141.98.11.82

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 141.98.11.82/32

## Executive Summary

IP 141.98.11.82 presents a moderate risk profile (Risk Score: 55) associated with hostbaltic infrastructure in Vilnius, Lithuania. While no active threat indicators are currently observed, the IP is listed on three DNSBLs and resides within a subnet showing mixed abuse characteristics.

## Ownership & Network Classification

ASN: 209605 (AS209605 uab host baltic)
Organization: mnt-lt-hostbaltic-1
RIR: RIPE
Location: Vilnius, Lithuania (56°N, 24°E)
Network Block: 141.98.11.0/24
Route Stability: Unstable (route changes detected in 30-day window)
Service Purpose: Firewalled / No Services

## DNS & Email Configuration

PTR Hostname: airplane.medyamol.com
Domain: medyamol.com
Email Authentication: SPF and DMARC records configured

- SPF: `v=spf1 include:spf.protection.outlook.com ip4:69.65.15.24 -all`

- DMARC: `v=DMARC1; p=reject; rua=mailto:dmarc@medyamol.com`

DNSSEC: Valid
DNSBL Status: Listed on 3 of 8 threat intelligence lists

## Threat Indicators & Reputation

Reputation: Moderate Risk
Threat Indicators: None active
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Campaign Likelihood: None
Known Campaigns: None
Blacklist Count: 0 (direct blacklist matches)

## Neighborhood Analysis (141.98.11.0/24)

The /24 subnet demonstrates mixed-risk characteristics:

Abuse Density: 0.2308 (moderate)
Classification: Mixed
Total Siblings: 13
Active Siblings: 2
Threat Siblings: 3
Risk Distribution: High (0), Medium (10), Low (3)

Notable neighbors include 141.98.11.11, 141.98.11.48, 141.98.11.117, 141.98.11.120, 141.98.11.171, and 141.98.11.182 (Risk Score: 55).

## Relationship Graph

Network Associations: LT-HOSTBALTIC-11 (multiple entries)
DNS Associations: airplane.medyamol.com (multiple entries)

## Observation History

Historical observations indicate:

June 25, 2026: DNS records for medyamol.com with SPF/DMARC validation
June 5, 2026: Subnet classified as mixed with abuse density 0.2308; IP detected on AlienVault OTX threat feeds (50 pulse matches)

## Recommended Actions

Based on current risk profile:

1. Monitor DNSBL listings: Three DNSBL listings suggest historical abuse patterns

2. Track route stability: Unstable routing may indicate infrastructure changes

3. Subnet context: Monitor neighboring IPs (141.98.11.x) for coordinated activity

4. Email reputation: Verify SPF/DMARC alignment for medyamol.com domain

5. No immediate block: Moderate risk without active threat indicators; maintain logging and monitoring

## Risk Assessment

This IP warrants continued monitoring rather than immediate blocking. The DNSBL listings and subnet abuse density suggest historical compromise or policy violations. The lack of active threat indicators and proper email authentication configuration supports a moderate rather than high-risk classification. Recommend correlation with other detection signals before taking escalation actions.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🌐 Lithuania
Region	Vilnius
City	Vilnius
Timezone	—
Latitude	56.00
Longitude	24.00

🏢 Ownership & Registration

Organization	mnt-lt-hostbaltic-1
ASN	AS209605
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	airplane.medyamol.com
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`airplane.medyamol.com`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Present
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Single-Service Host
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13
Closed Ports	25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	4
routing	13%	1	1
services	15%	2	2
ownership	27%	2	3
reputation	22%	1	3
geolocation	13%	1	1
Overall	20%	9	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-09 11:33:35 UTC
Last Seen	2026-06-25 15:00:42 UTC
Profile Built	2026-06-25 15:22:50 UTC
Data Freshness	Live
Signal Types	20
Total Observations	20

🔍 20 signal types · 20 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

141.98.11.82📋 Copy