IPMediumSignal 45/100
91.224.92.108
Location
LithuaniaVilnius, Vilnius
ASN
AS209605
UAB Host Baltic
First Seen
Aug 21, 2025
Last Seen
Jun 12, 2026
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
45%
Signal Score
45 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryLithuania
LithuaniaRegionVilnius, Vilnius
ASNAS209605
OrganizationUAB Host Baltic
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
25 reports45% confidence
25
Source reports
45%
Confidence score
Category tags
abnormal network activityabuseaccess attemptaccess attemptsaccess controlaccess logs analysisaccount brute forceaccount compromiseaccount discoveryaccount profilingaccount takeoveraccount takeover attemptackactiveactive reconnaissanceactive scanactive scanningadbhoney honeypotanomalous network connectionsapacheapache attacksapplication layer protocolasiaattackattack campaignattack origin: franceattack sourceattack vectorsattacker hostattacker infrastructureattacker ipattacker ip addressesattacker ip: confirmedattacker ip: detectedattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bruteforcingauthentication bypassauthentication failureauthentication failuresauthentication logs analysisauthentication monitoringautomated attackautomated attack attemptsautomated attacksautomated brute forceautomated threatautomated threat detectionautomated-attackbad reputationbad web botblacklisted ipblock listblock.txtblocked ip addressblocklist_allblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbruteforcebruteforce attackbruteforcingc2c2 communicationcanadachina mobilecisco devicecisco device attackcisco exploitationcisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injection attemptcommunication protocolcompany limitedcompromise assessmentcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised ip addresscompromised systemcompromised systemsconnect scanconpot honeypotcontainer securitycowriecowrie datacowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential attackscredential brute-forcingcredential guessingcredential harvestingcredential stuffingcredential theftcredential-abusecredential-accesscredential-stuffingcredential_accesscredential_attackcurldaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos preventionddos probeddospotdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary_attackdigital oceandigitalocean infrastructuredigitalocean ipdigitalocean ipsdionaeadionaea honeypotdionaea interactionsdionaea malware samplesdirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringencryptionendpoint scanningenterprise networkingenumerationeuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit probingexploit public-facing applicationexploit scanningexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal attackexternal remote servicesexternal scanexternal scanningexternal threatexternal_threatfail2ban alertfail2ban alertsfail2ban blockfail2ban blockedfail2ban eventfail2ban logfail2ban logsfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfatt signaturesfilefin scanfinlandfirewall blockfirst seenfrancefraud ordersfraud voipftpftp attackftp brute forceftp brute-forceftp scanninggalahgbgb-originating attackgb_hosted_servergeneric brute forcegermanygluttongopothackinghellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/httpshttpshttps scanninghurricane ushydraicmpics securityidentity & access exploitationimapindiaindicators of compromiseindonesiaindustrial control systemsinformation gatheringinformation technologyinfrastructure attackinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginfrastructure-as-a-serviceinitial accessinitial-accessinjection activityinjection attacksinternet-facing assetsinternet-wide scaninternet_scanintrusion attemptintrusion detectioniociot securityiot targetediot/ics attackip-addressip-addressesipphoney honeypotipv4ipv4 port scanningipv4 scanningipv4 threatsit infrastructurejamesbrine.com.au ip listjapanjapan targetkibanakill-chain exploitationkill-chain reconnaissancelamplamp exploitation attemptlamp server targetinglamp stack exploitationlamp stack targetinglast seenlateral movementlithuanialog4potlogin attacklogin attemptlogin attemptslogin brute forcelogin brute-forcelogin brutinglogin failurelogin_attemptlondonlow-riskltmailmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious file transfermalicious hostmalicious ip activitymalicious ip addressesmalicious ip listmalicious ipsmalicious ipv4malicious loginmalicious network activitymalicious probemalicious script executionmalicious softwaremalicious trafficmalicious-ipmalwaremalware analysismalware behaviourmalware capturemalware distributionmalware downloadmalware propagationmalware propagation attemptmasscanmedpotmelbourne regionmod securitymodsecurity attacksmssqlmultiple failed loginsnation-state activitynetworknetwork accessnetwork activitynetwork attacksnetwork brute forcenetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork loginnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-reconnaissancenetwork_activitynetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scannetworkscanningnmapnorth americanull scanoceaniaopen port detectionopen proxyopen_port_discoveryopenctiosintp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspassword crackingpassword sprayingpassword_attackpgp signphishingphishing attackphishing trapping of deathpolandpoland originating attackport-scanport-scanningpossible botnet activitypossible exploit attemptspossible intrusionpossible malware distributionpotential botnet activitypotential compromisepotential credential stuffingpotential intrusionpotential threat actorpotential vulnerability exploitationpotential vulnerability probingprobing and exploitationprocess injectionprotocol exploitationproxyproxy accesspublicly accessible infrastructureransomwarerate limitingrdp scanningreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote access attemptremote access attemptsremote loginremote serviceremote servicesresearchedresource hijackingriskrlogin brute forcescams & fraudscanscannerscanner activityscanner detectionscanner ipscannersscanning activityscripting attackssecurity eventsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserver exploitationserver securityserver-attackservice detectionservice discoveryservice enumerationservice probingservice scanservice_enumerationsftpsftp access attemptsftp access attemptssftp attacksftp exploitation attemptsshell accesssipsip brute forcesip scanningsippsmtpsmtp attacksmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradar honeypotsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql-injectionsshssh attackssh monitoringssh protocolstatussuricata alertsuricata alertsswedensynsyn scansyn_scansystem accesssystem access attemptt-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1027t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1071.004t1076t1077t1078t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.001 password guessingt1110.002t1110.003t1110.003 credential stuffingt1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1567t1572t1573t1583t1583.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.002t1592t1595t1595.001t1595.002t1595.003ta0043 - reconnaissancetagstannertanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp_scantelecommunicationstelnettelnet scanningtelnet threattftpthreat activitythreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventionthreat-intelligencethreat_intelligencetimeouttokyotop10.txttopips.txttor nodetorontotpottypeudp port scanudp scanudp_scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunauthorized probingunited kingdomunited statesunknown threat actorunusual network trafficus abuseus ip addressus nonevalid accountsvnc protocolvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanningvulnerable systemsvultr cloud infrastructurevultr hostingvultr infrastructurevultr infrastructure targetedvultr ip addressvultr parisvultr tokyovultr_platform_activityweb application attackweb application attacksweb application scanningweb attackweb brute forceweb exploitweb exploitationweb loginweb login attackweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackweb-vulnerabilitywgetwordpotwordpress brute forcexmas scanxmas_scan
Activity Timeline
Jun 12Jun 12
Threat Activity Heatmap
· Peak: 2026-06-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
45
SIGNAL
Signal Score
45%
Confidence
25
Reports
First seenAug 21, 2025
Last seenJun 12, 2026
GeolocationLT
CountryLithuania
LocationVilnius, Vilnius
ASNAS209605
OrgUAB Host Baltic
Coords51.4964, -0.1224
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- Score: 80/100 | Detector: threat_feed | Label: reported_abuse | Tags: compromised_host, reported_abuse
- references
- https://purplesynapz.com/, https://github.com/telekom-security/tpotce, https://voidvendor.com/intel, https://jamesbrine.com.au/bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-04/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 10 months ago · Last seen 15 days ago
Appeared in 25 threat reports