IOC Radar
IPMediumSignal 65/100

141.98.11.166

Location
LithuaniaLithuania
Vilnius, Kauno apskritis
ASN
AS209605
UAB Host Baltic
First Seen
Jul 5, 2023
Last Seen
Jun 12, 2026
Jul 5
First Seen
1087d ago
Jun 12
Last Seen
15d ago
25
Reports
source reports
65%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

76 techniques

Network Information

CountryLTLithuania
RegionVilnius, Kauno apskritis
ASNAS209605
OrganizationUAB Host Baltic

IP Category

Proxy
Proxy server

Feed Intelligence Summary

25 reports65% confidence
25
Source reports
65%
Confidence score
Category tags
abuseabuseipdbaccess attemptaccess controlaccount compromiseack scanactive scanactive scanningafricaalibaba cloudand botnet activityanomalous behavioranomalyapacheapache attackerapplication layer protocolapplication_layer_protocolaptargentinaasiaattackattack surface discoveryattack vectorsattackers ip addressesattacking ip listaustraliaaustralia ipsaustralia originating ipsauthenticationauthentication abuseauthentication attackauthentication attacksauto-blockedauto-blocked ipsauto-generatedauto-updatedautomated attackautomated attack activityautomated attacksautomated exploitation attemptsautomated threatautomated threat responsebad reputationbad web botbangladeshbde 80bde scorebde score 80bde score 80+bde score alertbde score analysisbde score: 80belgiumblocked-ipsblocklist_allblog spambot activitybotnetbotnet activitybrand weaponizationbrazilbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2 channelsc2 communicationcanadachinacisco devicecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecode executioncommand & controlcommand and controlcommand executioncommunication protocolcompromised hostcompromised infrastructurecompromised systemcompromised systemsconpot honeypotcowriecowrie honeypotcowrie ssh honeypotcredential accesscredential access attemptcredential attackcredential attackscredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential theftcredential theft attemptcredential-attackcredential_accesscryptocurrencycryptocurrency threatscryptojackingcyber threatscyberattackdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackddosddos attackddos attacksdecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdigital oceandionaeadionaea honeypotdistributed attacksdiverse originselectronic health recordsemerging threatencryptionenterprise networkingenumerationeuropeeurope/asiaevasionexploitexploit attemptsexploit kit activityexploitation activityexploitation attemptexploitation attemptsexploited hostexternal accessexternal attackexternal scanningexternal threatexternal_threatfail2ban blockingfailed login attemptsfattfi ipfin scanfinancefinancial servicesfinlandfranceftpftp attackftp brute forceftp brute-forceftp scanftp_bruteforcegeographic distributiongeographic diversitygeographic sourcegeographically diversegeographically diverse originsgeoipgermanygithubglobal threathackinghealth care and social assistancehealth information technologyhealthcare information systemshigh bdehigh bde scorehigh confidence threathigh riskhigh threat levelhigh-risk ipshoneytrap honeypothong konghospital managementhttp brute forcehttp scanhttp scannerhttp/httpshttp_bruteforcehttpsicelandics attacksics securityidentity & access exploitationimapimap brute forceinbound scanindiaindia originating ipsindicators of compromiseindonesiaindustrial control systemsinformation technologyinfostealerinitial accessinitial access attemptinitial_access_attemptinjection activityinternet of thingsinternet-facing assetsinternet-facing serviceinternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scanintrusion detectioniociocsiot botnetiot securityiot/ics attackip-addressesipv4ipv4 addressesipv4 attackipv4 indicatoripv4_addressiraqirelandisp-reputationit infrastructurejapanjapan targetkenyakfsensor honeypotkorea, republic ofkyrgyzstanlamplamp server attacklateral movementlithuanialogin attacklogin attemptsltmailoney honeypotmalicious activitymalicious communicationmalicious hostingmalicious infrastructuremalicious ip activitymalicious ip addressesmalicious