URLhaus Database

You are currently viewing the URLhaus database entry for http://cnc.504.su/arc which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3740253
URL: http://cnc.504.su/arc
URL Status:flame Online (spreading malware for 2 days, 12 hours, 29 minutes)
Host: cnc.504.su
Date added:2025-12-22 15:23:22 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: BlinkzSec
Abuse complaint sent (?): Yes (2025-12-22 15:24:21 UTC to abuse{at}lanedo[dot]net)
Tags:botnetdomain elf mirai link ua-wget

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-12-25n/aelf ef3baed3073dd77e0a1c0f850443f62e2aa2c7b10b8f4c651c764d8b50ca6dben/aMirai
2025-12-24n/aelf 2df387ffd7281d856c41fddb9f5498a58226e207f5dafa7bc3013bf0dfddf866n/aMirai
2025-12-24n/aelf e3d0bbd0b740c0773b362a113c256724c40c8f0bf4f090992df2032b496adc4fn/aMirai
2025-12-23n/aelf 7704edaa1fbb2c2e9d4e346b77aa6ee667d7f2adabff0bc85714790fa6807529n/aMirai
2025-12-23n/aelf 58d02c1db0cfbecb319e04e5258710c07c33d635517ddb25e8c7c1f785633f84n/aMirai
2025-12-22n/aelf c6965272f9cb958776a254eca6b8911c0365c4e90b389a68aecac513c509b86bn/aMirai
2025-12-22n/aelf 0322b3a225a6273524242d0a1c06f6e5ef2500979520ef795ab0c4c4588a661bn/aMirai
2025-12-22n/aelf f96460e8b8591a40d21e0b35a73cec74de8bf7fcc68dbf3384c62aaad83114b8n/aMirai