IOC Radar
IPMediumSignal 42/100

193.163.125.220

Location
United KingdomUnited Kingdom
Leeds, England
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Jun 2, 2021
Last Seen
Jun 18, 2026
Jun 2
First Seen
1850d ago
Jun 18
Last Seen
8d ago
26
Reports
source reports
42%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
42%
Signal Score
42 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

66 techniques

Network Information

CountryGBUnited Kingdom
RegionLeeds, England
ASNAS211298
OrganizationConstantine Cybersecurity LTD

Feed Intelligence Summary

26 reports42% confidence
26
Source reports
42%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningadbhoney activityadbhoney honeypotasiaattackattacker-ipauthentication attemptsauto-generated securitybad ip'sbad reputationbad web botbeningbening scannerblacklist candidateblocked connectionbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute-forcebulgariac2c2 servercisco devicecisco device attackcloudcloud infrastructurecloud infrastructure attackcloud servicescode executioncogentcommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostcompromised hostsconnect scanconpot activityconpot attackconpot honeypotconpot ics attackcowriecowrie activitycowrie attackcowrie honeypotcowrie ssh attackcredential accesscredential harvestingcredential stuffingctrlsdata encryptiondata exfiltrationdata store exposuredata theftdatabase securitydcom exploitationddosddos attackddos attacksdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea attackdionaea honeypotdionaea malware detectiondistributed attacksdriftnet-benignencryptionenterprise networkingenumerationenumeration activityeuropeexploit attemptsexploitation activityexploited hostfailed login attemptsfattfin port scanfin scanfinlandfrancefraud voipftp brute forceftp brute-forcegbgermanyhackingheralding activityhoneynet connecthoneytrap honeypothttp brute forcehttp probinghttp scanninghydraicmpics securityics/scada attackidentity & access exploitationindiaindicatorindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackipv4 scanningjapankfsensor honeypotlamplamp attacklamp exploitation attemptslateral movementlogin attemptmailoney activitymailoney attackmailoney email spoofingmailoney honeypotmalicious activitymalicious softwaremalwaremalware activitymalware behaviourmalware capturemalware distributionmalware propagationmalware scanningmanualmass port scanningmass scanningmicrosoft technologiesmirai botnetnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork traffic analysisnorth americanull port scannull scanopen port detectionopen port discoveryp0fpanamaparispassword attackpassword attackspassword sprayingphishingphishing attackphishing trapping of deathpolandportscanpotential threat activitypotential vulnerability assessmentprocess injectionprotocol exploitationransomwarerdp scanningreconnaissanceremote accessremote servicesresearchedresource hijackingrpcsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer p2p attackserviceservice discoveryservice enumerationservice scanservice version detectionsftp activitysftp attacksftp attemptssftp scanningsip brute forcesip scanningsmb brute forcesmb scanningsmtp brute forcesocial engineeringsoftware exploitationspamsql injection attemptssshssh attackssh monitoringstealth scan techniquessynsyn port scansyn scansystem discoveryt1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1047t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1587.001t1588t1588.002t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tamatiya eoodtannertanner activitytanner web attacktargeting databasetcp protocoltcp scantelecommunicationstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottsecudp port scanudp scanunauthorized accessunauthorized access attemptunitedunited kingdomunited kingdom of great britain and northern irelandunited statesverified-benignvoidtrapvoipvoip attackvoip securityvulnerability scanvultrvultr cloud infrastructureweb app attackweb application attackweb attackweb exploitationxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
42
SIGNAL
Signal Score
42%
Confidence
26
Reports
First seenJun 2, 2021
Last seenJun 18, 2026
GeolocationGB
CountryUnited Kingdom
LocationLeeds, England
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords51.4964, -0.1224

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 193.163.125.128 - 193.163.125.255 netname: DRIFTNET-IPV4-B remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-28T13:46:13Z last-modified: 2024-12-09T15:50:40Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 193.163.125.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-21T17:59:25Z last-modified: 2024-10-31T10:43:37Z source: RIPE # Filtered
references
https://jamesbrine.com.au/vultrparis-snmp-bruteforce-ip-list-2025-08-07/, https://jamesbrine.com.au, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 8 days ago
Appeared in 26 threat reports