URLhaus Database

You are currently viewing the URLhaus database entry for http://103.214.8.25/xnxnxnxnxnxnxnxnmipsxnxn which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3633574
URL:	http://103.214.8.25/xnxnxnxnxnxnxnxnmipsxnxn
URL Status:	Offline
Host:	103.214.8.25
Date added:	2025-09-28 07:30:09 UTC
Last online:	2025-10-02 10:XX:XX UTC
Threat:	Malware download
Reporter:	abus3reports
Abuse complaint sent (?):	Yes (2025-09-28 07:31:10 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	4 days, 2 hours, 58 minutes (down since 2025-10-02 10:29:54 UTC)
Tags:	gafgyt

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-10-02	n/a	elf	41025cc7bfb7fb104be441ec06f8dadf69e44730d7e73eee54107e71382f1033	n/a
2025-10-02	n/a	elf	59be75b2d5ae1559deb6fcde4b329d232f744e5531fe158358d4ff319cd461dd	n/a
2025-10-01	n/a	elf	b97d43e8732273c5d0ddcd5ae341b9cbdc0660e7b0025b26923c5a6b65c87faa	7.81%
2025-10-01	n/a	elf	0631b4f297d8ca97ee9318513abf58c467577302ea12ca538a35cbba49995eba	7.81%		Gafgyt
2025-09-28	n/a	elf	ba73500246c3f3a89eae3476c2de81a8ddc7fefdd1c67c77244307af39d7b41e	n/a
2025-09-28	n/a	elf	686f4df46d56c43fd62fe5429f229c0beffd99ebd7a94b13fd2ae5eaad79ca36	n/a