URLhaus Database

You are currently viewing the URLhaus database entry for http://cnc.504.su/arm which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3740230
URL: http://cnc.504.su/arm
URL Status:flame Online (spreading malware for 2 days, 5 hours, 8 minutes)
Host: cnc.504.su
Date added:2025-12-22 15:23:21 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: BlinkzSec
Abuse complaint sent (?): Yes (2025-12-22 15:24:19 UTC to abuse{at}lanedo[dot]net)
Tags:botnetdomain elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-12-24n/aelf ee673621c3dbacbd95cb472cac37748f699608332c56a63b08500e2d0caeb566n/a
2025-12-24n/aelf 5c51a8fb6df327e434e3052e1b36d827bba30932bec09d685cfcc793b3305024n/a 
2025-12-24n/aelf adc99106b38c739ee4212b945cbad2866b385995a679583cf97dea4ebc495eaan/aMirai
2025-12-24n/aelf 436d60a0eecd879b94cf2bba3683eb8e565e54f58571f00fd80c7d873ef6854fn/aMirai
2025-12-23n/aelf 2dbc0a367b2c2cdc2b44df20086479e71cdcf4ba72114dfd8aec1e3ba9c781c5n/aMirai
2025-12-23n/aelf 10f7594ec5f6930d49e15835c40c1cac0dddca1749f3c0c69d15d7117b5e301an/aMirai
2025-12-22n/aelf dbbb80e5514d68d226d806400849a8bce1f334942512eb20baf09f4d2584fb49n/aMirai
2025-12-22n/aelf 6e7b7cef1f7a1b7f264047cc4ae0e1d42a96222316119f679c00013fb47df23an/aMirai
2025-12-22n/aelf 88107351b5c7015bd6d46d4f01d4d2dac0733d5eb157801bdbe672a848f10221n/aMirai