URLhaus Database

You are currently viewing the URLhaus database entry for http://148.70.74.230/wp-includes/McQyKZ/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	287569
URL:	http://148.70.74.230/wp-includes/McQyKZ/
URL Status:	Offline
Host:	148.70.74.230
Date added:	2020-01-14 00:20:07 UTC
Last online:	2020-03-02 06:XX:XX UTC
Threat:	Malware download
Reporter:	spamhaus
Abuse complaint sent (?):	Yes (2020-01-14 00:22:02 UTC to abuse{at}tencent[dot]com,abuse{at}qq[dot]com,jsquare{at}tencent[dot]com,dreamsruan{at}tencent[dot]com)
Takedown time:	1 month, 18 days, 5 hours, 39 minutes (down since 2020-03-02 06:01:56 UTC)
Tags:	doc emotet epoch3 heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-01-16	Inv OQU63_1348.doc	doc	7b8a1c8f4e675095e535c4769244157bd72e5d959b2e223178ed9560e063593e	41.94%	Heodo
2020-01-15	Inv-YTV97_92.doc	doc	379334a58831aca705a510047c7416daf90a0a102440a8972f87ad3b3e3727f5	41.94%	Heodo
2020-01-15	Inv-QR757_53.doc	doc	a56c3ed265eea81662d995f74b97d4d70829797368d462b1a29b05c5edb329f6	33.87%	Heodo
2020-01-15	INVOICE-BKU795_29.doc	doc	3d8e29fafb3a34382564edcba3c640bb4626eae9cdd23813b45208d0dc20ff99	33.87%	Heodo
2020-01-15	invoice N239_8277.doc	doc	ced74a717f09aa4ee30f883e7140c28a91a1911384510acf14127ecd77ae577c	35.48%	Heodo
2020-01-15	invoice_TTD081_3601.doc	doc	1a86b0027ed894d1cdf56b5880263c545a5fced00774690756a6c3c0a86cb013	29.51%	Heodo
2020-01-15	Invoice_MED788_966.doc	doc	abc61f312162f9df332438a4bbeec7b50ee4294b7ba314212f0b549bb14c08c8	27.87%	Heodo
2020-01-15	Invoice-KSY181_286.doc	doc	010d4daa4dffe83b54b6d3f489493476cf3de236ff55914f90d2750df262e52d	24.19%	Heodo
2020-01-15	Inv-UZN270_79524.doc	doc	78a310a044510fc979e903828bdc3831844a04b5c01b34397e52e3bd62c96674	20.97%
2020-01-15	INVOICE-G860_334.doc	doc	b7d6a9d883ceb3098ae6e82cb15a930133fd838486587f4f1fee1145cfc87b3e	22.95%
2020-01-15	invoice_B980_18067.doc	doc	b0fe1c13c4769acdbb0ca4f5e4811be6e1c74664f6b09081af35c1be907f9424	18.03%	Heodo
2020-01-15	Invoice-R886_587.doc	doc	0be95290124a09aa4fb39e3c9069ee6c8078349d8fedc5694c2bf8e6291b4839	n/a	Heodo
2020-01-15	invoice K84_379.doc	doc	90c1afaa5b3ec11b45a05c31ae4bcae3f687b28bf8620503dd175905dd945c02	18.64%
2020-01-14	invoice X80_13764.doc	doc	c912fbd5e3979ce3299c6cab4db775c4d86fcd1c779d4c2b402931f558484d99	16.67%	Heodo
2020-01-14	Invoice-AHJ90_50.doc	doc	801b373d37824fd2ad3deb032cc8ad648030947ea375eb994b2e15b23a0304dd	n/a	Heodo
2020-01-14	invoice NQ797_2856.doc	doc	a59898fd4715331074453846b86b94fa80c79e937fe99036976125ccd6e9b78c	n/a	Heodo
2020-01-14	Invoice LFL85_534.doc	doc	e19211b7c079fa51a4c909460ad266587c4ac771648c802cb4af537d71e215bd	16.39%	Heodo
2020-01-14	INVOICE S28_142.doc	doc	d68256788a82c628777bd3cb72c9c2f8819b44d898a9a60f0647d1237532ce5d	13.11%	Heodo
2020-01-14	invoice_LXB93_06520.doc	doc	516dd65e909384e3f3966aeb56253db71e221d6a1a6e48e323bb857217a8e467	13.11%
2020-01-14	invoice-KAW67_7118.doc	doc	9da483dba842e1d6e0a0279b231c4088d2d69e0864cc837057eb78b177ed6d5a	12.90%	Heodo
2020-01-14	INVOICE-LW11_973.doc	doc	d50fb4d2b5aeca55182160f95f244527af5d00d92c8e760906394e338cfbe992	n/a	Heodo
2020-01-14	INVOICE-FN928_203.doc	doc	bff484c3a259993eded74499820830eb2da53828fcc763b8f600261572c42b98	n/a	Heodo
2020-01-14	Inv_CXM45_24818.doc	doc	1d56a829a8b53c984eda84373182767912fbf9d5211e5c1cbd839b753410172b	n/a	Heodo
2020-01-14	invoice_MMB97_087.doc	doc	34808b889d159c685324dfa60012edfd13eba370971ce74e0e9242fe3c170ebf	17.74%	Heodo
2020-01-14	Inv-V52_0805.doc	doc	61ef44b898c732da0b07cc34493e971778b8835edd28386161473dd228025581	18.33%	Heodo
2020-01-14	INVOICE-ADM23_75.doc	doc	9f430cba9753330bd2dda6221bdcd057c6e188e12c984e211d0d1eee54636c51	n/a	Heodo
2020-01-14	invoice-VX518_177.doc	doc	fae7e292b443e97b48949f711e94e1ee3c23e5e01cdcb3d890bb6c20d459d756	38.71%	Heodo
2020-01-14	INVOICE-DZ929_1434.doc	doc	38306f435cab41dbc2b7719294dadb0854ee57b2e3d8e143bd3db4747ccf7fcb	38.33%	Heodo
2020-01-14	INVOICE-FQH691_46767.doc	doc	798e683b42e879ed7745f11f5aeb1347ea9e66f2e64dd97e32d0b489332d1195	31.03%	Heodo
2020-01-14	invoice_OEV729_74132.doc	doc	bbec91babc2513939b05530c6c50549b7d096c7bbd57e557b07d145f9d2c66e8	26.23%
2020-01-14	invoice G222_4288.doc	doc	18b7a070ad16b8cfff48c011226af98c8df66202cf67b83d9229cad680bd053e	25.81%	Heodo
2020-01-14	Invoice-A404_5332.doc	doc	5f2766ed0a05e2146a623b85152a13ab351b9d05c94103272bdb6b8f8d53a4f8	26.23%	Heodo