188.114.99.236 Threat Intelligence and Host Information

Oct 22, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 188.114.99.236 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

Mitre ATT&CK IDs: T1018 - Remote System Discovery, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1041 - Exfiltration Over C2 Channel, T1043 - Commonly Used Port, T1045 - Software Packing, T1046 - Network Service Scanning, T1051 - Shared Webroot, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056 - Input Capture, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1068 - Exploitation for Privilege Escalation, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1080 - Taint Shared Content, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1085 - Rundll32, T1095 - Non-Application Layer Protocol, T1096 - NTFS File Attributes, T1105 - Ingress Tool Transfer, T1112 - Modify Registry, T1114 - Email Collection, T1119 - Automated Collection, T1123 - Audio Capture, T1125 - Video Capture, T1129 - Shared Modules, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1155 - AppleScript, T1179 - Hooking, T1190 - Exploit Public-Facing Application, T1199 - Trusted Relationship, T1202 - Indirect Command Execution, T1210 - Exploitation of Remote Services, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1457 - Malicious Media Content, T1472 - Generate Fraudulent Advertising Revenue, T1480 - Execution Guardrails, T1497 - Virtualization/Sandbox Evasion, T1506 - Web Session Cookie, T1512 - Capture Camera, T1518 - Software Discovery, T1539 - Steal Web Session Cookie, T1543 - Create or Modify System Process, T1547 - Boot or Logon Autostart Execution, T1553 - Subvert Trust Controls, T1562 - Impair Defenses, T1565 - Data Manipulation, T1566 - Phishing, T1568 - Dynamic Resolution, T1569 - System Services, T1573 - Encrypted Channel, T1574 - Hijack Execution Flow, T1583.002 - DNS Server, T1583 - Acquire Infrastructure, T1586 - Compromise Accounts, T1598 - Phishing for Information, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0006 - Credential Access, TA0007 - Discovery, TA0011 - Command and Control
Tags: a1sticas, aaaa, ability, accept, accept encoding, access, access denied, actionu, active related, added active, adobe, adobe dynamic, a domains, aho data, ahtrnaah typ, ah types, akamai rank, alerts, allocate, allocate rwx, all scoreblue, all search, ally, alphacrypt cnc, analysis, analysis date, analysis ob0001, analysis ob0002, android, android device, ansi, a nxdomain, api key, apple, apple ios, apple pegasus, application, apt, artemis, as13916, as16509, as16625 akamai, as20940, as22843, as2914 ntt, as31109, as31898 oracle, as396982 google, as54113, as8068, as8987 amazon, ascii text, asnone united, assessment, attacks against, august, av detection, av detections, b0001 process, b0003 delayed, backdoor, bad login, bae systems, bayrob, beacon, body, botnet campaign, bran, britain, bundled, business value, ca1 odigicert, camera, catalog tree, cchk asnas26658, certificate, checkin, chrome, cidr, ciphersuite, city san, ck id, ck ids, click, close, cname, cndigicert sha2, cobalt strike, code, command, command decode, commands, communicating, communications, complete, compromise, comspec, conhost, contact, contacted, contains pdb, content reputation, co number, cookie, copy, core, costa rica, create, created, creation date, crowdstrike, crypto, csccorpdomains, cu000163mw, cus cndigicert, customer, cve20185723, cve cve20170147, cve cve20178570, cve cve20178977, cyber army, cyber attack, cyber defense, daisy coleman, data, data manipulation, data upload, data uptoad, date, date more, default, delete c, destination, detections, digicert inc, discovery, displayname, div div, dll sideloading, dname, dns resolutions, domain, domains, domains part, domain tracker, dom dom, doppelgnging, dos executable, download, dulce sphown, duptwux, dynadot privacy, dynamicloader, e1082 file, e1083 impact, e1203 windows, e1 fingerprint, ea first, ecacc, ECFMG, economic impact, ee fingerprint, ee sha256, email, embeddedwb, emulation, encrypt, enter, enter s, enter sc, entity, entries, enumerate, error, et, et att, et tor, evasion ob0006, excludedocs, exclude sugges, executable, execute, execution, exit, expiration, expiration date, expiration http, exploit ss7, extrachttp, extraction, extr included, facebook, failed, falcon sandbox, fancy bear, fbi flash, february, figure, file analysis, filehashimphash, filehashmd5, filehashpehash, filehashsha1, filehashsha256, files, file score, files dropped, file system, first, flow t1574, focusapplicant, folder, form, fort collins, found, france, front, ftp username, full name, gartner, general, generic, generic windos, germany unknown, get file, gmt content, gmt server, hackers, hacktool, hallrender, hashes, hash seen, help4u, high, highest, high level, historical ssl, hos host, hos hostname, hostname, hosts, html info, http, https, hx88x9ax1e, hybrid, hybrid analysis, icann whois, ico rtgroupicon, ids detections, images bae, include review, inc validity, indicator of compromise, indicator role, indicators show, indicator type, ind indicator, info, infrastructure, intealth, intel, intelligence, invalid url, ioc, iocs, ip address, ip traffic, ipv4, january, jeffrey scott, june, known tor, kx81xdbx0f, layer protocol, learn, learn more, legacy, link function, linux, lmenlo park, local, locker, logistics, logo analysis, london, look, lookup, magic quadrant, main, malcore, malware, manually add, maps assist, mateo country, may sleep, media content, medium, melika, memory pattern, meta, meta tags, mirai, misc attack, mitre att, mobileoptimized, model, modified, modify system, modules t1129, months ago, moved, mozilla, msclkidn, msie, ms windows, mtb jun, mtb may, multi scan, mutexes, name john, name servers, net148, net1480000, nethandle, netrange, network, networks, neutral, new problems, news videos, next, next associated, nids, node traffic, no entries, no expiration, nsi1, null, number, nxdomain, ob0007 system, october, octoseek public, odigicert inc, ometa platforms, online, open, openioc, orgtechhandle, os2 executable, osi application, otx scoreblue, overlay, pagehrsappjbpst, panda, pandas, part, part1, passive dns, password, path, pattern domains, pattern match, pcap, pcap processing, pdf report, pe32, pe file, pegasus, persistence, phishing, phone callssms, platform, please, please note, po box, port, possible, postingseq1, prefetch8 ansi, present apr, present jun, present mar, present may, probe, problems, process, process t1543, project skynet, proofpoint, protocol, puls, pulse pulses, pulses, pulses hostname, pulse sthow, pulse submit, pulses url, push, python, query, ragnar, ragnar locker, ransom, ransomware, read c, realized, references, referrer, refresh, regbinary, registrar abuse, registry, registry keys, regsetvalueexa, reimer dpt, related pulses, relayrouter, remote system, reports, report spam, reputation, request email, resolutions, restart, reverse dns, reverse domain, robtex, role title, root account, roundup, r role, rticon neutral, rundll32, run keys, sabey, safe search, sakula rat, sample, samplepath, sandbox, sa victim, scan, scan endpoints, script domains, script urls, sc type, search, search filter, search settings, section, sections, server, servers, service, set registrya, severity, sha1, sha256, shared content, shipton, show, showing, show process, signals mutexes, siteid1, size, size17kib type, social media, source, sourcelnms, southeast, span, ssl certificate, starfield, startpage, startup, static, status, stcalifornia, steals, stix, stranger things, stream, strings, subject public, submission name, submit, sugges data, suricata stream, suspicious, suspicious path, switch dns, systems defense, t1036, t1043, t1055 system, t1059 accept, t1060, t1068, t1071, t1080, t1085, t1105 ingress, t1114, t1125, t1179, t1190, t1449, t1457, t1472, t1497 query, t1512, t1566, ta0001, ta0002, ta0003, ta0004, tag management, target, tbmvid, tcp syn, tech, temp, terse http, threat network, threat roundup, time sabey, title added, tls rsa, tofsee, tools, tool transfer, trident, trojan, trojanclicker, trojandropper, tsara brashears, twitter, type, type indicator, types, types of, typ url, UAlberta, united, united kingdom, unknown, unknown ns, unknown win, upgrade, upx alerts, url analysis, url dom, url domain, url feb, url http, url https, urls, urls tcp, url url, us creation, user, username, userprofile, utc bing, utc na, utf8 text, uunet, v3 serial, value emails, ver2, verify, verisign, vetting process, video capture, virtool, virtual mobile, virus, virustotal, vj92, vxstream, wannacry kill, weeks ago, westlaw, whitelisted, whois lookup, whois record, win16 ne, win32, win32 exe, win32upatre aug, win64, windows, windows event, windows link, windows nt, windows service, worm, write, written c, wx99xcdx11, x82xd4, x86xd3, xa1xf1, xe8xc2x14, xe8xc6x13, xml rtmanifest, x msedge, xorddos, x show, yara, yara detections, year ago, zx1724209326040
View other sources: Spamhaus VirusTotal

