Maximum Danger
IP 187.191.2.214 is a critical-risk address operated by Total Play Telecomunicaciones SA de CV in Mexico that has generated 1616 abuse reports across automated honeypot sensors over approximately six months of sustained activity, with recent detections exclusively documenting general hacking intrusion attempts including vulnerability exploitation and unauthorized access efforts. With a threat-level score of 10 out of 10 and 20 current-category reports all pointing to hacking activity, this IP presents a severe and persistent risk to any exposed network services it encounters.
Automated honeypot sensors across the threat-intelligence community have logged 1616 total reports for this address since January 2026, with the most recent confirmed detections occurring in June 2026. The network is registered to AS22884 under Total Play Telecomunicaciones SA de CV, a Mexican telecommunications provider. The activity frequency rating of 4 out of 10 indicates that this host maintains a persistent scanning and probing cadence rather than sporadic bursts, suggesting an automated or semi-automated attack infrastructure rather than isolated manual attempts. The 75% confidence score reflects a well-established pattern of malicious behavior consistent across the detection period, with all 20 of the most recent reports categorizing the activity as general hacking intrusion attempts.
The dominant threat category for this IP is general hacking activity, which encompasses a broad spectrum of intrusion techniques including exploitation of unpatched vulnerabilities, credential-attempt attacks, and probing for misconfigured services. The sustained volume of reports indicates this address is actively engaged in scanning and attacking internet-facing systems as part of an ongoing campaign. For organizations with exposed services, this type of activity poses a concrete risk of unauthorized system access, data exfiltration, or use of compromised infrastructure as a pivot point for deeper network intrusion. The consistent detection by multiple honeypot sensors confirms this is not transient or accidental traffic but deliberate hostile activity targeting weak points in perimeter defenses.
KR 
UA 
RO 
UG 
FR 
CA