URLhaus Database

You are currently viewing the URLhaus database entry for http://6yd.ru/arm4 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3718760
URL:	http://6yd.ru/arm4
URL Status:	Online (spreading malware for 26 days, 21 hours, 50 minutes)
Host:	6yd.ru
Date added:	2025-11-28 17:57:14 UTC
Threat:	Malware download
URLhaus blocklist:	Blocked
Spamhaus DBL :	Abused domain (malware)
SURBL :	Not blocked
Quad9 :	Blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Status unknown
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Blocked
Reporter:	BlinkzSec
Abuse complaint sent (?):	Yes (2025-12-20 01:25:20 UTC to noc{at}pfcloud[dot]io)
Tags:	elf mirai ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-12-20	n/a	elf	ababe5ba23cc19de538de05987d3b110a2ed61dbfb641b9f31cd42d4aeeac294	n/a
2025-12-20	n/a	elf	4e35888cf9a697a2a06ee306160c8a19d2b9ac1f9cf459e8b525fbc051097c41	n/a		Mirai
2025-12-20	n/a	elf	9a2715c54d3741d6d4dbbc1bb4455cc31fac4fb3189632ac2eddc2bef2c7e47e	n/a		Mirai
2025-12-04	n/a	elf	a3d5e3c3e422d72ef0e095e164f2706e250839eaf52e24dd7624f6e3e250f8da	51.02%		Mirai
2025-12-01	n/a	elf	cbb7583e642fe0d7778ed8548f3940a4028d769f1e83e24128d24b00aaea829a	n/a		Mirai
2025-11-28	n/a	elf	fe97cfdc07d40ad61d688edb30b6d7fdb500c0d6db85f7d1f9e639173922f4ab	39.06%		Mirai