URLhaus Database

You are currently viewing the URLhaus database entry for http://ncxps.com/wp-includes/4LD2g8W3RRmhtGVVVPeq2OrlCqm71yyXVERIW5rZiTVIi3/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:756736
URL: http://ncxps.com/wp-includes/4LD2g8W3RRmhtGVVVPeq2OrlCqm71yyXVERIW5rZiTVIi3/
URL Status:flame Online (spreading malware for 5 years, 1 months, 18 days, 3 hours, 56 minutes)
Host: ncxps.com
Date added:2020-10-27 14:47:16 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2025-07-09 11:00:14 UTC to abusepoc{at}afrinic[dot]net)
Tags:doc emotet link epoch2 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-11-11215ad6b562547988b6f827a49339c7861817d07ed39614e97216de72f05b21b0.unknownunknown 215ad6b562547988b6f827a49339c7861817d07ed39614e97216de72f05b21b0n/a 
2025-10-23abf6d044606825fa41b29729a84a3b4738ccaa3ed0af134dbb50bfd6acba3945.unknownunknown abf6d044606825fa41b29729a84a3b4738ccaa3ed0af134dbb50bfd6acba3945n/a 
2025-10-03b5bf43441232249f7abf074b505363f99b8d90f49bd830455a69a9bb9618bef6.unknownunknown b5bf43441232249f7abf074b505363f99b8d90f49bd830455a69a9bb9618bef6n/a 
2025-09-14e58d3222decff533ae0767d7b8e45ee18d41979d444a2fafce963c72002a2d6e.unknownunknown e58d3222decff533ae0767d7b8e45ee18d41979d444a2fafce963c72002a2d6en/a 
2025-09-02011cd0fb4eee9878c6d1611a2214b344af1df47f09b2584b1d4668841b3c0d1b.unknownunknown 011cd0fb4eee9878c6d1611a2214b344af1df47f09b2584b1d4668841b3c0d1bn/a 
2025-08-24a0ae4485e83cd90fd8d6c3223a07e90e7ee1e177e3c915e737d6567177f639b4.unknownunknown a0ae4485e83cd90fd8d6c3223a07e90e7ee1e177e3c915e737d6567177f639b4n/a 
2025-08-0957c87bc52d51d784fa017b498cc3d8f78d83f15631e4012ae5d10481a273cfeb.unknownunknown 57c87bc52d51d784fa017b498cc3d8f78d83f15631e4012ae5d10481a273cfebn/a 
2025-07-09a52a54215dc910d0f99eea9e781bc0dac5c76d13b95b698f7b1dd37fd4ccd23c.unknownunknown a52a54215dc910d0f99eea9e781bc0dac5c76d13b95b698f7b1dd37fd4ccd23cn/a 
2020-10-29FILE_SUX_100120_FFS_102920.docdoc 49a477c47d332f275cc0c14abbd81bb687b943da8481d37220f1191d429061a5Virustotal results 28.57%Heodo
2020-10-29dat_MNCSRFWYWIH1VT.docdoc 5ed767510e9b2630ac3c6ea38470821c0c85acaf712cb5f45eddd5f6e0fcdc17Virustotal results 26.98%Heodo
2020-10-29INF_YZC_100120_YGG_102920.docdoc 4578d3920daacf96ae730e547892639558d1ae71b1820d402dbcbfc3ebfcc816Virustotal results 26.56%Heodo
2020-10-29ARC_PO_10292020EX.docdoc 553bed36f9d70dbc9c4115585166a4fd7543ddbb7cc98f8d3a5b1a41d2ca5369Virustotal results 24.19%Heodo
2020-10-29Attachment_CNZ_100120_KUU_102920.docdoc c77bdf30a9a94eafd3718a954bd79a8e9ad3b32761d6c45ae1b79245df7599bfVirustotal results 21.88%Heodo
