URLhaus Database

You are currently viewing the URLhaus database entry for https://gehua.com.cn/vrwmg/closed_section/verifiable_cloud/I79wBvJ56pT_Jtycbeyq3M/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	415368
URL:	https://gehua.com.cn/vrwmg/closed_section/verifiable_cloud/I79wBvJ56pT_Jtycbeyq3M/
URL Status:	Offline
Host:	gehua.com.cn
Date added:	2020-07-20 16:21:18 UTC
Last online:	2020-08-17 11:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-07-20 16:22:05 UTC to anti-spam{at}list[dot]alibaba-inc[dot]com,abuse{at}12321[dot]cn,abuse{at}alibaba-inc[dot]com)
Takedown time:	27 days, 18 hours, 50 minutes (down since 2020-08-17 11:12:12 UTC)
Tags:	doc emotet epoch1 heodo ZLoader

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-07-21	INF_E699.docm	doc	3ef294ca4013371b69d6af647114806b71bb3dc07fd56f12c078703411d61b3d	25.81%
2020-07-21	INF_20200722_V666.doc	doc	f03863257ba6bfc7e029c245f3dd3f892fe5a6aed79b625b2c7314f3398b723e	26.23%
2020-07-21	Inf-QOD732.doc	doc	3e24c4373b1e2ba1e3d16925cd0d4a1752452402ae4aaa8ad8ce498bbff5335c	26.23%	Heodo
2020-07-21	inf_2020_07_22_4355.docm	doc	cbccd20b9bc23454ec01bec4a0094e77dcc43d577666259f8d97aa30a118ac35	26.23%
2020-07-21	Mes W432310.doc	doc	97d6a51f311c9af7f316be2f4d5ed00901bc5eb08c6daffb87fcf98ba3bd851e	27.87%
2020-07-21	inf-2020_07_22.rtf	doc	a8eaeae150c0c2f63c21f90adf8634bbd7653092f06a273410a5c26df3f0e25f	26.67%	Heodo
2020-07-21	file_2020_07_22_3938082.rtf	doc	205a04626bdf6f3da605d8f8ba60126d02451085528330524d899a38520be8c3	26.67%
2020-07-21	File_WLA882018.doc	doc	6852b34db0c7a6150c1095a704236a1938b4ed46cd9d7bdfd412555ebf61890a	26.67%	Heodo
2020-07-21	list-W853277.docm	doc	ca4ae10db92df8cf44bacee70e7560ae411a37d1559687ad47687282ca447526	25.81%
2020-07-21	rep.docm	doc	99b15b640124bbe2d317af00e7c30fd65e9b97abdb6e07947205d5bdd73c5737	25.81%
2020-07-21	Mes-20200722-TN45655.docm	doc	5f0b99c314488fa69352a7d73b64203da43208db1b90b18aa4032a84a0c57374	26.23%
2020-07-21	dat-20200722-RJY3233.docm	doc	bcc1834e956cf9ee218e2956ae6511170e810ad54d6738ed11f98620609a3e30	26.67%
2020-07-21	FILE 2020_07_21 GA78291.rtf	doc	98d8b98bd54ffaf58b4138432af87d23d2ae108878d2778b22625ff04317237d	26.67%
2020-07-21	DAT_20200721_0729.docm	doc	238dcc628d07c6b0935926310ffab263be40646c23d2b4e4d7b89a7a6eb52dad	33.90%	Heodo
2020-07-21	MES-2020_07_21-324.rtf	doc	9e5640f95155193ba256e171fa3c82d7ee336931c3b88e12f1678197ba4d3081	31.15%
2020-07-21	arc 2020_07_21 VQG75655.doc	doc	954e8a3b2f224ae59b0cbc54c3f0585184cc2e26aed9315eefae4f05fe73a708	33.33%	Heodo
2020-07-21	MES 2020_07_21 631476.rtf	doc	50d5051a82f97571415ca2550517c6872eca80692c7d6db605082a0b9876d34d	31.67%
2020-07-21	MES-2020_07_21-32286.rtf	doc	852dc1adf51a9d21e3750a2b47eade7430026476e56af1615175cf7234e4c7e3	30.65%	Heodo
2020-07-21	list_QS97672.rtf	doc	7922f5b485edbeab235751b1f775ac411b5511202a73ad2df02e19943c686fff	30.00%	Heodo
2020-07-21	List-20200721-MZP71079.docm	doc	3e9d864db108ff21b3dbc6aee0596264668e95aa02677c5e98cb40bc9bf40998	n/a
2020-07-21	Doc-FR3645.doc	doc	cdc6366eb8899da37880fe16a52558bac01623624314e89adb8fcf039512905d	31.15%
2020-07-21	file_20200721_8664.doc	doc	3d808e9e116ecad94d0839d1a951f8aa24c96f6dfaaa774a889edbb38c857b56	31.67%
2020-07-21	list 2020_07_21 V123437.doc	doc	262962b5fcfbc2fd14aa121ea6d5731ee54807c1d8f5cb14aedfa6437d1b764b	31.67%
2020-07-21	inf-20200721-P833840.doc	doc	b245eea1d0569a4ba8e24c96f41af5fa75efa79b0308c9fc56adb52d053ea467	31.67%
2020-07-21	Inf_L154.doc	doc	84208f7aeaf31442b3b84394ec70e6c7d6d03b854990a567dffe1702c392bf9b	30.00%
2020-07-21	Dat.docm	doc	95d8b345f72bf52ee554c32232d32359be4cb131298f45e717641f6dd3e2bcad	30.00%
2020-07-21	dat-20200721-T101630.doc	doc	76b3bec66b692ad45b4c647003c0e5e5b5a3d416c87a613b7094960050adad61	29.51%
2020-07-21	rep-MI096.doc	doc	37aed6f66e26d67c404f293d6eede26254f40b2470ec3bf486f9e7fdffec0ba1	n/a
2020-07-21	LIST_20200721_J450.doc	doc	72f445f552fbc2a62d7f1cbf1e3a0e1a8afc5903d1c2c20ef5e1766b604b6b5b	28.33%
2020-07-21	Arc_2020_07_21_TVX13856.docm	doc	08bcb3e53dd4bd95dd244c9acdf5ae982284b50b6c04d65e5d3960023f12f8d0	28.33%
2020-07-21	arc 20200721 65968.rtf	doc	6166ebbd7b66dd9173a4731d1d34051e54c6826ee275be43d34ecfad4a0d5e7a	n/a
2020-07-21	REP-2020_07_21-0003532.doc	doc	8e5c404214aebb7a65039287dbc762e68cdd4018a635783be1f7c241ae3203ef	25.00%
2020-07-21	Doc-20200721-X894479.doc	doc	a82dd2141315d36a0f9ba74bb443a40e0495cd089323254c35d0c4686249de7a	24.59%	Heodo
2020-07-21	DAT_2020_07_21_YKW071383.doc	doc	64eee4aab6935f2d3d11646b1c38bdd7519aef0367f417afc89d07c5b15b8eaa	25.00%	Heodo
2020-07-21	INF-9279523.rtf	doc	bde282cb96f5986ecffac2e217f661fa0f00c92f1e4b2a788aad9cbd53a2eb51	25.00%	Heodo
2020-07-21	Doc_20200721_4653683.doc	doc	ad614712ee0ad71a7408a527a3a2051489b0ff4f08038b7a676ad967ea160fb7	25.42%
2020-07-21	LIST 3298529.doc	doc	d5587b12a4f2e10f29d7fdccce2664458c54b7a2c6b4d546966be1f5b3145883	25.00%
2020-07-21	DAT_HU552.rtf	doc	0f8288ecc5022d06cdad8fae0c835f114f39303b84778aa885154623802bf532	24.59%	Heodo
2020-07-21	Rep_20200721.docm	doc	deb29a892e444cde34fe7642bacbee1bf74d35fcff478966636eec77c5e28646	25.00%
2020-07-21	DAT 20200721 Q581.docm	doc	ecdaf78dab236699d9244160f6b4865a5cdc8481ff2e8d798df9a342d10f1654	25.00%
2020-07-21	Mes-2020_07_21.doc	doc	7701cb5a8f75904004c1438e6e79eaac41be47f7d454a35f7ab373b2ef1aa392	24.19%
2020-07-21	MES 2020_07_21 EP968.rtf	doc	f84df4afb6ec0e756c79748271dd66528e1f262427405a4171c48b7ef395b22a	25.00%	Heodo
2020-07-21	Doc_20200721_9587141.rtf	doc	77381e8fde74067c151274bc344395ef59df227e209ec80c0d7879aacbd5d654	n/a
2020-07-21	inf 88063.rtf	doc	eec0262941bfb2dcb8d29f6ef1ccc699726ac66beb04d7d34e8da3281cf19c38	25.00%	Heodo
2020-07-21	doc 2020_07_21 P054662.docm	doc	2e716647297132c94bca63747c48379889273658b12366fbe0e689a2b9966470	24.59%	Heodo
