188.114.96.12 Threat Intelligence and Host Information

Oct 24, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 188.114.96.12 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

Mitre ATT&CK IDs: T1023 - Shortcut Modification, T1031 - Modify Existing Service, T1036 - Masquerading, T1040 - Network Sniffing, T1045 - Software Packing, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1063 - Security Software Discovery, T1064 - Scripting, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1089 - Disabling Security Tools, T1096 - NTFS File Attributes, T1105 - Ingress Tool Transfer, T1106 - Native API, T1112 - Modify Registry, T1119 - Automated Collection, T1129 - Shared Modules, T1204 - User Execution, T1480 - Execution Guardrails, T1543 - Create or Modify System Process, T1547 - Boot or Logon Autostart Execution, T1562 - Impair Defenses, T1566 - Phishing
Tags: 198-46-194-153-host.colocrossing.com, aaaa, aaaa nxdomain, abuse contact, abuseipdb, accept, activity beacon, adapter driver, added active, address, address domain, address range, admin, admin country, admin id, a domains, ad temdac, adversaries, akamai, alerts, algorithm, allocation type, all octoseek, allowed date, all scoreblue, all search, ally s, america city, analyzer paste, analyzer threat, anorexx, a nxdomain, apache, appdata, appdatalocal, apple as8075, arizona, artemis, as10753 level, as10796 charter, as11351 charter, as11426 charter, as11427 charter, as12271 charter, as133618, as15133 verizon, as16625 akamai, as16787 charter, as174 cogent, as19536 directv, as20001 charter, as20115 charter, as204601 zomro, as20940, as24940, as24940 hetzner, as26710, as26710 icann, as28521, as31898 oracle, as33363 charter, as3379 kaiser, as3456 charter, as36352, as39494 jsc, as396982 google, as40021 contabo, as40528 icann, as44273 host, as47846, as47995, as51167 contabo, as53418, as54113, as5742, as60664 xion, as6976 verizon, as7018 att, as701 verizon, as7843 charter, as797 att, as8075, ascii text, asn as133618, asnone, asnone germany, asnone united, assigned pa, attorney james, australia, authority, avast avg, backdoor, beginstring, benchhttp, bittorrent dht, blacklist, body, body doctype, body head, brashears, brashears porn, breaking news, browsing, business, busty xxx, ca issuers, capa, ca validity, cc3517, cddad ad, centos web, certificate, certificate status, cgb stgreater, check, chrome, ch ua, cidr, cisco umbrella, ck id, ck matrix, click, close, cname, cnsectigo rsa, cobalt strike, code, coinminer, colorado, command, comments, communicating, components, contacted, content length, content type, cookie, copy, copy md5, copyright, copy sha1, copy sha256, core, country united, create process, creates, creation date, crlf line, cryptexportkey, cus cndigicert, cus cngts, cus ouserver, cyberfolks, cyberstalking, czechia unknown, d417n, daily, data, data center, data upload, date, date hash, default, defense evasion, delete, delete c, delete file, delphi, denmark unknown, denver, destination, detection list, discord, discovery t1082, dnssec, doctype html, domain, domain name, domain names, domain related, domains, doscom c, download, download encrypt, dr city, drweb, dynamic, dynamicloader, e98c1cec8156, ebony, ebony riding, ecacc, emails, emails info, encrypt, enter so, enter soudcfidi, enter soupce, entertainment, entity ah36ripe, entries, entries http, enumerate, erase, error, et, et info, et p2p, etpro, etpro trojan, et trojan, eu data, evasion ta0005, example domain, exchange, excludea, execution, exe size, expiration, expiration date, exploit, extr, extraction, extraction data, extraction f, extraction fail, extra data, failed, fakedout threat, false files, fastly error, father sex, file, filehashsha1, filehashsha256, file name, filerepmalware, files, filesadobe c, file samples, files c, files ip, files location, files matching, file system, file type, filter tsara, finance, find, fixed line, flag, for privacy, found, france, games, gecko, general, germany, germany unknown, get http, gmt content, gmtn, gmt server, go daddy, google safe, green, handle, hashes, hat server, head, hetzner, heurunsec, hiddentear, high, high level, highly targeted, high