2020-10-29arc_51842820.docdoc 9dc022a6d94a428fb2f095b0ecb4572e6b60e7b59a3ba584a8c4a04cddbf3251Virustotal results 20.31%Heodo
2020-10-29Mes_LC5004348055MC.docdoc df879036bfd4136c1f14cabcb7bc54e077f8b9e09a67404bc366777cf3d38d43Virustotal results 20.31%Heodo
2020-10-29List_470220090109990609.docdoc b0144d3b84fcb16e6d521e31100944499659d0ed9065e7295eb557d60254be7bVirustotal results 20.31%Heodo
2020-10-29FILE_PO_10292020EX.docdoc 34d9cdd8a269048d1a73d296e922eef7ab126f766b8d9a8191dbaeb1345a8dd0Virustotal results 20.63%Heodo
2020-10-29783051065998206.docdoc 1ecf50c67d4c4bf7eba5ed050c6500f7ab6a2b63b66f12dd23748e22e9a34ce7Virustotal results 40.98%Heodo
2020-10-29doc_PO_10292020EX.docdoc 38df7a8d7d8ddeec4905b01777148222f208d5030b7a44665b5fdafb5bd9ff19Virustotal results 40.32%Heodo
2020-10-29REP_PO_10292020EX.docdoc 6cff316da0b26621e5b1fc3d5a85c6931a68a90fde20acf702195a175fb4ce44Virustotal results 41.27%Heodo
2020-10-29UNTITLED_JYUVTEYN.docdoc 9f2ed62dea3b679b6dfecbb79905a34ef056e81af2e92c4249fe4521711b047fVirustotal results 37.70%Heodo
2020-10-29093415272.docdoc c353f3d728d9ff052a3ee47d7dd1c5e8bcd8813238a8e20f2f2d0a97fe5bd8e0n/aHeodo
2020-10-29dat_79649965.docdoc 17d6d17702d158eda616b2096600e47fe0808914ae353ec5009763a5de5fffe7Virustotal results 36.51%Heodo
2020-10-28UNTITLED_PO_10292020EX.docdoc 2a7fa7333c9651955476107db7c4fabaa333b34c5c6938bfad143ae443d94dd7Virustotal results 25.81%Heodo
2020-10-28UNTITLED_5868970924292.docdoc b693171616c84c6e6bf6f7a486ac2efef18cab45a608593d95def463549f2f74Virustotal results 25.40%Heodo
2020-10-28FILE_PO_10292020EX.docdoc 6e663577a7ba709bc7fb008addc85b8177361cb8fe92f3c79ab88bcecd10783aVirustotal results 25.81%Heodo
2020-10-28Attachments_PO_10282020EX.docdoc eb056d51f99a6aeefbd8db271b24784e988b456f939812f40b9b6108a4805941Virustotal results 22.58%Heodo
2020-10-28rep_6JQ3SWC1HA.docdoc 88ecbebf3f50eca1713851898cb315638b520a2c46f5d21f370de5ac8a4de484Virustotal results 22.22%Heodo
2020-10-28O_QQZ_100120_CET_102820.docdoc 11974ec5ce543646a57980f46943cb2a955f3d5a1e4732f3afdfd141df1cb76fn/aHeodo
2020-10-28Mes_PO_10282020EX.docdoc eae43aeb02650178d0fd02ed1c824f36d89c2a2950399621c4a7c29ecb8d7e73Virustotal results 19.05%Heodo
2020-10-28Attachment_16069883.docdoc ad112b9ed4b1078a7142b24121c402ec49a036e33bf0e514f8bdc5b720c216deVirustotal results 17.74%Heodo
2020-10-28inf_FOP_100120_VLN_102820.docdoc 3fe50d0556d64f8a7214fa4e311bb0075f31b6bb0ea009d852c70bbe51a1782aVirustotal results 17.46%Heodo
2020-10-28Dat_TI5340760836HM.docdoc 3bd7bff850a4570a7bb97f9e98579d7a02f229ccbec50ec955257f9963ca0b5cVirustotal results 17.46%Heodo
2020-10-28doc_FC3884260013XS.docdoc 3e40a7defd105440e12f2955234fba81780b20f1dbc188417b1381f6738ab15fVirustotal results 17.46%Heodo
2020-10-28UNTITLED_EDT_100120_PCF_102820.docdoc e4d94aba5a47bbeecaa7eca44fdfd7d46fc85a1d2c46c55c704d159f3f378670Virustotal results 17.74%Heodo
2020-10-28Dat_PO_10282020EX.docdoc 670d89e5fcdc28a3e39901eaa4e232b7ad534728dea0607e198d767393e23de8Virustotal results 17.46%Heodo
2020-10-2864644759655552470992352.docdoc c3f9c25daaea07684a67a58d2ec8115321b592a8b0edc6eaafd2e8844f22c10bVirustotal results 16.39%Heodo
2020-10-28LIST_PO_10282020EX.docdoc 7f6ef7fd6f76a1ef0eed201b10fd39944874e657f56271aee75d090d57672248Virustotal results 26.23%Heodo
2020-10-28file_PO_10282020EX.docdoc b3c3d3e30ae7b4c92c9f8ebf90b783a3219fed0e1d204c2f91e23ca759865315Virustotal results 17.46%Heodo
2020-10-28LIST_IYKZI8GO.docdoc c52d8de4c0df2d3039b4e550b081b8386bf713ff22749065c331fd9c03bfa88dVirustotal results 17.46%Heodo
2020-10-2829243545.docdoc ca886c353a653f94a89591b19f4830ea563abdb93c949b8bd4872dbbb65bc02aVirustotal results 19.67%Heodo
2020-10-28INF_SW0900403966EZ.docdoc ce14f27765b4ed177ea779ef8f7eb00b4e09b985d0969e6a139c40a58133956fVirustotal results 29.51%Heodo
2020-10-28doc_PO_10282020EX.docdoc 3b2703a8136146bb26f76cf8aeb05e347c77170c548c652fdc716a1df532a920n/aHeodo
2020-10-2848316534.docdoc 3c7adc03d47d4071a05f6829238a5d5e5e21389ae17cf278b8f88824cae02d83n/aHeodo
2020-10-28file_SBG_100120_WVF_102820.docdoc 430cbffbdc5d6ef1494df4bf0b8ca22a4e95fcc129261a53ee799778b2ef644dVirustotal results 28.57%Heodo
2020-10-28inf_83721199.docdoc b544ff42f8c38e91027ec7df20b912d3c55dfe9235c6f4a609f7c8b57798b979n/aHeodo
2020-10-28doc_01452440.docdoc b5967d8f6f4eff72fd314911e828c2376081aa4d190afacbbbfa0fb390f13e4an/aHeodo
2020-10-28REP_86324825.docdoc 95d0a6acc83d661cf2f495f1e9b4c465b64f5fcfdfa6a75c0ad72beac8e31b19Virustotal results 28.57%Heodo
2020-10-28DAT_W7VUKJ3J04.docdoc b1de6df6c2b5ac15a030ee3b606165a808dd7fb78a4d22a267e304c2edad0fc1Virustotal results 28.57%Heodo
2020-10-28UNTITLED_DV2SP2F0UK32B.docdoc 499af6e46284239845d6e547823d8f197a8c92a084b2aecf1123e44d44a764e6n/aHeodo
2020-10-28MES_76157606.docdoc 68cb170125b6d8fe85e4573f3324f27ca595e8a2a2f0d624742c817590b42765Virustotal results 27.42%Heodo
2020-10-2818715632116344161.docdoc 923249c0d4dcc2113d70d2a97c0f28d9667690185c9e5a0d9161408d5277acf5Virustotal results 38.46%Heodo
2020-10-28ARC_PO_10282020EX.docdoc ed432b4a387becc419df96f24140626602c26a169999780c2309f0f5190a1321n/aHeodo
