IPMediumSignal 76/100
141.98.11.175
Location
LithuaniaVilnius, Vilnius
ASN
AS209605
UAB Host Baltic
First Seen
Jul 5, 2023
Last Seen
Jun 6, 2026
Found in 37 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
76%
Signal Score
76 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryLithuania
LithuaniaRegionVilnius, Vilnius
ASNAS209605
OrganizationUAB Host Baltic
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
37 reports76% confidence
37
Source reports
76%
Confidence score
Category tags
abuseaccessaccess controlaccount accessaccount compromiseactive scanactive scanningad fraudadbhoney honeypotadbhoney related activityadventadvertising campaignadvertising spamaerospace & defenseakamai sirtalaskaalienvault_ransomwareamadeyantispamapacheapache attackerapkaptaquabotaquabotv3arcanestealerasciiasiaasnycratasyncratattachment phishingattackaustraliaauto-generated securityautomated attackautomated emailautomated scanbackdoorbackdoordiplomacybad reputationbad web botbankingbase64base64 encodingbashbecbelarusbitcoin addressbitcoinaddressblacklist activityblacklist candidateblacklist ipblacklisted ipblog spambookingbotnetbotnet activitybotnet c2brazilbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebuffer overflowbulk emailbulk messagingc&c communicationc2c2 activityc2 domaincaptchacensyscertciscocisco attackcisco devicecisco device attackcisco device targetingcisco exploitation attemptcisco exploitation attemptscisco scanningcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycivil servicesclayratclickfix exploitclickfix lurecobaltstrikecodecode executioncode injectioncoinminercommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycommunication technologiescompromised credentialscompromised hostsconnected devicesconpot honeypotconpot ics attackscontagious interviewcopy snortcowriecowrie activitycowrie honeypotcowrie interactionscowrie logscowrie ssh attackscowrie ssh logscredential accesscredential brute forcecredential brute forcingcredential harvestingcredential phishingcredential stealingcredential stuffingcredential theftcredential_accesscredit card servicescross-site scriptingcryptbotcrypto cybercryptocurrencycryptocurrency threatscryptojackingctacvecyber threatdatadata encryptiondata exfiltrationdata scrapingdata store exposuredata theftdatabase attackdatabase brute forcedatabase probingdatabase securitydcratddosddos attackddos attacksdecoy systemdefencedefensedefense contractingdefense logisticsdefense systemsdefense technologydelhidenial of servicedevice managementdhcpdhcp explorationdhcp scanningdictionary attackdionaeadionaea activitydionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondirectory traversaldistributed attacksdomaindonutloaderdropped-by-acrstealerdropperdust specterelasticpot honeypotelasticsearchelasticsearch brute forceelasticsearch monitoringelementorelfemailemmenhtal loaderencryptionenergyenergy distributionenterprise networkingenterprise securityenumerationeuropeeurope/asiaexeexecutable fileexploitexploit attemptexploit kitsexploit probingexploit public-facing applicationexploit targetingexploitationexploitation activityexploitation attemptsexploitation of vulnerabilityexploited hostexploitsexternal remote servicesextortionfakecaptchafinancefinance and insurancefinancial servicesfinancial technologyfrancefraudfraudulent activityftpftp attacksftp brute forceftp brute-forcegafgytgentlemen ransomwaregermanyget requestgithubgovernment technologygroupsguloaderhackinghajimeheralding activityheralding scan activityhijackloaderhoneypot triggeredhoneytrap honeypothtahttp brute forcehttp scannerhttpsics attackics securityidatloaderidentity & access exploitationillegal service advertisingimapimap brute forceimap scanningindexindiaindia phone numbersindia spamindicatorindonesiaindustrial control systemsindustrial iotinfected systemsinformation gatheringinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinitial_accessinjection activityinjection attacksinternet of thingsintrusion detectioniociocsiotiot analyticsiot applicationsiot botnetiot device targetingiot platformsiot securityiot/ics attackips alertipv4javascript injectionjsonkfsensor honeypotlajpat nagarlamplamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server targetinglamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlateral spreadlcia honeynetldapldap brute forcelithuanialnkloaderlog4jloginltlummalummastealermail protocol abusemailoney activitymailoney email attacksmailoney honeypotmalicious activitymalicious campaignmalicious code detectionmalicious ip detectedmalicious network activitymalicious powershell activitymalicious python scriptsmalicious scanmalicious softwaremalicious sshmalwaremalware activitymalware analysismalware behaviourmalware capturemalware communicationmalware deliverymalware distributionmalware hostingmalware infectionmalware loadermass scanningmasscanmemcache scanningmetasploitmexicomilitary operationsmimicmiraimirai botnetmitelmobile carriersmobile networksmobile threatmoonrise ratmozimssqlmssql brute forcen8nnational securitynetsupport c2netsupport managernetsupport ratnetworknetwork activitynetwork attacksnetwork indicatorsnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_reconnaissancenetwork_scannjratnoescapenorth americantpntp scanningoceaniaoil & gasopendiroracleoracle brute forceos command injectionos credentials dumpingpasswordpassword attackpassword attackspassword theftpayloadpayload deliverypayment fraudpayment processingphishingphishing attackphishing campaignphishing trapphone number spamphone spamping of deathpossible botnet activitypossible ddos activitypost requestpostgres brute forcepower generationpower systemspowershellpowershell jsonpowershell zipprice requestprice request scamprivilege escalationprobingprocess injectionprotocol exploitationproxyproxy protocolps1public administrationpublic infrastructurepublic policypythonqhoneypot activityquasarratransom houseransomwareransomware activityratrat loaderrcerdpreconnaissancereconnaissance activityredis brute forceredis exploit attemptredis honeypotredis honeypot activityregulatory agenciesremcosratremote accessremote access toolremote access trojanremote administration toolsremote code executionremote service exploitationremote servicesremote_servicerenewable energyresearchedresource hijackingrev-base64-loaderroleruby jumperrussiasaint helena, ascension and tristan da cunhascamscams & fraudscanscannerscanningscanning activityschedule themescheduled task abusescriptscripting attackssecurity operationssecurity policysentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer exploitserver exploitationservice enumerationservice scansex industrysex services advertisementsex worksftpsftp access attemptsftp access attemptssftp attacksftp attackssftp attemptsftp protocol abusesftp scanningshshell access attemptsshellshocksingaporesipsip attackssip brute forcesip scanningslugsmart devicessmb brute forcesmssms spamsms spam campaignsmtp probingsmtp scanningsnortsocial engineeringsocks5socks5 proxy attemptsocks5 scanningsocradar honeypotsoftware exploitationsouth americaspamspam advertisementspam campaignspam campaignssql injectionsshssh attackssh monitoringsshdkitstealcstorm-2603surface websyn scanningsystem disruptiont1003t1003.001t1016t1016.001t1018t1021t1021.001t1021.002t1021.004t1021.005t1021.006t1027t1027.002t1036t1040t1041t1046t1047t1053t1053.005t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1086t1087t1102.003t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1112t1115t1133t1140t1187t1189t1190t1192t1195.001t1199t1202t1203t1204t1204.001t1204.002t1205t1210t1218.007t1218.010t1219t1486t1490t1496t1497t1498t1499.001t1499.002t1499.003t1505.003t1505.004t1547.001t1550.002t1553.002t1555t1555.003t1562.001t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1567.002t1569t1573t1573.001t1573.002t1583t1583.001t1583.006t1583.007t1584t1584.004t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1588.005t1589t1589.002t1590t1590.001t1591t1592t1592.001t1592.002t1592.003t1592.004t1595t1595.001t1595.002t1595.003t1598t1598.003t1598.004tannertanner activitytargeting databasetariff server compromisetariff server themetariffs servertcp protocoltcp scanningtcp/23tcp/80telecomtelecom servicestelecommunicationstelephone harassmenttelnettelnet threattenda ac1206textthreat actorthreat actor groupthreat detectionthreat intelligencethreat preventiontimetor nodetpottpotcetraffic distribution systemtriadatrojan malwareturkeyua-curlua-wgetukraineunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunited statesunknown threat actorunsolicited communicationunsolicited contactunsolicited messaginguruguayus ip addressus-akvalid accountsvalleyratvidarvidar stealervnc protocolvnc scanningvoipvoip attackvulnerability scanwatering holewatering hole attackwealth managementweb app attackweb application attackweb application attacksweb attackweb exploitationweb injectionweb scannerweb spamweb trafficwebscanwebscannerweekwetransfer abusewsgidavxfilesxfiles stealerxmlxml-opendirxwormyarazerobotzip
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
76
SIGNAL
Signal Score
76%
Confidence
37
Reports
First seenJul 5, 2023
Last seenJun 6, 2026
GeolocationLT
CountryLithuania
LocationVilnius, Vilnius
ASNAS209605
OrgUAB Host Baltic
Coords56.0000, 24.0000
Proxy
VirusTotal
Not checked
WHOIS
- description
- 2024-12-27T12:48:40.243Z Honeypot : Tanner : Source: 141.98.11.175 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'detection': {'type': 1, 'version': '0.6.0', 'order': 1, 'name': 'index'}, 'sess_uuid': '1012a188-33a0-4e30-88ee-30b228ca5631'}}}
- raw
- inetnum: 141.98.11.0 - 141.98.11.255 netname: LT-HOSTBALTIC-11 country: LT admin-c: PV7242-RIPE tech-c: PV7242-RIPE status: ASSIGNED PA mnt-by: mnt-lt-hostbaltic-1 created: 2019-01-10T13:12:30Z last-modified: 2019-01-10T13:12:30Z source: RIPE person: Paulius Vancugovas address: Draugystes g. 19 address: 51230 address: Kaunas address: LITHUANIA phone: +37067358624 nic-hdl: PV7242-RIPE mnt-by: mnt-lt-hostbaltic-1 created: 2019-01-08T13:14:38Z last-modified: 2019-01-09T13:14:40Z source: RIPE route: 141.98.11.0/24 origin: AS209605 mnt-by: mnt-lt-hostbaltic-1 created: 2019-01-23T11:43:29Z last-modified: 2019-01-23T11:43:29Z source: RIPE
- references
- https://github.com/telekom-security/tpotce, https://urlhaus.abuse.ch/browse/, https://www.intrinsec.com/wp-content/uploads/2025/05/TLP-CLEAR-BtHoster-Identifying-noisy-networks-emitting-malicious-traffic-through-masscan-servers-1.pdf, https://threatview.io/Downloads/Experimental-IOC-Tweets.txt, https://www.akamai.com/blog/security-research/2025-january-new-aquabot-mirai-variant-exploiting-mitel-phones#iocs, https://any.run/malware-trends/, https://urlhaus.abuse.ch/, https://x.com/sicehice/status/1871296162784788811, https://x.com/sicehice/status/1871316368382906842, https://x.com/sicehice/status/1871318068305301733, https://x.com/sicehice/status/1871318106947100859, https://x.com/sicehice/status/1871328126850281505
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 7 days ago
Appeared in 37 threat reports