URLhaus Database

You are currently viewing the URLhaus database entry for http://hunters.org.cn/img/lm/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	495860
URL:	http://hunters.org.cn/img/lm/
URL Status:	Offline
Host:	hunters.org.cn
Date added:	2020-09-14 13:08:15 UTC
Last online:	2020-09-14 17:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-09-14 13:10:04 UTC to CloudFlare Anti-Abuse API)
Takedown time:	4 hours, 8 minutes (down since 2020-09-14 17:18:25 UTC)
Tags:	doc emotet epoch2 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-09-14	X5UFFIX7HSKI0HA.doc	doc	ed410e106fe3f9f8bedec883afe4b7b0d0dea3b449ad26fa6f41aa69c0a78f80	28.81%	Heodo
2020-09-14	EVUN_PO_09142020EX.doc	doc	a3f6b39e72cc5764544ad0f6abcdddcabce1f34999a2d78268a80c5b4f8546f2	27.12%	Heodo
2020-09-14	SUY_KB4169037915KI.doc	doc	b6583efe667a79067f7999a0b37d909ac38b9e82fd2e51fe65f320f9f0d5cdef	27.12%	Heodo
2020-09-14	00642449.doc	doc	6854581e81ae31b87095df739754ed6a3a572cbce33781e25b646a150e39505c	27.12%	Heodo
2020-09-14	TAZ_HEA7Z0JDJX3DSV.doc	doc	65af960efb522275c12cbbc2902476854043df45ed96b435103aedcef02eecbe	27.12%	Heodo
2020-09-14	BAL_6JRTABJ45BD.doc	doc	e4a9024be2fd969f3d64de3bcff992a2d29ad69e823b5ed145c96a395a013e19	n/a	Heodo
2020-09-14	BAL_HF2271076218MR.doc	doc	2ff4b7d7b02e82dce1df902e65b025fe06a6a66e3e4605ada4206d0eb2e33cd5	21.43%	Heodo
2020-09-14	RX8950005636GX.doc	doc	6f94245cbc7d242d2ffa0fa4b3e3b3d5c9d3033df0482320fd014daba53f62e3	n/a	Heodo
2020-09-14	XAVV_ZNU_090120_OJW_091420.doc	doc	6c582c81ef9f686301cf1a663938a08c6f793a3f45403b3d4d87da94d5eefc00	22.03%	Heodo
2020-09-14	REP_PO_09142020EX.doc	doc	bc08b7a8310a6206226dd767a9c4cc26dd5d5316ad80e399359db8c090294b43	21.67%	Heodo
2020-09-14	BAL_VI2912189652BR.doc	doc	29727ccfff36705a0638c4b0127fc5ec22be60f05d542fd9e9f0f49f6827ef54	n/a	Heodo
2020-09-14	H_YJ3407374877DO.doc	doc	358777fc6c34cc75ebc7d92ee6c2bd0b29eaf38c4a215fc317e920ab0f60476f	20.34%	Heodo
2020-09-14	VCW_090120_URG_091420.doc	doc	9bd2a13b25bd80000de689abeba6e931e894f31798d57b111b8e3e4b8c784184	21.67%	Heodo