IPMediumSignal 54/100
193.163.125.40
Location
PolandLeeds, England
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
May 30, 2021
Last Seen
Jun 4, 2026
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryPoland
PolandRegionLeeds, England
ASNAS211298
OrganizationConstantine Cybersecurity LTD
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
29 reports54% confidence
29
Source reports
54%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseactive scanactive scanningaerospace & defenseapplication layer protocolasiaattackattack surface discoveryattack vectorsattacker-ipaustraliaauthentication attemptsauto-generated securityautomated attacksautomotive manufacturingbad reputationbad web botbeningbening scannerblacklist ipbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forcec2c2 communicationcanadaciscocisco devicecivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentials attemptcompromised devicecompromised hostcompromised systemcowriecowrie honeypotcowrie interactionscredential accesscredential attackcredential attackscredential harvestingcredential stuffingcredential-accesscredential-attackcredential_accesscvecyber securitydata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackddos attacksddos participationdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdictionary attackdigital oceandigitalocean ipdigitalocean ipsdionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea payloadsdistributed attacksdnsdns attackdriftnet-benignelectronics manufacturingemailencryptionenterprise networkingenumerationeuropeexfiltrationexploitexploit activityexploit attemptexploit kit activityexploit probingexploit-attemptexploitation activityexploitation attemptexploited hostexternal threatexternal_threatfattfatt analysisfatt detectionsfatt signaturesfin scanfinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forcegbgermanygovernment technologyhackinghoneynet connecthoneytrap activityhoneytrap eventshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpidentity & access exploitationimapindicatorindicators of compromiseindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial-accessinjection activityinjection attacksinternet of thingsinternet-facing attackinternet-wide observationinternet-wide scanintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4ipv4 addressesipv4 port scanningit infrastructurekfsensor honeypotlamplateral movementlinux-serverslogin attemptmail-serversmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious domainmalicious infrastructuremalicious ip listmalicious ipsmalicious scanmalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmanualmanufacturing technologymelbourne regionmilitary operationsmirai botnetmssqlnational securitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynetwork service scanningnetwork trafficnetwork-reconnaissancenetwork_enumerationnetwork_reconnaissancenetwork_scannetwork_services_attacknetworkscanningnextraynorth americanull scanoceaniaopen port detectionopenctios credential dumpingos fingerprintingp0fp0f fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandport-scanportscanpossible exploit attemptspotential vulnerability probingprocess injectionprocess manufacturingprotocol exploitationproxyproxy protocolpublic administrationpublic cloud targetingpublic infrastructurepublic policyquality controlransomwarereconnaissancereconnaissance activityregulatory agenciesremote accessremote access attackremote code executionremote servicesresearchedresource hijackingsansscams & fraudscanscannerscanner ipscannersscanning activitysecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice scansftpsftp attacksftp_protocolsipsip attackssip_protocolsmb brute forcesmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware developmentspamsql injectionsshssh attackssh attacksssh monitoringssh_protocolstealth scansupply chain attacksupply chain managementsuricata alertssynsyn scansystem discoveryt1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1078: valid accountst1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1589t1590t1590.001t1592t1595t1595.001t1595.002t1595.002: vulnerability scanningt1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet threattelnet_protocolthreat actorthreat detectionthreat intelligencethreat preventionthreat_intelligencetor nodetpottsecudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized activityunited kingdomunited kingdom of great britain and northern irelandunited statesverified-benignvnc protocolvoidtrapvoipvoip attackvulnerability scanvulnerability-exploitationvultrvultr infrastructure targetedvultr_platform_activityweb app attackweb application attackweb exploitationweb shell uploadweb trafficweb-application-attackweb-serversxmas scan
Activity Timeline
Jun 4Jun 4
Threat Activity Heatmap
· Peak: 2026-06-04LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
29
Reports
First seenMay 30, 2021
Last seenJun 4, 2026
GeolocationPL
CountryPoland
LocationLeeds, England
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords51.4964, -0.1224
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
- raw
- inetnum: 193.163.125.0 - 193.163.125.127 netname: DRIFTNET-IPV4-A remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-28T13:43:42Z last-modified: 2024-12-09T15:50:34Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 193.163.125.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-21T17:59:25Z last-modified: 2024-10-31T10:43:37Z source: RIPE # Filtered
- references
- https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-26/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-22/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-18/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-14/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-09/, https://voidvendor.com/intel, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-09/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 22 days ago
Appeared in 29 threat reports