188.114.96.22 Threat Intelligence and Host Information

Oct 27, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 188.114.96.22 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1056 - Input Capture, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1140 - Deobfuscate/Decode Files or Information, T1218 - Signed Binary Proxy Execution, T1410 - Network Traffic Capture or Redirection, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1497 - Virtualization/Sandbox Evasion, T1547 - Boot or Logon Autostart Execution, T1566 - Phishing, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0006 - Credential Access, TA0011 - Command and Control
Tags: 0x104, 0x11a, 0x12b, 0x14a, 0x14e, 0x228, 0x97, 0xc6, 0xe1, 0xf5, 1cend, 311218982, aafunction, accept, addbillinginfo, addcookiedomain, address, addtocart, addtolist, addtowishlist, adload, adore, adview, adware, afunction, agreement, alert, android, anonymisation services, Anonymizer, api, api call, apk, apple, april, arial, array, array int8array, attack, attr, august, b1342177279, bad event, badges, bad idp, bad traffic, bfunction, binary file, blacklist, blackshades, body length, boolean, bootstrap, Botnet Command and Control, bound, bradesco, brands, brashears music, brashears song, browser malware, cantarell, capture, caregexp, child, cisco umbrella, ciudad, ck id, ck matrix, class, click, closure library, cnzzdata, Cobalt Strike, code, communicating, consolas, contact, contacted, contentlength, content reputation, contenttype, cookie, cookiebot, cookiebot setup, cookieconsent, cookie script, cool, copy, copyright, core, covid19 scam, crios, culture, custom, customevent, cyber threat, czuuid, dafunction, dataalignleft, date, dead, details \iexplore.exe\ trying to touch file %WINDIR%\System32\v, detect, difficult, dns, DNS Requests, done, download, dpt, drops, duotone, easy, edge, elem, element, email, email address, embed, emotet, enduser license, enough, enter otp, error, et tor, europe, evasive, execution, exit, expando, experiment, extra, f39c11, facebook, fafafa, falcon sandbox, fall, false, fban, february, ff6c2c, figcaption, file, file access, filename, file query, files marked clean, final url, find, flag, fnumber, font awesome, fontface, form, foruserlogin, fullscreen, function, functional, gamarue, gaugescookie, gaugesgauges, gaugestracker, gaugesunique, gaugesuniqueday, gc, gc3w7t6h5qw, geckohost, generic, generic malware, getpost, get search, gif image, gmt0600, goldfinder, google, Google search, gtmmdcvhgd, gtmnxs92ns, gtmwb4lhq4, gtmwrdf3cb, hacking, hacktool, handle, helvetica, helvetica neue, hidden users, hifi, historical ssl, hj, hnew regexp, host, hosts process, hotjar, hstc, httponly, http response, https webserver, hubspot, hubspot cookie, iabv2, id attribute, ienew ca, \iexplore.exe\ trying to touch file, iframe, image, indexed, infinity, infostealer, inject, injection, install, installer, instanceof, internal, invalid attempt, invalid path, invalid uuid, ios, iterator, javascript, jeffrey, jeffrey reimer dpt, jfif, jpeg image, jsonversion, july, Jumpseller phishing, june, kafunction, kb body, kedence, keybase, keyloggers, keypress, kfunction, kkfunction, known tor, large, lead, legacy, lh, license, live, local, login, logon, lumma stealer, malicious, malicious host, malicious server, malicious url, malvertizing, malware, march, mark, match, mcfunction, medium, member, menlo, meta, methodstrict, metro, misc attack, mit license, mitre, mitre att, monaco, monitoring, montserrat, most, msie, msil, music, mutation, mvoid, network, network related, never, nights, ninja, nkfunction, n nn, node, node traffic, noname057, NSIS, ntp open resolver, null, number, object, october, ofunction, openurl c, os, otpviamail, otpviasms, overlaylevel, oxygensans, p420, pageview, pass, path, pattern match, paypal, paypal phishing, persistence, pfunction, phishing, phishing: Amazon.com, phishing huntington bank, Phishing - Mr.Looquer, phone number, phonenumber, piscriptnum, pixelrz, png image, poisoning, poll, porn, possible, prefetch2 name, productnav, programfiles, project, prop, property, pseudo, pua, public, qe, qfunction, qkfunction, query, quick question, quota, rat, redirect, reduceright, referrer, regexp, reimer, relayrouter, relic, resolutions, return, rkfunction, roboto, rplginitsvg, rplglang, russia, safe site, sandbox, sans, scanning_host, scanning ip’s, script, sdkversion, search, secondarynav, secure, seed, segoe ui, selector, september, service, serving ip, setapibaseurl, sha256, show technique, sibot, signup, site, skfunction, skynet, slice, small, social engineering, song culture, sound icon, source, spam, span, ssl certificate, status code, string, styles, subdomains, suricata, survey, swiper, sxa0, symbol, t1071, t1105, target, tbmisch, telefon, template, textjavascript, thank, this, threat roundup, Threats200220200050, ticket, track, trackevent, trackpageview, trellian, trident, trigger, true, tsara lynn, tucows, twitter, typecheckbox, typeerror, typeof, typeof atrkopts, typeof b, typeof d, typeof define, typeof e, typeof enulle, typeof module, typeof n, typeof r, typeof require, typeof symbol, typeof t, typeof window, u00e5r siden, u04b004b1, u10ecu10d8u10dc, u1c801c88, u20b4, u2116, u2640u2642, u2de02dff, ua640a69f, ubuntu, ud83d, ud83dudc6cud83c, ud83e, udc66udc67, udc68udc69, udfcbudfcc, ufe0f, ufe2efe2f, ufunction, uint8array, umdistinctid, unauthorized scanning of hosts, united, unknown method, username, vd, verify, version, video, viewcontent, vimeo, virut, VM, void, whois record, whois siblings, whois whois, widget, win32, windir, %WINDIR%\System32\vm3dum_loader.dll\ source API Call, window, windows nt, woff2, xhfunction, xlfunction, xmlhttprequest, Yandex, yhfunction, zdhxiong, zfunction
View other sources: Spamhaus VirusTotal

