URLhaus Database

You are currently viewing the URLhaus database entry for http://45.138.172.176/nwhosts.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1583740
URL:	http://45.138.172.176/nwhosts.exe
URL Status:	Offline
Host:	45.138.172.176
Date added:	2021-09-01 15:46:05 UTC
Last online:	2021-09-02 01:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2021-09-01 15:47:03 UTC to abuse{at}combahton[dot]net)
Takedown time:	9 hours, 21 minutes (down since 2021-09-02 01:08:59 UTC)
Tags:	32 DanaBot exe

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2021-09-01	n/a	exe	e420d5cc8ec9f49603780955d87944b40f7a1ea6987fc2f1b55370d503ce812e	n/a	DanaBot
2021-09-01	n/a	exe	090c80d752b27c429c50b8cee865e3c085a1c5075f3cdbfdee1113642e4c126a	36.92%	DanaBot
2021-09-01	n/a	exe	52194197656cf3f16f54c0e6c5f928df7ca769bd1b2bdd5cf2a53f785f92896a	n/a	DanaBot
2021-09-01	n/a	exe	439f625f70b0ec881334159736f78c74915887d9bf8b92f4c65eb1ccb22d1dfd	29.69%	DanaBot
2021-09-01	n/a	exe	4a05a54dfa70ecd26651badbc03975c7c896e0a2f17acb030acf8d12441276a5	32.84%	DanaBot