141.101.113.117 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 141.101.113.117 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 55/100

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Noticed: 6 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Australia, Netherlands, United Kingdom of Great Britain and Northern Ireland, United States of America
• Open Ports: 2052, 2053, 2082, 2083, 2086, 2087, 2095, 2096, 443, 80, 8080, 8443, 8880
• Tor Node: No
• Associated Malware Samples: 1

Tags

• aaaa
• ability
• accept
• access
• access denied
• active related
• added active
• adobe dynamic
• akamai rank
• alerts
• alf features
• algorithm
• allocate
• allocate rwx
• all scoreblue
• all search
• analysis
• analysis date
• analysis ob0001
• analysis ob0002
• android device
• a nxdomain
• apple
• apple ios
• artemis
• as13916
• as16509
• as16552 tiggee
• as16625 akamai
• as20940
• as22843
• as2914 ntt
• as29789
• as31109
• as31898 oracle
• as396982 google
• as397240
• as397241
• as54113
• as62597 nsone
• as8068
• as8987 amazon
• as9009 m247
• ascii
• ascii text
• asnone united
• assessment
• attacks against
• australia
• autodesk
• avast avg
• av detection
• av detections
• b0001 process
• b0003 delayed
• bad login
• banker
• body
• bootkits
• business value
• ca1 odigicert
• cachecontrol
• capture
• catalog tree
• certificate
• chrome
• ch ua
• class
• click
• cname
• cnc beacon
• cobalt strike
• code
• command
• command decode
• commands
• communications
• complete
• comspec
• conhost
• connection
• contact
• contacted
• contact phone
• contains pdb
• co number
• cookie
• copy
• copyright
• core
• costa rica
• crash
• create
• create c
• created
• create new
• creation date
• crossrider
• crowdstrike
• csccorpdomains
• csc corporate
• cus cndigicert
• customer
• cve20185723
• cyber army
• cyber defense
• data
• data manipulation
• date
• date hash
• dded active
• ded active
• default
• delete
• delete c
• denver co
• destination
• detecting
• detections dns
• discovery
• displayname
• div div
• dll sideloading
• dname
• dns resolutions
• dock
• domain
• domains
• domains part
• domain tracker
• dos borland
• dos executable
• duptwux
• dynamicloader
• e1082 file
• e1083 impact
• e1203 windows
• economic impact
• email
• emails
• embeddedwb
• encrypt
• entries
• enumerate
• error
• et info
• et tor
• evasion ob0006
• executable
• execute
• execution
• exit
• expiration date
• failure
• falcon sandbox
• fancy bear
• february
• filehash
• filehashmd5
• filehashsha1
• filehashsha256
• files
• file samples
• file score
• files dropped
• files matching
• file system
• first
• flow t1574
• form
• found
• ftp username
• full name
• g2 issuer
• g2 name
• gandi sas
• gartner
• general
• generic
• generic windos
• germany unknown
• getdc0x2a
• get file
• get http
• get https
• global outage
• gmt connection
• gmt content
• h1 center
• hackers
• hashes
• healthy check
• heur
• high
• highest
• high level
• historical ssl
• hostmaster
• hostname
• hstr
• html info
• hx88x9ax1e
• hybrid
• hybrid analysis
• hyperv
• icann whois
• ico rtgroupicon
• ids detections
• inc validity
• indicator
• indicator role
• information
• infrastructure
• intel
• intelligence
• invalid url
• iocs
• ip address
• ip traffic
• ipv4
• jpeg image
• kb pe
• keylogger
• known tor
• kx81xdbx0f
• layer protocol
• learn
• legacy
• light dark
• link function
• local
• logistics
• logo analysis
• look
• lowfi
• magic quadrant
• main
• malicious ids
• malware
• malware type
• may sleep
• media center
• medium
• memory pattern
• meta
• meta tags
• mike
• mirai
• misc attack
• mitre att
• mivast
• mobileoptimized
• modify system
• modules t1129
• moved
• mozilla
• msclkidn
• msie
• ms windows
• multi scan
• mutexes
• name servers
• nemucod
• net148
• net1480000
• nethandle
• netrange
• neutral
• new problems
• next
• nids
• node traffic
• no entries
• no expiration
• null
• number
• nxdomain
• ob0007 system
• open
• openioc
• os2 executable
• osi application
• otx scoreblue
• overlay
• panda
• panda banker
• pandas
• panel item
• pass
• passive dns
• path
• pattern domains
• pattern match
• pcap
• pdf report
• pe32
• pe32 executable
• pe file
• persistence
• please
• porkbun llc
• port
• post http
• pragma
• privacy badger
• problems
• process
• process32nextw
• process t1543
• project skynet
• proofpoint
• protocol
• pulse pulses
• pulses
• pulse submit
• pulses url
• push
• python
• query
• ransom
• read c
• realized
• referrer
• refresh
• regbinary
• regdword
• registrar abuse
• registrar url
• registry
• registry keys
• regsetvalueexa
• related pulses
• relayrouter
• remote system
• reports
• report spam
• request
• request email
• response
• restart
• reverse dns
• robtex
• role title
• root account
• roundup
• rticon neutral
• sakula
• sakula rat
• samplepath
• samuel
• samuel tulach
• san rafael
• scan endpoints
• script domains
• script urls
• search
• sec ch
• sections
• serial number
• server
• servers
• service
• set registrya
• severity
• sha1
• sha256
• show
• showing
• siendownloader
• signals mutexes
• signing ca
• size
• size17kib type
• slcc2
• slug
• snanning_host
• source domain
• southeast
• span
• ssl bypass
• ssl certificate
• stamping
• starfield
• startpage
• status
• steals
• stix
• stream
• strings
• subject public
• submission name
• suricata stream
• suspicious path
• suspicioussectioname
• suspicious ua
• switch dns
• symantec time
• t1027
• t1055 system
• t1057
• t1059 accept
• t1071
• t1105
• t1105 ingress
• t1119
• t1129
• t1497 query
• tag management
• target
• tcp syn
• tech
• temp
• threat network
• threat roundup
• thumbprint
• title added
• tls handshake
• tls rsa
• tofsee
• tools
• tool transfer
• tor role
• trident
• trojan
• trojanclicker
• trojan.crypted
• trojanspy
• tulach
• twitter
• type
• type indicator
• ua platform
• united
• united kingdom
• unknown
• unknown win
• upgrade
• url analysis
• url http
• url https
• urls
• urls tcp
• ursnif
• user
• username
• userprofile
• utc bing
• utc na
• utf8 text
• v3 serial
• vadokrist
• ver2
• verify
• verisign
• vids0
• vipre
• virtual mobile
• virustotal
• w11 pc
• wannacry kill
• wewatta
• whitelisted
• whois
• whois lookup
• whois record
• win16 ne
• win32
• win324shared
• win32 exe
• win32mediadrug
• win32spigot
• windows
• windows control
• windows event
• windows link
• windows nt
• windows service
• world
• worm
• wow64
• write
• write c
• writeconsolew
• writing gui
• written c
• wx99xcdx11
• x82xd4
• x86xd3
• xa1xf1
• xe8xc2x14
• xe8xc6x13
• xml rtmanifest
• x msedge
• xport
• yara detections
• youtube
• zusy