process, historical otx, historical ssl, home, hos hos, host, hostile, hosting, hostname, hostnames, html public, http, http identifier, https, hx88x89, hx88x9ax1e, hybrid, icann, ic excluded, icloader apr, ids detections, ietfdtd html, included, included review, include review, include u, inc orgid, inc usage, indicator facts, information isp, informative, injection t1055, intel, invalid pointer, invalid url, iocs, ip address, ip files, ip summary, ipv4, ipv4 add, isp charter, isp hostname, issuers, javascript, javascript c, jujubox, kelihos, key, key algorithm, key identifier, key info, khtml, kryptiklfq, kryptikpii, kx82xd3x11, lander script, land use, learn, level 3, levelblue, line isp, link location, local, location first, location los, location oxford, location united, log id, lowfi, maldoc, malvertizing, malware, malware beacon, malware site, mb first, md5 google, md5 sha256, medium, meekserver, memcommit, meta, metasploit, method, metro, mexico unknown, mi11255597wp, michigan, microsoft, mitre att, modify system, module load, modules t1129, moldova related, moldova unknown, most relevant, moved, mozilla, msie, msil, msms86718722, msr apr, ms windows, mtb apr, mutexes, mx81xd1r, name, named pipe, name servers, name tactics, net107, net1070000, nethandle, netherlands, netherlands asn, netrange, netsupport rat, network traffic, next, next associated, next http, nids, nod32, no data, no expiration, none related, ns nxdomain, null, number, nxdomain, object, object moved, ogoogle trust, open, open threat, orgabuseref, orgid, orgtechhandle, os version, otx telemetry, ouserver ca, oxford, panca type, panda, panel forum, passive dns, path, pattern match, pcap, pdf broadcom, pegasus, persistence, phishing bank, pingback, .pl, please, plesk forum, porn, pornhub, porn videos, port, postalcode, post http, post utcore, pragma, praw type, present jul, present jun, present oct, pr extract, process32nextw, process details, process t1543, public, pulse, pulse http, pulse pulses, pulses, pulses none, pulse submit, pushdo, query, ransom, ransomware, raspberry robin, read, read c, reads software, record type, record value, redacted for, redacted referrer, refresh, regbinary, regdword, registrant fax, registrar, registrar abuse, registrar of, registry domain, registry policy, regsetvalueexa, regsetvalueexw, related nids, related pulses, related tags, request, resolutions, response, reverse dns, review, ripe, ripe ncc, ripe network, roberta, rock, role title, russia unknown, safe browsing, safe site, sample, samples, scan endpoints, scans show, scottsdale, script, script domains, script script, script urls, s data, sea p, search, sec ch, secure server, seen, sentinelone, server, server header, servers, service, set cookie, sgeneric, sha1, sha256, show, showing, show process, show technique, shutdown, signals mutexes, size, soa nxdomain, span, spawns, specified, sports, stateprov, status, stop, stop ransomware, storage, stream, strings, subject, subject billing, subject key, subject public, submit, sugges data, suggeste, summary, susp, suspicious, t1055, t1059 very, t1064, t1083 reads, t1129, ta0002 command, ta0003 create, tag count, tags, tags none, tech email, text c, timestamp, title, title meta, tls rsa, tls web, tools, trending videos, trojan, trojan features, trojanspy, trydda dada, tsara, tsara brashears, ttl value, type, type data, type fixed, type indicator, type win32, typ url, ua full, ua platform, udi ad, u extractio, united, united kingdom, united tls web, unknown, unknown aaaa, unknown url, unsafe, update date, ur extraction, url add, url analysis, url hos, url http, url https, urls, urls http, url summary, url url, usage type, user, utf8, v3 serial, video, vipre, virtool, virustotal, virustotal api, vitro, vps, watch, watch tsara, weather, whitelisted, whois, whois lookup, whois record, whois server, whois ssl, whois whois, win32, win32dh, win64, windows, windows check, windows create, windows nt, windows service, write, write c, write file, x509v3, x509v3 subject, x8dxb7xb7, x92xac, x95xd3xa4, x adblock, xb9x8b, xe7xf3xf2x14x9d, x frame, yara detections, yara rule, zenbox, zune
View other sources: Spamhaus VirusTotal

