Check an IP Address, Domain Name, Subnet, or ASN

141.98.11.59 was found in our database!

$ whois 141.98.11.59

country·🇱🇹 Lithuania

city·Vilnius

isp·UAB Host Baltic

asn·AS209605

network·Standard

$ sikker risk 141.98.11.59scoring →

confidence

99%Very High

first_seen·Mar 14, 2026

last_seen·24m ago

sessions·1,113

events·1,113

$ sikker protocols 141.98.11.59

RDP

1,113 / 1,113

$ sikker summary 141.98.11.59

141.98.11.59 has a threat confidence score of 99%. This IP address from Lithuania (AS209605, UAB Host Baltic) has been observed in 1,113 honeypot sessions targeting RDP protocols. First observed on March 14, 2026, most recently active March 23, 2026.

$ sikker behaviors 141.98.11.59catalog →

mediumRdp Nla Ntlm Authentication Attempt806x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

mediumRdp Legacy Plaintext Authentication Attempt80x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

$ sikker primitives 141.98.11.59

rdp_nla_ntlm_auth811 rdp_legacy_plaintext_authenthication83

$ sikker related 141.98.11.59

🇱🇹·More threats fromLithuania→AS·More threats fromUAB Host Baltic→RDP·More threats targetingRDP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
141.98.9.61	58%	3
141.98.9.64	76%	11
91.224.92.109	51%	6
185.169.4.229	90%	55
185.169.4.212	84%	55

IP Address	Confidence	Events
88.118.39.239	41%	77
185.2.228.48	50%	382
141.98.9.61	58%	3
83.176.199.239	76%	1,150
141.98.9.64	76%	11