Critical Alert
IP address 91.224.92.114 is a maximum-threat-level address linked to 1,242 total abuse reports and sustained hacking activity targeting exposed services. Despite a modest activity frequency score, the sheer volume of community and honeypot reports confirms this IP as a persistent, high-confidence threat warranting immediate blocking at the network perimeter.
Recorded across automated honeypot sensors between December 2025 and April 2026, this address originated exclusively from Lithuanian network operator UAB Host Baltic operating under ASN 209605, with its geolocation resolving to the United Kingdom. The 1,242 reports spanning approximately five months indicate repeated, sustained engagement with honeypot infrastructure rather than opportunistic scanning. Detection was consistent across 20 separate honeypot sensors, reinforcing the confidence score of 71% and confirming that this is not a transient or misattributed address. The activity frequency metric of 0/10 suggests the attacks are intermittent or clustered rather than continuous, which is typical of focused intrusion campaigns rather than noisy automated bots.
The dominant threat category is general hacking activity, encompassing intrusion attempts and exploitation of vulnerabilities in exposed services. Observed attack patterns include malformed network packets with broken acknowledgment fields, a technique associated with stream-based evasion and reconnaissance activities. Such packet-level manipulation can expose weaknesses in stateful inspection mechanisms and potentially facilitate unauthorized access if targeted services lack robust input validation or are running unpatched software.
Network defenders should block this IP address at the firewall or edge router immediately, using geolocation or ASN-based null routing for broader coverage. Implementing fail2ban or equivalent log-analysis tools to auto-ban repeated suspicious connections is strongly recommended. Rate-limiting authentication endpoints, enforcing strong credentials, and deploying intrusion detection signatures that flag broken-ack packet anomalies will further reduce exposure. Continuous monitoring of inbound connection logs for patterns consistent with this address's tactics will help identify any evasion attempts.
LT 
RO 
JP 
LV 
KR 
TH 
PL