Critical Alert
IP 141.98.10.106, registered in Lithuania and operated by UAB Host Baltic, is a critical-risk address with a threat level of 10 out of 10, based on 213 total abuse reports submitted through automated honeypot sensors. The IP's dominant threat profile centers on general hacking activity, which encompasses intrusion attempts, vulnerability exploitation and unauthorized access probes. With a confidence score of 74%, this address presents a substantial and verifiable risk to any exposed service.
The reporting window spans from March 2026 through April 2026, indicating that all 213 reports were consolidated within this approximately two-month period. Every single report originated from automated honeypot sensors, which detected the address engaging in connection-based attack patterns consistent with systematic probing of target systems. Despite the high volume of historical reports, the activity frequency metric of 0 out of 10 suggests that recent or ongoing aggressive activity may have subsided, though the cumulative evidence of malicious intent remains significant. The Lithuanian routing and the specific autonomous system number (AS209605) associated with UAB Host Baltic place this source within a commercial hosting context where such scanning activity is frequently observed.
Hacking activity, as classified by the reporting sensors, represents a broad category of hostile behavior targeting the confidentiality, integrity or availability of exposed services. Connection-based attack patterns detected from this address indicate systematic enumeration and probing of network endpoints, likely attempting to identify unpatched software, misconfigured services or weak authentication mechanisms. Even if the address has temporarily reduced its activity rate, the volume and nature of prior reports confirm that it operated as an active threat actor, and its continued presence on public IP reputation lists warrants ongoing defensive vigilance.
Network defenders should block 141.98.10.106 at the firewall or edge routing level to prevent any inbound connection attempts from this address. Deploying fail2ban or comparable dynamic blocking tools on exposed SSH, RDP and web service ports can automatically respond to repeated connection patterns matching the observed attack behavior. Organizations should ensure all internet-facing services run current security patches and enforce strong, unique credentials alongside multi-factor authentication where feasible. Continuous monitoring of authentication logs for source IPs exhibiting similar scanning signatures will help identify correlated threats originating from adjacent address ranges within the same network operator's allocation.
GB 
BG 
UA 
RO 
SE 
HK 
FR