194.9.94.85 Threat Intelligence and Host Information

Oct 19, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 194.9.94.85 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 90/100

Host and Network Information

  • Mitre ATT&CK IDs: T1012 - Query Registry, T1021 - Remote Services, T1027 - Obfuscated Files or Information, T1035 - Service Execution, T1036 - Masquerading, T1045 - Software Packing, T1046 - Network Service Scanning, T1055 - Process Injection, T1056.001 - Keylogging, T1056 - Input Capture, T1060 - Registry Run Keys / Startup Folder, T1080 - Taint Shared Content, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1112 - Modify Registry, T1113 - Screen Capture, T1140 - Deobfuscate/Decode Files or Information, T1179 - Hooking, T1181 - Extra Window Memory Injection, T1215 - Kernel Modules and Extensions, T1497 - Virtualization/Sandbox Evasion, T1547 - Boot or Logon Autostart Execution, T1566 - Phishing, T1587.001 - Malware, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0008 - Lateral Movement, TA0009 - Collection, TA0010 - Exfiltration, TA0011 - Command and Control

  • Tags: accept, access type, active, added active, address, adversaries, allocates, allocates rwx, android, antivm network, assembly, assembly common, assembly name, attack, auto-generated security, bad traffic, blob, borland delphi, c cmd, checks, ck id, click, clr version, connection, contacted, contained, copy, copyright, corrupt, cosmotown, country, create, created, createfilew, createsuspended, cryptexportkey, crypto_obfuscator, cve, cv jogjacamp, cyber security, data, date, dead host, deletes self, delphi generic, desktop, detect-debug-environment, direct-cpu-clock-access, domains, empty hash, encrypt files, entries, entropy, entropy chi2, error, et info, evader, executable, execution, exe nolookup, false, file execution, filehashmd5, filehashsha1, file type, f json, flag, france france, general, generic, generic cil, genericread, genericwrite, germany germany, get http, global, gmt flag, guid, high process, historical ssl, hkeyclassesroot, hkeycurrentuser, hong kong, host, http header, hybrid, icons library, info header, informative, inject, injection t1055, installs, intel, invalid pointer, ioc, ip detections, ipv4, juming network, keylogger, k wersvcgroup, language, learn, levelblue, link library, llc name, maas, malicious, malware, md5 code, medium, members, memcommit, mirai, mitre att, modules, money doc, monitor, mono, ms windows, namecheap inc, name md5, namesilo, name tactics, network icmp, neutral, Nextray, njrat, origin http, os2 executable, overlay, packer entropy, path, pe32, pe32 compiler, pe32 executable, pe features, persistence, pe unknown, phishing, png rticon, post http, process, process hollowing, proxy wpad, python, ransom, read c, reevil, registry, regopenkeyexa, regopenkeyexw, regsetvalueexw, related pulses, remote, request, resource name, role title, rticon neutral, runtime-modules, russsian data, rva entry, samplepath, sandbox evasion, sdermh, sdermh request, search, server, service, sha256, shell commands, show, showing, stealer, streams size, strings, success, suspicious, synapse, t1036, t1055, t1056, t1080, t1113, t1497, t1547, t1566, tags, target, tcp traffic, tools, tree, type, type indicator, type name, ukraine ukraine, united, united kingdom, url http, url https, viet nam, virtualallocex, webcc, webview, win16 ne, win32, win32 dll, win32 dynamic, win32 exe, win64, windir, windows, windows nt, write

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: bambenek_simda, coinbl_hosts, hphosts_ats, hphosts_emd, hphosts_fsa, hphosts_psh, yoyo_adservers

