IPMediumSignal 55/100
193.163.125.36
Location
FinlandLeeds, England
ASN
AS211298
Constantine Cybersecurity LTD
First Seen
Jun 19, 2021
Last Seen
Jun 3, 2026
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryFinland
FinlandRegionLeeds, England
ASNAS211298
OrganizationConstantine Cybersecurity LTD
Feed Intelligence Summary
26 reports55% confidence
26
Source reports
55%
Confidence score
Category tags
abuseaccess controlackack scanactive scanactive scanningasiaattackattacker-ipaustraliaauto-generated securitybad reputationbad web botbeningbening scannerblacklist candidatebotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force-ftpbrute-force-sshbrute-force-webc2 communicationc2 servercanadaciscocisco devicecisco exploit attemptcisco exploitation attemptscloud infrastructurecode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommand-injectioncommunication protocolcompromised credentials attemptcompromised hostcompromised hostsconnect scancowriecowrie activitycowrie honeypotcowrie interactionscredential accesscredential attackcredential attackscredential guessingcredential harvestingcredential stuffingcredentialaccessdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase brute forcedatabase securitydcomdcom exploitationddosddos attackddos attacksddos preparationdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea honeypotdionaea interactionsdirectory-bruteforcedistributed attacksdnsdns attackdriftnet-benignencryptionenterprise networkingenumerationeuropeexploitexploit attemptsexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal scanexternal threatexternal_threatfattfatt signaturesfinfin port scanfin scanfinlandfirewall probingfrancefraud voipftpftp attacksftp brute forceftp brute-forceftp scangbgermanyhackingheralding activityheralding attemptshoneynet connecthoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scanhttp scannerhttp scanninghttpsicmpidentity & access exploitationimapindicatorindicators of compromiseinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure targetinginitial accessinitial_access_attemptinjection activityinjection attacksinternet of thingsinternet-facinginternet-facing assetsinternet-wide scanintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4ipv4 addressesipv4 threatsipv4_addresskfsensor honeypotlamplamp exploit attemptlamp exploitation attemptslateral movementlogin attemptlogin_attemptloginattackmailoney honeypotmailoney interactionsmalicious activitymalicious ipmalicious ipv4malicious scanmalicious softwaremalwaremalware analysismalware behaviourmalware capturemalware deliverymalware distributionmanualmass port scanmass scanningmicrosoft technologiesmiraimirai botnetnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork_activitynetwork_scanningnorth americanull port scannull scanoceaniaopen port detectionopen portsopenctip0fp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandport-scanportscanpossible botnet activitypotential attack vectorpotential intrusion attemptpotential malwarepotential threatpotential vulnerability assessmentpotential vulnerability exploitationprocess injectionprotocol exploitationransomwarerdprdp attacksrdp scanrdp scanningreconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingrpcrtbhsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scansftpsftp attacksipsip brute forcesmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsocial engineeringspamsql injectionsql-injectionsshssh attackssh attacksssh monitoringssh scanstealthstealth scansuricata alertssynsyn port scansyn scansystem accesst1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1210t1213t1486t1496t1499.001t1499.002t1499.003t1505.002t1550.003t1555t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcptcp protocoltcp scantelecommunicationstelnettelnet attackstelnet scantelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat_intelligencetor nodetorontotpottpotceudpudp port scanudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized probingunauthorized scanningunited kingdomunited kingdom of great britain and northern irelandunited statesunknown actorunknown threat actorunsolicited network probeverified-benignvnc protocolvoidtrapvoipvoip attackvulnerability scanweb app attackweb application attackweb attackweb exploitweb exploitationweb spamweb trafficxmasxmas port scanxmas scan
Activity Timeline
Jun 3Jun 3
Threat Activity Heatmap
· Peak: 2026-06-03LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
26
Reports
First seenJun 19, 2021
Last seenJun 3, 2026
GeolocationFI
CountryFinland
LocationLeeds, England
ASNAS211298
OrgConstantine Cybersecurity LTD
Coords51.4964, -0.1224
VirusTotal
Not checked
WHOIS
- description
- Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
- raw
- inetnum: 193.163.125.0 - 193.163.125.127 netname: DRIFTNET-IPV4-A remarks: +----------------------------------------------------------- remarks: | This IP range is not attacking your network. remarks: | Visit https://internet-measurement.com for more details. remarks: | View data collected at https://driftnet.io. remarks: +----------------------------------------------------------- country: GB admin-c: DH9005-RIPE tech-c: DH9005-RIPE abuse-c: DH9005-RIPE status: LIR-PARTITIONED PA mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-28T13:43:42Z last-modified: 2024-12-09T15:50:34Z source: RIPE # Filtered role: Driftnet Hostmaster address: Unit 72465, PO Box 6945 address: W1A 6US address: London address: UNITED KINGDOM phone: +442037450350 abuse-mailbox: [email protected] nic-hdl: DH9005-RIPE mnt-by: lir-uk-driftnet-1-MNT created: 2024-10-30T18:00:18Z last-modified: 2024-10-31T10:49:52Z source: RIPE # Filtered route: 193.163.125.0/24 origin: AS211298 mnt-by: lir-uk-driftnet-1-MNT created: 2021-05-21T17:59:25Z last-modified: 2024-10-31T10:43:37Z source: RIPE # Filtered
- references
- https://voidvendor.com/intel, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-28/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-28/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-27/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-27/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-26/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-26/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-25/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-25/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-24/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-23/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-23/, https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://example.com
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 10 days ago
Appeared in 26 threat reports