URLhaus Database

You are currently viewing the URLhaus database entry for http://wx.52tmm.cn/wp-admin/DOC/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	267070
URL:	http://wx.52tmm.cn/wp-admin/DOC/
URL Status:	Offline
Host:	wx.52tmm.cn
Date added:	2019-12-11 15:46:07 UTC
Last online:	2019-12-20 09:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2019-12-11 15:48:02 UTC to abuse{at}tencent[dot]com,abuse{at}qq[dot]com,jsquare{at}tencent[dot]com,dreamsruan{at}tencent[dot]com)
Takedown time:	8 days, 17 hours, 41 minutes (down since 2019-12-20 09:29:03 UTC)
Tags:	doc emotet epoch2 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2019-12-13	REP_582080760607.doc	doc	34532b64a1b5aa0e788556fd891c857f2e08f4d89b16c7fe8e02e0e2d60614c4	26.67%	Heodo
2019-12-13	QNT_XBY_120119_GGH_121319.doc	doc	ef2cd29d870664cdd07146e82fad5b1297a2f5e8261932448c4f13e7eb7d507c	30.00%	Heodo
2019-12-13	FILE_TPKVYIOAIRET.doc	doc	7e248c93cd7014fc9f4ce9cd49b64bf3bf1432fde8e279029da76d788ddba82b	28.33%	Heodo
2019-12-13	REP_71524765553342523881808.doc	doc	e7ad22c7576171ef89fb32497e65fea6588851b41ccdbc477ef2c11131b38e50	26.67%	Heodo
2019-12-13	REP_62664582.doc	doc	8ac66a3b1707d5f9a1b90b7125004d8a426a344aaf5ac9195a6730a53996a168	26.67%
2019-12-13	REP_46983246.doc	doc	e6c50efbc57df66b0be7c45a8c043db17ce0c404570c3b2fafbe6ffa46d9f0d0	28.33%	Heodo
2019-12-13	PO_ 12132019EX.doc	doc	09a4dcfa609d35f93f113a48c321504d914a671ec5a90b5385fbec029f686ed0	27.12%	Heodo
2019-12-13	MGR_120119_TGD_121319.doc	doc	0dc0bda81ebdc4de5edc1af4a8979d9a01a10ada4dbb4a393c3fedc618bc99db	26.67%	Heodo
2019-12-13	LL_77564497213491019339384.doc	doc	eda8376c2ad315c1bdf0d8397403e250bc41f34e271317be68331f466b199e0e	39.34%	Heodo
2019-12-13	M_KMR_120119_IDH_121319.doc	doc	a478c32391f545f2712eadb20865a6c9892fa3dcb734cf73bbae8b8788f391e1	34.48%	Heodo
2019-12-13	293ZVWN4GMAG6.doc	doc	0d48aeac60564abde5728cef2076b0339cf2381e2308166fa55e7c852b2fc03b	34.43%	Heodo
2019-12-13	NY2044433103VO.doc	doc	acc7ea43de61e6d7bd1a88fde0e40ca54f4dc2d0ababd3ec2d68cee4cc7c4100	35.00%
2019-12-13	DOC_53190898.doc	doc	6e74b023096452f02c46a1f9a8a47acc3e8c3c0a74fcfa94fbbdb2d29b549b4e	33.33%
2019-12-12	PO_ 12132019EX.doc	doc	e669dbdd714585009681a2d096d33b242836587dab56be165722553c1b119454	36.67%	Heodo
2019-12-12	REP_YV6538234888HT.doc	doc	56240f42be0c13129322a727c22a587f9c4cae0f262f76131b9cf54762be773a	35.59%	Heodo
2019-12-12	8609493250966955864.doc	doc	3d80ad311c11470127a15471f9fb6223164b2d23861c9790a36c11bac768ca3b	33.90%
