URLhaus Database

You are currently viewing the URLhaus database entry for http://scan.504.su/arm6 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3740238
URL: http://scan.504.su/arm6
URL Status:flame Online (spreading malware for 2 days, 14 hours, 51 minutes)
Host: scan.504.su
Date added:2025-12-22 15:23:21 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: BlinkzSec
Abuse complaint sent (?): Yes (2025-12-22 15:24:19 UTC to abuse{at}lanedo[dot]net)
Tags:botnetdomain elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-12-24n/aelf 1506b1638cc6f4318f6f7e8835bb11d614943d1bc6f975d384069033e06fb519n/a
2025-12-24n/aelf 715f3736dfb9bfdaf2a363b9230adfbbe634fe393585ee40b3fcba68be50fefdn/a
2025-12-24n/aelf 9c23c03b389ade8e8f690d0bbe9c80ec731c3bf20d130b7663fd01d3dfb35792n/a
2025-12-24n/aelf 54f25250d130842188b71279ad473945777e953db4b86c2261ee755812dca74cn/aMirai
2025-12-23n/aelf 979e1b2756de30af1cc6cdb75e9ee48c04da91ce3c4e2d7204d65b56dad66abcn/aMirai
2025-12-22n/aelf 3b8174b5d5021841f4dc04492d7b29ec1d0f4eb14d861b624aebb79c408a6697n/aMirai
2025-12-22n/aelf 3ac5641459916faceb9422dc228a7b2e40ba03efe47d452ad9742f417271a8c5n/aMirai
2025-12-22n/aelf 6fe3c0e7ed52423fff9a39eabddc26a277e7a766f62d18c3e347d0df99368b2dn/aMirai