URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host:	bzklw.cn
Domain registrar:	Beijing Guanghuan Xinwang Digital
Domain registration date:	2021-08-25 02:26:56 UTC
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Control D HaGeZi :	Not blocked
Firstseen:	2022-01-11 22:11:09 UTC
Total malware sites :	2
Online malware sites :	0 (0%)
Offline Malware sites :	2 (100%)
A record(s) observed :	6

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)	IP address	Hostname	SBL	ASN	Country	Active?
2025-04-28 05:02:07	104.21.23.177		Not listed	AS13335 CLOUDFLARENET	n/a	yes
2025-04-28 05:02:07	172.67.212.115		Not listed	AS13335 CLOUDFLARENET	n/a	yes
2022-11-12 16:22:54	107.163.166.10		Not listed	AS132839 POWERLINE-AS-AP	US	no
2022-08-30 19:22:12	170.106.49.122		Not listed	AS132203 TENCENT-NET-AP-CN	US	no
2022-01-11 22:11:10	103.146.231.131		Not listed	AS401696 COGNETCLOUD	HK	no
2022-09-17 21:56:44	170.106.49.50		Not listed	AS132203 TENCENT-NET-AP-CN	US	no

Malware URLs

• URLs
• Payloads

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)	URL	Status	Tags	Reporter
2022-01-11 22:11:11	http://bzklw.cn/wp-includes/72587_805917318/?i=1	Offline	doc emotet epoch4 heodo SilentBuilder	Cryptolaemus1
2022-01-11 22:11:10	http://bzklw.cn/wp-includes/72587_805917318/	Offline	emotet epoch4 redir-doc xls	waga_tw

The table below shows recent payloads delivery by this host.

Firstseen (UTC)	SHA256 hash	File type	Bazaar	Signature
2022-01-12 04:55:16	aa65a34067b0c50e89c1078d0c7ff08de43e5036241404574f846265de6ff6bd	xls		Heodo
2022-01-12 04:40:37	66f5a05e98200743eb34cad5877b89dd359fbc2c8f4ced8da536851e0ac44689	xls		SilentBuilder
2022-01-12 04:14:17	228b8793653662088991f7cfa3b368bce32931a7516a2f8c7188a437eb03a856	xls		SilentBuilder
2022-01-12 03:51:56	f8dc1e414a7b7d58af816463835643e767bccc97ed5ca0e1fff3473380943d9a	xls		Heodo
2022-01-12 03:06:38	2b965cc320840ba6e9166287dccaf8fe82fb7d9ad21ba243ddf2c3361ba90b49	xls		SilentBuilder
2022-01-12 02:46:25	d7638004f7dc1a884abf073a6c04d5d205ba31f4d66800216ddc303dd3f41249	xls		SilentBuilder
2022-01-12 02:20:49	c468d97804e7a9fa569cfab4952c6fda72685adc622cec8aee02bb9c8f1a79aa	xls		Heodo
2022-01-12 01:43:46	8642a84875b30eeae2bec0b16db37715f4a2ff15caf6e5185a4012107ec1e87b	xls		SilentBuilder
2022-01-12 01:22:45	926c822e2c4d78b252f788d3fa75a77bfed1380ad50cdacf21f3efddf15b0b26	xls		SilentBuilder
2022-01-12 00:54:53	1b7581c8be4bf9197005067c42e581bcc1c41b10d6d9768daa8c4642f6e3ef7b	xls		SilentBuilder
2022-01-12 00:27:20	9e0c891bd4b687d10b5c7d8082a2d4c7d24a0c9ea90b1d0aa09dafa6dee22047	xls		SilentBuilder
2022-01-12 00:02:24	1bd3d0d3bef771b182e3de5670d6f9515c73b76cf971203cccba88fb2dd3ddbb	xls		SilentBuilder
2022-01-11 23:55:52	4e4fed9bc0e99667d6959b4513a5c89a5f76f2437b19ae6b5b8c3ff15ba2b71c	xls		SilentBuilder
2022-01-11 23:20:23	bfe1c65501eb9a22ea914fe380d24127cdf99ce17fc20683f99a7b1e0ccc06f8	xls		SilentBuilder
2022-01-11 23:00:19	8848a32eda2f17266608517b33ea18c0d44d21b4d83801010309aac48c5aa5bb	xls		SilentBuilder
2022-01-11 22:48:28	e48f10cc12e08a32f523982c024f49dca076b06c6bd47b5cdf3d43aee5097091	xls		Heodo
2022-01-11 22:11:11	fd97c88dc124b90ad183b0d0ac8ab5d1dc57c1897a98e0e7b546638209740ee0	xls		SilentBuilder
2022-01-11 22:11:10	6537109c1d39173dbb83ef41eb8b14f44a7a0af26a70b9d3d950b47e84f03d16	html