URLhaus Database

You are currently viewing the URLhaus database entry for http://109.94.209.121/6.php which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1578149
URL:	http://109.94.209.121/6.php
URL Status:	Offline
Host:	109.94.209.121
Date added:	2021-08-30 16:16:04 UTC
Last online:	2021-08-31 07:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2021-08-30 16:17:02 UTC to tech{at}zbscloud[dot]com)
Takedown time:	15 hours, 6 minutes (down since 2021-08-31 07:23:35 UTC)
Tags:	CoinMiner exe Tofsee

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2021-08-31	vozbo7ce.exe	exe	28fcb32d317739112db767fdf19437cc0626f1189a4b062f02a01ae2be1ad90c	n/a	CoinMiner
2021-08-31	i88drlhhz00.exe	exe	74aacdb9c00654e01876d2c1204a4234fc5966fb6aacb0a812820b156f5667c3	n/a	Tofsee
2021-08-31	juptwhnymt8t.exe	exe	99f5cbc30c8385cac650c7fe9d72bcb112c86309056650d7fec71dfe4ad0bc87	n/a	CoinMiner
2021-08-31	85fbnywc.exe	exe	1f946763403c93b02e89d279eeb5431a5f5dd1105256ef5c67db2f80927b2f0f	n/a	CoinMiner
2021-08-31	6tnw3oovo.exe	exe	cd3fa870e6e87eddf69a7fe57956309d3eb51305a024e7b6a706157356258286	n/a	CoinMiner
2021-08-31	d6rcbdyi.exe	exe	2562f965e218faf59ea73899b11589be6d8460e4564164220309b575da7190f2	n/a	CoinMiner
2021-08-31	oxpdcd0ru6.exe	exe	158e126d52ce4c041d98d8e9b79721796ccc13022303ab81886ef25c71d5584a	n/a	Tofsee
2021-08-31	t12s35a9ydc5.exe	exe	b375cb25dfad6237a82a130bb1ea436aab1b8dd9c0555fde9b8d75873e7ea069	n/a	Tofsee
2021-08-30	1f0s0uoe1qiwzmp.exe	exe	491c892f7fda210ca5eb058e62ff68f48772da0dbacf11b2f452ffb36cac8573	n/a	Tofsee
2021-08-30	ti6lw3gtb.exe	exe	4b42e7852c7bc8d43541dee196714d06fb60a9b6c71ff85938de1bd564c9990c	n/a	Tofsee
2021-08-30	k6mqbd71.exe	exe	fbab70493e404f3b67f35362852edcbd674e9a190b508676e196df5a552532fa	n/a	Tofsee
2021-08-30	xlvkoimdjx.exe	exe	99b99e9723f410cb1d17daf60c6495ecd80e31315ed869cbfb51c561c616589c	33.82%	Tofsee
2021-08-30	t3wmyd2u.exe	exe	8ac1e97f778c574316ab35f7ad7adaf0b11c1bbd7cdaf3031347e5f74f0c262e	n/a	CoinMiner
2021-08-30	82ee6kyn.exe	exe	2c7053b741f09c2f7185077fe2214c7c6edfc88842c45d6b3203917922a93857	n/a	Tofsee
2021-08-30	i05arzarfrj7.exe	exe	425730580e4d21a8cf6fe95c764e42ed219095c8e0fa974c04e8accefee4c13b	n/a	CoinMiner
2021-08-30	e2npb1p4r.exe	exe	97e74c877ea7c36d7374a074f562bac15be6e041312f75d99d0603db9515a04f	n/a	Tofsee
2021-08-30	2e86ayedju.exe	exe	c7ad13084ed4a446710393807e8af9056aef30e23ec9891c6aa3c5c45a8cbcc2	n/a	CoinMiner
2021-08-30	n9vwr9wi68at.exe	exe	f9cd208d6510eb375673db4aa3f35d77f1cbcf3776f97cb1761d65425d7bf70e	n/a	CoinMiner
2021-08-30	sqplsjwojqlzlry.exe	exe	c2c27aff79dec59c7e2cd1dd1a357183df4f9f4dacb7a3425d4c944e413efbcc	32.35%	Tofsee
2021-08-30	1ywg8lwd.exe	exe	a0546540cdeda88593007df77bb650475fce1a88a844b0192cfd6cfaa96b8c83	30.65%	Tofsee