URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	178.16.54.109
Firstseen:	2025-10-27 13:30:06 UTC
Total malware sites :	13
Online malware sites :	4 (31%)
Offline Malware sites :	9 (69%)
Newest active malware site :	2025-10-27 14:15:08 UTC
Oldest active malware site :	2025-10-27 13:30:08 UTC (Age: 1 month, 13 days, 15 hours, 39 minutes)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-10-27 13:30:08	178.16.54.109		SBL683901	AS214943 RAILNET	NL	yes

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2025-11-04 15:53:13	http://178.16.54.109/molop	Offline	dropped-by-Phorpiex	Bitsight
2025-10-30 15:52:06	http://178.16.54.109/5	Offline	dropped-by-Phorpiex	Bitsight
2025-10-30 13:15:06	http://178.16.54.109/lksrv.exe	Offline	BlackMatter dropped-by-Phorpiex	Bitsight
2025-10-30 12:14:06	http://178.16.54.109/lk.exe	Offline	BlackMatter dropped-by-Phorpiex	Bitsight
2025-10-30 11:51:11	http://178.16.54.109/4	Offline	dropped-by-Phorpiex	Bitsight
2025-10-28 10:19:06	http://178.16.54.109/lopa	Offline	dropped-by-Phorpiex	Bitsight
2025-10-28 09:50:12	http://178.16.54.109/stata	Offline	dropped-by-Phorpiex	Bitsight
2025-10-27 14:15:08	http://178.16.54.109/xmr.exe	Online	CoinMiner	BlinkzSec
2025-10-27 14:15:07	http://178.16.54.109/v.exe	Online	phorpiex	BlinkzSec
2025-10-27 14:13:06	http://178.16.54.109/newtpp.exe	Online	dropped-by-Phorpiex phorpiex	Bitsight
2025-10-27 13:30:08	http://178.16.54.109/1	Offline	dropped-by-Phorpiex	Bitsight
2025-10-27 13:30:08	http://178.16.54.109/32.exe	Online	dropped-by-Phorpiex phorpiex	Bitsight
2025-10-27 13:30:08	http://178.16.54.109/2	Offline	dropped-by-Phorpiex	Bitsight

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Signature
2025-11-18 03:57:28	51455bce4f49061e859cb4cc830f9d4b3478f9c7082b7b9f55febc68234a06f7	exe	Phorpiex
2025-11-14 19:02:26	7436220538e6cded0c499167424975a2aacf93217dca40c683f0610b4f3eb3b7	exe	Phorpiex
2025-11-04 17:49:48	805db6f001167b526485cfb9bd6fac5dbe7737af6a46100cc69348c9145bee4a	exe	Phorpiex
2025-11-04 15:53:13	8bda5961313e7afe57d2cac350d219d7fb6a98d452ce8ab2f82077711235722a	unknown
2025-10-30 15:52:06	79ab186d094b20a3732d19af929b2f3ef68982a2cba37edf59ad789d2e05e510	unknown
2025-10-30 13:15:06	ebd465cbb6b7718f33aac20528ffa75ae4ac433d8ab7c5c7a734c472f1c16a87	exe	Ransomware.BlackMatter
2025-10-30 12:14:06	ebd465cbb6b7718f33aac20528ffa75ae4ac433d8ab7c5c7a734c472f1c16a87	exe	Ransomware.BlackMatter
2025-10-30 11:51:11	6c0036ef18d554b4de4726dc20ba0e33ee5401a331624128a9a3e3087651f74b	unknown
2025-10-28 10:19:06	9e5799020b1754b73db2343a66e0e5cb5bc0890d55210b7d2fe9fe1a5d893e44	unknown
2025-10-28 09:50:12	47ff972491c5666c1b2120d2e959988901987568cf2fc943d9a11081b4acfb5c	unknown
2025-10-27 14:15:08	9639f7ebc6a6d69d7bf5b8bc869e7783a1406088f192868624ad8919e9bfd1d4	exe	CoinMiner
2025-10-27 14:15:07	afe63f1bf0962d50b41c849e30e8cce7cfae3eea3c29a7c15f06f3c63c85522b	exe	Phorpiex
2025-10-27 14:13:05	926e7a5fc2df14280ddb9fad2a6a3a8101c4024cbce128f9feacb0f0c1e2070e	exe	Phorpiex
2025-10-27 13:30:07	3b96cd6048ff0fdab1340789139ea37da8cbff470dc56ea0a3d2663679a5afdf	unknown
2025-10-27 13:30:07	586a29bab56e5d7be8b7a783256b0458a4eca167c7d519fdbc8467ba2331e7e8	exe	Phorpiex
2025-10-27 13:30:07	1e152f1ab77603fa549d4917a688a28b69dae0fc4fb9f2472d2d10f9c75c8b24	unknown