MITRE ATT&CK TTPs

• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1018 - Remote System Discovery
• T1021 - Remote Services
• T1027 - Obfuscated Files or Information
• T1036 - Masquerading
• T1040 - Network Sniffing
• T1045 - Software Packing
• T1046 - Network Service Scanning
• T1047 - Windows Management Instrumentation
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1070 - Indicator Removal on Host
• T1071 - Application Layer Protocol
• T1081 - Credentials in Files
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1095 - Non-Application Layer Protocol
• T1096 - NTFS File Attributes
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1112 - Modify Registry
• T1119 - Automated Collection
• T1129 - Shared Modules
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1158 - Hidden Files and Directories
• T1199 - Trusted Relationship
• T1202 - Indirect Command Execution
• T1210 - Exploitation of Remote Services
• T1497 - Virtualization/Sandbox Evasion
• T1498 - Network Denial of Service
• T1518 - Software Discovery
• T1539 - Steal Web Session Cookie
• T1543 - Create or Modify System Process
• T1547 - Boot or Logon Autostart Execution
• T1553 - Subvert Trust Controls
• T1562 - Impair Defenses
• T1565 - Data Manipulation
• T1566 - Phishing
• T1568 - Dynamic Resolution
• T1569 - System Services
• T1573 - Encrypted Channel
• T1574 - Hijack Execution Flow
• T1583.002 - DNS Server
• T1583 - Acquire Infrastructure
• TA0002 - Execution
• TA0003 - Persistence
• TA0004 - Privilege Escalation
• TA0005 - Defense Evasion
• TA0006 - Credential Access
• TA0007 - Discovery
• TA0011 - Command and Control

Passive DNS

• cf-gf.heinu.cc

Attack Log References

• anonymous-proxy-ip-list-2025-12-08

Whois Information