URLhaus Database

You are currently viewing the URLhaus database entry for http://185.196.41.180/arm5 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3785054
URL: http://185.196.41.180/arm5
URL Status:flame Online (spreading malware for 22 days, 14 hours, 44 minutes)
Host: 185.196.41.180
Date added:2026-02-24 16:17:08 UTC
Threat:Malware download Malware download
Reporter: DaveLikesMalwre
Abuse complaint sent (?): Yes (2026-02-24 16:18:14 UTC to abuse{at}vdska[dot]online)
Tags:gafgyt link mirai link opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-03-18n/aelf 1a7a29b58ebff5b828407918fc197ed6c299bfd35bd6ae1b57c7ecc924ba59d8n/aMirai
2026-03-17n/aelf 317e07fa83a96a320b3c6bdd40a9a38e1b8e033f2997b6f9fc8a8c47dc2cd8ean/aGafgyt
2026-03-13n/aelf 0c0cf97259deef9093748ed30509b8b94e8b21839885d2a57156906cb2054035n/aMirai
2026-03-11n/aelf b79102af20e7f88e6fd4b654ca5ee1b4a48bdb75b32b6675468fa492a6fddc12n/aMirai
2026-03-10n/aelf 6488ff7929c4313e9d9e0f2e0877cdba39ee60c405851dcb71a78016708b8b7en/aMirai
2026-03-10n/aelf 6eeb520a139786c3d432bf139636fff24b9990ed6b93da3bbbe04a3f3e2d1e7cn/aMirai
2026-03-07n/aelf 05f12b8ecb8e4efbba6b329bec7d734634b496df802b44f9edef43ae63267482n/aMirai
2026-03-06n/aelf 699b40606a134fdef5dd5ff6a5ee1de6ac351d2bb36dd4e731fbe7e53d0ccb87n/aMirai
2026-03-03n/aelf d40ddd30871943adb3c447e4202774d8baa8f820ef2606314232049f9ef541e5n/aMirai
2026-02-25n/aelf 3139b0d6e77ad728a21219e1297a54f8eedc5771eeb1a5a6796e13f2b0960117n/aMirai
2026-02-24n/aelf 195ed5e7fd690a33c75a688ccbc4746b752f536d34a219320cdc1463f3b37b29n/aMirai