IPMediumSignal 51/100

`193.163.125.116`

Location

United Kingdom

Leeds, England

ASN

AS211298

Constantine Cybersecurity LTD

First Seen

Jun 18, 2021

Last Seen

Jun 15, 2026

Jun 18

First Seen

1823d ago

Jun 15

Last Seen

yesterday

Reports

source reports

51%

Confidence

medium

Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

51%

Signal Score

51 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

90 techniques

Network Information

Country

United Kingdom

RegionLeeds, England

ASNAS211298

OrganizationConstantine Cybersecurity LTD

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

26 reports51% confidence

Source reports

51%

Confidence score

Category tags

abuseaccess controlaccount compromiseack scanactive scanactive scanningadbhoney honeypotapacheapache attackerasiaattackattack attemptaustraliaauthenticationauto-generated securityautomated activityautomated attackautomated threatbad ip'sbad reputationbad web botbeningbening scannerblacklist candidateblacklist ipblock listbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationchina mobilecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon password attackscommunication protocolcompany limitedcompromised devicecompromised hostcompromised systemcompromised systemsconfiguration manipulationconfiguration modificationconnect scanconpot honeypotcontainer securitycowriecowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential bruteforcingcredential harvestingcredential stuffingcron injectioncurlcvedata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcomdcom exploitationddosddos attackddos attack indicatorsddos attacksddos participationddos probeddospotdecoy systemdenial of servicedigital oceandionaeadionaea activitydionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdriftnet-benignelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationeuropeexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfirewall detectionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcegalahgbgermanygluttongopothackinghellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsinternet-facinginternet_scannersintrusion detectioninvalid login attemptsiociot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 activityipv4-iocipv4_activitykibanalateral movementlog4potlogin attemptmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious domainmalicious file transfermalicious ipmalicious ip activitymalicious network activitymalicious scanmalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware downloadmalware installationmalware propagationmanualmass scanningmasscanmedpotmicrosoft technologiesmiraimirai botnetmodule loadingmssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service attacknetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_discoverynetwork_reconnaissancenmapnorth americanull port scannull scanoceaniaopen port detectionopen port enumerationopportunistic attackos detectionp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandpossible reconnaissancepossible reconnaissance activitypotential intrusion attemptpotential malware distributionpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability scanningprocess injectionprotocol exploitationproxyproxy accessproxy protocolransomwareransomware activityrcerdp attacksreconnaissancereconnaissance activityredis honeypotremote accessremote servicesreplication attackresearchedresource hijackingrpcsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice scanservice version detectionshell accessshell access attemptsip attackssippslaveofsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh key injectionssh monitoringstealthstealth scansuricata alertsuricata alertssynsyn port scansyn scansystem discoverysystem disruptiont-pott1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1047t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1505.003t1505.004t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcptcp protocoltcp scantelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontimeouttor nodetpottsecudpudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized_access_attemptunited kingdomunited kingdom of great britain and northern irelandunited statesus noneverified-benignversion detectionvnc protocolvoipvoip attackvulnerability scanvultr-platformweb app attackweb application attackweb application attacksweb attackweb brute forceweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficwgetwordpotxmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs

Jun 15Jun 15

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

51%

Confidence

Reports

First seenJun 18, 2021

Last seenJun 15, 2026

GeolocationGB

CountryUnited Kingdom

LocationLeeds, England

ASNAS211298

OrgConstantine Cybersecurity LTD

Coords53.8008, -1.5491

Proxy

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=GB; ports=40000 Location=Sydney, Australia.
raw: inetnum: 193.163.125.0 - 193.163.125.127 netname: DRIFTNET-IPV4-A remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-28T13:43:42Z last-modified: 2024-12-09T15:50:34Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 193.163.125.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-21T17:59:25Z last-modified: 2024-10-31T10:43:37Z source: RIPE # Filtered

`193.163.125.116`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy