IPMediumSignal 42/100

`193.163.125.22`

Location

France

Leeds, England

ASN

AS211298

Constantine Cybersecurity LTD

First Seen

Jun 28, 2021

Last Seen

Jun 22, 2026

Jun 28

First Seen

1821d ago

Jun 22

Last Seen

2d ago

Reports

source reports

42%

Confidence

medium

Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

42%

Signal Score

42 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

64 techniques

Network Information

Country

France

RegionLeeds, England

ASNAS211298

OrganizationConstantine Cybersecurity LTD

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

26 reports42% confidence

Source reports

42%

Confidence score

Category tags

abuseaccess controlackack scanactive scanactive scanningamerican expressapacheapache attackerapplication layer protocolasiaattackattacker ipaustraliaauto-generated securitybad reputationbad web botbeningbening scannerblacklist candidateblacklist ipblacklisted ip addressbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2 communicationc2 servercanadacloud infrastructurecommand & controlcommand and controlcommand injectioncommunication protocolcompromised hostcompromised hostsconnect scancowriecowrie detected activitycowrie honeypotcredential accesscredential guessingcredential harvestingcredential stuffingcredentialaccessdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase securitydcom exploitationddosddos attackddos attacksdecoy systemdenial of servicedigital oceandiners club internationaldionaea honeypotdirectory traversal probedistributed attacksdnsdns attackdriftnet-benignemailencryptionenumerationeuropeexploitexploit attemptexploit public-facing applicationexploitationexploitation activityexploited hostexternal scanexternal threatexternal_threatfattfinfin port scanfin scanfinlandfirewall detectionfirewall evasionfranceftpftp brute forceftp brute-forceftp scangbgermanygithubhackingheralding activityhoneynet connecthoneytrap honeypothttp brute forcehttp scanhttp scannerhttpshuaweiicmpidentity & access exploitationimapindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure targetinginitial accessinitial_access_attemptinjection activityinjection attacksinternal scaninternet of thingsinternet-facing assetsinternet-wide scanintrusion detectioniociot botnetiot securityiot/ics attackipv4ipv4 addressesipv4 threatsipv4_addresskfsensor honeypotlamplamp exploitation attemptlamp server targetlamp stack targetinglateral movementlogin attemptlogin_attemptloginattackmailoney honeypotmalicious activitymalicious ipmalicious ipv4malicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware distributionmanualmass scanningmicrosoft technologiesmiraimirai botnetnation-state activitynetbiosnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork_activitynetwork_scanningnorth americanull port scannull scanoceaniaopen port detectionopen port identificationopen portsos credential dumpingos detectionp0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandportscanpossible malicious activitypossible reconnaissancepotential credential compromisepotential vulnerability assessmentpotential vulnerability probingpotential vulnerability scanprocess injectionprotocol exploitationproxyproxy protocolpythonrdp scanrdp scanningreconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingrpcsansscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetservice discoveryservice enumerationservice probingservice scanservice version detectionsftpsftp attacksipsip brute forcesip scanningslugsmb brute forcesmtpsmtp brute forcesmtp scansocial engineeringspamsql injectionsql injection probesshssh attackssh monitoringssh scanstealthstealth scansurface websynsyn port scansyn scansystem accesssystem discoveryt1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1210t1213t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner detected activitytargeting databasetcptcp protocoltcp scantelecommunicationtelecommunicationstelnet scantelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat_intelligencetor nodetorontotpottsecudp port scanudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized network activityunauthorized probingunited kingdomunited kingdom of great britain and northern irelandunited statesunknown actorunknown threat actorverified-benignversion detectionvoipvoip attackvulnerability scanweb app attackweb application attackweb attackweb exploitweb exploitationweb spamweb trafficwestpac new zealandxmasxmas port scanxmas scan

Activity Timeline

1 total obs

Jun 22Jun 22

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

42%

Confidence

Reports

First seenJun 28, 2021

Last seenJun 22, 2026

GeolocationFR

CountryFrance

LocationLeeds, England

ASNAS211298

OrgConstantine Cybersecurity LTD

Coords51.4964, -0.1224

Proxy

VirusTotal

Not checked

WHOIS

description: Scans hitting the server at TCP port 139 NETBIOS. Same IP should not appear more than once in 96 hours in our lists S3#.
raw: inetnum: 193.163.125.0 - 193.163.125.127 netname: DRIFTNET-IPV4-A remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-28T13:43:42Z last-modified: 2024-12-09T15:50:34Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 193.163.125.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-21T17:59:25Z last-modified: 2024-10-31T10:43:37Z source: RIPE # Filtered
references: https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce

`193.163.125.22`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey