IPMediumSignal 67/100
141.98.11.79
Location
LithuaniaVilnius, Vilnius
ASN
AS209605
UAB Host Baltic
First Seen
Jul 5, 2023
Last Seen
Jun 18, 2026
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
67%
Signal Score
67 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryLithuania
LithuaniaRegionVilnius, Vilnius
ASNAS209605
OrganizationUAB Host Baltic
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
31 reports67% confidence
31
Source reports
67%
Confidence score
Category tags
abuseaccess controlaccount compromiseack scanactive scanactive scanningadbhoney honeypotapacheapache attackerapplication layer ddosaptattackauthentication attacksautomated attackbad reputationbad web botblacklist candidateblacklisted ipbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute-forcebrute-force attackbruteforcecertcitrix attackcitrix exploitation attemptcitrix securitycommand and controlcommand injectioncommunication protocolcommunication securitycompromise attemptcompromise ipv4compromised credentialsconnect scancowriecowrie activitycowrie honeypotcowrie interactionscowrie loginscredential accesscredential harvestingcredential stuffingcrypto cybercryptocurrencycyber threatdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attack activityddos attacksddos attemptdecoy systemdefencedenial of servicedhcpdionaea activitydionaea capturedionaea honeypotdirectory traversal probedistributed attackdistributed attacksdomainselasticpot honeypotelasticsearchelasticsearch monitoringenterprise securityenumerationeuropeexim exploit attemptexploitexploit attemptexploitationexploitation activityexploited hostexploitsfailed authenticationfinfin scanfinance and insurancefirewall blockingfirewall probingftpftp brute forcehackinghashesheralding activityhigh volume traffichoneytrap honeypothttphttp brute forcehttp floodhttp probehttp scannerhttp scanninghttps probehttps scanningicmp floodidentity & access exploitationimapimap brute forceindicatorinformation gatheringinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniocsiotiot botnetiot securityiot/ics attackipv4 portlamplamp attacklamp stack targetinglateral movementldaplinuxlithuanialog4jloginlogin attemptsltmail protocol abusemailoney honeypotmalicious activitymalicious ipmalicious login attemptsmalicious payloadmalicious softwaremalwaremalware behaviourmalware capturemanualmass port scanmiraimirai botnetmssqlmysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork layer ddosnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisntpntp amplificationnull scanopen port detectionopen port discoveryoraclepassword attackpassword attacksphishingphishing attackphishing trappop3 brute forcepossible botnet activitypossible malware distributionpossible malware probingpossible reconnaissance activitypossible vulnerability scanpostgrespotential attack vectorpotential exploit targetingpotential threatpotential vulnerability assessmentprobingprocess injectionprotocol exploitationproxyransomwarerdpreconnaissancereconnaissance activityredisreflection attackreflection ddosremote accessremote service interactionremote servicesresearchedresource hijackingscanscannerscanningscanning activityscripting attackssecurity operationssecurity policysentrypeer botnetservice discoveryservice disruptionservice enumerationservice probingservice scansftpsftp attackshellshock attemptsip brute forcesip scanningskypesmbsmb scanningsmtp brute forcesmtp scanningsnmpsocial engineeringsocks5socradar honeypotspamsql injectionsql injection attemptsql injection probesshssh attackssh monitoringstealth scansurface websynsyn floodsyn scant1016t1016.001t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1048t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204t1204.002t1210t1486t1496t1498t1498.001t1498.002t1499.001t1499.002t1499.003t1539t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1588t1589t1589.002t1592t1592.004t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltcp scanningtcp/80telecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontimetoggletor nodeturkeyudp port scanunauthorized accessunauthorized access attemptunited kingdomunited statesus ip addressvalid accountsvncvnc protocolvoipvoip attackvolumetric ddosvulnerability scanwebweb app attackweb application attackweb attackweb exploitationweb serverweb spamweb trafficwebscanwebscannerxmasxmas scan
Activity Timeline
Jun 18Jun 18
Threat Activity Heatmap
· Peak: 2026-06-18LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
67
SIGNAL
Signal Score
67%
Confidence
31
Reports
First seenJul 5, 2023
Last seenJun 18, 2026
GeolocationLT
CountryLithuania
LocationVilnius, Vilnius
ASNAS209605
OrgUAB Host Baltic
Coords56.0000, 24.0000
Proxy
VirusTotal
Not checked
WHOIS
- references
- https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing, https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-13/, https://jamesbrine.com.au, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, December 25th, 2024 - CryptoGen Cyber Threat Intelligence Advisory #6012 - A New Mirai-Based Botnetis are Targeting Unpatched Flaw in Digiever, https://1275.ru/ioc/7992/gs-566-mirai-botnet-iocs/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 4 days ago
Appeared in 31 threat reports