IOC Radar
IPMediumSignal 53/100

193.163.125.89

Location
PolandPoland
Leeds, England
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Jun 18, 2021
Last Seen
Jun 4, 2026
Jun 18
First Seen
1822d ago
Jun 4
Last Seen
10d ago
28
Reports
source reports
53%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

73 techniques

Network Information

CountryPLPoland
RegionLeeds, England
ASNAS211298
OrganizationConstantine Cybersecurity LTD

IP Category

Proxy
Proxy server

Feed Intelligence Summary

28 reports53% confidence
28
Source reports
53%
Confidence score
Category tags
abuseaccess controlaccount compromiseackack scanactive scanactive scanningactor listapacheapache attackerapplication layer protocolaptasiaattackattack preparatoryattacker-ipaustraliaauto-generated securityautomated attack attemptsautomated multi-vector probingautomated-attackbad ip'sbad reputationbad web botbeningbening scannerblacklist candidateblacklisted ipblacklisted ip addressbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcec2c2 communicationcanadacdn77cloud infrastructurecloud infrastructure attackcloud providercloud servicescode executioncode injectioncode-injectioncommand & controlcommand and controlcommand executioncommunication protocolcommunication securitycompromised hostcompromised systemconnect scancowrie honeypotcowrie interactionscowrie ssh attackscredential accesscredential guessingcredential harvestingcredential stuffingcredential-abusecyber securitydata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securitydcom exploitationddosddos attackddos attacksddos participationdecoy systemdenial of servicedigital oceandigitalocean environmentdionaea activitydionaea honeypotdionaea interactionsdionaea malware samplesdistributed attacksdnsdns attackdriftnet-benigne-commerceeuropeexecutable fileexploitexploit activityexploit attemptsexploit probingexploitationexploitation activityexploited hostexpressexternal scanfailed login attemptsfattfatt analysisfatt signaturesfilefinfin port scanfin scanfinlandfirewall detection probefirewall probingfrancefraudftpftp attacksftp brute forceftp brute-forcegbgermanyglobalhackinghoneynet connecthoneytrap activityhoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttpsidentity & access exploitationindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial access vectorinitial-accessinjection activityinjection attacksinsaneinternet of thingsinternet-wide scanintrusion detectioniot botnetiot securityiot/ics attackip-addressipv4jamaicakalikfsensor honeypotlateral movementlinuxlogin attemptlvmailoney activitymailoney honeypotmailoney interactionsmalicious activitymalicious communication blockingmalicious domainmalicious file transfermalicious login attemptsmalicious softwaremalicious trafficmalwaremalware beaconingmalware behaviourmalware capturemalware deliverymalware distributionmalware propagationmanualmediummicrosoft technologiesmirai botnetmisp threatnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-attacknetwork_enumerationnorth americanull port scannull scanoceaniaopen port detectionopen threatopportunistic attackeros credential dumpingos detectionos fingerprintingos fingerprinting attemptotx pulsenametip0fp0f network fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapphpping of deathpinyinpla unitpolandport-scanport-scanningportscanpotential attack vectorpotential exploit targetingpotential intrusion attemptpotential vulnerability assessmentpotential vulnerability scanningprocess injectionprotocol exploitationproxyransomwarerdpreconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingretailrpcrtbhsansscams & fraudscanscannerscanner ipsscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer datasentrypeer interactionsserverservice discoveryservice enumerationservice probingservice scansftp attackshadowsip attackssip scanningslugsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsocial engineeringspamsql injectionsql-injectionsshssh attackssh attacksssh monitoringstealthstealth scansurface websuricata alertssynsyn port scansyn scansystem accesssystem discoveryt1003t1003.001t1003.006t1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1029t1040t1041t1046t1047t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1078t1078.002t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1195t1203t1213t1486t1496t1499.001t1499.002t1499.003t1543.003t1555.003t1563t1565t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1587.001t1589t1589.001t1589.002t1590t1590.001t1590.003t1592t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcp protocoltcp scantelecommunicationtelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionti advisorytor nodetorontotpottsocudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized scanningunit coverunited kingdomunited kingdom of great britain and northern irelandunited statesunixunknown threat actorunsolicited network probevalid accountsverified-benignversion detectionvoidtrapvoipvoip attackvulnerability scanvulnerability-scanvultrweb app attackweb application attackweb application attacksweb attackweb exploitweb exploitationweb shell detectionweb spamweb trafficweb-application-attackweb-attackwindowsxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
28
Reports
First seenJun 18, 2021
Last seenJun 4, 2026
GeolocationPL
CountryPoland
LocationLeeds, England
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords53.8008, -1.5491
Proxy

VirusTotal

Not checked

WHOIS

description
Everything we catch in our network
raw
inetnum: 193.163.125.0 - 193.163.125.127 netname: DRIFTNET-IPV4-A remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-28T13:43:42Z last-modified: 2024-12-09T15:50:34Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 193.163.125.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-21T17:59:25Z last-modified: 2024-10-31T10:43:37Z source: RIPE # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 10 days ago
Appeared in 28 threat reports