IOC Radar
IPMediumSignal 42/100

193.163.125.223

Location
United KingdomUnited Kingdom
Leeds, England
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Jun 5, 2021
Last Seen
Jun 20, 2026
Jun 5
First Seen
1848d ago
Jun 20
Last Seen
7d ago
27
Reports
source reports
42%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
42%
Signal Score
42 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

66 techniques

Network Information

CountryGBUnited Kingdom
RegionLeeds, England
ASNAS211298
OrganizationConstantine Cybersecurity LTD

Feed Intelligence Summary

27 reports42% confidence
27
Source reports
42%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseack scanactive reconnaissanceactive scanactive scanningadb scanningadbhoney activityadbhoney honeypotasiaattackattacker-ipauthentication attemptsauto-generated securitybad ip'sbad reputationbad web botbeningbening scannerbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forcec2 communicationcisco devicecisco device attackcisco exploit attemptcisco exploitation attemptcisco exploitation attemptscivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostconpot activityconpot honeypotconpot ics attacksconpot ics exploitationcowrie activitycowrie attackscowrie honeypotcowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential brute-forcingcredential harvestingcredential stuffingcredential_accesscredentialsdata encryptiondata exfiltrationdata store exposuredatabase attacksdatabase securityddosddos attackddos attacksddos participationdecoy systemdenial of servicedevice managementdionaea activitydionaea exploitsdionaea honeypotdionaea malware analysisdionaea malware collectiondistributed attacksdriftnet-benignelasticpot activityelasticpot attackselasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenumerationeuropeexploitexploit activityexploit attemptsexploitation activityexploited hostfinfin scanfinlandfirewall detectionfrancefraud voipftpftp brute forceftp brute-forcegbgermanygovernment technologyhackingheralding activityheralding attacksheralding probeshoneynet connecthoneytrap activityhoneytrap honeypothttp brute forcehttp scannerhttp scanninghttpsics securityidentity & access exploitationinbound scanindicatorindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinjection activityinjection attacksinternet of thingsintrusion detectioniot botnetiot securityiot/ics attackipmi scanningipphoney activityipphoney honeypotipv4 scanningit infrastructurejapankfsensor honeypotlamplamp attacklamp exploitation attemptslamp stack targetinglateral movementlogin attemptmailoney activitymailoney honeypotmalicious activitymalicious domainmalicious scanmalicious softwaremalicious trafficmalicious_activitymalwaremalware activitymalware behaviourmalware capturemalware distributionmalware propagationmalware scanningmanualmasscanmirai botnetnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork_intrusionnmapnorth americanull scanos fingerprintingpassword attackpassword attackspassword crackingphishingphishing attackphishing trapping of deathpolandportscanpossible reconnaissancepotential threat activityprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwarerdp scanningreconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotregulatory agenciesremote accessremote servicesresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activitysecurity policysentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionservice discoveryservice enumerationservice scanservice version detectionsftp access attemptsftp attacksftp attemptsip attackssip brute forcesip scanningsip vulnerability exploitationsip vulnerability scansmb brute forcesmtp brute forcesocial engineeringsoftware developmentsql injection attemptssshssh attackssh monitoringsweep scansynsyn scansystem discoveryt1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1078.002t1078.003t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588t1588.002t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner exploit attemptstanner exploit kittanner honeypot activitytargeting databasetcp protocoltcp scantelecommunicationstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottpotcetsecudp port scanudp scanunauthorized accessunauthorized access attemptunited kingdomunited kingdom of great britain and northern irelandunited statesverified-benignvoidtrapvoipvoip attackvulnerability scanvulnerability-exploitationvultrvultr cloud infrastructurevultr tokyoweb app attackweb application attackweb exploitationweb trafficxmasxmas scanzmap

Activity Timeline

1 total obs
Jun 20Jun 20

Threat Activity Heatmap

· Peak: 2026-06-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
42
SIGNAL
Signal Score
42%
Confidence
27
Reports
First seenJun 5, 2021
Last seenJun 20, 2026
GeolocationGB
CountryUnited Kingdom
LocationLeeds, England
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords53.8008, -1.5491

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 193.163.125.128 - 193.163.125.255 netname: DRIFTNET-IPV4-B remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-28T13:46:13Z last-modified: 2024-12-09T15:50:40Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 193.163.125.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-21T17:59:25Z last-modified: 2024-10-31T10:43:37Z source: RIPE # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 7 days ago
Appeared in 27 threat reports