last Seen

Jun 7, 2026

Oct 26

First Seen

607d ago

Jun 7

Last Seen

19d ago

Reports

source reports

34%

Confidence

medium

Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

34%

Signal Score

34 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

31 techniques

Network Information

Country

United States

RegionMcAllen, Texas

ASNAS60068

OrganizationCDN77-McAllen Texas

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

8 reports34% confidence

Source reports

34%

Confidence score

Category tags

access controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningattackauthenticationautomated attackbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcebruteforcecisco devicecivil servicescommand and controlcompromised credentialscowriecowrie honeypotcredential accesscredential stuffingczechiadata exfiltrationdata store exposuredatabase securityddosdecoy systemdenial of servicedevice managementdionaeadionaea honeypotdistributed attacksencryptionenterprise networkingexploitexploitationexploitation activityfattfortiosgovernment technologyhackinghoneytrap honeypotidentity & access exploitationinformation technologyinitial accessinjection activityinjection attacksipsec vpnipv4it infrastructuremailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemobile threatmonthlynetworknetwork infrastructurenetwork securitynorth americap0fpalo alto networkspassword attackpassword attacksphishingphishing attackphishing trapprocess injectionproxypublic administrationpublic infrastructurepublic policyreconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackingscannersecurity monitoringsecurity operationssensor-taggedsentrypeer botnetsoftware developmentspamsshssh attackssh monitoringssl vpnt1021t1021.001t1055t1059t1059.003t1071.001t1078t1078.001t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1565t1567t1595t1595.001t1595.002t1595.003tannerthreat actorthreat detectionthreat intelligencetor nodetpotunauthorized accessunited statesunited states of americausvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationweb app attackweb application attackweb exploitation

Activity Timeline

1 total obs

Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreLow Risk

SIGNAL

Signal Score

34%

Confidence

Reports

First seenOct 26, 2024

Last seenJun 7, 2026

GeolocationUS

CountryUnited States

LocationMcAllen, Texas

ASNAS60068

OrgCDN77-McAllen Texas

Coords50.0853, 14.4110

VPN

VirusTotal

Not checked

WHOIS

description: Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 79.127.222.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, low).
raw: NetRange: 79.0.0.0 - 79.255.255.255 CIDR: 79.0.0.0/8 NetName: 79-RIPE NetHandle: NET-79-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2006-08-29 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/79.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
references: https://github.com/telekom-security/tpotce

`79.127.222.213`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey