URLhaus Database

You are currently viewing the URLhaus database entry for http://fz.tiansys.cn:85/TianSys(XP%E4%B8%93%E7%94%A8).exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3519036
URL: http://fz.tiansys.cn:85/TianSys(XP%E4%B8%93%E7%94%A8).exe
URL Status:flame Online (spreading malware for 1 year, 1 month, 12 days, 7 hours, 7 minutes)
Host: fz.tiansys.cn
Date added:2025-04-20 07:58:27 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Not blocked
Reporter: abus3reports
Abuse complaint sent (?): Yes (2025-04-20 07:59:40 UTC to zhaoyz3{at}chinaunicom[dot]cn)

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-08-09TianSys(XPרÓÃ).exeexe d30e0a41eb66ca03755ceda5b0fa78edfdba82f0f83615f91b202324f22e0877n/a 
2025-06-11TianSys(XPרÓÃ).exeexe 9ca9d27dde4afc816faadad0cb88ec2936c88f38b3bfd10d19f661679691d537n/a 
2025-06-11TianSys(XPרÓÃ).exeexe 25eb95f889f8ed41ba79389a339f9334c5aa4d8a14972d144af70afccdf11a84n/a 
2025-06-10TianSys(XPרÓÃ).exeexe 5003632b13907ed2a2d45bed0658489d27f5bdf0927c6d6efa529c610980cb55n/a 
2025-06-10TianSys(XPרÓÃ).exeexe a8a70f101bd76b285c6d085ce50c963a6c4074f90cdc20dd510b8af3dfd81c39n/a 
2025-05-09TianSys(XPרÓÃ).exeexe 4079e0299635f7f68beda30be6067b6a0849fb5f92b6f6fb32312a2cc6d0e7c0n/a 
2025-05-08TianSys(XPרÓÃ).exeexe dc9d231f15bc6c89a1a5554df00faf4800126332bdc49ffbe6417a4faf820799n/a 
2025-05-08TianSys(XPרÓÃ).exeexe 8d2f7ca14b426058660fadb1aff517f6057556a075055fcdff0b5760f92c33d9n/a 
2025-04-20TianSys(XPרÓÃ).exeexe c67c80d2989e3b3be24a83a128b0ee9a6e9f9e669a5a3ce4e2d0875575705569Virustotal results 52.78%