Country: Netherlands
Network:
Noticed: 14 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: Tunisia, United States of America
Passive DNS Results: cnamefuckxxs.yuchen.icu xn–11x.fun qaup86.awlubcgd4oqzwwk3t23i.buzz v4772.ju3wyuwtei.buzz www.gua.im yin.gua.im roz-theme.ir www.ltwl.top pan.gua.im shop.gua.im mi.gua.im qqpro.gua.im hz.gua.im status.gua.im tool.gua.im short.gua.im yun.gua.im drive.gua.im gua.im dg.gua.im url.gua.im community.gua.im api.gua.im blog.gua.im cf.gua.im dns.gua.im game.gua.im

Open Ports Detected

2052 2053 2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

inetnum: 188.114.96.0 - 188.114.99.255
netname: CLOUDFLARENET-EU
descr: CloudFlare, Inc.
descr: 101 Townsend Street, San Francisco, CA 94107, US
descr: +1 (650) 319-8930
descr: https://cloudflare.com/
country: US
admin-c: CAC80-RIPE
tech-c: CTC6-RIPE
status: ASSIGNED PA
mnt-by: MNT-CLOUDFLARE
mnt-lower: MNT-CLOUDFLARE
mnt-routes: MNT-CLOUDFLARE
created: 2015-10-16T16:26:10Z
last-modified: 2015-10-16T16:26:10Z
person: Cloudflare Abuse Contact
address: Viktualienmarkt Rosental 7 80331 Munchen, DE
phone: +49 89 2555 2276
nic-hdl: CAC80-RIPE
mnt-by: MNT-CLOUDFLARE
created: 2012-06-01T23:27:49Z
last-modified: 2022-04-21T01:07:44Z
person: Cloudflare Technical Contact
address: Viktualienmarkt Rosental 7 80331 Munchen, DE
phone: +49 89 2555 2276
nic-hdl: CTC6-RIPE
mnt-by: MNT-CLOUDFLARE
created: 2012-06-01T23:35:57Z
last-modified: 2022-04-21T01:07:28Z
route: 188.114.96.0/24
origin: AS13335
mnt-by: MNT-CLOUDFLARE
created: 2020-06-15T18:05:37Z
last-modified: 2020-06-15T18:05:37Z

Links to attack logs

Share on: