URLhaus Database

You are currently viewing the URLhaus database entry for http://107.173.219.80/prf/regasm.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1185154
URL:	http://107.173.219.80/prf/regasm.exe
URL Status:	Offline
Host:	107.173.219.80
Date added:	2021-04-30 14:20:05 UTC
Last online:	2021-05-06 08:XX:XX UTC
Threat:	Malware download
Reporter:	info_sec_ca
Abuse complaint sent (?):	Yes (2021-04-30 14:21:02 UTC to abuse{at}colocrossing[dot]com)
Takedown time:	5 days, 17 hours, 46 minutes (down since 2021-05-06 08:07:46 UTC)
Tags:	Loki

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2021-05-06	n/a	exe	4c0ccfe62aeeec1a02cba19d60f23739c1e368669c47db06f62d5e18ead50373	n/a	Loki
2021-05-05	n/a	exe	1f15f5df64176de149af116d6fe5e21e29d9c3808b3a128eab8119af97655eb3	n/a	Loki
2021-05-03	n/a	exe	2833ffeca48c46759cb0d4c984e81a9b69614c368bf0052600786e55fd534d67	n/a	Loki
2021-05-03	n/a	exe	d40ba6722ae1f278d8c73552c4b18c50808264ead08a491002de7519e984e60d	n/a	Loki
2021-05-02	n/a	exe	f2d2638afb528c7476c9ee8e83ddb20e686b0b05f53f2f966fd9eb962427f8aa	4.41%
2021-04-30	n/a	exe	f6f0f52e46d65f4aa194f425fcd001dc59dfd63fc428561efb16ea72f93e4269	11.59%	Loki