2020-07-21	DAT.doc	doc	c915922a81a8064f3c80285e3615bd5aaeb6452a92f4588fe03bdc81caa840a9	24.59%	Heodo
2020-07-21	Doc_2020_07_21_IF24658.docm	doc	38ee970b2c3b2902e43212926ed41ad27fae79b76938baad0b96743897def42b	24.59%	Heodo
2020-07-21	file 20200721 37001.docm	doc	a8d9eceee2cd3735b96abf3528e7ec3e8e2d8ceb8991c00c7ff479e9034655f5	34.43%	Heodo
2020-07-21	file_20200721.docm	doc	aa4a6dae1e4ea4aaa6e4539fa9a3fbb129544c7d56807321757f41321b723abb	33.87%	Heodo
2020-07-21	File 2020_07_21 CSO442.doc	doc	f78e874b4d5c5dedede72b85b571f2b04d8edba617b6634d95c2af181e6e4dd7	34.43%	Heodo
2020-07-21	rep_20200721_4854.docm	doc	793132996a7b6875055c2bdbde2173f37e68ce5f04ab651acad13f84ab89cb82	34.43%
2020-07-21	inf-822040.doc	doc	bac082845ee6dfbda9489e3c6f1c90611ad4ba2546da7e855578225a51197eba	34.43%	Heodo
2020-07-21	Rep-LPC637.doc	doc	754a0bebe018b079d9d9260256ea2106b4b5ad9a654c8b8a1989bf6e3f4568f7	34.43%
2020-07-21	list_2020_07_21_815.docm	doc	5816bc271d88617e627d64210b8ac9df417f8072b362af861ade766137eb1564	34.43%	Heodo
2020-07-21	Rep_20200721_123220.rtf	doc	ace014e43d78870f28d2a732d72b60fe0c602b71dcc8771989e5cfc0bb1e0bef	33.87%
2020-07-21	doc BXB502.doc	doc	3bc869822322f3e700ec706660323daeca6ea90553d0bff45ce1fdc1ad6dfcfb	32.26%	Heodo
2020-07-21	dat-854.rtf	doc	122b0d68ee819b2ceb91c0b2cdcc0327860dadbb29f884a776968a58c9480ec4	32.79%
2020-07-21	file 20200721 K273.doc	doc	32a11fccc02f1372c54ca027f00c35e33268d3819191a348b9096fd3853ab6fd	32.79%	Heodo
2020-07-21	Mes_195161.doc	doc	41718a7885dc57496b953e118a0e425ba2af1e37a2a3a868cf05ac83e3db792f	32.79%	Heodo
2020-07-21	Inf.docm	doc	17b13b1948a1c62c351e36b44e34a7396ba4ee8be1db4dcf19479b86dfa66447	n/a	Heodo
2020-07-21	inf 309848.docm	doc	cd605825d74d60677fec41c84dc39462658ebbd5edd8e29cfe9610a29291b3e9	32.79%	Heodo
2020-07-21	List 2020_07_21 YP1017.doc	doc	6c7da386cdaa6398c065aafedeb01b31ec959ecf615e9601a81a2c86488c4c86	32.26%
2020-07-21	LIST-2020_07_21-773.docm	doc	1236dd4116a2c4ba4427175d0a3e88c848f70dc6219f6b22f1997ae3ba80ba14	31.67%
2020-07-21	dat-20200721-ZP5675.doc	doc	4e34674eaa422795c92ef9cb66994e18a57553e217b4bb4de69c1369608e36e6	31.67%
2020-07-21	REP.doc	doc	49b857e2068f710d1facd444264c6d8804ecc9e2ba9660953b24bbf213cc66ba	29.03%	Heodo
2020-07-21	DAT_20200721_D50811.doc	doc	33e64096db5340fb26c5b5d6f9b1dd89674d3a77a96a25fafcb878d9929fc9da	31.15%	Heodo
2020-07-21	Dat_6461983.rtf	doc	99c6c8f02c2fef792bc8a5a6406b0baa294156cb38b8df191f98cfb5a90547f5	30.51%
2020-07-21	Arc_20200721_880.rtf	doc	cce8e5e706869261ede523822b673dd52e48d4351de8600f5ac209a7f0189629	29.03%	Heodo
2020-07-20	Inf_20200721.rtf	doc	0d657d365282571dcf58adbb3a758c81fa3df50bc081a60d01f14c5431b9492e	29.03%
2020-07-20	INF 20200721 A573921.docm	doc	518def77204a86e55289809beda7c491b0f9ab290b10d7b4bae1c670a0f69c8d	29.51%	Heodo
2020-07-20	inf-20200721-0605680.rtf	doc	68f85e639cf07fc84c8204cec1bd82fd8985d854aa17d02c89b58b255b98ed48	29.51%
2020-07-20	Rep_2020_07_21_DP958892.docm	doc	107cf68ace70917126432b415c7a9b4a18e3f87c304c1ea780b1fe0950167c29	29.51%
2020-07-20	INF_2020_07_21_JI605425.docm	doc	a6ca24bb5b1de30cd63ecceac1727ca4102ed289d65fa05c550c4485e6ca372b	29.03%
2020-07-20	INF 7889.rtf	doc	41d61ed5ec94c9f81d804487ad8f6132520d6ac7009a8c9a7b0c074ed0748e4e	29.03%	Heodo
2020-07-20	File-20200721-020.doc	doc	1269bdbbc40be92cc1f13918a692b34fdfeec466bd7d872863ecc405ff38f77f	27.42%	ZLoader
2020-07-20	INF-2020_07_21-524818.docm	doc	4d5d4a16ec11a850141a0a77026153d2a409bb4602e624623ee007e79dfd9639	27.42%
2020-07-20	arc_20200721_435691.doc	doc	c5dc7db865c477ba217342107932a67cab54659a8a870fa16a9d2f21ec3aade2	27.87%
2020-07-20	File_20200721_512.doc	doc	ec87e9999c894cdef59c964d06c6de6c7a7134d373b4e754180d90dd5fb23f64	27.87%
2020-07-20	file J8734.docm	doc	d28f9dea8c5837be7474d3735799da462ae74c0a0f3e7279a3eb8a50ba6183ee	27.42%
2020-07-20	List_2020_07_21_P560398.docm	doc	d6da6435e94d2fbb2a3847c934bf0b6d41c613337ac951b10fd5851eb98a9bf3	27.87%
2020-07-20	Mes 20200721 2791.rtf	doc	6f644a06ca787f32149885c5a6c522c5cb5f0b40cd112d8a306d239b316f4d55	27.87%	Heodo
2020-07-20	rep_20200721_4923916.doc	doc	3aedca3992d77371154f015834399c14aab576050a53efa01fb5714e01beb841	27.42%	Heodo
2020-07-20	INF-20200720.doc	doc	dc9d3da24212096b6029163166558cefcd8b37aae588dd461d9b5c02700700af	27.42%
2020-07-20	list_2020_07_20_VF920504.rtf	doc	8f282a424b1167ed2e71b2355a7c4e6797a75d031969749e3ba21050292414e6	27.42%	Heodo
2020-07-20	Rep-2020_07_20-NP963029.rtf	doc	97e66ad16955f21f83dae53917dbdefba08fc07108392a96327eeef55698a04c	27.42%
2020-07-20	Rep_2020_07_20_8169527.doc	doc	dc83903be08352444bfd3116d33bda30da619c60371f037e0bd56f82a2a768fb	n/a	Heodo
2020-07-20	file_20200720_LN880.rtf	doc	ed29b479d20901bb285c8146d9a69a73a34eadaa4f6c86aca69aeefe96f4fe0f	27.42%
2020-07-20	file-10243.docm	doc	cbe8fa6812edba1a4e2b1fe7c30f6cbf05f21e5935e95ecbdda6d3f5d3b6de9e	27.42%
2020-07-20	Doc_556775.docm	doc	fa441d24dc18f47c3205b5c37950b44346f110e1aaf7822e5a1d7894e2eebb49	25.00%
2020-07-20	Inf 2020_07_20 EH888901.doc	doc	d560fc37f131e03b741770ee4f23d889ba5d3bdedf3ec68efbcc8bd470e0d8ed	25.81%
2020-07-20	List_1763.rtf	doc	0cd73a229418caf24e599b0db39e5ff3ae2903ffb83340c026c0ffa0f7e9f86b	25.81%	Heodo
2020-07-20	File-2020_07_20-EG57525.rtf	doc	2ed0a17884d80b91110cc117b3963361ae603c91ce2cd60de6131972d6a047b1	n/a	Heodo
2020-07-20	list_20200720.rtf	doc	7d97ea28695f5fab3a52ce65884f5e99f76a476766dbd457ac819aeefe018660	25.00%
2020-07-20	LIST 20200720 31805.doc	doc	31adf970450cb8a76809bff658f19a6e62c31894dee3957e3374752544f042d3	25.81%	ZLoader
2020-07-20	Arc 20200720 J641513.docm	doc	130a66f245904ca4051c2eeb37eaa7b9157fb02b881164bef6a47aed0adbf12e	25.81%	Heodo
2020-07-20	List 2020_07_20 TU01102.doc	doc	c1c8df6d78506a08b7e90ec9675c7b914e7671064a55bea051de19c0b4f660e8	n/a	Heodo