URLhaus Database

You are currently viewing the URLhaus database entry for http://172.245.27.36/bazz/noni.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1791797
URL:	http://172.245.27.36/bazz/noni.exe
URL Status:	Offline
Host:	172.245.27.36
Date added:	2021-11-16 07:25:05 UTC
Last online:	2021-11-26 08:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2021-11-16 07:27:06 UTC to abuse{at}colocrossing[dot]com)
Takedown time:	10 days, 1 hours, 17 minutes (down since 2021-11-26 08:43:06 UTC)
Tags:	exe Loki opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2021-11-26	n/a	exe	ff265d82a5185b0c0d4bb6cfd6b13859553faf45bf72d479860ddbc885ba683f	n/a	Loki
2021-11-25	n/a	exe	a7a44db54cb13ee6e9767b9cc1a6525b5cecc5fa532a510c7cca2c8114d7de16	n/a	Loki
2021-11-25	n/a	exe	4a059628d9f56799d68937821b355477502fe0704d41a75c372b1c036061d59f	n/a	Loki
2021-11-25	n/a	exe	6f1c6ac7f9bd59d24fd94fea64cf264d52d75773b3647b5d0848fa52c7f1390e	n/a	Loki
2021-11-16	n/a	exe	d437b2c684e04f05bab5eb580d8959df739dc01c5bd47349e3f5a3644c226a99	19.67%	Loki