IPHighVerifiedSignal 86/100
209.99.185.96
Location
United StatesSan Francisco, California
ASN
AS402253
HostRoyale Technologies
First Seen
Jun 8, 2026
Last Seen
Jun 27, 2026
Found in 437 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
95%
Signal Score
86 / 100
IDS Rule
Yes
Threat Context
Malware Families44
Tags
Network Information
CountryUnited States
United StatesRegionSan Francisco, California
ASNAS402253
OrganizationHostRoyale Technologies
Feed Intelligence Summary
437 reports95% confidence
Activity Timeline
Jun 27Jun 8
Threat Activity Heatmap
· Peak: 2026-06-08LessMore
Mon
Wed
Fri
24h
1
Minimal
7d
134
Critical
30d
437
Critical
3mo
437
Critical
Threat ScoreHigh Risk
86
SIGNAL
Signal Score
95%
Confidence
437
Reports
First seenJun 8, 2026
Last seenJun 27, 2026
Verified IOC
GeolocationUS
CountryUnited States
LocationSan Francisco, California
ASNAS402253
OrgHostRoyale Technologies
Coords37.7794, -122.4176
VirusTotal
Not checked
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 18 days ago · Last seen today
Appeared in 437 threat reports from 10 sources
Associated with: REvil, Kimsuky, Cl0p, LockBit, Conti, DarkSide, Play
Used by malware: XWorm, Pegasus, Nanocore, NetWire, SocGholish, XMRig, Remcos, DarkComet, Rhysida, XorDDoS, NjRAT, WannaCry, Stuxnet, AsyncRAT, FormBook, AgentTesla, Lumma, Dridex, Mozi, Emotet, Ryuk, QakBot, REvil, Cobalt Strike, Sliver, PowerShell Empire, META Stealer, Gh0st RAT, Play, Stealc, Mirai, Bumblebee, Vidar, Ursnif, Conti, NotPetya, DarkSide, Gootloader, Cl0p, HermeticWiper, Metasploit, RedLine, LockBit, Havoc