URLhaus Database

You are currently viewing the URLhaus database entry for http://185.196.41.180/x86_64 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3785651
URL: http://185.196.41.180/x86_64
URL Status:flame Online (spreading malware for 21 days, 14 hours, 17 minutes)
Host: 185.196.41.180
Date added:2026-02-25 20:11:07 UTC
Threat:Malware download Malware download
Reporter: DaveLikesMalwre
Abuse complaint sent (?): Yes (2026-02-25 20:12:12 UTC to abuse{at}vdska[dot]online)
Tags:gafgyt link mirai link opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-03-18n/aelf 8f79486ecaea3f2df3dbfbdce3024fd24dd55bdf4c71e679610fb42725a34efan/aGafgyt
2026-03-17n/aelf ae5c1c12099f7d63977ff39be9bf6d4f2ce56887c19e60c98e5cca9084bf0c62n/aMirai
2026-03-13n/aelf 1523cad779e7f197e40b2b20e0b6a862b241028ea16cd3e74370071488069dc3n/aMirai
2026-03-11n/aelf bd6a93a6f1b3c9337dde212fbcce087dd94a8bbf492d232ac00b7abde9f675e7n/aMirai
2026-03-10n/aelf 108a9fd100e056b2bcec846f4f06b0df71c583e2449634b3eb6b5aab456e4548n/aMirai
2026-03-10n/aelf a241a92140d741c2244e083def41d7d12dfc47b6893dc21c1a3cd99a882035fan/aMirai
2026-03-07n/aelf 5fa09e32f55c66f298eb174ddb1b453e2b42338aae9c8b45f63f125e767bcfbcn/aGafgyt
2026-03-06n/aelf 4e9fb4f793e7fed2a3a601b821ce802ecad9680ccea906ac2c495c9af65cfc1an/aGafgyt
2026-03-03n/aelf 16997823d0b770af0cb30943c2ba783dbce5961643b696bccc01f82dc7f65b65n/aMirai
2026-02-25n/aelf 69de9335a5fe3c51c3879e5e677badb610b18a5d3b16509d988b1c4e66c66ed7n/aMirai