URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: 45.131.40.72
Firstseen:2025-08-13 08:20:04 UTC
Total malware sites :26
Online malware sites :0 (0%)
Offline Malware sites :26 (100%)

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-08-13 08:20:09 45.131.40.72kidsofflineplay.comNot listedAS49505 SELECTEL- RUyes

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2025-08-13 08:28:15http://45.131.40.72:8080/r_loc.exeOfflineexe open-dir trojan Joker
2025-08-13 08:28:14http://45.131.40.72:8080/run5.exeOfflineexe open-dir trojan Joker
2025-08-13 08:28:10http://45.131.40.72:8080/run6.exeOfflineexe open-dir trojan Joker
2025-08-13 08:28:10http://45.131.40.72:8080/r.exeOfflineexe open-dir trojan Joker
2025-08-13 08:28:09http://45.131.40.72:8080/run4.exeOfflineexe open-dir trojan Joker
2025-08-13 08:28:08http://45.131.40.72:8080/WSuspicious.exeOfflineexe open-dir trojan Joker
2025-08-13 08:28:07http://45.131.40.72:8080/rkr.exeOfflinekrbrelay open-dir Joker
2025-08-13 08:28:07http://45.131.40.72:8080/SharpWSUS.exeOfflineexe open-dir trojan Joker
2025-08-13 08:28:07http://45.131.40.72:8080/ch2.exeOfflinekrbrelay open-dir Joker
2025-08-13 08:26:05http://45.131.40.72:8080/r_cnf.exeOfflineexe Rubeus Joker
2025-08-13 08:25:29http://45.131.40.72:8080/sweetpot2.binOfflinedonutloader open-dir Joker
2025-08-13 08:25:24http://45.131.40.72:8080/sweetpot.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:35http://45.131.40.72:8080/l1.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:35http://45.131.40.72:8080/snaf.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:15http://45.131.40.72:8080/chi.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:15http://45.131.40.72:8080/sw2.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:13http://45.131.40.72:8080/ch2.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:13http://45.131.40.72:8080/ch3.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:10http://45.131.40.72:8080/ku.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:09http://45.131.40.72:8080/sw3.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:09http://45.131.40.72:8080/r.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:09http://45.131.40.72:8080/sw1j.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:09http://45.131.40.72:8080/sw1.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:09http://45.131.40.72:8080/r_dump.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:09http://45.131.40.72:8080/r_deleg.binOfflinedonutloader open-dir Joker
2025-08-13 08:20:09http://45.131.40.72:8080/rkr.binOfflinedonutloader open-dir Joker

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2025-08-13 08:28:152112c64c29f78b91dc2570230fb8bdfabaae24f0271da65391a6d52a9047b877exe 
2025-08-13 08:28:14264378d9af27e5db617fc0636af9d59daae5445abb4c9e6faa15a6a774b24915exe 
2025-08-13 08:28:10f70fb0b66e13929f2d2832d010913a294daab08cdddce39f1413b460c4520dcaexe 
2025-08-13 08:28:102a3772d48ec43bf5e411894808e4cbce1955fafe6c8a26f3a03c5df96f9ca3a8exe 
2025-08-13 08:28:09644e659593e94077717643e9d790d86137850ebcdc7ec2652bf2a3b6b23229bbexe 
2025-08-13 08:28:0770134da287cbda239af35c4e6c8e49593904e2e5f99d8ca3c395b7244ff09384exe 
2025-08-13 08:28:07e7a70169edf6c21f20a70fe7dceb717961425f901715c1f0042608a00c011b1aexe 
2025-08-13 08:28:07b0a669f605668d5d903f48ce0e59d1183ee36fbff55536f67c8a1b515ba59913exe 
2025-08-13 08:28:07684d2d2280b85fa582988eb302c30790e42a71d6f04756587dd201b5bb1f4686exe 
2025-08-13 08:26:056feba2bc4cbceb767f2d765dabc7ef4d0145d755a630fd0eaddd4f2550158cc6exeRubeus
2025-08-13 08:25:290c11028bafb0957e1ec0dd3a2a792c15265e222b760594e0e1e020c1f85f5a05unknown 
2025-08-13 08:25:24fcbe1bd7430eae3a398ca3c56582b1e89ab2e10e23f2ad6c596620170bcd4450unknown 
2025-08-13 08:20:152db89018b616672afb85852ad93b8703f0f4d4ef651c7296bf78f5db50e78c7cunknown 
2025-08-13 08:20:144bebd5a061fd8b0e048216429193d6e47dde3af55d75b3985a77cea5752d7bd0unknown 
2025-08-13 08:20:130f3b118b4136c0e6b2f3e070dc4498bd2b91a27b44d55567f6941a52e110148eunknown 
2025-08-13 08:20:1340696f5d5385b8e8a4f6e2d632b3e3d0187f7522aedba0ced5fcca409e75e94aunknown 
2025-08-13 08:20:107225e9c0e33f78bdde2643ef8617f8ebf7b3052ec230821247de0c6a78bf8ca3unknown 
2025-08-13 08:20:0925b6fed75ed74e4c1836eb594be23b527f4e01b1c38842e848363211ea660489unknown 
2025-08-13 08:20:09f0392434b47517a7262f2bfe6fdc47ffb93a0c9f67f660c290b4ef16b078b8c6unknown 
2025-08-13 08:20:09f0392434b47517a7262f2bfe6fdc47ffb93a0c9f67f660c290b4ef16b078b8c6unknown 
2025-08-13 08:20:089d23f1be190694706600829486af7e75e9fdd7f08dee9579eb53201f25d5a9b3unknown 
2025-08-13 08:20:08201b5556af6eefee121e3d1d5c01a0ac4a8d34e89af45e86a23d0b572514d29aunknown 
2025-08-13 08:20:086299da6d2d9158830e26944ae5e83dd2b8aeeb0f322c6f04cf9e4b0e1cfc5bb1unknown 
2025-08-13 08:20:08da0b2698fab980b993b7e457f2e303787dcd07975f056ca1a75daf1e09881a0bunknown