194.245.148.189 Threat Intelligence and Host Information

Oct 19, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 194.245.148.189 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1036 - Masquerading, T1041 - Exfiltration Over C2 Channel, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1114 - Email Collection, T1129 - Shared Modules, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1546 - Event Triggered Execution, T1583.005 - Botnet, T1588 - Obtain Capabilities, TA0037 - Command and Control

  • Tags: address, all search, apple ios, back, b body, body length, botnet, ck id, ck matrix, click, communicating, comspec, contact, contacted, cyber security, date, domain, domain name, download, expiry date, factory, falcon sandbox, february, file, files, final url, general, getprocaddress, hackers, hacktool, headers nel, highly targeted, historical ssl, http response, hybrid, indicator, installer, ioc, iocs, ioc search, january, june, malicious, malware, maxage5184000, mitre att, model, monitoring, name, name server, name verdict, new ioc, Nextray, otx octoseek, passive dns, paste, patch, path, pattern match, phishing, prefetch8, privacy, privacy create, pulse submit, quasar, query time, redacted for, referrer, relic, roundup, scan endpoints, serving ip, sha256, show technique, song culture, ssl certificate, status code, strings, team, teams api, threat, threat analyzer, threat roundup, tofsee, tsara brashears, tulach, united, unknown, url analysis, urls, urls https, whois lookup, whois record, whois whois, win64

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: coinbl_hosts, hphosts_emd, hphosts_fsa

  • Country: Germany
  • Network:
  • Noticed: 38 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 5 ae6b89fda0ebe92b7ef43b457a6f7b9d23a51792e7327440ea76de0864951c5c de762ff97fc413c3e93da79028846d4bd20bcec2de1c6b97bc682f028459e1dc 413a360c4aababf6d88a2f359fc25be939fafd675069bfe6c92332196d1190b0 4a74c4dd77559b726c5974f1cb7ed1f48ef3013e95003ab7e851650c0e6c6fc0 9706986a9043e440f2718c367abafbde33e690e3f1e1471875461582ab059e5b

Open Ports Detected

80

Map

Whois Information

  • inetnum: 194.245.148.0 - 194.245.148.255
  • netname: CSL-JOKER-1
  • descr: CSL Computer Service Langenbach GmbH
  • descr: Customer Inhousing
  • country: DE
  • admin-c: CSL6-RIPE
  • tech-c: CSL6-RIPE
  • status: ASSIGNED PA
  • mnt-by: CSL-MNT
  • created: 2018-04-17T12:48:26Z
  • last-modified: 2018-04-17T12:48:26Z
  • role: CSL Computer Service Langenbach GmbH
  • address: Hansaallee 191-193 D-40549 Duesseldorf Germany
  • admin-c: CSL251-RIPE
  • tech-c: CSL251-RIPE
  • tech-c: CSL2101
  • abuse-mailbox: abuse@nrw.net
  • nic-hdl: CSL6-RIPE
  • created: 2006-01-26T14:49:18Z
  • last-modified: 2013-04-15T11:31:00Z
  • mnt-by: CSL-MNT
  • route: 194.245.0.0/16
  • descr: DE-CSL-GMBH-PA
  • origin: AS5517
  • mnt-by: CSL-MNT
  • created: 1970-01-01T00:00:00Z
  • last-modified: 2004-08-13T13:41:22Z

Links to attack logs

****** ****** ******

Share on: