URLhaus Database

You are currently viewing the URLhaus database entry for http://ncxps.com/wp-includes/lm/7CFVaAA9jo/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:765703
URL: http://ncxps.com/wp-includes/lm/7CFVaAA9jo/
URL Status:flame Online (spreading malware for 5 years, 1 months, 15 days, 20 hours, 18 minutes)
Host: ncxps.com
Date added:2020-10-29 15:05:58 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2025-07-12 17:23:12 UTC to abusepoc{at}afrinic[dot]net)
Tags:doc emotet link epoch1 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-11-1169917e4ab9c674768f002e042c69909386fbe1e1d2e644b25d6931cd7dfa122b.unknownunknown 69917e4ab9c674768f002e042c69909386fbe1e1d2e644b25d6931cd7dfa122bn/a 
2025-10-238500294b38a2cc1fc9ec5a3536787ea738dd9c261d8e6f3f3f4c60598964700f.unknownunknown 8500294b38a2cc1fc9ec5a3536787ea738dd9c261d8e6f3f3f4c60598964700fn/a 
2025-10-039a6ba901b9eab519b38459fe78addd4fd1b5d082a88bae1b3618dd185174a5c2.unknownunknown 9a6ba901b9eab519b38459fe78addd4fd1b5d082a88bae1b3618dd185174a5c2n/a 
2025-09-14b4a9ea329e2e3a3ba1668a9aeb10f104711eb962a6e00f59caef55b6b52622dd.unknownunknown b4a9ea329e2e3a3ba1668a9aeb10f104711eb962a6e00f59caef55b6b52622ddn/a 
2025-09-029cf4c683a130cfdf9f39567c9991fae605e20fafc38554f5bbd90df6ae547b6e.unknownunknown 9cf4c683a130cfdf9f39567c9991fae605e20fafc38554f5bbd90df6ae547b6en/a 
2025-08-24dbf7ea49702fbf93d3d423f55620a8527190768744d929d1ae947be826008d3b.unknownunknown dbf7ea49702fbf93d3d423f55620a8527190768744d929d1ae947be826008d3bn/a 
2025-08-10a73554126f8067a2f6b4817f2913e99da0a40100db5780206b5e11d43cdde7a5.unknownunknown a73554126f8067a2f6b4817f2913e99da0a40100db5780206b5e11d43cdde7a5n/a 
2025-07-12f2cfc72857c16d8287e7432196bc788c6cd03c6b24d1e8b160017f4cb0304cb4.unknownunknown f2cfc72857c16d8287e7432196bc788c6cd03c6b24d1e8b160017f4cb0304cb4n/a 
2020-10-30INF-2020_10_30-XA65643.docdoc d137612aae06498f2bc6bbec85745d9bd00e258caf1f48016dfd3211f0453bc2n/aHeodo
2020-10-30INF 999.docdoc ece08fd02b30ee894b3d3a3b381c1288a0dd0d1c327416f8372d56a142e7e796n/aHeodo
2020-10-30VTG003_20201030_8309.docdoc 4c55fba21181dc3766347918c139420bf865dc891602dd71edeff3eea7605565n/aHeodo
2020-10-30UNTITLED 56738.docdoc 34cd9b83b3541e4301ed441dd798c66fce18cc6b1da77f3d87ced769a67ba8f4n/aHeodo
2020-10-30PQM704_GMZ9496.docdoc 7383041b5120be42959229a3057949738b86293d0acaf07e6cb9593d48102ea4Virustotal results 33.33%Heodo
2020-10-30List_20201030_455236.docdoc 5a2e23932bdbdbf97b1abc748d155d9135d032c72cf764296b9552845e5cc850Virustotal results 33.87%Heodo
2020-10-30INF_156.docdoc d8bfd4be9d542043d38192e58ac1118dded572fc34fe74683a4c1f9e7801d524n/aHeodo
2020-10-30Doc AH21904.docdoc df1390a8493f224502992c62d7e529f871c9e850b53e3479d9de2d1994f8f91en/aHeodo
2020-10-30file 20201030.docdoc 4635b1a651a48e9493fc0ba72337da2e180b69c7869346abc37e4529cb8c0ee2n/aHeodo
2020-10-30Inf-20201030-OZU343832.docdoc 82b84e8b989abdb526facd2f2dda1f7f68c45acdee4c400cd6d7733ebd6a1354Virustotal results 28.12%Heodo
2020-10-30Inf-20201030-991305.docdoc 326580245321200ddab731ee069c2620f696f92daa20029ec229b6b989edbbean/aHeodo
2020-10-30ARC-JV880216.docdoc 9f214933aad39c937e077e8949a585feb85e7e310e261ef6cf9eacdad19d2781n/aHeodo
2020-10-30ARC.docdoc 3e7cecd24a5a4f442e024c198f65a755fceb5eb0e72b385bb636695a37805c0bn/aHeodo
2020-10-30Attachments_20201030.docdoc 7c80839b52a294922abce5bcd5d4a2fc6701eaba2edef78d8be1d43fe18e813dn/aHeodo
2020-10-30UNTITLED-20201030-LJ665398.docdoc e917927e24c2b9cd23b8d500a0b604555fa82e4436515dcee191a3c2f4c69080n/aHeodo
2020-10-30Mes BO05060.docdoc efb952da7a9bd823505ccb80d12ae57e26ac75a869b060572eda940afafe27d4n/aHeodo
2020-10-30mes-2020_10_30-U109.docdoc eeddca7b1ac0ef1fcec05822ed178ace7d14bc382e304ff65903776b487ac791Virustotal results 28.12%Heodo
2020-10-30Untitled_20201030_024535.docdoc 34ebdddd214c6abbd22fc74af04fdf1d1af2b6ad1563f85e1d2c63ddd5f4be05Virustotal results 29.03% 
2020-10-29Mes_20201030_J337.docdoc 39aac454150ec504ceb483a99e30bdcb29a3725664a6ef2e1a02c37f57569e91n/aHeodo
2020-10-29DAT 2020_10_30 9136.docdoc 2235eb4a57b5175233ce34b08933fc93b7863583c9ff38c76a809c40069f61a5n/aHeodo
2020-10-29ARC_20201030_UM7974.docdoc 1c802678220f65ea3b50e82874a9888689aec3c069499e2941f3bfc7d001c726n/aHeodo
2020-10-29ARC_20201030.docdoc 4845da7cb9aeaf0bc23f9ff4869669d088ec6b529643ed2dc4fb492ed652a659Virustotal results 28.57%Heodo
2020-10-29mes 8579.docdoc 53e01743e578fab769ca84cbdab35079e0f5c3391c139cca0938669465f1e3b2n/aHeodo
2020-10-29arc 20201030 UUP8464.docdoc 11b4592603903a4f6783a2c905e9f163ceb9b48f854fd1addc4b670505f4dd0fn/aHeodo
2020-10-29doc-GA053.docdoc 2be3530ff6d9e0f4b458a86e11feb81aa3d930a3708a0018a6b7205d08046aa6n/aHeodo
2020-10-29Arc 2020_10_29 XD725.docdoc e02b928ac606904119090d82059880092f46e34b880b569e657a116c8ddc13a1n/a 
2020-10-29mes_20201029_0860.docdoc 71118241cefbb12d8ed23ed111176158875709ca3064e880a12a6dde1368af05n/aHeodo
2020-10-29UO3060 20201029 B487642.docdoc 73940cdfc897c46fc59799c1d435f540a9283b197679e47435a37b0f52bbe782n/aHeodo
2020-10-29Inf_5728.docdoc 8d9d4d850d036b687ad9c840d4b9667d172fcdc5cb3e7d303b95bbff842ecf42n/a 
2020-10-29Untitled_2020_10_29_GCM1592.docdoc 8a7bf39f8cc6646718857ac5d1b09b0791109a12d871aca96b91295c843d4056n/aHeodo
2020-10-29File_2020_10_29_814369.docdoc 2c6e4a74fc1b23c3c05b2e5717d495853be7408768a603493d3f7e104a3bc9c9Virustotal results 26.98% 
2020-10-29file-065416.docdoc 5c9357004aabdd59025b4e6cff228ddf6e9ef59b9bc97fffc36d36fe7ce8f421Virustotal results 26.98%Heodo
2020-10-29Untitled.docdoc 36e86b29646738d8621d0a0a76a435b4dfd8bc508480bfe3cf0f7f10c345deb7n/aHeodo
2020-10-29rep-7054824.docdoc a88e04c2cad8d4caa52e7b111b9665c77a7917a19dc0fa9ca7ff2b0c8caf8492Virustotal results 25.00%Heodo
2020-10-29list-VH499.docdoc fa60f7631e2db78b536a7b1c224d473c4d252c00e5a7a0731dd49001cdefdb67n/aHeodo
2020-10-29Untitled-2020_10_29-MJ480.docdoc c5fb6da467aa03871b3d49d8bc5808b6b8e051dca7bd1aa57b58324d9b9a97aeVirustotal results 21.88%Heodo
2020-10-29Dat-20201029-94132.docdoc c6eea0359a87d3f6b39ebc7115393ee78e0544300a10f031f087fc6ba7db2a7aVirustotal results 20.31%Heodo
2020-10-29doc 20201029 TO7765.docdoc ba3d044d8eefa455a680c9805ad9679c2d0475fc6d4de4262c04da718e3f9764Virustotal results 20.31%Heodo
2020-10-29List 2020_10_29 TS59000.docdoc 4e45b134e67abf39dbc1201857ab7fce58ca646ffd5e29736a5267d1c41e549dVirustotal results 26.56%Heodo