188.114.96.14 Threat Intelligence and Host Information

Oct 22, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 188.114.96.14 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

Mitre ATT&CK IDs: T1003.008 - /etc/passwd and /etc/shadow, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1040 - Network Sniffing, T1041 - Exfiltration Over C2 Channel, T1043 - Commonly Used Port, T1046 - Network Service Scanning, T1055 - Process Injection, T1056 - Input Capture, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1112 - Modify Registry, T1114 - Email Collection, T1122 - Component Object Model Hijacking, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1179 - Hooking, T1198 - SIP and Trust Provider Hijacking, T1205.001 - Port Knocking, T1210 - Exploitation of Remote Services, T1212 - Exploitation for Credential Access, T1410 - Network Traffic Capture or Redirection, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1460 - Biometric Spoofing, T1496 - Resource Hijacking, T1497 - Virtualization/Sandbox Evasion, T1502 - Parent PID Spoofing, T1560 - Archive Collected Data, T1566 - Phishing, T1583 - Acquire Infrastructure, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0006 - Credential Access, TA0011 - Command and Control
Tags: aaaa, abuse, accept, acint, active related, activity, added active, address, adload, a domains, ads info, adversary in the middle, advisory, adware, adwaresig, aes256gcm, agent, agent tesla, agenttesla, akamaias, alert, alexa, alexa top, alf features, all octoseek, all scoreblue, all search, amazon02, android, android attack, anonymisation services, Anonymizer, api, api blog, api call, apk, apnic, apnic whois, apple, apple hacking, apple phone, applicunwnt, april, artemis, articles, as16276, as54113, as6167, as6167 network, as8068, as8075, ascii text, asia pacific, attack, attorney, august, author avatar, azorult, babar, bad traffic, bank, bazaloader, b body, beach research, behav, binary file, binder, bitminer, blacklist, blacklist http, blacklist https, blackshades, blister, body, body length, bomb, Botnet Command and Control, botnetwork, bradesco, brashears music, brashears song, brian, brian sabey, brochure url, brontok, browser malware, button, bypass, c2, c2ae, c2 raccoon, cape, cellco, cellcopart, china telecom, cisco umbrella, civicalg, civicalg.com, ck id, ck matrix, cl0p, class, cleaner, cleantalk ip, click, close, cloudflare, cloudflarenet, cms, cnc server, cnnic, cobalt strike, Cobalt Strike, column, com laude, communicating, company limited, computer, conduit, connection, contact, contacted, contentlength, content reputation, control server, cookie, cool, copy, copyright, core, count blacklist, covid19, covid19 scam, crack, create new, creation_of_an_executable_by_an_executable, critical, critical risk, cryptinject, csc corporate, culture, cutwail, cve201711882, cyberstalking, cyber threat, dapato, data, date, date hash, ddos, dead, december, deepscan, de indicators, delete, details \iexplore.exe\ trying to touch file %WINDIR%\System32\v, detect, detection list, detections type, detplock, digicert global, district, dllinject, dns, dns intel, dns lookup, dnspionage, dns replication, DNS Requests, docs pricing, domain, domains, downldr, download, download csv, downloader, dpt, driverpack, dropper, drops, email abuse, emotet, encpk, engineering, entries, epsilon stealer, error, et, et intelligence, et tor, eva120, evasive, excel, execution, exe upload, exit, expiration, exploit, express, facebook, facebook link, failed_code_integrity_checks, fakealert, fakeinstaller, falcon sandbox, fareit, february, feodo, file, file access, filehash, filename, file query, filerepmalware, files, file samples, files marked clean, files matching, filetour, final url, firehol, first, flag, flooder, florence co, floxif, form, formbook, france unknown, freemake, fri jun, fusioncore, g2 tls, gamarue, gecko, geckohost, general, general full, generator, generic, generic http, generic malware, genkryptik, genpack, get e sim, get esim, get h2, getpost, get search, gif image, glupteba, gmbh version, gmt0600, goldfinder, google, Google search, government relations, graph community, gti9080l, gti9128v, gti9158, hackers, hacking, hacktool, hall render, hallrender.com, hallrender.com/attorney/brian-sabey, hash, hashes, hca, hca health, headers, help center, heodo, heur, hidden users, hifi, highly targeted, hijacking, historical ssl, host, hostname, hosts process, hsbc, html, httponly, http