2020-10-28dat_55462044.docdoc 1d6286cbe99db0f75e74a7ce7e77a50699b075af54aca64f8d2fb9c235f5d094n/aHeodo
2020-10-28rep_65071812321000815448.docdoc c81da9358cac9552a6d4005fa1c6ed570a70d9aaca86836e670acafe475cf882Virustotal results 32.08%Heodo
2020-10-28REP_WF8885710922OF.docdoc 2a46f3f595f2eea533b556a67f2558d85d955f1784d1d48cbe78b2e5fae35f34n/aHeodo
2020-10-28inf_63964414.docdoc fe13971c49c4731ae4fdc32c49bbb6796383a27db3ca2340642ed9d0c1753880Virustotal results 31.48%Heodo
2020-10-28FILE_13869588.docdoc 3120df1e06f01820a9e9aaf64e33f5ff4b4e39647ef7552f6f98535a9c17e68dn/aHeodo
2020-10-28List_VQL_100120_SKN_102820.docdoc 3a183e3b2c742a3307c322a6e8e75c3741b4b35e456bacd95fead4ceb74fcf12n/aHeodo
2020-10-2871432077.docdoc 95d5a2d7dcee12209de69b8db569c01e68322524257ca16c36f43ac546532c95Virustotal results 25.00%Heodo
2020-10-28UNTITLED_8470050924158725.docdoc c3e8b7bf6e9c96cf2335ab8c491d537cf81a2c322e9b305fd0545d051c613a83Virustotal results 27.78%Heodo
2020-10-28LIST_WK2858655550VD.docdoc a9dab3a7ee17c4e9ebd90271c21ba1f27a69094147e4f37b14e8b584ef3bf74cn/aHeodo
2020-10-28OIRU_NVJ_100120_NWI_102820.docdoc 384f0ac6af41ed895424d29854b510286d7b1c075150dbd313f8682f26eb4249n/aHeodo
2020-10-28PO_10282020EX.docdoc bc8c74e5b69ba384b49d43f30b6707c6982c97d843cbc3771fe0027cc844869fVirustotal results 25.00%Heodo
2020-10-28DOC_86266048.docdoc 5e692d0f6341638d540a0dd0458062a4852cdc65dd6551956aaa28c4d417416an/aHeodo
2020-10-28List_DA4259585389VA.docdoc 176e68686c8b9f4fd451378d2515712d6b00a0870c518d0c530d020d13bb3052n/aHeodo
2020-10-28Attachments_74612745.docdoc 42437dded751c17d78164701713e5a181726b5fa47472556a1eaede5aac86c17n/aHeodo
2020-10-28EQ_BC8476892332FG.docdoc ef87afc95689c73759bee33f83ee37d3a46dcdd5dcd498921e9cc06eb3f02455n/aHeodo
2020-10-28LIST_PO_10282020EX.docdoc f6fd4d78eaf23a55319eb3b14344a592bfe7d542cf1f7e45a9ff6fb8ad9f90c7Virustotal results 23.33%Heodo
2020-10-28FILE_58121091152.docdoc 555c444da12ef92c155597ec6fb707163898e7bc70247e493e627c319f122a36Virustotal results 23.33%Heodo
2020-10-28UNTITLED_87319086.docdoc 7eb74017c164dd7972d8d6fc795baaf0f0bc4593227af0752e986dc52bcbfdcbn/aHeodo
2020-10-27PO_10282020EX.docdoc 90f1f20d90c0a5c6c32d6eca01833ff1db7b1325a5db427d7c5871fe3d5096f3n/aHeodo
2020-10-27List_53536968.docdoc 68578d1838025f246fa8743f767bcc85ea6ae45f38ec14610b54e8693960a3a0n/aHeodo
2020-10-27INF_PO_10282020EX.docdoc 9e67927cc9cf11b38167386aa1974faf5516155e23095cb9b5a2daf9686957e6n/aHeodo
2020-10-27Doc_TLC_100120_JPN_102820.docdoc cf37bc70aa99bf4d8ac44a3ded10f1d82deac713ad88ca9aa9f6f550ccf52f2cn/aHeodo
2020-10-27doc_HC8986909674HQ.docdoc 77e15f9522e48f36a7a6067a2288259f10f991917093606ae3c07b26a3ede823Virustotal results 19.35%Heodo
2020-10-27Inf_5984407964129835285943167.docdoc fc7ce8ff56832fc6cd1bdb013de966cae38ff1e593a06e22f0e9764e09528a01n/aHeodo
2020-10-27Untitled_JKU_100120_LGT_102820.docdoc a260910db0747bfef736fe491c9762f6651e7031b77914ab19fad50c63ef70fbVirustotal results 22.22%Heodo
2020-10-27WP1639564897CU.docdoc a972fb1281a3d74bbf2194996a6b7af6b95eb98b1111573562958b4235e71d93Virustotal results 19.05%Heodo
2020-10-27FILE_55944491.docdoc ef29a8422b09e506af3affcef90be9236f769d51ce6a686df8fb8dfc6fcd1284n/aHeodo
2020-10-27dat_6ZG2NXJTJCR.docdoc cc6e22fb47f246a8619f5e98b3078e0e9d99026df12daa5dbe90bf64e9e3694fn/aHeodo
2020-10-27Rep_SMB_100120_DOZ_102720.docdoc affba7e7949c06840bb7887c8373003434c8755505fd274c8274210b5c8a2961n/aHeodo
2020-10-27inf_TUC_100120_XBT_102720.docdoc a39da0d5b56f1c56b4cdd6c0cf65d313381721f0a2b832d46e35311c0d583babn/aHeodo
2020-10-27list_HJF_100120_LHR_102720.docdoc ac38635cf95cd57e39ddffbf34b5723f519de18d171802bfef7ad76a439a59d6n/a Heodo
2020-10-27UQM_100120_DQD_102720.docdoc 1ad28606bff91478a2383c7deb56c563f2c3912df1f1ae81b0fd16892f3842d4Virustotal results 46.67%Heodo
2020-10-27PO_10272020EX.docdoc 755114dfd81340951d25507db37f9a1b272113a63182ebe3b595977db5d41cedn/aHeodo
2020-10-27Inf_57256125816438022011.docdoc 82304be765e94c28cde780b5f7e90c056ace4fd6e5aa3059ff05f9c4202a92dbn/aHeodo
2020-10-27M_PO_10272020EX.docdoc 3a6999a4a9e86c13cc7384d88715d7e2ba2f571b311c29c076b654a9d15aeb1fVirustotal results 46.55%Heodo
2020-10-27LIST_12579925.docdoc f3d927fe91283ea8a18625acafb7908f40e11ffe5243f2ebb7a5511f99a0ed87Virustotal results 45.16% Heodo
2020-10-27FILE_PO_10272020EX.docdoc 075ad3915034b09cca40f0ad72699dd72104a12ec16645aac558092604c8bbb6Virustotal results 45.90%Heodo
2020-10-27File_YL0XSXQFR12.docdoc e2e08b8d13ee2f3b74b54ec4de5892a941e2a274e8c0117d86a7dda62c0dcdd8n/aHeodo
2020-10-27DAT_HQU_100120_UYF_102720.docdoc 0d324b35e9e1354566e22c431eb9ee5f36c4ade28ed5acf57bbda93ff7c8c1edn/aHeodo
2020-10-27N_QSF92UH1V4MFKIXD.docdoc 46a3e3abecccb7dab19ff4c6940f0d2b503d409524a59b07bea431da55dac765n/aHeodo
2020-10-27MES_92603694833.docdoc beec80235ed74cc910936321b2be145f0ed3d43cb0a6f436d2e9414e2df55f6bVirustotal results 37.25%Heodo
2020-10-27PO_10272020EX.docdoc 7ab5121bd532bdefd823a9e26de4a8362182cdfc702eadf11b49dd1ae9428934n/a Heodo
2020-10-27doc_299736461981926194407473.docdoc c120434d0b02ba65e0e0cb0a24abde6889eb5d169602923f1b0f87567f9ac207Virustotal results 33.33%Heodo