IOC Radar
IPMediumSignal 53/100

193.163.125.88

Location
FinlandFinland
Leeds, England
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
May 31, 2021
Last Seen
Jun 9, 2026
May 31
First Seen
1841d ago
Jun 9
Last Seen
7d ago
27
Reports
source reports
53%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

70 techniques

Network Information

CountryFIFinland
RegionLeeds, England
ASNAS211298
OrganizationConstantine Cybersecurity LTD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

27 reports53% confidence
27
Source reports
53%
Confidence score
Category tags
abuseaccess controlaccount compromiseack scanactive scanactive scanningadbhoney activityadbhoney honeypotagentalertapacheapache attackerapplication layer protocolasiaattackattack preparatoryaustraliaauto-generated securitybad ip'sbad reputationbad web botbeningbening scannerblacklist candidateblacklist ipbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcec2 communicationc2 servercdn77cins activecloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostsconnect scanconpot activityconpot honeypotconpot ics attackcowrie activitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential harvestingcredential stuffingcyber securitydata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase securitydcom exploitationddosddos attackddos attacksdecoy systemdenial of servicedigital oceandigitalocean environmentdionaea activitydionaea honeypotdionaea interactionsdionaea malware detectiondionaea malware samplesdistributed attacksdnsdns attackdriftnet-benigndshield blocke-commerceencryptionenumeration attemptet dropeuropeexecutable fileexploitexploit attemptsexploit probingexploitation activityexploited hostexpressexternal scanfailed login attemptsfattfatt analysisfatt signaturesfilefin port scanfin scanfinlandfirewall probingfrancefraudftpftp attacksftp brute forceftp brute-forcegbgermanyglobalhackinghoneynet connecthoneytrap activityhoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannericmpics securityidentity & access exploitationindicatorindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial access vectorinjection activityinjection attacksinsaneinternet of thingsinternet-wide scanintrusion detectioniociot botnetiot securityiot/ics attackipv4jamaicakalikfsensor honeypotlateral movementlinuxlisted sourcelogin attemptlvmailoney activitymailoney email spoofingmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious scanmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware propagationmanualmass port scanmassive port scanmediummicrosoft technologiesmirai botnetnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_enumerationnorth americanull port scannull scanoceaniaopen port detectionopportunistic attackeros credential dumpingos detectionp0fp0f network fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapphppingping of deathpolandpoor reputationportportscanpossible reconnaissance activitypossible vulnerability probingpotential attack vectorpotential intrusion attemptpotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability scanningprocess injectionprotoprotocol exploitationproxyproxy protocolransomwarerdpreconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingretailrpcrtbhsansscams & fraudscanscannerscanner ipsscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionssentrypeer p2p attackserverservice detectionservice discoveryservice enumerationservice scansftp activitysftp attacksftp scanningshadowsip attackssip brute forcesip scanningslugsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsocial engineeringspamsshssh attackssh attacksssh monitoringstealth scansurface websuricata alertssyn port scansyn scansystem accesssystem discoveryt1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1189t1190t1195t1203t1210t1213t1486t1496t1499.001t1499.002t1499.003t1550.003t1562t1563t1565t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1589t1589.002t1590t1590.001t1590.003t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstanner web attacktargeting databasetcp protocoltcp scantelecommunicationtelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized probingunauthorized scanningunited kingdomunited kingdom of great britain and northern irelandunited statesunixunknown threat actorverified-benignvnc protocolvoipvoip attackvulnerability scanvultrwarsawweb app attackweb application attackweb application attacksweb exploitweb exploitationweb shell detectionweb spamweb trafficwindowsxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
27
Reports
First seenMay 31, 2021
Last seenJun 9, 2026
GeolocationFI
CountryFinland
LocationLeeds, England
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords53.8008, -1.5491
Proxy

VirusTotal

Not checked

WHOIS

description
Everything we catch in our network
raw
inetnum: 193.163.125.0 - 193.163.125.127 netname: DRIFTNET-IPV4-A remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-28T13:43:42Z last-modified: 2024-12-09T15:50:34Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 193.163.125.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-21T17:59:25Z last-modified: 2024-10-31T10:43:37Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 7 days ago
Appeared in 27 threat reports