2019-12-12	FILE_96944492633152041.doc	doc	6eded66867cf4888e227c6210365220b19fec10db42c19ad35299796e236656e	33.33%	Heodo
2019-12-12	WD4120595105LE.doc	doc	111abc6366542f4fc644cfc8b05b184dbb62bb1b6c707b1dac594c48c8e5f1ea	33.90%	Heodo
2019-12-12	PF_931RCYE48TO0H.doc	doc	b3d753f0db37848bfc0a72ccb9c53aa4405ffd9e0c455ee2036a8d38fa551aec	36.67%	Heodo
2019-12-12	B_FJ9TTGU0OH6JE.doc	doc	6c15e1f42e55df32b1f5f5ca6adb1c4bedfc94e9299ecfe5b002d3d2d26e6dc8	32.79%
2019-12-12	DOC_TU4318312549PY.doc	doc	5c8dba81db95bc51ed5031e5d36754b7511c85af2bf774d9b2399516815f2936	30.00%
2019-12-12	REP_94701121.doc	doc	0b965425faade68933db02bccca34ef37ce1911c7cbaa10b8a3dfb960b705a92	35.00%	Heodo
2019-12-12	REP_PO_ 12122019EX.doc	doc	281353f5be1adab4b3bd5be93b4397edae5d9fc5a5595fa72dbf0d7967606d61	31.67%
2019-12-12	DOC_CSN_120119_GUN_121219.doc	doc	82530e43beb901de5fd2bc9f3bb07261167734a25e36b77420cc31cb6e13cc1f	30.51%	Heodo
2019-12-12	PO_ 12122019EX.doc	doc	cd9fafbae1765254701fe1ed8e741e933871c9982e881a17fca79bd8c40d8dce	n/a
2019-12-12	JI9704383839UD.doc	doc	7880cc42f78ce37e1603207a15bb0471e309eb5fedc7fa51abbefd09e357efcb	28.81%	Heodo
2019-12-12	PO_ 12122019EX.doc	doc	15d655db81abf803aa22bb3129e3f12caac4a096d6ccd5965016154ee7676293	n/a
2019-12-12	C_41414696.doc	doc	4721a8055b657c23bd15975b8e48f48b896edb566b8ea44c7709df8967972522	41.94%	Heodo
2019-12-12	FILE_OKZ_120119_OHG_121219.doc	doc	a7feb13fcde7026f34f534d7cba0254dbaa73cd900db12319766d6eccbfd0ed0	44.26%	Heodo
2019-12-12	GU_FNX_120119_SZW_121219.doc	doc	e29205e0a46f1fb69ba6e6c0ed8dbb12b195e7185583aea4e3eb76c88d441907	44.26%	Heodo
2019-12-12	MS_61906964.doc	doc	e0fd2fdc26869f285127622c05a135f251e83e589e2567e1aea88c55c4bb2723	42.62%	Heodo
2019-12-11	G_578404406687679260.doc	doc	ba8a46dbbb037ccf3e0a61a8586f83dab16705872f382c5535d25789f4bfa0cd	42.62%	Heodo
2019-12-11	REP_66167733916147382650.doc	doc	2e223a084ed2f30f0660abc902d8f008019363b8a0fb9de3310ebef0a09ef9c4	40.32%
2019-12-11	2515825209403105758483.doc	doc	cedec09a05fcc90ba1bf5b84f0a2b0ea2f384029fb3d280a67442d359d3885ef	38.71%	Heodo
2019-12-11	REP_15070010.doc	doc	9ffcb9df40f3dca973c3d2a9bf9fd23c595805dec86de8780ac115e6c09acef3	39.34%	Heodo
2019-12-11	80708440.doc	doc	803f1f187b179418ffd852244736173da6ce83813cbc66e851ea359e04af585c	38.33%	Heodo
2019-12-11	DOC_0XY0FOFH35E8X.doc	doc	e9f847bdca56702d4461122db6a1707fe060e9032e33732b162a764cd6b9be39	37.10%