IOC Radar
IPMediumSignal 57/100

193.163.125.201

Location
United StatesUnited States
Leeds, England
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Jun 4, 2021
Last Seen
Jun 17, 2026
Jun 4
First Seen
1847d ago
Jun 17
Last Seen
8d ago
26
Reports
source reports
57%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

58 techniques

Network Information

CountryUSUnited States
RegionLeeds, England
ASNAS211298
OrganizationConstantine Cybersecurity LTD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

26 reports57% confidence
26
Source reports
57%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount discoveryaccount securityack scanactive scanactive scanningactor listadministrative accessasiaattackattacker ipattacker-ipaustraliaautomated attackbad ip'sbad reputationbad web botbeningbening scannerblacklist candidateblacklist ipbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute-forcebrute-force-ftpbrute-force-sshbrute-force-webc2c2 servercisco devicecode executioncode injectioncommand & controlcommand and controlcommand executioncommand-injectioncommunication protocolcompromised credentialscompromised hostcompromised hostscowriecowrie honeypotcowrie ssh honeypotcredential accesscredential attackscredential compromisecredential harvestingcredential stuffingctadata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attacksddos probedecoy systemdenial of servicedevice managementdionaeadionaea honeypotdirectory-bruteforcedistributed attacksdriftnet-benignencryptionenterprise networkingenumerationeuropeexploitexploitation activityexploitation of vulnerabilityexploited hostfattfin scanfinlandfrancefraud voipftpftp attackftp brute forceftp brute-forcegbgermanyhackinghoneynet connecthoneytrap honeypothttp attackhttp brute forcehttp scannerhttp scanninghttpsicmpidentity & access exploitationimapindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attacklamplamp attacklamp stack targetinglateral movementlogin attemptmailoney honeypotmalicious activitymalicious network activitymalicious scanmalicious softwaremalwaremalware activitymalware behaviourmalware capturemalware distributionmanualmirai botnetmisp threatnetworknetwork attacksnetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americanull scanoceaniaopen port detectionopen threatoperating systemoperating system securityos detectionotx pulsenametip0fpassword attackpassword attackspassword crackingphishingphishing attackphishing trapping of deathpinyinpla unitpolandport-scanportscanpossible malicious activitypotential intrusion attemptpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationproxyproxy protocolransomwarercereconnaissancereconnaissance activityredisremote accessremote servicesresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionservice discoveryservice enumerationservice probingservice scansftp attacksftp attemptssip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesocial engineeringsoftware exploitationspamsql injection attemptsql-injectionsshssh attackssh monitoringsynsyn scansystem accesssystem discoveryt1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1587.001t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionti advisorytor nodetpottsectsocudp port scanudp scanunauthorized accessunauthorized access attemptunit coverunited kingdomunited kingdom of great britain and northern irelandunited statesverified-benignvoidtrapvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb attackweb exploitweb exploitationweb trafficxmas scan

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
26
Reports
First seenJun 4, 2021
Last seenJun 17, 2026
GeolocationUS
CountryUnited States
LocationLeeds, England
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords53.8008, -1.5491
Proxy

VirusTotal

Not checked

WHOIS

description
Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
raw
inetnum: 193.163.125.128 - 193.163.125.255 netname: DRIFTNET-IPV4-B remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-28T13:46:13Z last-modified: 2024-12-09T15:50:40Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 193.163.125.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-21T17:59:25Z last-modified: 2024-10-31T10:43:37Z source: RIPE # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 8 days ago
Appeared in 26 threat reports