IPMediumSignal 44/100

`193.163.125.230`

Location

United Kingdom

Leeds, England

ASN

AS211298

Constantine Cybersecurity LTD

First Seen

May 30, 2021

Last Seen

Jun 18, 2026

May 30

First Seen

1854d ago

Jun 18

Last Seen

8d ago

Reports

source reports

44%

Confidence

medium

Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

44%

Signal Score

44 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

61 techniques

Network Information

Country

United Kingdom

RegionLeeds, England

ASNAS211298

OrganizationConstantine Cybersecurity LTD

Feed Intelligence Summary

28 reports44% confidence

Source reports

44%

Confidence score

Category tags

abuseabuseipdbaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningadbhoney honeypotasiaattackattacker ipattacker-ipauthentication attemptsauto-generated securityautomated attackautomated multi-vector probingbad reputationbad web botbeningbening scannerblacklist candidateblacklisted ip addressbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebrute-force-ftpbrute-force-sshbrute-force-webc2c2 servercisco devicecisco exploit attemptcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncommand & controlcommand and controlcommand executioncommand-injectioncommunication protocolcompromised credentialscompromised hostcompromised hostscowrie attackscowrie honeypotcredential accesscredential attackscredential harvestingcredential stuffingctadata encryptiondata exfiltrationdata store exposuredata theftdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdionaea exploitsdionaea honeypotdirectory-bruteforcedistributed attacksdriftnet-benignencryptionenterprise networkingeuropeexploit attemptsexploitationexploitation activityexploited hostexternal network scanfinfin scanfinlandfirewall detectionfranceftpftp brute forceftp brute-forcegbgermanyhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scannerhttpsicmpidentity & access exploitationinbound scanindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure discoveryinitial access attemptinitial-accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackip-addressipv4 scanningjapankfsensor honeypotlamplamp attacklateral movementlogin attemptmailoney activitymailoney honeypotmalicious activitymalicious ip blockedmalicious softwaremalicious-ipmalwaremalware behaviourmalware capturemalware distributionmalware propagationmalware scanningmanualmasscanmirai botnetnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork traffic analysisnetwork-attacknetwork-servicenmapnorth americanull scanopen port discoveryopen port enumerationopen portsoutbound communication blockingpassword attackpassword attacksphishingphishing attackphishing trappolandport-scanport-scanningportscanpotential vulnerability exploitationprocess injectionprotocol exploitationransomwarerdp scanningreconnaissanceremote accessremote servicesresearchedresource hijackingrtbhsansscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysentrypeer botnetsentrypeer detectionservice discoveryservice enumerationservice scanservice version detectionsftp access attemptsftp attacksip brute forcesip vulnerability scansmb brute forcesmtp brute forcesocial engineeringspamsql injection attemptssql-injectionsshssh attackssh monitoringstealth scansynsyn scant1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1583t1587.001t1588t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat-intel-feedtor nodetsecudp port scanudp scanunauthorized access attemptunited kingdomunited kingdom of great britain and northern irelandunited statesverified-benignvoidtrapvoipvoip attackvulnerability scanvulnerability-scanvultrvultr cloud infrastructurevultr tokyoweb app attackweb application attackweb attackweb exploitationweb trafficweb-attackxmasxmas scan

Activity Timeline

1 total obs

Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

44%

Confidence

Reports

First seenMay 30, 2021

Last seenJun 18, 2026

GeolocationGB

CountryUnited Kingdom

LocationLeeds, England

ASNAS211298

OrgConstantine Cybersecurity LTD

Coords51.4964, -0.1224

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw: inetnum: 193.163.125.128 - 193.163.125.255 netname: DRIFTNET-IPV4-B remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-28T13:46:13Z last-modified: 2024-12-09T15:50:40Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 193.163.125.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-21T17:59:25Z last-modified: 2024-10-31T10:43:37Z source: RIPE # Filtered
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

`193.163.125.230`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey