URLhaus Database

You are currently viewing the URLhaus database entry for http://cnc.504.su/arm6 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3740242
URL: http://cnc.504.su/arm6
URL Status:flame Online (spreading malware for 2 days, 10 hours, 19 minutes)
Host: cnc.504.su
Date added:2025-12-22 15:23:21 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (botnet C&C)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: BlinkzSec
Abuse complaint sent (?): Yes (2025-12-22 15:24:19 UTC to abuse{at}lanedo[dot]net)
Tags:botnetdomain elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-12-24n/aelf 1506b1638cc6f4318f6f7e8835bb11d614943d1bc6f975d384069033e06fb519n/a
2025-12-24n/aelf 715f3736dfb9bfdaf2a363b9230adfbbe634fe393585ee40b3fcba68be50fefdn/a
2025-12-24n/aelf 703b588af5e2e3b5034f15c2b24549beec200a906a04d9d2a1da638187dd86d2n/aMirai
2025-12-24n/aelf 54f25250d130842188b71279ad473945777e953db4b86c2261ee755812dca74cn/aMirai
2025-12-23n/aelf 979e1b2756de30af1cc6cdb75e9ee48c04da91ce3c4e2d7204d65b56dad66abcn/aMirai
2025-12-23n/aelf 0a060b21c110950913e7ebf1d2d0992b75f208f978499dc9978260c5a768ff7cn/aMirai
2025-12-22n/aelf 0f40ed2651f3f8e58522a837f4227bb886533edea06b3527a70153f1c55daaefn/aMirai
2025-12-22n/aelf c74af2d163d0492645f5579d803259a444e62c5708ee8f63ccde7ffc37fd1d22n/aMirai
2025-12-22n/aelf 6fe3c0e7ed52423fff9a39eabddc26a277e7a766f62d18c3e347d0df99368b2dn/aMirai