URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry


Host: 164.132.181.192
Firstseen:2026-02-12 07:01:05 UTC
Total malware sites :2
Online malware sites :0 (0%)
Offline Malware sites :2 (100%)

IP addresses


The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2026-02-12 07:01:07 164.132.181.192ip192.ip-164-132-181.euNot listedAS16276 OVH- FRyes

Malware URLs


The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2026-02-12 07:01:07http://164.132.181.192/web/ENCRYPTED.ps1Offlineascii opendir powershell ps1 rat RemcosRAT ext abuse_ch
2026-02-12 07:01:07http://164.132.181.192/john/ENCRYPTED.ps1Offlineascii njRAT ext opendir powershell ps1 rat RemcosRAT ext abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2026-02-12 13:36:36963d04bdf561512f0c8c66b2a8bff95237c43c0109d1e13ed223ad823cfee694ps1 njrat
2026-02-12 07:01:07118ecd314f2269d9cafe18e3514ba434062272c68a8b9d3fb6eb958f28514220ps1  
2026-02-12 07:01:07eef0ca977bb511ba8b6532f456837e9ced0ba3709a506800a169477b807d9024ps1 RemcosRAT