URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry


Host: 72.56.52.158
Firstseen:2026-06-28 22:44:05 UTC
Total malware sites :4
Online malware sites :0 (0%)
Offline Malware sites :4 (100%)

IP addresses


The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2026-06-28 22:44:23 72.56.52.15872.56.52.158Not listedAS39900 GOODTEC- USyes

Malware URLs


The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2026-06-28 22:45:13http://72.56.52.158/bins/proxy.armv5lOfflinearm elf mirai ext ua-wget botnetkiller
2026-06-28 22:44:23http://72.56.52.158/bins/proxy.mipselOfflineelf gafgyt ext mips ua-wget botnetkiller
2026-06-28 22:44:23http://72.56.52.158/aOfflinemirai ext sh ua-wget botnetkiller
2026-06-28 22:44:23http://72.56.52.158/bins/proxy.mipsOfflineelf mips ua-wget botnetkiller

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2026-06-28 22:45:13744a5384a8bc1749ec3d656c2a123410b336894c771dcc37d8e744e352f6c647elfMirai
2026-06-28 22:44:228d1f18a7711c91c130e2f7060a093e9b21dfc39c9c01e082af43e9ed98099701elfGafgyt
2026-06-28 22:44:22d6e5377af49a0f94aa311d98ef0812df928e5749d175a7167df8f89888afefddshMirai
2026-06-28 22:44:22e4593f7938e76dfb40a3fe5358dfae231ef539a02ef3fda35bbccd6d2b7cdc22elf