Overview

URL www.gzjfhx.com/html/live/cn/gd/jmhszh.html
IP154.91.25.52
ASNAS2905 TICSA-ASN
Location Seychelles
Report completed2018-08-17 23:21:39 CEST
StatusLoading report..
urlQuery Alerts Malicious VBScript dropping file


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-08-17 23:20:45 CEST 1  154.91.25.52 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
2018-08-17 23:20:45 CEST 1  154.91.25.52 Client IP ET TROJAN RAMNIT.A M2
2018-08-17 23:21:09 CEST 1  154.91.25.52 Client IP ET TROJAN RAMNIT.A M1
2018-08-17 23:20:55 CEST 1  154.91.25.52 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
2018-08-17 23:20:55 CEST 1  154.91.25.52 Client IP ET TROJAN PE EXE or DLL Windows file download Text
2018-08-17 23:20:55 CEST 1  154.91.25.52 Client IP ET TROJAN RAMNIT.A M2
2018-08-17 23:21:09 CEST 1  154.91.25.52 Client IP ET TROJAN RAMNIT.A M1
2018-08-17 23:20:45 CEST 1  154.91.25.52 Client IP ET TROJAN PE EXE or DLL Windows file download Text


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-08-17 2 www.gzjfhx.com/html/live/cn/gd/min.js Malware
2018-08-17 2 www.gzjfhx.com/html/app/js/tiyuba_play.js Malware
2018-08-17 2 www.gzjfhx.com/html/php/check.php Malware
2018-08-17 2 www.gzjfhx.com/html/live/cn/gd/jmhszh.html Malware
2018-08-17 2 www.gzjfhx.com/ Malware
2018-08-17 2 www.gzjfhx.com/html/app/js/jquery-1.4.2.min.js Malware
2018-08-17 2 www.gzjfhx.com/html/app/js/rFloat.js Malware
2018-08-17 2 www.gzjfhx.com/html/app/js/footer.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 3 reports on IP: 154.91.25.52

Date UQ / IDS / BL URL IP
2018-08-20 21:15:17 +0200
2 - 8 - 10 www.gzjfhx.com/html/event/weifangbei 154.91.25.52
2018-08-17 22:46:38 +0200
0 - 3 - 6 gzjfhx.com/html/football/2018/387498.html 154.91.25.52
2018-08-15 05:17:32 +0200
2 - 7 - 11 gzjfhx.com/html/basketball/2018 154.91.25.52

Last 10 reports on ASN: AS2905 TICSA-ASN

Date UQ / IDS / BL URL IP
2018-09-24 19:37:17 +0200
0 - 0 - 1 a2zmedical.co.za/index.html 197.242.149.122
2018-09-24 18:03:53 +0200
0 - 0 - 0 www.ceebee.co.za 197.242.147.100
2018-09-24 17:48:07 +0200
0 - 0 - 1 www.zglingbishi.com/ztt 154.91.234.154
2018-09-24 15:48:32 +0200
0 - 0 - 1 crisp-ys.com/html/xgxz/zhbgs.htm 154.91.25.29
2018-09-24 11:40:38 +0200
0 - 0 - 1 www.sharingbiblicaltruth.co.za/index.php/arti (...) 197.242.145.125
2018-09-24 00:29:17 +0200
0 - 0 - 0 45.192.129.2 45.192.129.2
2018-09-23 23:13:28 +0200
0 - 0 - 8 www.jlkwq.com/caipiaokaishouzuixinxiaoxi2018/ (...) 154.95.129.243
2018-09-23 15:23:43 +0200
0 - 0 - 2 yfdjz.com/ 154.95.252.61
2018-09-23 05:59:50 +0200
0 - 0 - 2 www.nvlegal.co.za/Pasado-Due-Facturas 197.242.144.130
2018-09-23 03:00:39 +0200
0 - 0 - 1 www.a41h.org/gaoyaanquanfa/244.html 154.85.182.121

No other reports on domain: gzjfhx.com



JavaScript

Executed Scripts (17)


Executed Evals (2)

#1 JavaScript::Eval (size: 1053, repeated: 1) - SHA256: f8b139c844a47377ac44f864b1290865317fdf93537a28ad58adc8c3019000f5

                                        function checkgg(gg1, gg2) {
    if (fGetCookie('ppg') == 'no') {
        var isshow = true
    } else {
        var isshow = false
    };
    if (isshow) {
        return gg1
    } else if (gg2) {
        return gg2
    } else {
        return ''
    }
};

function checkgg2(gg1, gg2) {
    if (fGetCookie('ppg2') == 'no' && !fGetCookie('closegg')) {
        var isshow = true
    } else {
        var isshow = false
    };
    if (isshow) {
        return gg1
    } else if (gg2) {
        return gg2
    } else {
        return ''
    }
};

function showimggg(href, id, img, width, height, mleft, mright, mtop) {
    var html = '<a href="#" name="thegg" onClick=this.href="' + href.replace('bqj-sb', '') + '";click_stat(' + id + '); target="_blank">';
    var style = 'width:' + width + 'px;height:' + height + 'px;';
    if (mleft) {
        style += 'margin-left:' + mleft + 'px;'
    };
    if (mright) {
        style += 'margin-right:' + mright + 'px;'
    };
    if (mtop) {
        style += 'margin-top:' + mtop + 'px;'
    };
    html += '<img src="' + img + '" style="' + style + '""></a>';
    return html
};

function showtextgg(href, id, text, tclass, style) {
    var html = '<a href="#" name="thegg" onClick=this.href="' + href.replace('bqj-sb', '') + '";click_stat(' + id + '); target="_blank"';
    if (tclass) {
        html += ' class="' + tclass + '"'
    };
    if (style) {
        html += ' style="' + style + '"'
    };
    html += '>' + text + '</a>';
    return html
}
                                    

#2 JavaScript::Eval (size: 2775, repeated: 1) - SHA256: 9e6f9179d53c376c5d774b465cb0a1d759b18ca2ed4090d152ae1d0d8fd8c631

                                        var _$ = ['\x3c\x64\x69\x76\x20\x69\x64\x3d\x22\x74\x62\x6f\x78\x22\x3e', '\x3c\x61\x20\x69\x64\x3d\x22\x67\x6f\x74\x6f\x70\x22\x20\x68\x72\x65\x66\x3d\x22\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3a\x76\x6f\x69\x64\x28\x30\x29\x3b\x22\x3e\x3c\x2f\x61\x3e', '\x3c\x61\x20\x69\x64\x3d\x22\x63\x6c\x6f\x73\x65\x61\x64\x22\x20\x68\x72\x65\x66\x3d\x22\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3a\x76\x6f\x69\x64\x28\x30\x29\x3b\x22\x20\x6f\x6e\x43\x6c\x69\x63\x6b\x3d\x22\x63\x6c\x6f\x73\x65\x67\x67\x28\x29\x3b\x22\x20\x74\x69\x74\x6c\x65\x3d\x22\u5173\u95ed\u5e7f\u544a\x22\x3e\x3c\x2f\x61\x3e', '\x2e\x63\x6f\x6c\x5f\x6d\x61\x69\x6e', '\x3c\x61\x20\x69\x64\x3d\x22\x6a\x69\x61\x6e\x79\x69\x22\x20\x68\x72\x65\x66\x3d\x22\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3a\x76\x6f\x69\x64\x28\x30\x29\x3b\x22\x20\x6f\x6e\x43\x6c\x69\x63\x6b\x3d\x22\x66\x65\x65\x64\x62\x61\x63\x6b\x28\x29\x3b\x22\x20\x74\x69\x74\x6c\x65\x3d\x22\u53cd\u9988\u6295\u8bc9\x22\x3e\x3c\x2f\x61\x3e', '\x3c\x61\x20\x69\x64\x3d\x22\x67\x6f\x70\x6c\x61\x79\x65\x72\x22\x20\x68\x72\x65\x66\x3d\x22\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3a\x76\x6f\x69\x64\x28\x30\x29\x3b\x22\x20\x74\x69\x74\x6c\x65\x3d\x22\u5b9a\u4f4d\u64ad\u653e\u533a\x22\x3e\x3c\x2f\x61\x3e', '\x3c\x61\x20\x69\x64\x3d\x22\x66\x61\x76\x73\x69\x74\x65\x22\x20\x68\x72\x65\x66\x3d\x22\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3a\x76\x6f\x69\x64\x28\x30\x29\x3b\x22\x20\x6f\x6e\x43\x6c\x69\x63\x6b\x3d\x22\x66\x61\x76\x73\x69\x74\x65\x28\'\u4F53\u80B2\u5427\x20\x2d\x20\x77\x77\x77\x2E\x6A\x69\x73\x75\x74\x69\x79\x75\x2E\x63\x6F\x6D\'\x2c\x20\'\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2E\x6A\x69\x73\x75\x74\x69\x79\x75\x2E\x63\x6F\x6D\x2f\'\x29\x3b\x22\x20\x74\x69\x74\x6c\x65\x3d\x22\u6536\u85cf\u4F53\u80B2\u5427\x22\x3e\x3c\x2f\x61\x3e', '\x3c\x2f\x64\x69\x76\x3e', '\x2e\x6d\x69\x64\x64\x69\x76', '\x2e\x6d\x69\x64\x64\x69\x76', '\x23\x74\x62\x6f\x78', '\x6c\x65\x66\x74', '\x70\x78', '\x23\x74\x62\x6f\x78', '\x62\x6f\x74\x74\x6f\x6d', '\x70\x78', '\x23\x67\x6f\x74\x6f\x70', '\x73\x6c\x6f\x77', '\x23\x67\x6f\x74\x6f\x70', '\x73\x6c\x6f\x77', '\x23\x67\x6f\x74\x6f\x70', '\x23\x67\x6f\x70\x6c\x61\x79\x65\x72'];
document.write(_$[0]);
document.write(_$[1]);
document.write(_$[2]);
if (!$(_$[3]).width()) {
    document.write(_$[4])
} else {
    document.write(_$[5])
};
document.write(_$[6]);
document.write(_$[7]);

function a(c, d) {
    l = $(_$[8]).offset().left;
    w = $(_$[9]).width();
    $(_$[10]).css(_$[11], (l + w + c) + _$[12]);
    $(_$[13]).css(_$[14], d + _$[15])
};

function b() {
    h = $(window).height();
    t = $(document).scrollTop();
    if (t > h) {
        $(_$[16]).fadeIn(_$[17])
    } else {
        $(_$[18]).fadeOut(_$[19])
    }
};
$(window).resize(function() {
    a(0x3, 0x0)
});
$(window).scroll(function(c) {
    b()
});
a(0x3, 0x0);
b();
$(_$[20]).click(function() {
    $(document).scrollTop(0x0)
});
$(_$[21]).click(function() {
    $(document).scrollTop(0x186)
});
                                    

Executed Writes (10)

#1 JavaScript::Write (size: 6, repeated: 1) - SHA256: aac32651b10f567c461b9b4f255d6fb1fa6859b5368d8bd9a51af920ab21cf23

                                        < /div>
                                    

#2 JavaScript::Write (size: 83, repeated: 1) - SHA256: 7844f89e1b74161997bb7012f542c4078f57f8dfc6f58d8b61594f7d7a893591

                                        < a id = "closead"
href = "javascript:void(0);"
onClick = "closegg();"
title = "s�J" > < /a>
                                    

#3 JavaScript::Write (size: 140, repeated: 1) - SHA256: 8d60a32a1312fdf11bade13dd5a7b340784c6970056c7b521fb4d1a5a837cfaf

                                        < a id = "favsite"
href = "javascript:void(0);"
onClick = "favsite('S�' - www.jisutiyu.com', 'http://www.jisutiyu.com/');"
title = "6�S�'" > < /a>
                                    

#4 JavaScript::Write (size: 66, repeated: 1) - SHA256: b5027153808c28739a69423ee13dc4d95abf3af8da019fd25ec894b1ef1c9780

                                        < a id = "goplayer"
href = "javascript:void(0);"
title = "�M�>:" > < /a>
                                    

#5 JavaScript::Write (size: 45, repeated: 1) - SHA256: 852b0071495cce2fc9b426ccb82fa8cbd92edaea51df3f48810684544c09368b

                                        < a id = "gotop"
href = "javascript:void(0);" > < /a>
                                    

#6 JavaScript::Write (size: 15, repeated: 1) - SHA256: b620ee541cff4fe8c1f4ec64d5c26d5a4ca26f030bb0edc8ec6dfa37cc2c0f77

                                        < div id = "tbox" >
                                    

#7 JavaScript::Write (size: 88, repeated: 1) - SHA256: 6bbb548a3c9ea27144d74a11d9a854026bd9b1f013561375347f9407df422848

                                        < iframe id = "transFrame"
src = "about:blank"
frameBorder = "0"
width = "0"
height = "0" > < /iframe>
                                    

#8 JavaScript::Write (size: 148, repeated: 1) - SHA256: 9c88a4a2a4317da7cbc8d318fbe436a1d2c1ab616512a848be0bb15e8bb76391

                                        < iframe src = "/plus/sigdata.php?aid=204700&play=1"
width = "650"
height = "500"
frameborder = "0"
marginheight = "0"
marginwidth = "0"
scrolling = "no" > < /iframe>
                                    

#9 JavaScript::Write (size: 315, repeated: 1) - SHA256: de16caf184d9e59ef068caf2017cae82a4bbf63ed08f15f1da1f396464fdeff8

                                        < li > < a href = "#"
name = "thegg"
onClick = this.href = "http://www.jisutiyu.com/event/zuqiu/";
click_stat(10008);
target = "_blank"
class = "red" > �ѝZ188K: HQ@ < /a></li > < li > < a href = "#"
name = "thegg"
onClick = this.href = "http://www.jisutiyu.com/event/lanqiu/";
click_stat(10008);
target = "_blank"
class = "red" > �ѝZ188K: HQ@ < /a></li >
                                    

#10 JavaScript::Write (size: 9, repeated: 2) - SHA256: eb045d78d273107348b0300c01d29b7552d622abbc6faf81b3ec55359aa9950c

                                        undefined
                                    


HTTP Transactions (36)


Request Response
                                        
                                            GET /html/live/cn/gd/min.js HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.gzjfhx.com/
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:21 GMT
Content-Length: 145


--- Additional Info ---
Magic:  HTML document text
Size:   145
Md5:    7aeb47a741e9cc17969e8bf91c53c668
Sha1:   40e45a8f9444ecd43c7c12209ebfc94f9fbba55f
Sha256: 4069578174ab8c4bfc0fc7bf225fb278baed5f14cea8f5109fb3a4d2f5d18df4

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /html/app/js/tiyuba_play.js HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:21 GMT
Content-Length: 4623


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   4623
Md5:    602761dde1657b040803133274d69b09
Sha1:   2fc442afef3a492b146b471ea06646805030132a
Sha256: 50f42c620658258c180714a4d7d1e5ee26208562769f45c6c901c1dfce17f20d

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /html/app/css/tiyuba_play.css HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: text/css;charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:22 GMT
Content-Length: 4797


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   4797
Md5:    58499c91940f8e54be788f9cd0fcc0e3
Sha1:   3bd882f5af982d52f9a4e040bfb7f295a77d932b
Sha256: 0f05256b896ffc5c30073aeb5e4db3aa2ea0dfbfc0804aa083b40a60d5b2ee63
                                        
                                            GET /html/php/check.php HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Transfer-Encoding: chunked
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:21 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   168522
Md5:    f3284be2839c540c4490c17a46f12446
Sha1:   1fad052f6716385954edd554a19880f73ae0fd0e
Sha256: e4c5db44ae7cc5cb4601e1dad2b5ce3b280d2165ab545705f8c55dac4d3319b7

Alerts:
  urlquery:
    - Malicious VBScript dropping file
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /html/live/cn/gd/jmhszh.html HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Transfer-Encoding: chunked
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Set-Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71; path=/
Date: Fri, 17 Aug 2018 21:20:19 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   171928
Md5:    902d84e80731c05984b68550ad8faf44
Sha1:   1d3665f3adfbef7497b5805d9164901c30eed370
Sha256: d240647d6d2a424a4e3f50513d6146f0e023e7b309f62ad86aefc6f789ad33f9

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
    - ET TROJAN RAMNIT.A M2
    - ET TROJAN RAMNIT.A M1
    - ET TROJAN PE EXE or DLL Windows file download Text
                                        
                                            GET / HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Transfer-Encoding: chunked
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:22 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   232378
Md5:    88fd9b917adad8cdebf4978c012816e3
Sha1:   ca1e696c1940ee508825011fd8007f2426ec6099
Sha256: 7386e9cbd1e14a53474801a04a3b8fa42b1cfce758dc69b7cb1973adc5614ab5

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET TROJAN RAMNIT.A M1
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
    - ET TROJAN PE EXE or DLL Windows file download Text
    - ET TROJAN RAMNIT.A M2
                                        
                                            GET /html/uploads/151119/16-1511191A53T34.jpg HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.jisutiyu.com/uploads/151119/16-1511191A53T34.jpg
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:45 GMT
Content-Length: 182


--- Additional Info ---
Magic:  HTML document text
Size:   182
Md5:    fd916d9c9c39d5da5fb546a5f2183eed
Sha1:   d7b023472bb731e6edce7e3f93475cf52dcf49c0
Sha256: 8144a744cc496ddce29e679f8ec62330c6b4c84f139b928a5538c9126e50fda4
                                        
                                            GET /plus/sigdata.php?aid=204700&play=1 HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:45 GMT
Content-Length: 25


--- Additional Info ---
Magic:  ASCII text
Size:   25
Md5:    64571a509b4ec40f93cc6e70648f1b06
Sha1:   cbdffc0ef8b3aaa76e28581a83d1ebdc49748f24
Sha256: a9aa9ec7ef3ec92e7eb52220a9f0cb578ff2ba0a71cb3e9c1a0b828857529fcc
                                        
                                            GET /html/app/images/logo.gif HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.jisutiyu.com/app/images/logo.gif
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:45 GMT
Content-Length: 166


--- Additional Info ---
Magic:  HTML document text
Size:   166
Md5:    998fb60eb93d50d6a5d0352f2ba35db4
Sha1:   26db64aaf0612047a63ef8d08d1ed6cdbf53f724
Sha256: d65fd3c10281ded31f84cce685c9cdcdfe2affae42ecfb42729ea608c6d25892
                                        
                                            GET /html/app/images/header_bg_v2.png HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/app/css/tiyuba_play.css
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.jisutiyu.com/app/images/header_bg_v2.png
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:45 GMT
Content-Length: 174


--- Additional Info ---
Magic:  HTML document text
Size:   174
Md5:    8c0004a3435556139c087466fbf2fb69
Sha1:   df955f2ed8ccb400a82bfd501b71faa1b4d7c47b
Sha256: d91a3199fcd6599ed192f3c1bfa469bc8e0ba8b243ea5bb35a679e9007f4d6e4
                                        
                                            GET /html/app/images/header_bg.png HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/app/css/tiyuba_play.css
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.jisutiyu.com/app/images/header_bg.png
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:45 GMT
Content-Length: 171


--- Additional Info ---
Magic:  HTML document text
Size:   171
Md5:    bed61d769c4b32253a6b6872cf06ec21
Sha1:   d12407e1b241ec59aa4dafb9b3b9d24a579aebc3
Sha256: f4413432a5bde98a56e67ce6de738224482019d15ef50cf339ac8ce354c7f873
                                        
                                            GET /static/js/shell_v2.js?t=23 HTTP/1.1 
Host: bdimg.share.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html

                                         
                                         111.206.37.189
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 571
Date: Fri, 17 Aug 2018 21:21:09 GMT
Etag: "2176374695"
Expires: Fri, 17 Aug 2018 21:51:09 GMT
Last-Modified: Fri, 05 Jun 2015 08:50:12 GMT
Server: BWS/1.0
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   571
Md5:    00557ef156b68551fac985596b5095e9
Sha1:   56287832fbec3545fbfd175ffe9e39d965341f27
Sha256: 10cf659ebdde336a7bfa71ca25af87f67d153def839e001ac9714873b5b70f39
                                        
                                            GET /html/app/images/search_bg.png HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/app/css/tiyuba_play.css
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.jisutiyu.com/app/images/search_bg.png
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:45 GMT
Content-Length: 171


--- Additional Info ---
Magic:  HTML document text
Size:   171
Md5:    2d650e2bc9f1dd219645991f29bf6504
Sha1:   9fc651c34599b6b8c6e187356caac6a1cad55056
Sha256: 5b3784da81e98580681debbc07a4077fda9d3662fb6fcfbce586173baf665601
                                        
                                            GET /uploads/151119/16-1511191A53T34.jpg HTTP/1.1 
Host: www.jisutiyu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html

                                         
                                         192.250.196.75
HTTP/1.1 403 Forbidden
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.4.8
Date: Fri, 17 Aug 2018 21:21:09 GMT
Content-Length: 607
Connection: close


--- Additional Info ---
Magic:  HTML document text
Size:   607
Md5:    17c2732934729972d03513918e10cdba
Sha1:   2dc034e3b3100954207b9df03097aa2b92fab2df
Sha256: ed8b8ea2c1b985bd26f12c9b42f8762250244893853b8bc661900f47ed5c8d79
                                        
                                            GET /app/images/logo.gif HTTP/1.1 
Host: www.jisutiyu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html

                                         
                                         192.250.196.75
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: kangle/3.4.8
Date: Fri, 17 Aug 2018 21:21:09 GMT
Last-Modified: Fri, 13 Jun 2014 04:46:37 GMT
Content-Length: 2527
Connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 180 x 30
Size:   2527
Md5:    cdefa1430868d51ce5b4977c18670fc6
Sha1:   04106a1c8d4dadc3afa35aed358016b75dd27695
Sha256: 28e02bad17981bfe940bf4ee5fc6889def1cc3552d9ce6f215e99949778d0a00
                                        
                                            GET /app/images/header_bg_v2.png HTTP/1.1 
Host: www.jisutiyu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/app/css/tiyuba_play.css

                                         
                                         192.250.196.75
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: kangle/3.4.8
Date: Fri, 17 Aug 2018 21:21:09 GMT
Last-Modified: Sun, 28 Nov 2010 01:17:57 GMT
Content-Length: 2868
Connection: close


--- Additional Info ---
Magic:  PNG image, 180 x 203, 8-bit colormap, non-interlaced
Size:   2868
Md5:    4f8355c3c5c30790de4d300fcd796b7f
Sha1:   d2675112a37f910488e4cf0c3ebc7f8ec12da4c3
Sha256: ba03845644fd3eff38c68accb7063c95837d7013895bae0eaf5c8341467a3250
                                        
                                            GET /html/app/images/arrow.gif HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/app/css/tiyuba_play.css
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.jisutiyu.com/app/images/arrow.gif
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:45 GMT
Content-Length: 167


--- Additional Info ---
Magic:  HTML document text
Size:   167
Md5:    9d720846ce48ef3aa6039a11322de95a
Sha1:   ff3cf89ead8aa1e3d680285171d1887dbd1ca63a
Sha256: 994a75ccea3e7b8f9bdce78feedb8489dff74ffbc4984507d0c0f58b43212cd4
                                        
                                            GET /app/images/header_bg.png HTTP/1.1 
Host: www.jisutiyu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/app/css/tiyuba_play.css

                                         
                                         192.250.196.75
HTTP/1.1 403 Forbidden
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.4.8
Date: Fri, 17 Aug 2018 21:21:09 GMT
Content-Length: 607
Connection: close


--- Additional Info ---
Magic:  HTML document text
Size:   607
Md5:    17c2732934729972d03513918e10cdba
Sha1:   2dc034e3b3100954207b9df03097aa2b92fab2df
Sha256: ed8b8ea2c1b985bd26f12c9b42f8762250244893853b8bc661900f47ed5c8d79
                                        
                                            GET /html/app/images/bottom.gif HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/app/css/tiyuba_play.css
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.jisutiyu.com/app/images/bottom.gif
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:45 GMT
Content-Length: 168


--- Additional Info ---
Magic:  HTML document text
Size:   168
Md5:    5df91fca9dfd1624a096cb1b7d739ae0
Sha1:   d689fc7d3fff25d4bbf7800492e01e24438c11bd
Sha256: 147062b610e3baefdf29a5808123d5039605bf2a0ec756bc2313a5ba10239b0d
                                        
                                            GET /static/js/bds_s_v2.js?cdnversion=426262 HTTP/1.1 
Host: bdimg.share.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html

                                         
                                         111.206.37.189
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 9992
Date: Fri, 17 Aug 2018 21:21:10 GMT
Etag: "859391591"
Expires: Fri, 17 Aug 2018 21:51:10 GMT
Last-Modified: Fri, 05 Jun 2015 08:50:12 GMT
Server: BWS/1.0
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   9992
Md5:    666a677963a48538c3c7839cd2e6ff58
Sha1:   b6f5b5f721c6a399b69730ea265077304de99e01
Sha256: dfe19948df1360a5a80fa4d63773ef15d1ce728bf918cb4f0d70897817154261
                                        
                                            GET /app/images/search_bg.png HTTP/1.1 
Host: www.jisutiyu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/app/css/tiyuba_play.css

                                         
                                         192.250.196.75
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: kangle/3.4.8
Date: Fri, 17 Aug 2018 21:21:10 GMT
Last-Modified: Thu, 17 Mar 2011 13:18:36 GMT
Content-Length: 468
Connection: close


--- Additional Info ---
Magic:  PNG image, 960 x 42, 8-bit/color RGB, non-interlaced
Size:   468
Md5:    aba993ae7d6c8685c2f5463837083f77
Sha1:   b8ea7636d9194fe88c74c9d70a05ecf423f3cd44
Sha256: 577eb43a090094223d647eba4504c57c288dd2790bc0eb25a927506f61b4b87e
                                        
                                            GET /app/images/arrow.gif HTTP/1.1 
Host: www.jisutiyu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/app/css/tiyuba_play.css

                                         
                                         192.250.196.75
HTTP/1.1 403 Forbidden
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.4.8
Date: Fri, 17 Aug 2018 21:21:10 GMT
Content-Length: 607
Connection: close


--- Additional Info ---
Magic:  HTML document text
Size:   607
Md5:    17c2732934729972d03513918e10cdba
Sha1:   2dc034e3b3100954207b9df03097aa2b92fab2df
Sha256: ed8b8ea2c1b985bd26f12c9b42f8762250244893853b8bc661900f47ed5c8d79
                                        
                                            GET /app/images/bottom.gif HTTP/1.1 
Host: www.jisutiyu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/app/css/tiyuba_play.css

                                         
                                         192.250.196.75
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: kangle/3.4.8
Date: Fri, 17 Aug 2018 21:21:10 GMT
Last-Modified: Thu, 16 Jun 2011 16:26:56 GMT
Content-Length: 1120
Connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 958 x 76
Size:   1120
Md5:    38d414a9b6a89032f24c738a35076cae
Sha1:   eef21c9299ec4f552830380a9759bfcfa7d765b2
Sha256: d3059f495af7688ffa88c7659565b4b0f042a899c1f0c225a9313e6cd8e62d04
                                        
                                            GET /html/app/js/jquery-1.4.2.min.js HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:45 GMT
Content-Length: 31185


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   31185
Md5:    155fef2774d221cf731b41c0328484a6
Sha1:   83413483d09b39c02afd419c1aa5677bf017e28f
Sha256: b5cbde1fff239260c8b0c8e4ee87e8e1a4ee5a70093cd5a8e4e68ec92435652a

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /static/css/bdsstyle.css?cdnversion=20131219 HTTP/1.1 
Host: bdimg.share.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html

                                         
                                         111.206.37.189
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 2021
Date: Fri, 17 Aug 2018 21:21:15 GMT
Etag: "3350779264"
Expires: Fri, 17 Aug 2018 21:51:15 GMT
Last-Modified: Fri, 05 Jun 2015 08:50:09 GMT
Server: BWS/1.0
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2021
Md5:    6173f7b3e49c84be234ef0bf8bd51cac
Sha1:   1cfb38a64ebc61e184f0eb23f4d33ab7cde46dec
Sha256: 034ed2dda6d5a1e42fc58e2cac588815f8dbff7e2f9d56cf6eab6e1a77f490a2
                                        
                                            GET /html/app/js/rFloat.js HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71; bdshare_firstime=1534540875601

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:52 GMT
Connection: close
Content-Length: 1580


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   1580
Md5:    adfcc4b23a04f3b23b7cf09eb3cd632e
Sha1:   fd7ed6e1f95b3c3a3d960d7235b4c606e076733e
Sha256: 4acd1335d67bc396bfc13dc67899f199b468a5316d14c6c2141613981896b7a5

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /static/images/is.png?cdnversion=20131219 HTTP/1.1 
Host: bdimg.share.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bdimg.share.baidu.com/static/css/bdsstyle.css?cdnversion=20131219

                                         
                                         111.206.37.189
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Length: 12294
Date: Fri, 17 Aug 2018 21:21:16 GMT
Etag: "557408074"
Expires: Fri, 24 Aug 2018 21:21:16 GMT
Last-Modified: Fri, 05 Jun 2015 08:50:09 GMT
Server: BWS/1.0


--- Additional Info ---
Magic:  PNG image, 20 x 2620, 8-bit colormap, non-interlaced
Size:   12294
Md5:    fee619fb8de49c08487681bd0119fa5c
Sha1:   9c7231237e5e5f4e8408623b401dece33f6563ce
Sha256: dc274420601f10bec22ea0dc7e9a1a1425ba67d4a40153d30c864752c09901d2
                                        
                                            GET /html/app/images/global.png HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/app/css/tiyuba_play.css
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71; bdshare_firstime=1534540875601

                                         
                                         154.91.25.52
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.jisutiyu.com/app/images/global.png
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:52 GMT
Content-Length: 168


--- Additional Info ---
Magic:  HTML document text
Size:   168
Md5:    4964b52eccf90fee1a71fd18c27b563e
Sha1:   d112cc094eeeed9778c0854870579671d86341d2
Sha256: 6b2da887208c97fd7b898daa9a0459b5ebcde30e1abe28be876b91c91a73a009
                                        
                                            GET /html/app/js/footer.js HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71; bdshare_firstime=1534540875601

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 21:20:52 GMT
Connection: close
Content-Length: 1466


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   1466
Md5:    2bfc2e4840a584f283d58d01bb90ca18
Sha1:   75c4072a9ea548eaad323b0a411caecacc7f5411
Sha256: 3af6fc7e253b383658cd16e120ca1023cbd391bebd255c7d938ed494a98c3ad2

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /app/images/global.png HTTP/1.1 
Host: www.jisutiyu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/app/css/tiyuba_play.css

                                         
                                         192.250.196.75
HTTP/1.1 403 Forbidden
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.4.8
Date: Fri, 17 Aug 2018 21:21:16 GMT
Content-Length: 607
Connection: close


--- Additional Info ---
Magic:  HTML document text
Size:   607
Md5:    17c2732934729972d03513918e10cdba
Sha1:   2dc034e3b3100954207b9df03097aa2b92fab2df
Sha256: ed8b8ea2c1b985bd26f12c9b42f8762250244893853b8bc661900f47ed5c8d79
                                        
                                            GET /static/js/logger.js?cdnversion=426262 HTTP/1.1 
Host: bdimg.share.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html

                                         
                                         111.206.37.189
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 2404
Date: Fri, 17 Aug 2018 21:21:16 GMT
Etag: "867751605"
Expires: Fri, 17 Aug 2018 21:51:16 GMT
Last-Modified: Fri, 05 Jun 2015 08:50:12 GMT
Server: BWS/1.0
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2404
Md5:    8d97ba4654dcd20da83631b6f298e30a
Sha1:   4ef15efe157573e2d46ec6eacf7e41160b01a4fa
Sha256: 6a43a65e541c0f46d9c542ca83bc4585998c58c0f902b872955852d943279f32
                                        
                                            GET /hm.js?82cdbed7a9da659a7659997ef703a87a HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 9140
Date: Fri, 17 Aug 2018 21:21:17 GMT
Etag: 826d5409acdc637fe729571ba778b3a2
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=C044DECCEC178B80; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT


--- Additional Info ---
Magic:  gzip compressed data, from Unix, max speed
Size:   9140
Md5:    d6b8f736ca44d6e4113c704909519656
Sha1:   1854fce6e84d3ab3523fa41f3eb2b5adccba4bf6
Sha256: 944e0d101e1c8f22b50f47f229297364686a1ef4ec84463ba945aad8c3927819
                                        
                                            GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1176x885&vl=754&et=0&fl=10.0&ja=1&ln=en-us&lo=0&rnd=1553759513&si=82cdbed7a9da659a7659997ef703a87a&v=1.2.34&lv=1&ct=!!&tt=%E9%B9%A4%E5%B1%B1%E7%94%B5%E8%A7%86%E5%8F%B0%E7%BB%BC%E5%90%88%E9%A2%91%E9%81%93%E9%87%91%E5%AE%9D%E5%8D%9A188%E6%89%8B%E6%9C%BA%E7%89%88%E7%BD%91%E5%9D%80%E3%80%90%E9%AB%98%E6%B8%85%E3%80%91&sn=38853 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html
Cookie: HMACCOUNT=C044DECCEC178B80

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Fri, 17 Aug 2018 21:21:18 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71; bdshare_firstime=1534540875601; Hm_lvt_82cdbed7a9da659a7659997ef703a87a=1534540878; Hm_lpvt_82cdbed7a9da659a7659997ef703a87a=1534540878

                                         
                                         154.91.25.52
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 17 Aug 2018 21:20:55 GMT
Content-Length: 103


--- Additional Info ---
Magic:  ASCII English text, with no line terminators
Size:   103
Md5:    96c5637e1eb8f8f8c34172f2d23eafc6
Sha1:   2a416f86c3c9e26f9c34bf1f8b1bb5daa46e86f9
Sha256: 90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=6j32dda4bam7kphhsvrn6ubc71; bdshare_firstime=1534540875601; Hm_lvt_82cdbed7a9da659a7659997ef703a87a=1534540878; Hm_lpvt_82cdbed7a9da659a7659997ef703a87a=1534540878

                                         
                                         154.91.25.52
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 17 Aug 2018 21:20:58 GMT
Content-Length: 103


--- Additional Info ---
Magic:  ASCII English text, with no line terminators
Size:   103
Md5:    96c5637e1eb8f8f8c34172f2d23eafc6
Sha1:   2a416f86c3c9e26f9c34bf1f8b1bb5daa46e86f9
Sha256: 90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1
                                        
                                            GET /v.gif?pid=307&type=3071&sc=1159,1168,1176,855&desturl=&apitype=1&linkid=jkyi0ll1r3c&velo_load=0&velo_cssload=0&velo_jsLoad=5675&cite_uid=129249&cite_type=1&cite_mini=0 HTTP/1.1 
Host: nsclick.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/live/cn/gd/jmhszh.html

                                         
                                         115.239.211.92
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Accept-Ranges: bytes
Cache-Control: max-age=0
Content-Length: 0
Date: Fri, 17 Aug 2018 21:21:22 GMT
Etag: "4280832337"
Expires: Fri, 17 Aug 2018 21:21:22 GMT
Last-Modified: Fri, 23 Oct 2009 08:06:04 GMT
Pragma: no-cache
Server: BWS/1.0


--- Additional Info ---