URLhaus Database

You are currently viewing the URLhaus database entry for http://158.94.210.88/arm6 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3721794
URL:	http://158.94.210.88/arm6
URL Status:	Online (spreading malware for 24 days, 8 hours, 15 minutes)
Host:	158.94.210.88
Date added:	2025-11-30 21:59:17 UTC
Threat:	Malware download
Reporter:	ClearlyNotB
Abuse complaint sent (?):	Yes (2025-11-30 22:00:25 UTC to abuse{at}lanedo[dot]net)
Tags:	elf mirai ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-12-25	n/a	elf	1506b1638cc6f4318f6f7e8835bb11d614943d1bc6f975d384069033e06fb519	n/a
2025-12-24	n/a	elf	715f3736dfb9bfdaf2a363b9230adfbbe634fe393585ee40b3fcba68be50fefd	n/a
2025-12-24	n/a	elf	54f25250d130842188b71279ad473945777e953db4b86c2261ee755812dca74c	n/a		Mirai
2025-12-23	n/a	elf	979e1b2756de30af1cc6cdb75e9ee48c04da91ce3c4e2d7204d65b56dad66abc	n/a		Mirai
2025-12-23	n/a	elf	0a060b21c110950913e7ebf1d2d0992b75f208f978499dc9978260c5a768ff7c	n/a		Mirai
2025-12-22	n/a	elf	c74af2d163d0492645f5579d803259a444e62c5708ee8f63ccde7ffc37fd1d22	n/a		Mirai
2025-12-22	n/a	elf	9c9565822c14cb1bf2ecf5bd5e21ea0fc97732c4f0d206a2e9f7846f770e5476	n/a		Mirai
2025-12-22	n/a	elf	6fe3c0e7ed52423fff9a39eabddc26a277e7a766f62d18c3e347d0df99368b2d	n/a		Mirai
2025-11-30	n/a	elf	19f25bc863a4691eae2074524c2f6624e9a735920f19d0adb745870addce4aa0	52.31%		Mirai