URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-03-09 15:34:06	94.159.99.169	108596.h2.nexus	Not listed	AS215730 H2NEXUS-AS	DE	yes

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-08-15 19:08:18	http://94.159.99.169/Documents/adobeupdate.msi	Online	lnk opendir	DaveLikesMalwre
2025-08-15 19:08:14	http://94.159.99.169/Documents/l8825.msi	Online	lnk opendir	DaveLikesMalwre
2025-07-11 06:20:09	http://94.159.99.169/Documents/scink.lnk	Online	lnk screenconnect xml-opendir	DaveLikesMalwre
2025-06-17 18:20:04	http://94.159.99.169/123.mp4	Offline	hta	DaveLikesMalwre
2025-06-17 18:18:06	http://94.159.99.169/Documents/testlnk1.lnk	Online	lnk xml-opendir	DaveLikesMalwre

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2025-09-12 15:41:14	57a2d87218dba222c75cb3ebb849b1cb8abe2084ce9afd2ea4ad20516da7761d	msi
2025-08-15 19:08:18	67e894471bd87e48e8a3d5b272134b21975bbf47448b8fa0d4d26ab7944c1f8b	msi
2025-08-15 19:08:14	67e894471bd87e48e8a3d5b272134b21975bbf47448b8fa0d4d26ab7944c1f8b	msi
2025-07-11 06:20:09	bdfe8ca7a41ccc60e49b5a7164d06263dd0db8e2053128f37281480f5d0a6e30	lnk		ScreenConnect
2025-06-17 18:18:06	55f6a5cf46fef4da9e6027846d7c34e20416c1fd83178d15b87c3ae59bf85325	lnk
2025-03-09 15:34:05	5735722568343d6d81cf2b4c4fb17cee3800119e7ff81b9315c046a2a30a6e9d	elf