response, https webserver, hybrid, icann whois, \iexplore.exe\ trying to touch file, iframe, ii llc, impash, inbound, indexed, indicator, indicator role, indonesia, infinity, information, infostealer, injection, inmortal, innova co, input, installcore, installer, installpack, iobit, iocs, ios, ip address, ip range, ip summary, ipv4, java, javascript, jeffrey, jeffrey reimer dpt, jfif, jody alaska, jody huffines, jpeg image, json ip, jul jan, july, Jumpseller phishing, june, kb body, kedence, keeper, keybase, keygen, keyloggers, khtml, known malicious ip, known threat, known tor, kraddare, label, laplasclipper, level3, levelblue, linkedin link, linkid252669, link url, loadmoney, local, login, logon, loudoun county, lovgate, lsmeta function, lsoldgsqueue, ltd dba, lumma stealer, macros sneaky, magazine, main, malicious, malicious host, malicious server, malicious site, malicious url, maltiverse, malvertizing, malware, malware beacon, malware generic, malware site, march, mark, mb iesettings, mb opera, mb qimage, mb setup, mb super, mcfunction, mcics, mcics address, media, mediaget, memscan, meta, metastealer, meterpreter, metro, microsoft, million, mimikatz, miner, mirai, misc attack, mitre, mitre att, modernizr, mo.gov, monitoring, msil, mtb jan, music, name, namecheap inc, name verdict, nanjing, nanocore, nanocore rat, net174, net1740000, nethandle, netrange, network, network related, networm, next, nights, nircmd, njrat, no data, node tcp, node traffic, node udp, no expiration, noname057, notepad, nsis, NSIS, ntp open resolver, nxdomain, nymaim, occamy, october, offercore, ongoing, opencandy, openurl c, optimizer, orgid, org verizon, os, otx octoseek, outbound, passive dns, patcher, pattern match, paypal, paypal phishing, persistence, phish, phishing, phishing: Amazon.com, phishing chase, phishing huntington bank, Phishing - Mr.Looquer, phishing site, phone clone, pixelrz, please, png image, poisoning, policy cookie, policy imprint, pony, porkbun llc, porn, post na, powershell_create_scheduled, pragma, predator, prefetch2 name, premium, presenoker, programfiles, project, protocol h2, proxy, psexec, pua, pulse pulses, pulses, pulses url, pykspa, python_initiated-connection, qakbot, qbot, quasar, quasar rat, query, raccoon, ramnit, ransomexx, ransomware, rat, redirect, redirector, redline, redline stealer, referrer, registrar, registrar abuse, reimer, relacionada, related pulses, relayrouter, relic, remcos, remote job, render, reports, report spam, resolutions, resource, reverse dns, riskware, rms, role title, rsa sha256, runescape, safebae.org, safe site, sality, sample, samples, sandbox, scan endpoints, scanning_host, scanning ip’s, script domains, script script, script urls, search, search live, secrisk, secure, security, security tls, self, september, seraph, server, service, service privacy, serving ip, setup stub, sha256, show, showing, show technique, sibot, site, site safe, site top, skynet, slf features, snatch, social engineering, softonic, software, sonbokli, song culture, source source, spam, spammer, spam stats, span, spoof, spyrixkeylogger, ssl certificate, startpage, status code, stealer, stephen r ‘middleton’, strings, subdomains, submitters, summary, summary iocs, suppobox, suricata, suspected, suspicious, swipp, swipp9-arin, swipper, swrort, systweak, t1071, t1105, tag count, tag tag, target, target tsara brashears, tbmisch, team, team malware, technology, temp, this, threat report, threat roundup, Threats200220200050, threats et, thu aug, tiggre, title added, tld count, tofsee, top destination, top source, tor exit, tor known, tor relayrouter, traces aided, track, traffic, trellian, trojan, trojandropper, trojan features, trojanspy, trojanx, tsa b, tsara brashears, tsara lynn, tue dec, tulach, tulach.cc, twitter, ubot, ultimate, unauthorized, unauthorized scanning of hosts, union, united, united states, unknown, unlocker, unruy, unsafe, update checker, url analysis, url http, url https, urls, url summary, utc submissions, uztuby, value, variables, verisign, verizon, veryhigh, vidar, virus network, virustotal, virut, vitzo, VM, wacatac, wannacry kill, web attack, webtoolbar, whois, whois database, whois parent, whois record, whois siblings, whois whois, win32, win32 exe, win32.pdf.alien, win64, windir, %WINDIR%\System32\vm3dum_loader.dll\ source API Call, window, windows nt, wirelessdatanetwork, worm, write, x, x msedge, xrat, xtrat, Yandex, zbot, zeus, zpevdo
View other sources: Spamhaus VirusTotal

