Community Intel & Discussions
⚠️ Phishing Campaign Targeting Subsidies
Risk Category: Phishing / Fraud
URLert.com has classified the domain lzchzxq.cn as a high-risk entity due to its recent involvement in a coordinated phishing campaign. Analysis indicates the domain was used to distribute malicious content via email, attempting to deceive users with false promises of financial assistance.
- New and Unranked Domain: The domain
lzchzxq.cnis relatively new (126 days old) and unranked, characteristics often associated with transient malicious infrastructure. - Phishing Lure: Community reports indicate the domain was promoted through phishing emails referencing a fake "2026 Individual Comprehensive Subsidy" program, allegedly from multiple government bodies.
- Malicious Distribution: Users reported receiving emails with
.docxattachments that contained links to this domain, a common tactic for delivering malware or directing users to fraudulent websites. - Coordinated Attack: Evidence from VirusTotal confirms the URL was part of a "hit-and-run" attack, suggesting active and deliberate malicious use of the domain.
Recommendation: Exercise extreme caution when encountering emails or messages referencing government subsidies or financial aid, especially if they originate from unfamiliar sources or request immediate action. Avoid clicking on links or downloading attachments from suspicious emails. Report any such communications to your security team or email provider. URLert.com strongly advises against interacting with
lzchzxq.cnor any associated content.
URL: http://wam.Lzchzxq.cn
I observed suspicious activity: A lot of our users received the same phising email with a *.docx attachment containing this url on the same day. According to VirusTotal's scanning report, this sample was uploaded on this day (but not by us). This means it is a "hit-an-run" by the attacker, and the URL is obsolete now