Country: Netherlands
Network:
Noticed: 11 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: Canada, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: cryptoinvestitions.com www.cryptoinvestitions.com

Open Ports Detected

2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

inetnum: 188.114.96.0 - 188.114.99.255
netname: CLOUDFLARENET-EU
descr: CloudFlare, Inc.
descr: 101 Townsend Street, San Francisco, CA 94107, US
descr: +1 (650) 319-8930
descr: https://cloudflare.com/
country: US
admin-c: CAC80-RIPE
tech-c: CTC6-RIPE
status: ASSIGNED PA
mnt-by: MNT-CLOUDFLARE
mnt-lower: MNT-CLOUDFLARE
mnt-routes: MNT-CLOUDFLARE
created: 2015-10-16T16:26:10Z
last-modified: 2015-10-16T16:26:10Z
person: Cloudflare Abuse Contact
address: Viktualienmarkt Rosental 7 80331 Munchen, DE
phone: +49 89 2555 2276
nic-hdl: CAC80-RIPE
mnt-by: MNT-CLOUDFLARE
created: 2012-06-01T23:27:49Z
last-modified: 2022-04-21T01:07:44Z
person: Cloudflare Technical Contact
address: Viktualienmarkt Rosental 7 80331 Munchen, DE
phone: +49 89 2555 2276
nic-hdl: CTC6-RIPE
mnt-by: MNT-CLOUDFLARE
created: 2012-06-01T23:35:57Z
last-modified: 2022-04-21T01:07:28Z
route: 188.114.99.0/24
origin: AS13335
mnt-by: MNT-CLOUDFLARE
created: 2020-06-15T18:05:37Z
last-modified: 2020-06-15T18:05:37Z

Links to attack logs

Share on: