URLhaus Database

You are currently viewing the URLhaus database entry for https://gehua.com.cn/vrwmg/protected-array/verifiable-f8kpf06bnqkg-4g5q634m/u8IZWp-boGkKqoshl/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	415370
URL:	https://gehua.com.cn/vrwmg/protected-array/verifiable-f8kpf06bnqkg-4g5q634m/u8IZWp-boGkKqoshl/
URL Status:	Offline
Host:	gehua.com.cn
Date added:	2020-07-20 16:23:07 UTC
Last online:	2020-08-17 11:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-07-20 16:24:02 UTC to anti-spam{at}list[dot]alibaba-inc[dot]com,abuse{at}12321[dot]cn,abuse{at}alibaba-inc[dot]com)
Takedown time:	27 days, 18 hours, 48 minutes (down since 2020-08-17 11:12:13 UTC)
Tags:	doc emotet epoch1 heodo ZLoader

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-07-21	ARC-6724.doc	doc	3ef294ca4013371b69d6af647114806b71bb3dc07fd56f12c078703411d61b3d	25.81%
2020-07-21	Arc_20200722_AQG8781.docm	doc	f03863257ba6bfc7e029c245f3dd3f892fe5a6aed79b625b2c7314f3398b723e	26.23%
2020-07-21	FILE_20200722_166.rtf	doc	3e24c4373b1e2ba1e3d16925cd0d4a1752452402ae4aaa8ad8ce498bbff5335c	26.23%	Heodo
2020-07-21	LIST_2020_07_22_F21741.docm	doc	cbccd20b9bc23454ec01bec4a0094e77dcc43d577666259f8d97aa30a118ac35	26.23%
2020-07-21	File 2020_07_22.rtf	doc	97d6a51f311c9af7f316be2f4d5ed00901bc5eb08c6daffb87fcf98ba3bd851e	27.87%
2020-07-21	FILE 2020_07_22.doc	doc	205a04626bdf6f3da605d8f8ba60126d02451085528330524d899a38520be8c3	26.67%
2020-07-21	FILE_2020_07_22_66589.docm	doc	6852b34db0c7a6150c1095a704236a1938b4ed46cd9d7bdfd412555ebf61890a	26.67%	Heodo
2020-07-21	mes_3300.doc	doc	ca4ae10db92df8cf44bacee70e7560ae411a37d1559687ad47687282ca447526	25.81%
2020-07-21	doc_20200722_MKF479.docm	doc	99b15b640124bbe2d317af00e7c30fd65e9b97abdb6e07947205d5bdd73c5737	25.81%
2020-07-21	File_20200722_ZNY456.rtf	doc	5f0b99c314488fa69352a7d73b64203da43208db1b90b18aa4032a84a0c57374	26.23%
2020-07-21	Arc-YH10310.doc	doc	1a3131840aa881ca39803d20f5224e9339a2cc959ac92ab756f6ded8d81a1a90	26.23%
2020-07-21	inf-QSY047.doc	doc	fe0262abd2e28972585a28e0db4036c88dc6bc7858de8135e9cf58c599228037	26.23%
2020-07-21	INF_20200721_15988.docm	doc	9f943a83654e34af90ea126ca921eae3fb9394833e7356a9446aac1579995691	30.65%
2020-07-21	dat_20200721_PQ341476.rtf	doc	9e5640f95155193ba256e171fa3c82d7ee336931c3b88e12f1678197ba4d3081	31.15%
2020-07-21	DAT_14058.rtf	doc	50d5051a82f97571415ca2550517c6872eca80692c7d6db605082a0b9876d34d	31.67%
2020-07-21	FILE-20200721.rtf	doc	8d842d76f958c70be828a217a80c8398107c158a2320c0d36f3b75512b8deca9	29.51%
2020-07-21	mes_169.docm	doc	852dc1adf51a9d21e3750a2b47eade7430026476e56af1615175cf7234e4c7e3	30.65%	Heodo
2020-07-21	List_2020_07_21.docm	doc	b94adce77ef4687f4a2308618ad9109110ccca6b7a12618f12c334a61ffa712e	29.51%
2020-07-21	rep_061888.docm	doc	1b3a66fa218971358919a1dc0cbfcd9fdaac7ec3278bed6109f0df2550dfe3b7	31.67%	Heodo
