IOC Radar
IPMediumSignal 38/100

92.119.196.10

Location
United KingdomUnited Kingdom
London, ENG
ASN
AS62172
AIRBYTES COMMUNICATIONS Limited
First Seen
Apr 2, 2025
Last Seen
Apr 7, 2026
Apr 2
First Seen
436d ago
Apr 7
Last Seen
66d ago
8
Reports
source reports
38%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
38%
Signal Score
38 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

27 techniques

Network Information

CountryGBUnited Kingdom
RegionLondon, ENG
ASNAS62172
OrganizationAIRBYTES COMMUNICATIONS Limited

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

8 reports38% confidence
8
Source reports
38%
Confidence score
Category tags
abuseactive scanactive scanningalienvault_ransomwareattackauthentication attackauthentication bypassbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbulgariacivil servicescommand and controlcountcredential accesscredential stuffingdata exfiltrationdata store exposuredistributed attacksencryptioneuropeexploitation activityftp brute forcegeo-distributed attackgeographic anomalygovernment technologyhackinghttp brute forceidentity & access exploitationinjection activitymalicious activitymalicious softwaremalwaremultiple failed loginsmultiple ip addressesnetherlandsnetworknetwork accessnetwork intrusionnetwork reconnaissancenetwork scanningpassword attackpassword attacksprocess injectionproxypublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesremote accessremote servicesresearchedscannersecurity operationsssh attackssl vpnsyn scant1021.001t1046t1055t1059t1071.001t1076t1078t1078.001t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.002t1499.003t1563t1565t1588t1588.004t1595t1595.001t1595.002t1595.003tcp scanthreat actorthreat intelligencetor nodeturkeyudp scanunauthorized accessunauthorized loginunited kingdomunknown passwordsunknown usernamesvpn

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
38
SIGNAL
Signal Score
38%
Confidence
8
Reports
First seenApr 2, 2025
Last seenApr 7, 2026
GeolocationGB
CountryUnited Kingdom
LocationLondon, ENG
ASNAS62172
OrgAIRBYTES COMMUNICATIONS Limited
Coords51.5269, -0.0991
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 addresses from multiple GEO locations making multiple unauthorised attempts to establish SSL VPN connections to firewall using random/unknown username and passwords. Logged between 21/04/2025 8am - 22/04/2025 8am.
raw
inetnum: 92.119.196.0 - 92.119.196.255 netname: AIRBYTES country: GB org: ORG-ACL55-RIPE admin-c: NA7839-RIPE tech-c: NA7839-RIPE abuse-c: AR68931-RIPE mnt-routes: AIRBYTESUK-MNT mnt-domains: AIRBYTESUK-MNT geofeed: https://as212177.net/geofeed.csv status: ASSIGNED PA mnt-by: MNT-NETERRA created: 2025-06-10T07:50:39Z last-modified: 2025-06-10T07:50:39Z source: RIPE organisation: ORG-ACL55-RIPE org-name: AIRBYTES COMMUNICATIONS Limited country: GB org-type: LIR address: Unit B, Brindley Close address: NN10 6EN address: Rushden address: UNITED KINGDOM phone: +442080898089 admin-c: NA7839-RIPE tech-c: NA7839-RIPE abuse-c: AR68931-RIPE mnt-by: RIPE-NCC-HM-MNT mnt-by: AIRBYTESUK-MNT created: 2022-09-08T07:16:19Z last-modified: 2024-12-14T23:25:35Z source: RIPE # Filtered mnt-ref: AIRBYTESUK-MNT mnt-ref: MNT-NETERRA mnt-ref: PRAGER-MNT role: Airbytes NOC address: UNITED KINGDOM address: Rushden address: NN10 6EN address: Unit B, Brindley Close phone: +442080898089 nic-hdl: NA7839-RIPE mnt-by: AIRBYTESUK-MNT created: 2022-09-08T07:16:18Z last-modified: 2023-07-12T20:54:02Z source: RIPE # Filtered route: 92.119.196.0/24 descr: AIRBYTES - Broadband Infrastructure origin: AS212177 mnt-by: AIRBYTESUK-MNT created: 2025-06-10T08:03:43Z last-modified: 2025-06-10T08:03:43Z source: RIPE
references
2025-04-22-SSL-VPN-malicious-login-attempts.csv, 2025-04-14-SSL-VPN-malicious-login-attempts.csv, 2025-04-08-SSL-VPN-malicious-login-attempts.csv, 2025-04-07-SSL-VPN-malicious-login-attempts.csv, 2025-04-03-SSL-VPN-malicious-login-attempts.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 8 threat reports