IOC Radar
IPMediumSignal 51/100

193.163.125.127

Location
United KingdomUnited Kingdom
Leeds, England
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Jun 17, 2021
Last Seen
Jun 11, 2026
Jun 17
First Seen
1820d ago
Jun 11
Last Seen
today
27
Reports
source reports
51%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

87 techniques

Network Information

CountryGBUnited Kingdom
RegionLeeds, England
ASNAS211298
OrganizationConstantine Cybersecurity LTD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

27 reports51% confidence
27
Source reports
51%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadbhoney honeypotadministrative accessapacheapache attackerapplication layer protocolasiaattackattack attemptaustraliaauthentication abuseauthentication attackauto-generated securityautomated activityautomated attackbad reputationbad web botbeningbening scannerblacklist candidateblacklist ipblacklisted ipbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2 communicationc2 servercloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecode executioncommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompromised hostcompromised hostscompromised serverconnect scanconpot honeypotcontainer securitycowriecowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential harvestingcredential stuffingcredentialaccesscurlcvedata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attack indicatorsddos attack sourceddos attacksddos probeddospotdecoy systemdenial of servicedigital oceandionaeadionaea activitydionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdriftnet-benignelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationenumeration attempteuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinlandfirewall detectionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcegalahgbgermanygluttongopothackinghellpothoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttpsicmpics securityidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsinternet-facinginternet_scannersintrusion detectioniociot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4-iocipv4_activitykfsensor honeypotkibanaknown attacker iplateral movementlog4potlogin attemptlogin attemptsloginattackmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious network activitymalicious scanmalicious softwaremalicious trafficmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware downloadmalware propagationmalware scanningmanualmassive port scanmedpotmirai botnetmssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_discoverynetwork_reconnaissancenorth americanull scanoceaniaopen port detectionopen portsopenctioperating systemoperating system securityos credential dumpingos fingerprintingp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingphishingphishing attackphishing trapping of deathpolandpossible reconnaissancepossible reconnaissance activitypossible vulnerability scanpotential botnet activitypotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationproxyproxy accessproxy protocolransomwareransomware activityrcerdp attacksreconnaissancereconnaissance activityredisredis honeypotremote accessremote servicesresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice scanservice version detectionshell accessshell access attemptsip attackssippsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringstealth scansuricata alertsuricata alertssweep scansynsyn scansystem accesssystem discoverysystem disruptiont1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeted scantargeting databasetcp protocoltcp scantelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpottsecudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized_access_attemptunited kingdomunited kingdom of great britain and northern irelandunited statesverified-benignvnc protocolvoipvoip attackvulnerability scanvultr-platformweb app attackweb application attackweb application attacksweb attackweb exploitweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficwgetwordpotxmas scan

Activity Timeline

1 total obs
Jun 11Jun 11

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
27
Reports
First seenJun 17, 2021
Last seenJun 11, 2026
GeolocationGB
CountryUnited Kingdom
LocationLeeds, England
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords53.8008, -1.5491
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force SIP on Vultr Tokyo (Japan) honeypot
raw
inetnum: 193.163.125.0 - 193.163.125.127 netname: DRIFTNET-IPV4-A remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-28T13:43:42Z last-modified: 2024-12-09T15:50:34Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 193.163.125.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-21T17:59:25Z last-modified: 2024-10-31T10:43:37Z source: RIPE # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen today
Appeared in 27 threat reports