194.9.94.86 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 194.9.94.86 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🔴 High Risk — 90/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: Sweden
  • Noticed: 45 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 80
  • Tor Node: No
  • Associated Malware Samples: 50

Tags

  • accept
  • access type
  • active
  • added active
  • address
  • adversaries
  • allocates
  • allocates rwx
  • android
  • antivm network
  • assembly
  • assembly common
  • assembly name
  • attack
  • auto-generated security
  • bad traffic
  • blob
  • borland delphi
  • c cmd
  • checks
  • ck id
  • click
  • clr version
  • connection
  • contacted
  • contained
  • copy
  • copyright
  • corrupt
  • cosmotown
  • country
  • create
  • created
  • createfilew
  • createsuspended
  • cryptexportkey
  • crypto_obfuscator
  • cve
  • cv jogjacamp
  • cyber security
  • data
  • date
  • dead host
  • deletes self
  • delphi generic
  • desktop
  • detect-debug-environment
  • direct-cpu-clock-access
  • domains
  • empty hash
  • encrypt files
  • entries
  • entropy
  • entropy chi2
  • error
  • et info
  • evader
  • executable
  • execution
  • exe nolookup
  • false
  • file execution
  • filehashmd5
  • filehashsha1
  • file type
  • f json
  • flag
  • france france
  • general
  • generic
  • generic cil
  • genericread
  • genericwrite
  • germany germany
  • get http
  • global
  • gmt flag
  • guid
  • high process
  • historical ssl
  • hkeyclassesroot
  • hkeycurrentuser
  • hong kong
  • host
  • http header
  • hybrid
  • icons library
  • indicator name
  • info header
  • informative
  • inject
  • injection t1055
  • installs
  • intel
  • invalid pointer
  • ioc
  • ip detections
  • ipv4
  • juming network
  • keylogger
  • k wersvcgroup
  • language
  • learn
  • levelblue
  • link library
  • llc name
  • maas
  • malicious
  • malware
  • md5 code
  • medium
  • members
  • memcommit
  • mirai
  • mitre att
  • modules
  • money doc
  • monitor
  • mono
  • ms windows
  • namecheap inc
  • name md5
  • namesilo
  • name tactics
  • network icmp
  • neutral
  • Nextray
  • njrat
  • origin http
  • os2 executable
  • overlay
  • packer entropy
  • path
  • pe32
  • pe32 compiler
  • pe32 executable
  • pe features
  • persistence
  • pe unknown
  • phishing
  • png rticon
  • post http
  • process
  • process hollowing
  • proxy wpad
  • python
  • ransom
  • read c
  • reevil
  • registry
  • regopenkeyexa
  • regopenkeyexw
  • regsetvalueexw
  • related pulses
  • remote
  • request
  • resource name
  • role title
  • rticon neutral
  • runtime-modules
  • russsian data
  • rva entry
  • samplepath
  • sandbox evasion
  • sdermh
  • sdermh request
  • search
  • server
  • service
  • sha256
  • shell commands
  • show
  • showing
  • stealer
  • streams size
  • strings
  • success
  • suspicious
  • synapse
  • t1036
  • t1055
  • t1056
  • t1080
  • t1113
  • t1497
  • t1547
  • t1566
  • tags
  • target
  • tcp traffic
  • tools
  • tree
  • type
  • type indicator
  • type name
  • ukraine ukraine
  • united
  • united kingdom
  • url http
  • url https
  • viet nam
  • virtualallocex
  • webcc
  • webview
  • win16 ne
  • win32
  • win32 dll
  • win32 dynamic
  • win32 exe
  • win64
  • windir
  • windows
  • windows nt
  • write
  • xamzexpires300

MITRE ATT&CK TTPs

  • T1012 - Query Registry
  • T1021 - Remote Services
  • T1027 - Obfuscated Files or Information
  • T1035 - Service Execution
  • T1036 - Masquerading
  • T1045 - Software Packing
  • T1046 - Network Service Scanning
  • T1055 - Process Injection
  • T1056.001 - Keylogging
  • T1056 - Input Capture
  • T1060 - Registry Run Keys / Startup Folder
  • T1080 - Taint Shared Content
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1112 - Modify Registry
  • T1113 - Screen Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1179 - Hooking
  • T1181 - Extra Window Memory Injection
  • T1215 - Kernel Modules and Extensions
  • T1497 - Virtualization/Sandbox Evasion
  • T1547 - Boot or Logon Autostart Execution
  • T1566 - Phishing
  • T1587.001 - Malware
  • TA0002 - Execution
  • TA0003 - Persistence
  • TA0004 - Privilege Escalation
  • TA0005 - Defense Evasion
  • TA0008 - Lateral Movement
  • TA0009 - Collection
  • TA0010 - Exfiltration
  • TA0011 - Command and Control

Associated CVEs

  • CVE-2007-3205

Passive DNS

  • minicross.se

Attack Log References

Whois Information

inetnum: 194.9.94.0 - 194.9.95.255 netname: SE-LOOPIA org: ORG-LA133-RIPE country: SE admin-c: LPA31-RIPE tech-c: LPA31-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: LOOPIA-MNT mnt-routes: LOOPIA-MNT created: 2003-09-04T15:01:36Z last-modified: 2023-12-19T15:00:25Z organisation: ORG-LA133-RIPE org-name: Loopia AB country: SE org-type: LIR address: Kopparbergsv 8 address: 72213 address: Vasteras address: SWEDEN phone: +4621128222 mnt-ref: RIPE-NCC-HM-MNT mnt-ref: LOOPIA-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: LOOPIA-MNT admin-c: JL11832-RIPE tech-c: DH7467-RIPE tech-c: JL11832-RIPE abuse-c: LA5352-RIPE created: 2007-12-20T11:11:12Z last-modified: 2020-12-16T13:02:07Z role: LOOPIA NOC address: Loopia AB address: Kopparbergsvagen 8 address: 72213 Vasteras address: Sweden nic-hdl: LPA31-RIPE abuse-mailbox: abuse@loopia.se admin-c: DH7467-RIPE admin-c: JL11832-RIPE tech-c: DH7467-RIPE tech-c: JL11832-RIPE mnt-by: LOOPIA-MNT created: 2023-12-19T09:21:59Z last-modified: 2023-12-19T09:21:59Z route: 194.9.94.0/23 descr: SE-LOOPIA origin: AS39570 mnt-by: LOOPIA-MNT created: 2006-06-01T07:05:14Z last-modified: 2015-12-29T10:57:51Z