URLhaus Database

You are currently viewing the URLhaus database entry for http://ggg.galaxias.cc/xnxnxnxnxnxnxnxnarm7lxnxn which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3633631
URL:	http://ggg.galaxias.cc/xnxnxnxnxnxnxnxnarm7lxnxn
URL Status:	Offline
Host:	ggg.galaxias.cc
Date added:	2025-09-28 08:25:10 UTC
Last online:	2025-10-02 16:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Blocked
OpenBLD :	Blocked
DNS4EU :	Not blocked
Reporter:	BlinkzSec
Abuse complaint sent (?):	Yes (2025-09-28 08:26:09 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	4 days, 7 hours, 56 minutes (down since 2025-10-02 16:22:14 UTC)
Tags:	botnetdomain elf gafgyt Ngioweb

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2025-10-02	n/a	elf	9e55df2e0d8aed53c724ed6c2eab18bd2d91f60584a5128728d9aaf2f68ccf3b	10.94%	Ngioweb
2025-10-02	n/a	elf	b8f60ffe687f536234e4b75607beff095d576194b738847b1d3116fd7eb31ba4	n/a	Ngioweb
2025-10-01	n/a	elf	adb4c5bd99202ad6be4cd257990f4635aaa4b41ac6854590e81260557398765e	12.50%	Ngioweb
2025-10-01	n/a	elf	f5790c1d96f924716ba361ded27d463d352d208fedbe274fc8864d37da684926	12.50%	Ngioweb
2025-10-01	n/a	elf	6d68d9a75ea24b656aa4d8b92d5b053c578145d73d2e7e701afab1db51285459	10.94%	Gafgyt
2025-09-28	n/a	elf	01cb12fa8e533ab1b201940727ae73f68c3a834a5621eea30abebc5a101a3fb3	10.94%	Ngioweb
2025-09-28	n/a	elf	de97aa160547846d707a0ef2a40bf1b59a17f85acbef685b20b6b7ec2c29de8f	11.48%	Gafgyt