Country: Netherlands
Network:
Noticed: 22 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: United States of America
Passive DNS Results: 489163.xyz cnamefuckxxs.yuchen.icu xn–11x.fun evinfeoptasw.dedyn.io jeker.kim footbalreviews.com 669966.xyz www.ltwl.top dg.gua.im mi.gua.im pan.gua.im yun.gua.im shop.gua.im www.gua.im qqpro.gua.im status.gua.im yin.gua.im tool.gua.im short.gua.im hz.gua.im message.gua.im drive.gua.im api.gua.im url.gua.im gua.im community.gua.im manage.qqpro.gua.im dns.gua.im cf.gua.im game.gua.im cf.gua.gs short.gua.gs community.gua.gs api.gua.gs message.gua.gs qqpro.gua.gs drive.gua.gs yin.gua.gs game.gua.gs dg.gua.gs yun.gua.gs blog.gua.gs status.gua.gs shop.gua.gs url.gua.gs manage.qqpro.gua.gs tool.gua.gs hz.gua.gs www.gua.gs pan.gua.gs mi.gua.gs gua.gs dns.gua.gs ppoo.wte999.com

Open Ports Detected

2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

inetnum: 188.114.96.0 - 188.114.99.255
netname: CLOUDFLARENET-EU
descr: CloudFlare, Inc.
descr: 101 Townsend Street, San Francisco, CA 94107, US
descr: +1 (650) 319-8930
descr: https://cloudflare.com/
country: US
admin-c: CAC80-RIPE
tech-c: CTC6-RIPE
status: ASSIGNED PA
mnt-by: MNT-CLOUDFLARE
mnt-lower: MNT-CLOUDFLARE
mnt-routes: MNT-CLOUDFLARE
created: 2015-10-16T16:26:10Z
last-modified: 2015-10-16T16:26:10Z
person: Cloudflare Abuse Contact
address: Viktualienmarkt Rosental 7 80331 Munchen, DE
phone: +49 89 2555 2276
nic-hdl: CAC80-RIPE
mnt-by: MNT-CLOUDFLARE
created: 2012-06-01T23:27:49Z
last-modified: 2022-04-21T01:07:44Z
person: Cloudflare Technical Contact
address: Viktualienmarkt Rosental 7 80331 Munchen, DE
phone: +49 89 2555 2276
nic-hdl: CTC6-RIPE
mnt-by: MNT-CLOUDFLARE
created: 2012-06-01T23:35:57Z
last-modified: 2022-04-21T01:07:28Z
route: 188.114.96.0/24
origin: AS13335
mnt-by: MNT-CLOUDFLARE
created: 2020-06-15T18:05:37Z
last-modified: 2020-06-15T18:05:37Z

Links to attack logs

Share on: