URLhaus Database

You are currently viewing the URLhaus database entry for http://www.51az.com.cn/wp-admin/aF/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:301272
URL: http://www.51az.com.cn/wp-admin/aF/
URL Status:Offline
Host: www.51az.com.cn
Date added:2020-01-29 11:34:08 UTC
Last online:2025-06-30 22:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2025-06-29 21:37:09 UTC to abuse{at}kurun[dot]com)
Takedown time:5 years, 6 months, 5 days, 4 hours, 46 minutes Bad (down since 2025-07-06 16:22:15 UTC)
Tags:doc emotet link epoch3 GandCrab link heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-06-298694fbf8bbd76af5b89a1cd1e1ffa9478e1db389c46ede0adfbebe181f9f2387.unknownunknown 8694fbf8bbd76af5b89a1cd1e1ffa9478e1db389c46ede0adfbebe181f9f2387n/a 
2020-01-31INVOICE-D88_6339360.docdoc 8d7133d29bc87e07788e437a4f15cd78fb34dc0116c3b513250ca2dfec61c413Virustotal results 20.31% Heodo
2020-01-31INVOICE-YP800_8408167.docdoc 1588ef587024ad7de73a0791fa28080025d2b56083263d8c9a597c2a4526ef1eVirustotal results 20.31% Heodo
2020-01-31invoice VB9931_4872993.docdoc f550359c63fd772e162a96b872ac0926638ffc5a7e32fb1b1f8bc163d4a9f23cVirustotal results 20.63% Heodo
2020-01-31INVOICE FQ91_53305398.docdoc 14ff3e420b1aab26fd8d2bd41c237e96c80ec8d0423317afef8f2764dadd6a2bVirustotal results 20.63% Heodo
2020-01-31Invoice 0509_16583321.docdoc 0af8d518c01ba62f4ab1797e291f6959f027008aa5899a8ef72a85cab4830de1Virustotal results 35.94% Heodo
2020-01-31INVOICE-AVKV4504_44150827.docdoc 095ae16ea2f042c2a67c760867b9e383168a9e69f35af9c53e3e42f118d8f087Virustotal results 34.38% 
2020-01-31Invoice LQCX5113_607489.docdoc 797c8a01976f70efa8f735c4a8f0d80a805578978d7f025c204d3e99a1a67d29Virustotal results 33.33% Heodo
2020-01-31Invoice TGQW9_0769292.docdoc 9931f06412385e83080f75415b9fba75bafafe36cb481e478b635d4dca29d0f3Virustotal results 33.33% 
2020-01-31Invoice_007_87616203.docdoc 7e082cd1c00196286e9dc462278ca357d4aa3cc353da1d3ebb73955f3fd53b8aVirustotal results 34.38% Heodo
2020-01-31Inv 70_348891.docdoc 1092c9cc1b0dbf643c81898c30d3034b4db59f49a86de85ced39a5315ce4549eVirustotal results 35.94% 
2020-01-30INVOICE-EO7979_104821992.docdoc b93c176b25e95c8538cc6e80bf1dca7b57ab9a7fe306415caed9989f1c306dd3Virustotal results 33.87% Ransomware.GandCrab
2020-01-30Invoice QDL5_1926547.docdoc 8aa2f0d5d11a3aedd257f45c6768e0c8af5a1473436c6e956d5455494349ab8cVirustotal results 34.38% Heodo
2020-01-30INVOICE 9834_823690.docdoc 55e09691a61d983f8bb5cb7d81ca1c07171d3248c62cfcd4f3b1a89f5e9a66f1Virustotal results 33.33% Heodo
2020-01-30invoice_VOL081_680995.docdoc 68ddd33bfa87185496120195d7e4007b09c04f658553fb64e558b89269d70492n/a 
2020-01-30invoice-4259_9241112.docdoc c0ef60e9ae4ffd63004837885e296e68eae72f32531f67e363d5715b86d63da5Virustotal results 39.68% Heodo
2020-01-30Inv_Q23_9809911.docdoc 4b8c920544a36d2b2fe8e35aafddad4a1052e8cced8e159cf4b9753d1c1a82eeVirustotal results 38.71% Heodo
2020-01-30invoice_68_3279776.docdoc 70029b2efe245977665727cabe746a92f951297bf034a85f96c12a828c18a682Virustotal results 38.10% Heodo
2020-01-30INVOICE-Q363_83560089.docdoc f274292ec06934b8c2417a6103a2558010703119785efb96e2443e57f4e1c658Virustotal results 34.38% Heodo
2020-01-30INVOICE-NFBH2808_59795931.docdoc d204a8808c41d9dbf3ad604139c838f916986ce563143b7e41b33c85d22d5973Virustotal results 31.25% 
2020-01-29invoice-OTL009_58031595.docdoc 5452b9448c3310adaa86f6020c32d6ae4727fce5049f613ad9242e2f35e94effVirustotal results 22.58% Heodo
2020-01-29invoice_MA0_10548548.docdoc e14bd51bea91be160aefdfd75c853ce85ef348e87400f0d1e14b64c7d46eb748Virustotal results 33.87% Heodo
2020-01-29Invoice-YAPA968_30326434.docdoc 8f114fa9732298d525aa216d90905f24142f129d79e62500f139a3c09db00fd2Virustotal results 29.03% Heodo
2020-01-29Inv_PRR3661_414103015.docdoc 0e7d6a780c7dedc2d2625158cde219a2df7eb7b37a509c810644085e1781eb12Virustotal results 29.69% Heodo
2020-01-29invoice-6_0007595.docdoc d965b7c533614e4ad1f1a9090edd5e83a4f4aae50a67b1ab1158ceaa31cfe7c0Virustotal results 29.03% Heodo
2020-01-29invoice 919_33798171.docdoc 7522a47f398818f54f95582e8d122a7bbd81f69c9807cc61fa12d0fc15a2e39bVirustotal results 27.42% Heodo
2020-01-29INVOICE-PX60_729017578.docdoc abc1e31965fa6cf8716c4256ce70b73a84e8e2620a2bf5609581010eeba6b53eVirustotal results 25.81% Heodo
2020-01-29Invoice-STK784_908519919.docdoc 603a04c67b941a3ff9345c94e890896e5570dd544e8ca3998f5197f45ab28f00Virustotal results 26.56% 
2020-01-29INVOICE SYAN6_474276442.docdoc 19f29957bde797c4505244aec4c78ca3ff7e264967215abd6444d9f7c31da7edVirustotal results 25.40% Heodo
2020-01-29INVOICE-X1219_780318981.docdoc b14d70827d5d668aeb31e94be512fea9fb38ead8ec12cdf7617616801c76b6e9Virustotal results 32.26% Heodo
2020-01-29invoice-4_2451366.docdoc 11571e77def609437aa4dd2d8a3885605dda376a5a3b635c995a16e4e6befeb9Virustotal results 30.16% Heodo