URLhaus Database

You are currently viewing the URLhaus database entry for https://wefoundworld.com/ncm/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	2650398
URL:	https://wefoundworld.com/ncm/
URL Status:	Offline
Host:	wefoundworld.com
Date added:	2023-06-02 15:37:34 UTC
Last online:	2023-06-05 04:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2023-06-02 15:38:45 UTC to abuse{at}cloudflare[dot]com)
Takedown time:	2 days, 12 hours, 23 minutes (down since 2023-06-05 04:01:58 UTC)
Tags:	BB30 geofenced js Qakbot TR USA zip

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2023-06-04	document_E482_Jun_2.zip	zip	53584f55d9e48f1eccf94699fc011a17604231df0f8c2fcc1442a6a337def0cd	22.58%
2023-06-04	document_B352_Jun_2.zip	zip	95f9c3cb1add35037617b3ed869810dc26ef0ffe6cea6bb31eff1362c437a340	17.74%
2023-06-03	document_C560_Jun_2.zip	zip	e8a28422df599374b53f43b709392f7c81b3ad4c8b5b7e4e511f028a5fd6697f	20.00%
2023-06-03	document_B978_Jun_2.zip	zip	74cd7086b027c7d0260230146a60b6e2ea11b0c7ad21feb3dbd7402c1c481304	19.35%
2023-06-02	document_B179_Jun_2.zip	zip	395445a92e3ce3cb8b0e633ef9ff65ccc979ee3889757709188b79b5f49eac19	19.35%
2023-06-02	document_F842_Jun_2.zip	zip	f519fc03b6fe244c37ff806f550c9e183e51df17e04a49ab1799c2f27303b3e3	n/a