ipsmalicious network activitymalicious network trafficmalicious originmalicious softwaremalicious trafficmalicious_ipmalwaremalware activitymalware beaconingmalware behaviourmalware capturemalware distributionmasscan activitymedical servicesmexicomirai botnetmitre-attackmoroccomulti-country activitymulti-country originmultiple countriesnetherlandsnetworknetwork activitynetwork attacksnetwork communicationnetwork device targetingnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service attacknetwork threatnetwork trafficnetwork traffic analysisnetwork traffic spikenetwork_reconnetwork_reconnaissancenetwork_scannetwork_scanningnmap scan detectednorth americanull scanoceaniaopen_port_discoveryp0fpassword attackpassword attackspatient carepattern-32pattern-38phishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible exploitationpossible exploitation attemptspossible lateral movementpossible reconnaissancepossible vulnerability probingpotential botnet activitypotential emerging threatpotential evasionpotential exploit targetingpotential intrusionpotential intrusion attemptpotential malwarepotential malware activitypotential reconnaissance activitypotential threatpotential threat actorpotential_intrusionprocess injectionprotocol exploitationproxypublic cloud targetingpublicly accessible infrastructureransomwarerdp scanreconnaissancereconnaissance activityremote accessremote access attemptsremote servicesresearchedresidential proxyresource hijackingromaniarussiascada/ics attackscanscannerscannersscanning activityscanning_activityscripting attackssecurity alertsecurity eventsecurity operationssecurity policysensor-taggedsentrypeer botnetserbiaserver securityserver-attackservice discoveryservice enumerationservice scanservice_enumerationsftp attacksftp attackssftp exploitation attemptssingaporesingapore ipssip attackssip brute forcesmtpsmtp attacksmtp brute forcesmtp scansocial engineeringsocradar honeypotsoftware developmentsoftware exploitationsouth africasouth americaspamsshssh attackssh attacksssh monitoringssh protocolssh scanssh_bruteforcessl certificate enrichmentssl-enrichmentssl/tls enrichmentssl_analysisstealcstealth scanstix 2.1stix-2.1supply chain attacksupply-chainsuspected_attackswedensyn scansystem accesst1003t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.004t1027t1036.006t1040t1041t1046t1053t1055t1056.001t1059t1059.001t1059.004t1059.007t1068t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078: valid accountst1083t1087t1090t1102t1105t1110t1110.001t1110.001: password guessingt1110.002t1110.003t1110.004t1110: brute forcet1133t1140t1190t1195.002t1203t1486t1496t1499.001t1499.002t1499.003t1547.001t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1567t1571t1573t1573.002t1583t1583.006t1585t1586t1589t1589.001t1590t1590.005t1592t1595t1595.001t1595.002t1595.003ta0001: initial accessta0043 - reconnaissancetaiwantannertargeting databasetcp protocoltcp scantcp/23tcp_scanteam cymrutelecommunicationstelnet scantelnet threattencentthreat activitythreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelthreat-intelligencethreat_intelligencetokyotor nodetorontotpottraffic anomalyudp port scanudp scanudp_scanukraineunattributed activityunauthorized accessunauthorized access attemptunauthorized activityunauthorized loginunauthorized probingunited kingdomunited statesunknown actorunknown threat actorus originating ipsuzbekistanvenezuela, bolivarian republic ofvoipvoip attackvulnerability scanvultr_platform_activityweb app attackweb application attackweb attackweb attacksweb brute forceweb exploitweb exploitationweb login attackweb protocolsweb spamweb trafficxmas scan

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
25
Reports
First seenJul 5, 2023
Last seenJun 12, 2026
GeolocationLT
CountryLithuania
LocationVilnius, Kauno apskritis
ASNAS209605
OrgUAB Host Baltic
Coords54.8998, 23.8999
Proxy

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=LT; ports=80 Location=Sydney, Australia.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 15 days ago
Appeared in 25 threat reports