Country: Netherlands
Network:
Noticed: 11 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: Australia, Brazil, Canada, Germany, Hungary, Ireland, Japan, Luxembourg, Moldova Republic of, Russian Federation, Spain, Ukraine, United States of America
Passive DNS Results: ihrdorfmeister.at www.hredyur.dynv6.net www.odlooxndnj.v6.army www.nlpfmqf.v6.navy www.mpxrbmrzqe.dns.army www.hlhxkajfdi.v6.navy www.kleprpq.dns.army www.rklvhuh.dns.army www.vinoxmx.v6.navy keepwhatyouearn.com cnamefuckxxs.yuchen.icu xn–11x.fun www.cwacheer.com www.magic-design.at acs.projekt123.de www.digisigns4you.at activewebbeast.com cwacheer.com www.ecomma.at ecomma.at test.luova.club www.r21.az nenad-petkovic.com kreinbucher-bekerle.com architekt-schnizer.com www.rara-avis.at peerxc.link bellafze.com www.iulius.cc sunntogsunruah.at sylexsquadoficial.ml fahrradservice.club 669966.xyz kochbackwelt.at greenapplecarwashbooking.at www.unikatbuehne.at unikatbuehne.at www.ltwl.top mi.gua.im pan.gua.im yun.gua.im www.gua.im qqpro.gua.im status.gua.im yin.gua.im short.gua.im hz.gua.im shop.gua.im message.gua.im drive.gua.im api.gua.im dg.gua.im url.gua.im gua.im community.gua.im manage.qqpro.gua.im dns.gua.im cf.gua.im game.gua.im cf.gua.gs short.gua.gs community.gua.gs api.gua.gs message.gua.gs qqpro.gua.gs drive.gua.gs yin.gua.gs game.gua.gs dg.gua.gs yun.gua.gs blog.gua.gs status.gua.gs shop.gua.gs url.gua.gs manage.qqpro.gua.gs tool.gua.gs hz.gua.gs www.gua.gs pan.gua.gs mi.gua.gs gua.gs dns.gua.gs cosmohouse.pt shopforpowervolt.com selectpowervolttoday.com powervoltdirect.com getpowervoltnow.com effueldirect.com shoppowervolthere.com selectpowervolthere.com eloinu.finance

Open Ports Detected

2052 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

inetnum: 188.114.96.0 - 188.114.99.255
netname: CLOUDFLARENET-EU
descr: CloudFlare, Inc.
descr: 101 Townsend Street, San Francisco, CA 94107, US
descr: +1 (650) 319-8930
descr: https://cloudflare.com/
country: US
admin-c: CAC80-RIPE
tech-c: CTC6-RIPE
status: ASSIGNED PA
mnt-by: MNT-CLOUDFLARE
mnt-lower: MNT-CLOUDFLARE
mnt-routes: MNT-CLOUDFLARE
created: 2015-10-16T16:26:10Z
last-modified: 2015-10-16T16:26:10Z
person: Cloudflare Abuse Contact
address: Viktualienmarkt Rosental 7 80331 Munchen, DE
phone: +49 89 2555 2276
nic-hdl: CAC80-RIPE
mnt-by: MNT-CLOUDFLARE
created: 2012-06-01T23:27:49Z
last-modified: 2022-04-21T01:07:44Z
person: Cloudflare Technical Contact
address: Viktualienmarkt Rosental 7 80331 Munchen, DE
phone: +49 89 2555 2276
nic-hdl: CTC6-RIPE
mnt-by: MNT-CLOUDFLARE
created: 2012-06-01T23:35:57Z
last-modified: 2022-04-21T01:07:28Z
route: 188.114.96.0/24
origin: AS13335
mnt-by: MNT-CLOUDFLARE
created: 2020-06-15T18:05:37Z
last-modified: 2020-06-15T18:05:37Z

Links to attack logs

Share on: