URLhaus Database

You are currently viewing the URLhaus database entry for https://www.ezzw.cn/wp-content/closed_resource/d68m_30miXnys4uZQQv_16237402_jPpYU2E/trqH5O7WF6l9_Ia7dirNwn5s/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	415559
URL:	https://www.ezzw.cn/wp-content/closed_resource/d68m_30miXnys4uZQQv_16237402_jPpYU2E/trqH5O7WF6l9_Ia7dirNwn5s/
URL Status:	Offline
Host:	www.ezzw.cn
Date added:	2020-07-20 22:00:10 UTC
Last online:	2020-08-19 12:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Spammer domain
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-07-20 22:02:05 UTC to ipas{at}cnnic[dot]cn)
Takedown time:	29 days, 14 hours, 41 minutes (down since 2020-08-19 12:43:53 UTC)
Tags:	doc emotet epoch1 heodo ZLoader

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-07-22	file 2020_07_22 3145061.docm	doc	94b0d8cf870a83e8891b6facd046d334af5015e2c33cb0ee50cb5c1baa3a1b1c	37.70%	Heodo
2020-07-22	doc_69721.rtf	doc	2bf6770c0abd36c1d4bf26b47dbe953c8f1f7968fac457a4a370a1b198945d4b	35.00%
2020-07-22	Inf_T329.docm	doc	623c4ed3bff71e9b92646983452b40e40499ac21f3a3aa0647bbf37d3581b909	32.79%
2020-07-22	MES_QEX888792.rtf	doc	6091722d5f804148356c1c9468781805d916ecd6af536f3d0c63a3b23e5f631c	29.51%
2020-07-22	MES-2020_07_22-53665.docm	doc	b2d3ec71529c7504b096d67a1cfe6db68744dd87f7afb4426b6dcf3ccaa2fb26	27.87%
2020-07-22	LIST 20200722 S3378.docm	doc	6babaa931bc26a787edf3d1d3118c0a45416f2e9deb01bc741decf522a2bda49	26.67%
2020-07-22	list-20200722.rtf	doc	6099117a236322ceff2135294c3848b0e1709d21c349b19d58c49b8400093862	27.12%	Heodo
2020-07-22	list_2082170.docm	doc	0dc279a7e4681797b0fb36ac6d2514d0e0ebb09b3bb38459ddd370876a768813	26.23%
2020-07-22	Mes 136174.doc	doc	d3d731e1c5ed00a3123112f5f1b4d029a74b742ddf0b5a2639209b85f2930b18	26.67%	Heodo
2020-07-22	rep_20200722_GL13075.doc	doc	d831521ed1fd89695ea1f405aea9680401dc470716ead9076e1c428afc608093	26.23%	Heodo
2020-07-22	File-948944.rtf	doc	656f9f7c087bc9a3d272d1aea2c369dcfa89d33e5fe59b61e4a57d7b181904d2	25.00%	Heodo
2020-07-22	INF-20200722-836232.docm	doc	4db416be55570ba71279738d715adc20cb5c44d1d0725b6ddd828b5daa6cf345	25.00%
2020-07-22	file-20200722-789.doc	doc	cf527cd37a84ec65c4b6d8a8b816c739b62805416400d1527c8ffd7d3931a298	25.00%	Heodo
2020-07-22	dat 114.doc	doc	ff885175138132335dd7f3a840c5cf89cec412345bb6bb8311853367827526d0	24.59%	Heodo
2020-07-22	doc 2020_07_22 8273348.doc	doc	737f7e0557c9203033464070e06e23e7675c8325abd0083d1ebbdaca3f7eac2e	37.29%
2020-07-22	REP-JYV5279.doc	doc	8cf9d9d42298a4668f016012416111f8bfcd129c4b0ce9050c28a283734568ad	32.79%	Heodo
2020-07-22	Rep 2020_07_22.docm	doc	eed180c709224d892fa8a82e0c51bf623d7057a65ca483d45e3d005984dc6588	32.79%	Heodo
2020-07-22	inf-5349361.doc	doc	ba9cfe27ae63d8503560cac8f305d6d2bbddaba373f98e92223fbfa94cb0cf89	30.00%	Heodo
2020-07-22	MES_2020_07_22_HSY442.doc	doc	84ee9ec33d16ade130e8842b327ab3d4b8480fada3bb6fb25ad854dea738e9be	31.15%
2020-07-22	FILE_VUQ762751.rtf	doc	365f2b2480d704ba0fa82cf5c25d92895a3518ed02ec36ff5f150cfe091b3574	29.31%	Heodo
2020-07-22	mes 2020_07_22 0299352.doc	doc	b58dbe82f7a65596a2277d1c5ef1e42945e45cd0ad84c35872e1ed404607b9b6	29.03%	Heodo
2020-07-22	mes 2020_07_22.rtf	doc	5a4cd1c4d6c751cfd8495cae1b6503f4c1e1d98bd6c82cb7a56ebeb25d1b55ab	27.42%	Heodo
2020-07-22	doc_20200722_A7195.docm	doc	04b189501cde3a8e14a2de3bb20b7313da30db8f0a7af0862cc14e400caebe06	26.67%
2020-07-22	List P37283.doc	doc	80cb12a6bbe9b2c3065f9007e9740b9f7d75dcf2bc68651848cb08f4ce619b39	26.23%	Heodo
2020-07-22	REP 20200722 CI430981.docm	doc	ebdc8f40febf78564180a0f4a84f3ec60622fdb13e5a18b627ecd8f86f4e1b85	26.23%	Heodo
2020-07-22	FILE 20200722 M692.rtf	doc	5ba62e60945b4eadc0eaa81b0f2b31ce3b6d8c785130a6000ce906dafef73afc	n/a
2020-07-22	DAT-2020_07_22.rtf	doc	8d70f6580cf02bcae5c4c14396951b6e6c1ea10bcbcbb89f835c29dc7d2c8ceb	25.81%	Heodo
2020-07-22	MES_875.doc	doc	3e65642f10d2b821a0c08b74d0ddfd34717dca5f9918551779815db934ae7963	26.67%
2020-07-22	Rep_2020_07_22_YOS394839.rtf	doc	d7b8fec9f533a9c31e7fe587b89552973d00bff30e4c7d8f7d4f2d93bc0eda1f	26.67%
2020-07-22	arc-C361398.doc	doc	ea444cde5a8ef5b6165a348732af41e4c634669259036caae42e242c5a7c9b1c	25.81%	Heodo
2020-07-22	arc-20200722-811753.docm	doc	7fb831a6988b9e816af85e485721d4e44b500b6a9d30af5b82cf9ec4d28eb584	25.81%	Heodo
2020-07-22	Dat_20200722_ABC11503.doc	doc	d3bfea33a12c522ea8faa7840613e14c78035362c064c858c1467513a68ac9a7	25.81%
2020-07-22	Doc 7648616.docm	doc	812ed74f92912f98accd025c7c64b9c943032b3379fe1c9654a9deeac6d8b981	27.12%
2020-07-21	list-2020_07_22-602532.doc	doc	c20821e80c5ce943d4b87b9416329f0502a4da3c97044c8fd7016172353e1626	26.67%
2020-07-21	DAT 2020_07_22.rtf	doc	f03863257ba6bfc7e029c245f3dd3f892fe5a6aed79b625b2c7314f3398b723e	26.23%
2020-07-21	rep 2020_07_22 YN774.docm	doc	3e24c4373b1e2ba1e3d16925cd0d4a1752452402ae4aaa8ad8ce498bbff5335c	26.23%	Heodo
2020-07-21	REP-2020_07_22-NCL3681.rtf	doc	cbccd20b9bc23454ec01bec4a0094e77dcc43d577666259f8d97aa30a118ac35	26.23%
2020-07-21	File_2020_07_22.doc	doc	97d6a51f311c9af7f316be2f4d5ed00901bc5eb08c6daffb87fcf98ba3bd851e	27.87%
2020-07-21	Inf 20200722 672150.rtf	doc	139f5bcf4c7fcbe0a8a5d940c5d38dd847e2c979df74dcf680208e73b8ac668d	26.23%
2020-07-21	arc-469475.docm	doc	205a04626bdf6f3da605d8f8ba60126d02451085528330524d899a38520be8c3	26.67%
2020-07-21	inf-2020_07_22-Q696.rtf	doc	6852b34db0c7a6150c1095a704236a1938b4ed46cd9d7bdfd412555ebf61890a	26.67%	Heodo
2020-07-21	Inf_2020_07_22_FGT483644.doc	doc	db88b385b97b7038cd233960f7f99ce350a72a3eecf6bbbcb227645f111d4e7c	26.23%	Heodo
2020-07-21	arc_20200722_RW8637.docm	doc	f9f454cca8e91299630413a10305ecfbce0ce0702ab5e73ee85c21fbdd49a0a1	n/a	Heodo
2020-07-21	Rep-20200722.rtf	doc	8aa3e958943656f026b02437d4c84ed9268018560390b8ab0d9807c7b23c8b41	26.23%
2020-07-21	Mes-2020_07_22-IO256.doc	doc	6ecd03bfb72de9f29bc5556f07f77b6a3ca030b9e385fe6b910678d2c8da855c	26.67%
2020-07-21	Dat-2020_07_22-JMD517.docm	doc	d5af3b606fe2dd9a542f85aed4bab475b5d2f91b9dc5e3e5091cc385e4624869	25.81%
2020-07-21	File-20200722-C268125.docm	doc	bcc1834e956cf9ee218e2956ae6511170e810ad54d6738ed11f98620609a3e30	26.67%
2020-07-21	rep 2020_07_21 H873.rtf	doc	253d4ce06935b6b78211d3f7b0ef787b74e019761199199ab5720333db23577a	25.81%
2020-07-21	rep 2020_07_21 JJU116.rtf	doc	9f943a83654e34af90ea126ca921eae3fb9394833e7356a9446aac1579995691	30.65%
2020-07-21	LIST-20200721-0477294.docm	doc	2748fddcf19685fe54157b965c7332d3abe89dee666467ba9655e4ffb6d805e3	32.79%	Heodo
2020-07-21	Mes_OOE79557.docm	doc	954e8a3b2f224ae59b0cbc54c3f0585184cc2e26aed9315eefae4f05fe73a708	33.33%	Heodo
2020-07-21	ARC 20200721 3939755.doc	doc	5676204dc114c9f08d3e8b9d365abd67056893923c3fb15afed9d3ffe357507a	29.51%
2020-07-21	Rep-J997928.doc	doc	e79bfe79de1a90309dfce80db1cec1e5546d40c16c83e9bd96f19cb888a61f19	29.51%
2020-07-21	inf_XT8593.docm	doc	193921b13cb10f97c4211e6694ee26cf2ebb7d6eff920ca64cc0d96252fc3487	29.51%
2020-07-21	DAT_2020_07_21_E103.docm	doc	3e9d864db108ff21b3dbc6aee0596264668e95aa02677c5e98cb40bc9bf40998	n/a
2020-07-21	ARC_20200721_L6849.rtf	doc	3d808e9e116ecad94d0839d1a951f8aa24c96f6dfaaa774a889edbb38c857b56	31.67%
2020-07-21	Mes-2020_07_21-D345.rtf	doc	c969a0b83fe39c15dd74759e9c07b8d753908346f3d8dcb940fccee01f146e92	31.67%
2020-07-21	REP 2020_07_21 EPQ9315.doc	doc	4de321a8533808438637e1c145e5ddfef9f24da81cb5129fed75c13218abecbf	32.20%
2020-07-21	DAT_20200721_644.doc	doc	04808644927ee4ee2afd1635e4f998de9740c04dc4bf72336e4c7faaaa7aff16	n/a
2020-07-21	List-20200721.doc	doc	620ec5ba9b3488d2f0df3f27c7efbd786e501f76dc0cd1e11e70e9783968374e	30.00%
2020-07-21	LIST_20200721_L8339.docm	doc	c90c7844e46d777d31a1c9a7155a04315b31a96367bed2d076ab0d23cc7149ab	n/a	Heodo
2020-07-21	File_2020_07_21_9776.doc	doc	268a97dd90a672f712cdec3a39986e6ea760af1f34b3bb9924eb08a270e0c576	28.33%	Heodo
2020-07-21	inf 20200721 8488.doc	doc	15617b37ed587c9af7ec3de8d4aabd3de95ded6604f652abea14822da2c94ce0	28.33%
2020-07-21	REP-20200721.docm	doc	186a6ee6322d2e6656e0125cba0536eef43d3a66e4ce73e129332dbb236cab60	25.86%	Heodo
2020-07-21	doc 2020_07_21 LEG85355.docm	doc	e6e56699f2eee72f34f915a3535b5cc541d94ff1733222954c162b2f34a063a4	25.00%
2020-07-21	ARC_2020_07_21_7993421.rtf	doc	a82dd2141315d36a0f9ba74bb443a40e0495cd089323254c35d0c4686249de7a	24.59%	Heodo
2020-07-21	REP.doc	doc	4a245c3424b436cc23d07727f5181cf185c57b77fe1a1a95286fc12c91c36403	24.59%
2020-07-21	list-20200721-2795243.rtf	doc	a1808398c37712705f11218018390d7aa7ceae6c9c8209ba305d140fbd4e900a	n/a	Heodo
2020-07-21	arc_2020_07_21_DY6844.docm	doc	ad614712ee0ad71a7408a527a3a2051489b0ff4f08038b7a676ad967ea160fb7	25.42%
2020-07-21	doc.rtf	doc	23bf0066e26b5b6e2403af2810c57d5ee5c0e04cfb175df6c134826cdb68bce9	25.00%
2020-07-21	List-2020_07_21-R366283.docm	doc	38a052e49569227f531849f52c6e801e5abb2c68a7dd2c5a9fca8e92ec6b0211	24.19%
2020-07-21	Mes-2020_07_21-796386.docm	doc	deb29a892e444cde34fe7642bacbee1bf74d35fcff478966636eec77c5e28646	25.00%
2020-07-21	MES.docm	doc	e4ec2e54b07ab9d2efbe99644cc82bfbcbbe04e644ec0f2a84738d51eb3434b1	24.59%
2020-07-21	list-2020_07_21-O202120.doc	doc	44d93b12f57a0d476e774d58da761e56ddd20f6d299acc2390a9111082e448de	23.33%
2020-07-21	Dat-2020_07_21-M96300.rtf	doc	0c8fe18fc9a3c5eefacfe3c44360ecb6e85f86d9ebaea4a5765855cad7a90ce9	24.59%
2020-07-21	dat 2020_07_21 4750514.docm	doc	cf3b2f4e9f81af42df9884f8f3042a4a704fe949060f1997368c664d6db623ec	23.73%	Heodo
2020-07-21	rep-2020_07_21-RO660950.rtf	doc	14f298945ba541ac7f6cf64b12d67423fffd432bbf2e598d25cd50f0e8cfd86f	n/a	Heodo
2020-07-21	inf-20200721-K4172.doc	doc	09d5cad4c8b70edf0e4e47c1abcbbdec9872ca65c129f100c3eaa76ff6197497	n/a
2020-07-21	ARC DXK066.docm	doc	27731098c7402e09d9c7e227a332f4878953ad3bd5d4126af3ef5fb06861cfea	35.00%
2020-07-21	doc 2020_07_21 9959.rtf	doc	f78e874b4d5c5dedede72b85b571f2b04d8edba617b6634d95c2af181e6e4dd7	34.43%	Heodo
2020-07-21	DAT-2020_07_21-713.doc	doc	b56639e31ca0b91be1be4530948430617abbf4a71376d356b7521b5044767bca	34.43%	Heodo
2020-07-21	Dat_2020_07_21_640.doc	doc	276568f9c3bb230aabe183dbfd02ad1c36b7aa141d382d34a839a611a422c07f	33.87%	Heodo
2020-07-21	Dat 2020_07_21 4135.rtf	doc	9e7349a986f7139a74245edcc8f0028bd6a10f81e79a7ac8bf7134e6d4932c2d	32.26%	Heodo
2020-07-21	Rep 4830937.docm	doc	754a0bebe018b079d9d9260256ea2106b4b5ad9a654c8b8a1989bf6e3f4568f7	34.43%
2020-07-21	Arc H268228.rtf	doc	3b8d069085588b448b85cab8b5d59f09dd147c35ebeeaee9e85b2c957011ca87	n/a
2020-07-21	Doc-20200721-3715270.doc	doc	ace014e43d78870f28d2a732d72b60fe0c602b71dcc8771989e5cfc0bb1e0bef	33.87%
2020-07-21	list 2020_07_21.rtf	doc	122b0d68ee819b2ceb91c0b2cdcc0327860dadbb29f884a776968a58c9480ec4	32.79%
2020-07-21	INF-DJ438330.doc	doc	e2a49ec64650e56e967e8b0c31b7e21ad3f1ab14516c6dc02605aaeb90f7b87c	32.79%	Heodo
2020-07-21	file_20200721.rtf	doc	41718a7885dc57496b953e118a0e425ba2af1e37a2a3a868cf05ac83e3db792f	32.79%	Heodo
2020-07-21	Arc 20200721 YZ2272.rtf	doc	276dfa20b9cffd3ac104aeafed599b2f70a9fd0e8d4faf1d86ffd46e8354a416	32.79%	Heodo
2020-07-21	Arc 2020_07_21 724.docm	doc	cd605825d74d60677fec41c84dc39462658ebbd5edd8e29cfe9610a29291b3e9	32.79%	Heodo
2020-07-21	arc 2020_07_21 M69683.docm	doc	1ac71bc3a613397302fc4eefbe3d81f107740541b6a87e051b452eaa6e74f3b8	32.26%
2020-07-21	LIST-20200721-1362.doc	doc	52806dd9a9f08f00c7fd38512ceeb4204d74ec64041dfee5fcc16f1ead3765eb	29.51%
2020-07-21	ARC 2020_07_21 199814.docm	doc	4e34674eaa422795c92ef9cb66994e18a57553e217b4bb4de69c1369608e36e6	31.67%
2020-07-21	LIST-VZ33981.docm	doc	49b857e2068f710d1facd444264c6d8804ecc9e2ba9660953b24bbf213cc66ba	29.03%	Heodo
2020-07-21	Doc 20200721 UQ228.rtf	doc	33e64096db5340fb26c5b5d6f9b1dd89674d3a77a96a25fafcb878d9929fc9da	31.15%	Heodo
2020-07-21	DAT 20200721 9721.docm	doc	99c6c8f02c2fef792bc8a5a6406b0baa294156cb38b8df191f98cfb5a90547f5	30.51%
2020-07-21	INF_20200721_O37978.doc	doc	cce8e5e706869261ede523822b673dd52e48d4351de8600f5ac209a7f0189629	29.03%	Heodo
2020-07-20	FILE_20200721_VDT6456.rtf	doc	0d657d365282571dcf58adbb3a758c81fa3df50bc081a60d01f14c5431b9492e	29.03%
2020-07-20	Dat 20200721 TW239.docm	doc	518def77204a86e55289809beda7c491b0f9ab290b10d7b4bae1c670a0f69c8d	29.51%	Heodo
2020-07-20	arc-20200721-R1711.docm	doc	f83e32a15080c0f31451809377046083d52daef3354edecea6db6ccf4158a43a	30.00%	Heodo
2020-07-20	rep 2020_07_21 360966.doc	doc	68f85e639cf07fc84c8204cec1bd82fd8985d854aa17d02c89b58b255b98ed48	29.51%
2020-07-20	Doc 20200721 K023484.docm	doc	a6ca24bb5b1de30cd63ecceac1727ca4102ed289d65fa05c550c4485e6ca372b	29.03%
2020-07-20	DAT_2020_07_21_7318.rtf	doc	c0696d196c346305861f4e358f48f216dcdde4251309abed3547504007cb858c	27.42%
2020-07-20	file-2020_07_21-9374161.docm	doc	1269bdbbc40be92cc1f13918a692b34fdfeec466bd7d872863ecc405ff38f77f	27.42%	ZLoader
2020-07-20	Arc X070.rtf	doc	c6050ddd07c6d8c4aee73c52d0e50d6056ebd5f3e82550d8c771fc4353d489fe	28.81%
2020-07-20	inf-FVQ86727.docm	doc	eccf2d10cb44fb11136e2edaf7af5de351637d1479888142221354abf8986760	27.42%
2020-07-20	Dat_TH01069.rtf	doc	959e1b792a528fab48fa32c87234357760ef40d9b01426cfa04ba657a41a326f	n/a