  • Country: Sweden
  • Network:
  • Noticed: 33 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: minicross.se minorum.se cykelfrakt.cc xn–drmlakan-o4a.se www.digitaldrive.se vajsky.se www.axiologics.xyz xn–avjmningsbalk-dfb.se www.media31.mindoman.se media16.asagasa.se www.wallsmasher.com kryptek.website check-it.website supplychallenge.training smashcasino.se www.bitcoinexpress.website circular.today tumm.tech qisey.site hemlig.org arcnewearth.org beyondbordershub.org platocreative.online xn–formulr-bxa.online infuzija-beograd.online hemportalen.online modernpsykiatri.online aexl.online promeneramedmig.online cson.one axl.mobi lommepenge.app kallbadhuset.com arc-themovement.com gastrikeforetagsformedling.com instantpropfirm.com stamspolsverige.com cloopistudios.com thriftlo.com studioblomqvist.com nostalgiengine.com toughercustom.com unibetresan.com sunagrofutureenergy.com www.media9.wordpress.mindoman.se schougmaklarfirma.se montevideoproject.com goteborgnytt.se dovebris.se lyra-app.se bygichana.be webbdesigngoteborg.se xn–bstadsposten-tcb.se mathallen.nu www.media2.wordpress2.mindoman.se magicmick.se weeno.se rosredovisning.se xn–efterskmedhund-0pb.se leadpartnerw.se lillisbygg.se spontinicatering.se miboconnection.se syn4p.se arkitekt-jurate.se norditraffic.se scaledarchitecture.se souk48.se openentry.ai viiafastigheter.se bakhult.se boopitdesign.se continuum365.tech deadlift.tech kryptek.store rasterdesign.org arc-themovement.org soloprenor2030.org idrottsupplevelser.online stonoga.online continuum365.online kryptek.online foodchainflow.net practorperformance.com truesecure.se corematrixinovations.com filterzaindividualnalozista.com skarpsanering.com filterizaindividualnalozista.com skarpvvs.com skarpbygg.com roamlyglobal.com skarpgroup.com skarpholding.com reshapemind.com cloopie.com viuzon.com skarpel.com crkleyewear.com toughercustoms.com karlektaxi.com filodeli.com rektornovum.com softcaresweden.com xn–gstrikefretagsfrmedling-v7b17bha.com healthyourselfup.se prylvalet.se aklejaspecialistklinik.nu residius.com strongmanmania.com whitecollarrebels.com floubralette.eu stevanovicmit.com andrekaconsulting.se skarpgruppen.com skarpmaleri.com continuum365.com skarpyta.com ecooffsetsolution.se skarpbyggservice.com idrottsupplevelser.com dirhamworldbank.com mebela.rs vetoteket.se soulcallerdccg.eu www.imagoprints.com www.panorama-photos.se panorama-photos.se cialda.rs latavola.se havind.se strandesjo.se vikingapnea.com www.agigov.org erektiondoktorn.se musikvidsiljan.se spf.staber.se lovestenmarck.com herfirstkit.com thegramercylab.com xrpblackrock.com the-authentic-man.com ekelundhsoftware.com isthisaimade.com swedenexplorer.com stilochprofil.com xn–hllbaromstllning-4nbi.com krisestyret.com aisalesus.com graphenius.com comicbookstorefinder.com norrlandsfonster.com human-ai-design.com jbodin.com psykologfokusstockholm.com metacognitivegolf.com k9stats.com usaisales.com swedenhuntingtrips.com voncato.com wiconbygg.com aiactoragency.com www.growordie.se vikhold.com renlyclean.com xn–mervrmland-t5a.com mermaidit.com bondas-garden.com vgbygg.com bonbonza.com cool-tass.com solclubacademy.com toutandthread.com thesilentrebellion.com sansanshowroom.com zenyarawear.com astruktur.com ridhusreglerna.com bunnyandbow.com odoosverige.com scaleamarketing.com nordickaffe.com cooltass.com uzivajuigri.com vpscamera.com gritvaluation.com vvskontroll.com salsespypeline.com lewaglobal.com pluggafysik.com futuregamesawards.com skogsvakten.com cwosh.com biogenaaestheticssweden.com elektro-ai.com lewapouches.com odooaffarssystem.com livecreativeagency.com vpscam.com agileofficesweden.com restaurangai.com aistiftelsen.com tystnatt.se vecka.app threadle.dev leximago.app flavourpal.app parqon.app vibeanalysis.dev novason.dev vibetrack.dev bolognese.app alpacaguru.app serviceskjema.app thegrow.app tradgardsstaderna.app golucy.app playfulmind.app timeglass.app studycheck.app moduel.app spael.app mycfo.app qalify.dev regentor.dev rgnt.app zocca.app broolsson.dev broolsson.app parqly.app learningbyfun.app navainsights.app navainsight.app stopthis.dev golfgadgets.app hillyisle.dev kpscalc.app mowfleet.app formelle.app racecrew.app projectorbit.dev trueunifiedvisibility.dev stickerzone.app sqorely.app projectorbit.app trueunifiedvisibility.app wsocial.app chefbrain.dev zestory.app chas-academy.dev maymun.dev staylinked.app retroagent.dev omai.dev trilobit.dev grannsam.app smartinsight.app pacepay.app swingping.app clearneed.app axet.app gastrona.app seatbunny.app goalplant.app roelliworld.app catrin.app myhrman.app wikenstam.com automatbutiken.com xrpcryptofinance.com web3globalfinance.com cntcntcnt.com innovasweden.com motorstudion.com ccauktion.com oslohundetreningssenter.com poolrobotar.com qrmehome.com ostiamo.com ecoshinefarsta.com usaweb3finance.com therlsjourney.com xn–simtagfrlivet-omb.com happeehealthhub.com glimrafarsta.com pahlenshop.com tinypaca.com eftero.com ugcscoring.com tunisiacruisetours.com psyhma.com weekmeet.com korkort247.com samoskuteri.com annasundell.com sakerhetsbutiken.com moovedby.com medicinskipedikir.com hundkocken.com qrmeback.com saluhallcity.com kryssling.com inlearnia.com oslo-hundetreningssenter.com bearlakemetals.com ugcmeet.com hovascountryclub.com moniersweden.com kateleonebooks.com hospiqo.com imtcloudworks.com bassengrenser.com dropshipswedishcandy.com creatingwowproducts.com safelabsai.com bassengrobot.com collagevivant.com livsmedicus.com mijove.com bahafilm.com martinwikner.com simtagforlivet.com paincurepharma.com fifacaps.com olssonpersson.com nailmouse.com biurconsulting.com ccauktioner.com konfliktkoll.com caisacare.com creativelyeffective.com fridatronnberg.com xn–snglektioner-tcb.com xn–caisavrd-f0a.com studiosananes.com arkiverat.com konfliktkollen.com carolinesorensen.com fondacijaslobodanjovanovic.com fremtidsfullmakt.com dreaddrop.com nermanredovisning.com plexiora.com dahliaforlife.com masterfarsi.com frsbrg.com nordiglabs.com citrinmagi.com elitsportscenter.com lundstedtinteriors.com aeviae.com pbutenas.com thehonestedition.com sangskola.com mindestories.com havskraft.com superkanslorna.com queenonomics.com olanger.com heilhauser.com lqheating.com lymphoria-lifedesign.com nordicchop.com shoeletter.com julmarknader.com mapletreedoula.com stockholmstrong.com storeplus963.com pizzakingen.com mytradingpsychologist.com elitsportpro.com krofnaalidomaca.com ilsson.com haellsten.com skapatavstridh.com rootmonger.com kiosbyte.com saabclassiccars.com svenskformvast.com enzobassotto.com liebigungerth.com adhracing.com redomega3.com calzoneandwine.com robbansbilomc.com rekyra.com skillsethandball.com swedenfineartservices.com xn–rentmjlipsen-1cb8u.com ai-native-development.com carpville.com lysekilen.com dalageo.com nextgolfgeneration.com ollisdeli.com blagronodling.com rattfram.com noyo-candles.com affarsoverlatelser.com revolutuae.com monolectrik.com arkobygg.com linnodesign.com xrpglobalbank.com dalageokonsult.com ripplewallstreet.com chilivanilli.com noyocandles.com bgodling.com xn–linn-8qa.com strategywolves.com empatiappen.com libertybankid.com zurisoil.com mediwerse.com omsatira.com parfectescape.com xn–linndesign-hcb.com ladidaagency.com record-labs.com dalageoteknik.com largedroneservices.com swefas.com orusttradgard.com minboagent.com umeagame.com arvalenai.com tungalastbilar.com esertifikacije.com berlin1945.com dinbostadsagent.com arvalen.com punktmolnsspecialisten.com grillhabitat.com stailme.com xn–ryk-sna.com minbostadsagent.com petmealdelivery.com semantiskdesign.com qliora.com embodiedjournaling.com tidpilot.com voibro.com wercsta.com tercoautomotive.com xn–retronrd-s4a.com abmetti.com webbwerkstan.com gardenbysofia.com alextotal.com amiciv.com llindeberg.com adhdburnouts.com familyfitnesstools.com tovesfisk.com esertifikacija.com tidsresa.com webbcoachen.com terco-automotive.com sse-academia.com deverze.com lhwstable.com amicivinorum.com biodiversityplaybook.com canceraltdelete.com tercoeducation.com tedabele.com bragdelleriksson.com brandvar.com terco-education.com blasterbolaget.com brannerud.com vdlinternational.com vattenprov.com dissonansvinkel.com fuzed.fi vdlnordic.com co-shout.com arktiskakvinnorab.com bearlakeresearch.com fritidsbolagen.com modulblocks.com cdn.firmakartan.se hyunabeauty.com xn–hemesterbyrn-3cb.com ya-ki-ra.com bruksvallarna.com hemesterbyran.com bearlakeassets.com testingcasino.com ringondev.com rolehopartners.com bearlakeinvest.com retronord.com vdlbuild.com birkai.com sanoequineacademy.com fridakieser.com julie-cruz.com creativistai.com

Malware Detected on Host

Count: 50 324cb5fedda2ba21e24c92591c25ae6df7e743f4032c44816d917bc7de085127 cdb950cd16f64982c5af4b7bd2fa87c42ce6fd052bd3b58e4d6c6f890646a00f 50ed94b30cca0751a09b7603cbf8bb97c2422769bb1369f8bb0f3b93a588cc83 fc52c7ba0479d465b60c7e483d3572f621f36783c8dfbb36e951e3945bb5882e fd82b4b7cb64a525c26c2770883bae97b22f373a09cee80ab16cee2df5d1f577 0875446f994f7a7caa21ff1a646ba5ec5b42e77e265fa86885d0f717a1ed8833 b667afe14e29f6e587dd3d0474e5e912eec33e55d3348704b2b66fa3fe85458a 4b40782a2246d04c2506000dce87b0dd5ea5c7819d0d5476b9c10c2067d68f43 676010f16899856efdfa9bc74487d11a1fff545b60abeb9f55bd9aa821f8bf64 b647092d1858ddd2efa9ee3e184e7c9dde96d7500c7e15957ce157f09de9666c

Open Ports Detected

80

CVEs Detected

CVE-2007-3205 CVE-2013-2220 CVE-2024-11233 CVE-2024-11234 CVE-2024-11236 CVE-2024-3566 CVE-2024-8929 CVE-2024-8932 CVE-2025-1217 CVE-2025-1219 CVE-2025-1220 CVE-2025-1734 CVE-2025-1735 CVE-2025-1736 CVE-2025-1861 CVE-2025-6491

Map

Whois Information

  • inetnum: 194.9.94.0 - 194.9.95.255
  • netname: SE-LOOPIA
  • org: ORG-LA133-RIPE
  • country: SE
  • admin-c: LPA31-RIPE
  • tech-c: LPA31-RIPE
  • status: ASSIGNED PI
  • mnt-by: RIPE-NCC-END-MNT
  • mnt-by: LOOPIA-MNT
  • mnt-routes: LOOPIA-MNT
  • created: 2003-09-04T15:01:36Z
  • last-modified: 2023-12-19T15:00:25Z
  • organisation: ORG-LA133-RIPE
  • org-name: Loopia AB
  • country: SE
  • org-type: LIR
  • address: Kopparbergsv 8
  • address: 72213
  • address: Vasteras
  • address: SWEDEN
  • phone: +4621128222
  • mnt-ref: RIPE-NCC-HM-MNT
  • mnt-ref: LOOPIA-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: LOOPIA-MNT
  • admin-c: JL11832-RIPE
  • tech-c: DH7467-RIPE
  • tech-c: JL11832-RIPE
  • abuse-c: LA5352-RIPE
  • created: 2007-12-20T11:11:12Z
  • last-modified: 2020-12-16T13:02:07Z
  • role: LOOPIA NOC
  • address: Loopia AB
  • address: Kopparbergsvagen 8
  • address: 72213 Vasteras
  • address: Sweden
  • nic-hdl: LPA31-RIPE
  • abuse-mailbox: abuse@loopia.se
  • admin-c: DH7467-RIPE
  • admin-c: JL11832-RIPE
  • tech-c: DH7467-RIPE
  • tech-c: JL11832-RIPE
  • mnt-by: LOOPIA-MNT
  • created: 2023-12-19T09:21:59Z
  • last-modified: 2023-12-19T09:21:59Z
  • route: 194.9.94.0/23
  • descr: SE-LOOPIA
  • origin: AS39570
  • mnt-by: LOOPIA-MNT
  • created: 2006-06-01T07:05:14Z
  • last-modified: 2015-12-29T10:57:51Z

Links to attack logs

****** ****** ******

Share on: