URLhaus Database

You are currently viewing the URLhaus database entry for http://103.214.8.25/xnxnxnxnxnxnxnxnarm7lxnxn which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3633572
URL:	http://103.214.8.25/xnxnxnxnxnxnxnxnarm7lxnxn
URL Status:	Offline
Host:	103.214.8.25
Date added:	2025-09-28 07:30:09 UTC
Last online:	2025-10-02 09:XX:XX UTC
Threat:	Malware download
Reporter:	abus3reports
Abuse complaint sent (?):	Yes (2025-09-28 07:31:10 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	4 days, 2 hours, 15 minutes (down since 2025-10-02 09:46:46 UTC)
Tags:	gafgyt Ngioweb

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-10-02	n/a	elf	9e55df2e0d8aed53c724ed6c2eab18bd2d91f60584a5128728d9aaf2f68ccf3b	n/a		Ngioweb
2025-10-02	n/a	elf	b8f60ffe687f536234e4b75607beff095d576194b738847b1d3116fd7eb31ba4	10.94%		Ngioweb
2025-10-01	n/a	elf	adb4c5bd99202ad6be4cd257990f4635aaa4b41ac6854590e81260557398765e	n/a		Ngioweb
2025-10-01	n/a	elf	f5790c1d96f924716ba361ded27d463d352d208fedbe274fc8864d37da684926	n/a		Ngioweb
2025-10-01	n/a	elf	6d68d9a75ea24b656aa4d8b92d5b053c578145d73d2e7e701afab1db51285459	n/a		Gafgyt
2025-09-28	n/a	elf	01cb12fa8e533ab1b201940727ae73f68c3a834a5621eea30abebc5a101a3fb3	n/a		Ngioweb
2025-09-28	n/a	elf	de97aa160547846d707a0ef2a40bf1b59a17f85acbef685b20b6b7ec2c29de8f	n/a		Gafgyt