2020-07-21	REP-20200721.docm	doc	fa34ecd729ebdf64de47192d76713cce9390f4f77b2b0640ea2ed67fa54f4d5f	32.20%
2020-07-21	dat F481879.docm	doc	3d808e9e116ecad94d0839d1a951f8aa24c96f6dfaaa774a889edbb38c857b56	31.67%
2020-07-21	rep_20200721_W56344.rtf	doc	262962b5fcfbc2fd14aa121ea6d5731ee54807c1d8f5cb14aedfa6437d1b764b	31.67%
2020-07-21	Arc_20200721_83789.docm	doc	2da4a10c384d2bf3468b73d621de109cab5a29179b9d6cf4102c7b46dd937261	31.15%	Heodo
2020-07-21	Arc-20200721-4257966.rtf	doc	4de321a8533808438637e1c145e5ddfef9f24da81cb5129fed75c13218abecbf	32.20%
2020-07-21	Doc-687452.doc	doc	519ac8bbe23cc0506580ac08c5bc589d9d5382e00ea81898846715cef7502d8d	29.03%
2020-07-21	list 2020_07_21 K978.rtf	doc	a9e912c0733016338d181ec06475e1f30f28fc2159ee482787e913fc65085cf5	30.00%	Heodo
2020-07-21	arc_2020_07_21_EMX72199.docm	doc	608a39d31a2ab34bf79ebd042bf10028b9bc7ed087dbb810306956dd1ba45567	28.81%
2020-07-21	arc 20200721 567.doc	doc	703809d3dea2ef37b518110d3f0bdbd25798dafcd9ebfd2c4094ecf9a2e91267	30.51%	Heodo
2020-07-21	file-2020_07_21-15602.docm	doc	e03def51cc78a91e3c97945ebbf083bea9efa86f55fde07a8c4bae905c1b8671	27.87%	Heodo
2020-07-21	Doc_2020_07_21_412.docm	doc	d1f13cff50c5950b6842f81fb632405df63e1d6a953d4d912b3f5ecfb1afa55d	26.67%	Heodo
2020-07-21	DAT 2020_07_21 966.doc	doc	15617b37ed587c9af7ec3de8d4aabd3de95ded6604f652abea14822da2c94ce0	28.33%
2020-07-21	Rep 20200721 217.doc	doc	3b2f5f46ff691d1339cd98d00d79cfc31b0a7c7820a17c45c7be9197a392f2f6	26.67%	Heodo
2020-07-21	Dat 20200721 FCJ72738.docm	doc	75cb0d33fbd33b08aede2930d9ac79f7086ef7db06803c493d9214d84a4391e3	24.59%
2020-07-21	arc_20200721.doc	doc	a82dd2141315d36a0f9ba74bb443a40e0495cd089323254c35d0c4686249de7a	24.59%	Heodo
2020-07-21	inf 2020_07_21 FGU652.rtf	doc	55a103c16b3c4d8958091e55cfb62091fd2d209e07ffba0a5c88252946b8ae39	25.42%
2020-07-21	List_2020_07_21_A80492.docm	doc	bde282cb96f5986ecffac2e217f661fa0f00c92f1e4b2a788aad9cbd53a2eb51	25.00%	Heodo
2020-07-21	INF-20200721-SYY3314.rtf	doc	ad614712ee0ad71a7408a527a3a2051489b0ff4f08038b7a676ad967ea160fb7	25.42%
2020-07-21	mes_2020_07_21_905086.doc	doc	23bf0066e26b5b6e2403af2810c57d5ee5c0e04cfb175df6c134826cdb68bce9	25.00%
2020-07-21	mes 967.docm	doc	38a052e49569227f531849f52c6e801e5abb2c68a7dd2c5a9fca8e92ec6b0211	24.19%
2020-07-21	arc 2020_07_21 77436.rtf	doc	deb29a892e444cde34fe7642bacbee1bf74d35fcff478966636eec77c5e28646	25.00%
2020-07-21	Arc 20200721 69233.rtf	doc	ecdaf78dab236699d9244160f6b4865a5cdc8481ff2e8d798df9a342d10f1654	25.00%
2020-07-21	REP-20200721-TB904033.doc	doc	44d93b12f57a0d476e774d58da761e56ddd20f6d299acc2390a9111082e448de	23.33%
2020-07-21	dat 2020_07_21.rtf	doc	477bc137f269ae86b7049d592f7588c5f063e569db20bd09ff2bea3a04aeba06	n/a
2020-07-21	REP 2020_07_21 JMK686168.doc	doc	77381e8fde74067c151274bc344395ef59df227e209ec80c0d7879aacbd5d654	n/a
2020-07-21	ARC-276902.rtf	doc	eec0262941bfb2dcb8d29f6ef1ccc699726ac66beb04d7d34e8da3281cf19c38	25.00%	Heodo
2020-07-21	Dat-EQD89827.doc	doc	2e716647297132c94bca63747c48379889273658b12366fbe0e689a2b9966470	24.59%	Heodo
2020-07-21	DAT 2020_07_21 IOQ05386.rtf	doc	14f298945ba541ac7f6cf64b12d67423fffd432bbf2e598d25cd50f0e8cfd86f	n/a	Heodo
2020-07-21	LIST-20200721-XS123.docm	doc	38ee970b2c3b2902e43212926ed41ad27fae79b76938baad0b96743897def42b	24.59%	Heodo
2020-07-21	rep 2020_07_21 W784491.doc	doc	a8d9eceee2cd3735b96abf3528e7ec3e8e2d8ceb8991c00c7ff479e9034655f5	34.43%	Heodo
2020-07-21	FILE 20200721 TAQ4597.rtf	doc	cd7e26bbcc41d0820e6e2e0e42e56bef410264d6bcf74033fd1fe26d52b389ea	33.87%	Heodo
2020-07-21	rep 219.rtf	doc	f78e874b4d5c5dedede72b85b571f2b04d8edba617b6634d95c2af181e6e4dd7	34.43%	Heodo
2020-07-21	List-UG584169.docm	doc	bac082845ee6dfbda9489e3c6f1c90611ad4ba2546da7e855578225a51197eba	34.43%	Heodo
2020-07-21	arc-2020_07_21-624548.doc	doc	276568f9c3bb230aabe183dbfd02ad1c36b7aa141d382d34a839a611a422c07f	33.87%	Heodo
2020-07-21	doc_6173526.docm	doc	754a0bebe018b079d9d9260256ea2106b4b5ad9a654c8b8a1989bf6e3f4568f7	34.43%
2020-07-21	REP_EAC663.docm	doc	5816bc271d88617e627d64210b8ac9df417f8072b362af861ade766137eb1564	34.43%	Heodo
2020-07-21	List_2020_07_21_DJ90966.docm	doc	ace014e43d78870f28d2a732d72b60fe0c602b71dcc8771989e5cfc0bb1e0bef	33.87%
2020-07-21	INF 9744.docm	doc	cace589fbea03e0098cd73ad40875dfbe1af727e4b82a5944b6e2111009af7a4	32.79%	Heodo
2020-07-21	file 20200721 X0407.doc	doc	86615d32b685ca8d74d59c1c848216fac1eb779d126a183795f316a6ff0014b6	33.33%	Heodo
2020-07-21	REP_0890612.doc	doc	32a11fccc02f1372c54ca027f00c35e33268d3819191a348b9096fd3853ab6fd	32.79%	Heodo
2020-07-21	Rep-20200721-ZU1072.doc	doc	41718a7885dc57496b953e118a0e425ba2af1e37a2a3a868cf05ac83e3db792f	32.79%	Heodo
2020-07-21	dat 20200721 E9158.docm	doc	276dfa20b9cffd3ac104aeafed599b2f70a9fd0e8d4faf1d86ffd46e8354a416	32.79%	Heodo
2020-07-21	dat-688463.rtf	doc	176237b901fd642cfb1c3a9fd8c50cdbf0d5ec30df6c98142d3a0e48839f9d51	n/a	Heodo
2020-07-21	mes_2020_07_21_0984804.docm	doc	6c7da386cdaa6398c065aafedeb01b31ec959ecf615e9601a81a2c86488c4c86	32.26%
2020-07-21	FILE 20200721 594.docm	doc	1236dd4116a2c4ba4427175d0a3e88c848f70dc6219f6b22f1997ae3ba80ba14	31.67%
2020-07-21	arc_NG256939.rtf	doc	4e34674eaa422795c92ef9cb66994e18a57553e217b4bb4de69c1369608e36e6	31.67%
2020-07-21	Dat-UUV28141.docm	doc	49b857e2068f710d1facd444264c6d8804ecc9e2ba9660953b24bbf213cc66ba	29.03%	Heodo
2020-07-21	rep-6704.rtf	doc	33e64096db5340fb26c5b5d6f9b1dd89674d3a77a96a25fafcb878d9929fc9da	31.15%	Heodo
2020-07-21	REP_RZ11548.doc	doc	99c6c8f02c2fef792bc8a5a6406b0baa294156cb38b8df191f98cfb5a90547f5	n/a
2020-07-20	File_2020_07_21_PJG225.docm	doc	cce8e5e706869261ede523822b673dd52e48d4351de8600f5ac209a7f0189629	29.03%	Heodo
2020-07-20	Arc-20200721.rtf	doc	0d657d365282571dcf58adbb3a758c81fa3df50bc081a60d01f14c5431b9492e	29.03%
2020-07-20	Doc-V676.doc	doc	f83e32a15080c0f31451809377046083d52daef3354edecea6db6ccf4158a43a	30.00%	Heodo
2020-07-20	Doc 2020_07_21 SQ8755.rtf	doc	107cf68ace70917126432b415c7a9b4a18e3f87c304c1ea780b1fe0950167c29	29.51%
2020-07-20	Rep 20200721 NWY81685.doc	doc	a6ca24bb5b1de30cd63ecceac1727ca4102ed289d65fa05c550c4485e6ca372b	29.03%
2020-07-20	FILE-F982039.rtf	doc	41d61ed5ec94c9f81d804487ad8f6132520d6ac7009a8c9a7b0c074ed0748e4e	29.03%	Heodo
2020-07-20	Arc 854428.docm	doc	1269bdbbc40be92cc1f13918a692b34fdfeec466bd7d872863ecc405ff38f77f	n/a	ZLoader
2020-07-20	REP-2020_07_21-5181.rtf	doc	9d397f040fb1768faae4189e4e3e0aa60604b2b86617d979e1f61d90a8798fbb	27.87%	Heodo
2020-07-20	ARC_20200721_2339314.doc	doc	c6050ddd07c6d8c4aee73c52d0e50d6056ebd5f3e82550d8c771fc4353d489fe	28.81%
2020-07-20	Arc G5953.rtf	doc	3b93eda94becc07130cb0b7b3bd4f351444c2a0810a9bd983913a4a5d833b3a5	27.87%	Heodo
2020-07-20	Dat.rtf	doc	00593b1d3ba64e5ca39e6c503ab0f33dcade0d3afb65c2a73f2d4696cf8a7bb0	27.42%	ZLoader
2020-07-20	ARC_2020_07_21_722.docm	doc	8d861becdf66c056d51b6b585d1d2c98ec75e77bc3af28d354edb72f3ebb65ad	27.87%	ZLoader
2020-07-20	FILE-2020_07_21.rtf	doc	10e15c8850925b8f03210b06fdc2e0e87bd7339bf6a185992346e2063cbe1e99	27.87%
2020-07-20	rep 20200721 7282.docm	doc	6f644a06ca787f32149885c5a6c522c5cb5f0b40cd112d8a306d239b316f4d55	27.87%	Heodo
2020-07-20	list 2020_07_21 XAD432689.rtf	doc	eb1f1cf5bb142fb70ac9421ceb472dad3f583fcc852ae768c1ae347506cbcc04	27.42%
2020-07-20	dat_20200720_368180.doc	doc	dc9d3da24212096b6029163166558cefcd8b37aae588dd461d9b5c02700700af	27.42%
2020-07-20	list 2020_07_20 ZDX4623.doc	doc	8f282a424b1167ed2e71b2355a7c4e6797a75d031969749e3ba21050292414e6	27.42%	Heodo
2020-07-20	Dat_2020_07_20_SXP75222.doc	doc	97e66ad16955f21f83dae53917dbdefba08fc07108392a96327eeef55698a04c	27.42%
2020-07-20	Arc 20200720 XC569.doc	doc	dc83903be08352444bfd3116d33bda30da619c60371f037e0bd56f82a2a768fb	n/a	Heodo
2020-07-20	Doc-2020_07_20-5452.rtf	doc	ed29b479d20901bb285c8146d9a69a73a34eadaa4f6c86aca69aeefe96f4fe0f	27.42%
2020-07-20	dat 20200720 02839.rtf	doc	3bcf67ec54f94ea28c8c35560ef2f6b2ef8090951c1ce2d0a94aebfd04a4786e	27.42%
2020-07-20	Dat.docm	doc	d2592f81840c6459ba7e0d05e58f48c703e29b3a97134a5bec16e60e85e72098	25.81%
2020-07-20	dat_2020_07_20_696.docm	doc	c8b4b7e686954bc7ebd4115f98ec29527b1b0d47d1a817adebc3c6b44c26d787	25.81%
2020-07-20	doc-880.doc	doc	0cd73a229418caf24e599b0db39e5ff3ae2903ffb83340c026c0ffa0f7e9f86b	25.81%	Heodo
2020-07-20	Rep 20200720.doc	doc	2ed0a17884d80b91110cc117b3963361ae603c91ce2cd60de6131972d6a047b1	n/a	Heodo
2020-07-20	Mes-2020_07_20-8463576.rtf	doc	4fe945b83567f1855dbc8ea4f8e0e0e2258117238ca2184dd10ba6cf797377a7	25.81%
2020-07-20	arc 2020_07_20 89254.docm	doc	31adf970450cb8a76809bff658f19a6e62c31894dee3957e3374752544f042d3	25.81%	ZLoader
2020-07-20	mes 20200720 8321.docm	doc	130a66f245904ca4051c2eeb37eaa7b9157fb02b881164bef6a47aed0adbf12e	25.81%	Heodo
2020-07-20	Mes-692019.doc	doc	65177717b6fd8b0a589c64a14c0f03064f055d5855247580c6926b0b2966e44a	25.42%