IOC Radar
IPMediumSignal 77/100

193.163.125.219

Location
ItalyItaly
Leeds, England
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Jun 1, 2021
Last Seen
Jun 6, 2026
Jun 1
First Seen
1838d ago
Jun 6
Last Seen
7d ago
27
Reports
source reports
77%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

60 techniques

Network Information

CountryITItaly
RegionLeeds, England
ASNAS211298
OrganizationConstantine Cybersecurity LTD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

27 reports77% confidence
27
Source reports
77%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseack scanactive reconnaissanceactive scanactive scanningadbhoney honeypotaegisamberaptasiaattackauthentication attemptsauto-generated securityautomotive manufacturingbad ip'sbad reputationbad web botbeningbening scannerblacklisted ip addressblock ratebotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute-forcebruteforcec2c2 communicationcisco devicecisco exploitation attemptcisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised hostconnectconpot honeypotcorazacowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredatabase securityddosddos attackddos attacksddos participationdecoy systemdenial of servicedevice managementdionaea honeypotdistributed attacksdriftnet-benigndropselectronics manufacturingenterprise networkingenumerationenumeration activityeuropeexfiltrationexploitexploit activityexploit attemptsexploitation activityexploited hostfin scanfinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forcegbgermanygovernment technologyhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scannerhttp scanningicmpics securityidentity & access exploitationinbound scanindicatorindustrial automationindustrial control systemsindustrial iotindustrial productioninformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinitiator ipinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4 scanningitalyjapankfsensor honeypotlamplamp attackslamp stack exploitationlateral movementlogin attemptmalicious activitymalicious domainmalicious ip blockedmalicious network activitymalicious softwaremalwaremalware activitymalware behaviourmalware capturemalware propagationmalware scanningmanualmanufacturing technologymirai botnetnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnextraynorth americanull scanopen portsopen proxyos fingerprintingoutbound communication blockingpassword attackpassword attacksphishingphishing attackping of deathpolandportportscanpotential malware activitypotential vulnerability assessmentprocess injectionprocess manufacturingprotocol exploitationproxypublic administrationpublic infrastructurepublic policyquality controlransomwarerdp scanningreconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackingrtbhsansscams & fraudscanscannerscannersscanning activitysecurity operationssecurity policyservice discoveryservice enumerationservice scanservice version detectionsftp attacksftp attackssipsmb brute forcesmtp brute forcesnmpsocial engineeringsocradarsql injection attemptssshssh attackssh attacksssh monitoringsupply chain attacksupply chain managementsynsyn scansynacksynwithdatasystem discoveryt1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1082t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1583t1587.001t1588t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelnettelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottsecudp port scanudp scanunauthorized access attemptunited kingdomunited kingdom of great britain and northern irelandunited statesverified-benignvulnerability scanvulnerability-exploitationvultrvultr cloud infrastructureweb app attackweb application attackweb application attacksweb exploitationweb trafficxmas scanzeek

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
27
Reports
First seenJun 1, 2021
Last seenJun 6, 2026
GeolocationIT
CountryItaly
LocationLeeds, England
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords53.8008, -1.5491
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 193.163.125.128 - 193.163.125.255 netname: DRIFTNET-IPV4-B remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-28T13:46:13Z last-modified: 2024-12-09T15:50:40Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 193.163.125.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-21T17:59:25Z last-modified: 2024-10-31T10:43:37Z source: RIPE # Filtered
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 7 days ago
Appeared in 27 threat reports