188.114.99.137 Threat Intelligence and Host Information

Aug 23, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 188.114.99.137 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1176 - Browser Extensions, T1496 - Resource Hijacking, T1497 - Virtualization/Sandbox Evasion
Tags: 0 report, aaaa, abuse, accept, acint, address, adformatplain, adload, adnetworks, a domains, adposbottom, age7200 path, agent, agent tesla, agenttesla, alexa, alexa top, all octoseek, all scoreblue, analysis, analyze, analyzer paste, analyzer threat, anchor, anchor href, anchor hrefs, andromeda, apache, apple, apple ios, april, artemis, artro, as196763, as44273 host, as46606, ascii text, asn as16509, astaroth, attack, august, ave maria, awful, azorult, back, bambernek, bandoo, bank, b body, betabot, blacklist, blacklist http, body, body doctype, body length, bq jun, bradesco, brontok, bundled, cellbrite, certificate, changelog, cisco umbrella, citadel, class, cleaner, click, cloud xcitium, coalition, cobalt strike, code, communicating, conduit, contacted, contacted urls, cookie, copy, core, country, covid19, creation date, critical, critical risk, crypt, crypto, customer, cutwail, cyber security, cyber threat, dark power, data, date, de indicators, detection list, detplock, #discordwallets, div div, div section, dnspionage, dns poisoning, dnssec, domain, domains, domaiq, download, downloader, dropper, emails, emotet, encrypt, engineering, entries, error, et tor, execution, exploit, facebook, fakealert, fake update, falcon sandbox, fareit, february, file, files, filetour, floxif, footer, form, formbook, for privacy, friendly, function, fusioncore, general, generator, generic, generic malware, germany asn, germany unknown, gmbh version, gmt connection, gmt content, gmt max, hacktool, hashes, header, heur, historical ssl, history first, hostname, hostnames, hotmail, house.mo.gov, hrefs, html document, html info, http, httponly, hybrid, iana id, idat loader, iframe, impressum, installcore, installer, installpack, internet storm, invicta stealer, iocs, ip address, ip detections, ip summary, ipv4, isadultno, june, keybase, keygen, kgs0, kiannas law, kls0, known tor, kovter, kryptik, kuaizip, kukacka jan, layer, legal, link, location united, lockbit, mail spammer, main, malicious, malicious site, malicious url, maltiverse, malware, malware site, march, matsnu, meta, metro, million, mimikatz, miner, monitoring, moved, name, name servers, nanocore, networm, next, nexus, nircmd, november, nymaim, occamy, october, open, opencandy, orcus rat, otx telemetry, outbreak, passive dns, password, paste, patcher, pattern match, pegasus, pe resource, phishing, phishing site, pony, presenoker, problems, psexec, pulse pulses, pulse submit, pyinstaller, pykspa, quasar rat, radamant, ransomware, record type, record value, redacted for, redline stealer, referrer, registrar, registrar abuse, registrar url, registrar whois, registry domain, remcos, resolutions, response final, revil, riskware, runescape, safe site, sample, samples, scan endpoints, script domains, script script, script urls, sea alt, search, secrisk, server, servers, service, service privacy, serving ip, sha256, showing, silent, simda, site, sodinokibi, sophos sophos, ssl certificate, startpage, status, status code, status page, stealc, stealer, steam, strike, strings, subdomains, submission, summary, suppobox, tag count, #targeting, team, team phishing, team top, tech email, telefonica co, threat, threat report, threat roundup, tinba, title, title launch, tmobile, tofsee, trojan, trojandropper, trojanx, tsara brashears, ttl value, ukraine, united, unknown, unruy, unsafe, upgrade, url analysis, url https, urls, urls http, url summary, utc http, utilizes new, vawtrak, verdict cloud, virtool, virustotal, virut, wacatac, wed aug, whois record, whois whois, win32, win64, x adblock, xcitium verdict, xl div, xtrat, zbot, zeus, zpevdo
View other sources: Spamhaus VirusTotal

Country: Netherlands
Network:
Noticed: 15 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: United States of America

Malware Detected on Host

Count: 29 d66e4fad5b7d54346a00d5749c08cc20fd1f4a08e77f5d38ed3eb3405f8a9c92 ae3ee905373046d4c3e11c504907bc0a106fd719de18f10fecf1cbc2cfdccb50 54dd1945b0e3520c99b250b7ce744803e37d1da4b11e68608951502f9d382534 627435f52af2bd13cb08e0861171bc3603df9ec10cc97f62f4e5d59a42693076 7d69ddf0120668d59ad4e0630a83dabb6816e794aa303a4b3c5cdf5b451679c9 293de7d4c11b443e07e5153cc2df4e484d9555136ab35ecb82bcfc4809af2948 149473bc8ebcb53555efd48e0c0e861a320aeb09ef693283c6d6aa51a67f02df 8098163caba8502eee3640616389c89d18f41cae781049876a06422d27756ac8 14ea6f1a280d7203f57b5231470251a0b07c898d6ed383323fba483a7551eb90 071b1bf447eab5c841a4b877a207f65be20c239689f77978a433dae913a6dea1

Open Ports Detected

2052 2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

inetnum: 188.114.96.0 - 188.114.99.255
netname: CLOUDFLARENET-EU
descr: CloudFlare, Inc.
descr: 101 Townsend Street, San Francisco, CA 94107, US
descr: +1 (650) 319-8930
descr: https://cloudflare.com/
country: US
admin-c: CAC80-RIPE
tech-c: CTC6-RIPE
status: ASSIGNED PA
mnt-by: MNT-CLOUDFLARE
mnt-lower: MNT-CLOUDFLARE
mnt-routes: MNT-CLOUDFLARE
created: 2015-10-16T16:26:10Z
last-modified: 2015-10-16T16:26:10Z
person: Cloudflare Abuse Contact
address: Viktualienmarkt Rosental 7 80331 Munchen, DE
phone: +49 89 2555 2276
nic-hdl: CAC80-RIPE
mnt-by: MNT-CLOUDFLARE
created: 2012-06-01T23:27:49Z
last-modified: 2022-04-21T01:07:44Z
person: Cloudflare Technical Contact
address: Viktualienmarkt Rosental 7 80331 Munchen, DE
phone: +49 89 2555 2276
nic-hdl: CTC6-RIPE
mnt-by: MNT-CLOUDFLARE
created: 2012-06-01T23:35:57Z
last-modified: 2022-04-21T01:07:28Z
route: 188.114.99.0/24
origin: AS13335
mnt-by: MNT-CLOUDFLARE
created: 2020-06-15T18:05:37Z
last-modified: 2020-06-15T18:05:37Z

Links to attack logs

Share on: