194.9.94.86 Threat Intelligence and Host Information

Oct 19, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 194.9.94.86 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 90/100

Host and Network Information

  • Mitre ATT&CK IDs: T1012 - Query Registry, T1021 - Remote Services, T1027 - Obfuscated Files or Information, T1035 - Service Execution, T1036 - Masquerading, T1045 - Software Packing, T1046 - Network Service Scanning, T1055 - Process Injection, T1056.001 - Keylogging, T1056 - Input Capture, T1060 - Registry Run Keys / Startup Folder, T1080 - Taint Shared Content, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1112 - Modify Registry, T1113 - Screen Capture, T1140 - Deobfuscate/Decode Files or Information, T1179 - Hooking, T1181 - Extra Window Memory Injection, T1215 - Kernel Modules and Extensions, T1497 - Virtualization/Sandbox Evasion, T1547 - Boot or Logon Autostart Execution, T1566 - Phishing, T1587.001 - Malware, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0008 - Lateral Movement, TA0009 - Collection, TA0010 - Exfiltration, TA0011 - Command and Control

  • Tags: accept, access type, active, added active, address, adversaries, allocates, allocates rwx, android, antivm network, assembly, assembly common, assembly name, attack, auto-generated security, bad traffic, blob, borland delphi, c cmd, checks, ck id, click, clr version, connection, contacted, contained, copy, copyright, corrupt, cosmotown, country, create, created, createfilew, createsuspended, cryptexportkey, crypto_obfuscator, cve, cv jogjacamp, cyber security, data, date, dead host, deletes self, delphi generic, desktop, detect-debug-environment, direct-cpu-clock-access, domains, empty hash, encrypt files, entries, entropy, entropy chi2, error, et info, evader, executable, execution, exe nolookup, false, file execution, filehashmd5, filehashsha1, file type, f json, flag, france france, general, generic, generic cil, genericread, genericwrite, germany germany, get http, global, gmt flag, guid, high process, historical ssl, hkeyclassesroot, hkeycurrentuser, hong kong, host, http header, hybrid, icons library, indicator name, info header, informative, inject, injection t1055, installs, intel, invalid pointer, ioc, ip detections, ipv4, juming network, keylogger, k wersvcgroup, language, learn, levelblue, link library, llc name, maas, malicious, malware, md5 code, medium, members, memcommit, mirai, mitre att, modules, money doc, monitor, mono, ms windows, namecheap inc, name md5, namesilo, name tactics, network icmp, neutral, Nextray, njrat, origin http, os2 executable, overlay, packer entropy, path, pe32, pe32 compiler, pe32 executable, pe features, persistence, pe unknown, phishing, png rticon, post http, process, process hollowing, proxy wpad, python, ransom, read c, reevil, registry, regopenkeyexa, regopenkeyexw, regsetvalueexw, related pulses, remote, request, resource name, role title, rticon neutral, runtime-modules, russsian data, rva entry, samplepath, sandbox evasion, sdermh, sdermh request, search, server, service, sha256, shell commands, show, showing, stealer, streams size, strings, success, suspicious, synapse, t1036, t1055, t1056, t1080, t1113, t1497, t1547, t1566, tags, target, tcp traffic, tools, tree, type, type indicator, type name, ukraine ukraine, united, united kingdom, url http, url https, viet nam, virtualallocex, webcc, webview, win16 ne, win32, win32 dll, win32 dynamic, win32 exe, win64, windir, windows, windows nt, write, xamzexpires300

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: bambenek_simda, coinbl_hosts, hphosts_ats, hphosts_emd, hphosts_fsa, hphosts_psh, yoyo_adservers

  • Country: Sweden
  • Network:
  • Noticed: 45 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: minicross.se minorum.se cykelfrakt.cc xn–drmlakan-o4a.se www.digitaldrive.se vajsky.se www.axiologics.xyz xn–avjmningsbalk-dfb.se www.media31.mindoman.se media16.asagasa.se www.wallsmasher.com kryptek.website check-it.website supplychallenge.training smashcasino.se www.bitcoinexpress.website circular.today tumm.tech qisey.site hemlig.org arcnewearth.org beyondbordershub.org platocreative.online xn–formulr-bxa.online infuzija-beograd.online hemportalen.online modernpsykiatri.online aexl.online promeneramedmig.online cson.one axl.mobi lommepenge.app kallbadhuset.com arc-themovement.com gastrikeforetagsformedling.com instantpropfirm.com stamspolsverige.com cloopistudios.com thriftlo.com studioblomqvist.com nostalgiengine.com toughercustom.com unibetresan.com sunagrofutureenergy.com www.media9.wordpress.mindoman.se schougmaklarfirma.se montevideoproject.com goteborgnytt.se dovebris.se lyra-app.se bygichana.be webbdesigngoteborg.se xn–bstadsposten-tcb.se mathallen.nu www.media2.wordpress2.mindoman.se magicmick.se weeno.se rosredovisning.se xn–efterskmedhund-0pb.se leadpartnerw.se lillisbygg.se spontinicatering.se miboconnection.se syn4p.se arkitekt-jurate.se norditraffic.se scaledarchitecture.se souk48.se openentry.ai viiafastigheter.se bakhult.se boopitdesign.se continuum365.tech deadlift.tech kryptek.store rasterdesign.org arc-themovement.org soloprenor2030.org idrottsupplevelser.online stonoga.online continuum365.online kryptek.online foodchainflow.net practorperformance.com truesecure.se corematrixinovations.com filterzaindividualnalozista.com skarpsanering.com filterizaindividualnalozista.com skarpvvs.com skarpbygg.com roamlyglobal.com skarpgroup.com skarpholding.com reshapemind.com cloopie.com viuzon.com skarpel.com crkleyewear.com toughercustoms.com karlektaxi.com filodeli.com rektornovum.com softcaresweden.com xn–gstrikefretagsfrmedling-v7b17bha.com healthyourselfup.se prylvalet.se aklejaspecialistklinik.nu residius.com strongmanmania.com whitecollarrebels.com floubralette.eu stevanovicmit.com andrekaconsulting.se skarpgruppen.com skarpmaleri.com continuum365.com skarpyta.com ecooffsetsolution.se skarpbyggservice.com idrottsupplevelser.com dirhamworldbank.com mebela.rs vetoteket.se soulcallerdccg.eu www.imagoprints.com www.panorama-photos.se panorama-photos.se cialda.rs latavola.se havind.se strandesjo.se vikingapnea.com www.agigov.org erektiondoktorn.se musikvidsiljan.se spf.staber.se lovestenmarck.com herfirstkit.com thegramercylab.com xrpblackrock.com the-authentic-man.com ekelundhsoftware.com isthisaimade.com swedenexplorer.com stilochprofil.com xn–hllbaromstllning-4nbi.com krisestyret.com aisalesus.com graphenius.com comicbookstorefinder.com norrlandsfonster.com human-ai-design.com jbodin.com psykologfokusstockholm.com metacognitivegolf.com k9stats.com usaisales.com swedenhuntingtrips.com voncato.com wiconbygg.com aiactoragency.com www.growordie.se vikhold.com renlyclean.com xn–mervrmland-t5a.com mermaidit.com bondas-garden.com vgbygg.com bonbonza.com cool-tass.com solclubacademy.com toutandthread.com thesilentrebellion.com sansanshowroom.com zenyarawear.com astruktur.com ridhusreglerna.com bunnyandbow.com odoosverige.com scaleamarketing.com nordickaffe.com cooltass.com uzivajuigri.com vpscamera.com gritvaluation.com vvskontroll.com salsespypeline.com lewaglobal.com pluggafysik.com futuregamesawards.com skogsvakten.com cwosh.com biogenaaestheticssweden.com elektro-ai.com lewapouches.com odooaffarssystem.com livecreativeagency.com vpscam.com agileofficesweden.com restaurangai.com aistiftelsen.com tystnatt.se vecka.app threadle.dev leximago.app flavourpal.app parqon.app vibeanalysis.dev novason.dev vibetrack.dev bolognese.app alpacaguru.app serviceskjema.app thegrow.app tradgardsstaderna.app golucy.app playfulmind.app timeglass.app studycheck.app moduel.app spael.app mycfo.app qalify.dev regentor.dev rgnt.app zocca.app broolsson.dev broolsson.app parqly.app learningbyfun.app navainsights.app navainsight.app stopthis.dev golfgadgets.app hillyisle.dev kpscalc.app mowfleet.app formelle.app racecrew.app projectorbit.dev trueunifiedvisibility.dev stickerzone.app sqorely.app projectorbit.app trueunifiedvisibility.app wsocial.app chefbrain.dev zestory.app chas-academy.dev maymun.dev staylinked.app retroagent.dev omai.dev trilobit.dev grannsam.app smartinsight.app pacepay.app swingping.app clearneed.app axet.app gastrona.app seatbunny.app goalplant.app roelliworld.app catrin.app myhrman.app wikenstam.com automatbutiken.com xrpcryptofinance.com web3globalfinance.com cntcntcnt.com innovasweden.com motorstudion.com ccauktion.com oslohundetreningssenter.com poolrobotar.com qrmehome.com ostiamo.com ecoshinefarsta.com usaweb3finance.com therlsjourney.com xn–simtagfrlivet-omb.com happeehealthhub.com glimrafarsta.com pahlenshop.com tinypaca.com eftero.com ugcscoring.com tunisiacruisetours.com psyhma.com weekmeet.com korkort247.com samoskuteri.com annasundell.com sakerhetsbutiken.com moovedby.com medicinskipedikir.com hundkocken.com qrmeback.com saluhallcity.com kryssling.com inlearnia.com oslo-hundetreningssenter.com bearlakemetals.com ugcmeet.com hovascountryclub.com moniersweden.com kateleonebooks.com hospiqo.com imtcloudworks.com bassengrenser.com dropshipswedishcandy.com creatingwowproducts.com safelabsai.com bassengrobot.com collagevivant.com livsmedicus.com mijove.com bahafilm.com martinwikner.com simtagforlivet.com paincurepharma.com fifacaps.com olssonpersson.com nailmouse.com biurconsulting.com ccauktioner.com konfliktkoll.com caisacare.com creativelyeffective.com fridatronnberg.com xn–snglektioner-tcb.com xn–caisavrd-f0a.com studiosananes.com arkiverat.com konfliktkollen.com carolinesorensen.com fondacijaslobodanjovanovic.com fremtidsfullmakt.com dreaddrop.com nermanredovisning.com plexiora.com dahliaforlife.com masterfarsi.com frsbrg.com nordiglabs.com citrinmagi.com elitsportscenter.com lundstedtinteriors.com aeviae.com pbutenas.com thehonestedition.com sangskola.com mindestories.com havskraft.com superkanslorna.com queenonomics.com olanger.com heilhauser.com lqheating.com lymphoria-lifedesign.com nordicchop.com shoeletter.com julmarknader.com mapletreedoula.com stockholmstrong.com storeplus963.com pizzakingen.com mytradingpsychologist.com elitsportpro.com krofnaalidomaca.com ilsson.com haellsten.com skapatavstridh.com rootmonger.com kiosbyte.com saabclassiccars.com svenskformvast.com enzobassotto.com liebigungerth.com adhracing.com redomega3.com calzoneandwine.com robbansbilomc.com rekyra.com skillsethandball.com swedenfineartservices.com xn–rentmjlipsen-1cb8u.com ai-native-development.com carpville.com lysekilen.com dalageo.com nextgolfgeneration.com ollisdeli.com blagronodling.com rattfram.com noyo-candles.com affarsoverlatelser.com revolutuae.com monolectrik.com arkobygg.com linnodesign.com xrpglobalbank.com dalageokonsult.com ripplewallstreet.com chilivanilli.com noyocandles.com bgodling.com xn–linn-8qa.com strategywolves.com empatiappen.com libertybankid.com zurisoil.com mediwerse.com omsatira.com parfectescape.com xn–linndesign-hcb.com ladidaagency.com record-labs.com dalageoteknik.com largedroneservices.com swefas.com orusttradgard.com minboagent.com umeagame.com arvalenai.com tungalastbilar.com esertifikacije.com berlin1945.com dinbostadsagent.com arvalen.com punktmolnsspecialisten.com grillhabitat.com stailme.com xn–ryk-sna.com minbostadsagent.com petmealdelivery.com semantiskdesign.com qliora.com embodiedjournaling.com tidpilot.com voibro.com wercsta.com tercoautomotive.com xn–retronrd-s4a.com abmetti.com webbwerkstan.com gardenbysofia.com alextotal.com amiciv.com llindeberg.com adhdburnouts.com familyfitnesstools.com tovesfisk.com esertifikacija.com tidsresa.com webbcoachen.com terco-automotive.com sse-academia.com deverze.com lhwstable.com amicivinorum.com biodiversityplaybook.com canceraltdelete.com tercoeducation.com tedabele.com bragdelleriksson.com brandvar.com terco-education.com blasterbolaget.com brannerud.com vdlinternational.com vattenprov.com dissonansvinkel.com fuzed.fi vdlnordic.com co-shout.com arktiskakvinnorab.com bearlakeresearch.com fritidsbolagen.com modulblocks.com cdn.firmakartan.se hyunabeauty.com xn–hemesterbyrn-3cb.com ya-ki-ra.com bruksvallarna.com hemesterbyran.com bearlakeassets.com testingcasino.com ringondev.com rolehopartners.com bearlakeinvest.com retronord.com vdlbuild.com birkai.com sanoequineacademy.com fridakieser.com julie-cruz.com creativistai.com

Malware Detected on Host

Count: 50 3e906bbfadee205c5ffeead63d6e52eb06cf2ecdcd913124fa93591a7fe24d85 666ac663fd2c95e75e3f00611ddfd80dd0dbc7d52440960f33dd02168d508abc 63728f21f4b80690d7a639e8db9c5e243d54a177a17f3300e74607dcf8564edd 40cda6fb1b164f9c923ac3e0067454c191988256344fc7221aff1a7966a32f5a a1bb66cbfb143cea95354d1f236c3597528bd6d4d6cb227784c464606598042c a5a2f608fbd40bf76178db66e7e789fbbabb3b35fc284be1c10615dbfa0853c5 f02caac47e9e55c5a74e718642de146ce9304aa37bd5d2c8ea748184b16b38c7 11f63eea8a796f6a0e3e5afd15bd80f0f9dd0077591b3b0c0a17b507752193bf 5e4684a7230a8d98a6cb4eecb2366751daa3d4a00ea059eccd9a2d725cc9094a 2b3540bfd34e5c90f581087d8577d557e9306bec984ca2fcf4d8b0b7a5e378bc

Open Ports Detected

80

CVEs Detected

CVE-2007-3205 CVE-2013-2220 CVE-2024-11233 CVE-2024-11234 CVE-2024-11236 CVE-2024-3566 CVE-2024-8929 CVE-2024-8932 CVE-2025-1217 CVE-2025-1219 CVE-2025-1220 CVE-2025-1734 CVE-2025-1735 CVE-2025-1736 CVE-2025-1861 CVE-2025-6491

Map

Whois Information

  • inetnum: 194.9.94.0 - 194.9.95.255
  • netname: SE-LOOPIA
  • org: ORG-LA133-RIPE
  • country: SE
  • admin-c: LPA31-RIPE
  • tech-c: LPA31-RIPE
  • status: ASSIGNED PI
  • mnt-by: RIPE-NCC-END-MNT
  • mnt-by: LOOPIA-MNT
  • mnt-routes: LOOPIA-MNT
  • created: 2003-09-04T15:01:36Z
  • last-modified: 2023-12-19T15:00:25Z
  • organisation: ORG-LA133-RIPE
  • org-name: Loopia AB
  • country: SE
  • org-type: LIR
  • address: Kopparbergsv 8
  • address: 72213
  • address: Vasteras
  • address: SWEDEN
  • phone: +4621128222
  • mnt-ref: RIPE-NCC-HM-MNT
  • mnt-ref: LOOPIA-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: LOOPIA-MNT
  • admin-c: JL11832-RIPE
  • tech-c: DH7467-RIPE
  • tech-c: JL11832-RIPE
  • abuse-c: LA5352-RIPE
  • created: 2007-12-20T11:11:12Z
  • last-modified: 2020-12-16T13:02:07Z
  • role: LOOPIA NOC
  • address: Loopia AB
  • address: Kopparbergsvagen 8
  • address: 72213 Vasteras
  • address: Sweden
  • nic-hdl: LPA31-RIPE
  • abuse-mailbox: abuse@loopia.se
  • admin-c: DH7467-RIPE
  • admin-c: JL11832-RIPE
  • tech-c: DH7467-RIPE
  • tech-c: JL11832-RIPE
  • mnt-by: LOOPIA-MNT
  • created: 2023-12-19T09:21:59Z
  • last-modified: 2023-12-19T09:21:59Z
  • route: 194.9.94.0/23
  • descr: SE-LOOPIA
  • origin: AS39570
  • mnt-by: LOOPIA-MNT
  • created: 2006-06-01T07:05:14Z
  • last-modified: 2015-12-29T10:57:51Z

Links to attack logs

****** ****** ******

Share on: