Overview

URL nssx.nhedu.net/shufa/gradefour/shangce/twentytwo/bi.html
IP121.9.250.16
ASNAS4134 Chinanet
Location China
Report completed2018-10-11 14:32:52 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-10-11 14:32:19 CEST 1  121.9.250.16 Client IP ET TROJAN RAMNIT.A M2
2018-10-11 14:32:19 CEST 1  121.9.250.16 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
2018-10-11 14:32:19 CEST 1  121.9.250.16 Client IP ET TROJAN PE EXE or DLL Windows file download Text
2018-10-11 14:32:19 CEST 1  121.9.250.16 Client IP ET TROJAN RAMNIT.A M1


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-10-11 2 nssx.nhedu.net/shufa/flash3.js Malware
2018-10-11 2 nssx.nhedu.net/shufa/shubiao.js Malware
2018-10-11 2 nssx.nhedu.net/shufa/gradefour/shangce/twentytwo/bi.html Malware
2018-10-11 2 nssx.nhedu.net/shufa/gradefour/shangce/twentytwo/mpg/rd-bi.swf Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 121.9.250.16

Date UQ / IDS / BL URL IP
2018-10-14 03:44:02 +0200
0 - 0 - 2 nssx.nhedu.net/shufa/gradeone/xiace/twentynin (...) 121.9.250.16
2018-10-13 21:02:00 +0200
0 - 4 - 2 nssx.nhedu.net/shufa/gradethree/xiace/two/zhu (...) 121.9.250.16
2018-10-13 07:42:41 +0200
0 - 0 - 3 nssx.nhedu.net/shufa/gradeone/xiace/twenty/fb (...) 121.9.250.16
2018-10-13 03:35:41 +0200
0 - 0 - 4 nssx.nhedu.net/shufa/gradeone/xiace/shiziyi/q (...) 121.9.250.16
2018-10-12 12:11:13 +0200
0 - 0 - 4 nssx.nhedu.net/shufa/gradeone/xiace/seven/sho (...) 121.9.250.16
2018-10-12 06:45:16 +0200
0 - 0 - 4 nssx.nhedu.net/shufa/gradefour/xiace/eleven/r (...) 121.9.250.16
2018-10-11 14:37:41 +0200
0 - 4 - 4 nssx.nhedu.net/shufa/gradesix/shangce/eightte (...) 121.9.250.16
2018-10-11 14:37:27 +0200
0 - 0 - 3 nssx.nhedu.net/shufa/gradefour/shangce/seven/ (...) 121.9.250.16
2018-10-11 12:26:45 +0200
0 - 0 - 5 nssx.nhedu.net/shufa/gradeone/shangce/four/le.html 121.9.250.16
2018-10-10 11:15:29 +0200
0 - 0 - 4 nssx.nhedu.net/shufa/gradefive/xiace/eleven/q (...) 121.9.250.16

Last 10 reports on ASN: AS4134 Chinanet

Date UQ / IDS / BL URL IP
2018-10-17 16:23:25 +0200
0 - 1 - 0 xz.axnfw.cn/cpm.exe 183.131.24.61
2018-10-17 15:59:42 +0200
0 - 1 - 0 xz.axnfw.cn/cpm.exe 183.131.24.61
2018-10-17 15:57:54 +0200
0 - 1 - 0 https://qd.afwr.top/sgqd/7c7p64/abc/21018/201 (...) 59.47.0.208
2018-10-17 15:35:09 +0200
0 - 1 - 0 https://m.afwr.top/sg/98en28/abc/7032/2018101 (...) 59.47.0.209
2018-10-17 15:11:32 +0200
0 - 0 - 0 202.101.226.68 202.101.226.68
2018-10-17 15:09:37 +0200
0 - 0 - 0 202.101.224.68 202.101.224.68
2018-10-17 12:48:31 +0200
0 - 1 - 0 down.263209.com/cx/180619/36/%E9%87%91%E8%BE% (...) 113.113.96.42
2018-10-17 10:15:29 +0200
0 - 1 - 0 https://qd.afwr.top/sgqd/m1belh/abc/7029/2018 (...) 59.47.0.208
2018-10-17 09:08:28 +0200
0 - 4 - 0 xmxingna.com/yonghupinglun/list_23_2.html 58.221.29.25
2018-10-17 07:44:13 +0200
0 - 2 - 0 downd6.sinosteelinvest.com/cx/6462360/2/photo (...) 59.47.232.78

No other reports on domain: nhedu.net



JavaScript

Executed Scripts (4)


Executed Evals (0)


Executed Writes (28)

#1 JavaScript::Write (size: 0, repeated: 1) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                    

#2 JavaScript::Write (size: 1, repeated: 1) - SHA256: 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

                                        
                                    

#3 JavaScript::Write (size: 1, repeated: 1) - SHA256: 67586e98fad27da0b9968bc039a1ef34c939b9b8e523a8bef89d478608c5ecf6

                                        
                                    

#4 JavaScript::Write (size: 1, repeated: 1) - SHA256: beead77994cf573341ec17b58bbf7eb34d2711c993c1d976b128b3188dc1829a

                                        
                                    

#5 JavaScript::Write (size: 1, repeated: 2) - SHA256: 951dcee3a7a4f3aac67ec76a2ce4469cc76df650f134bf2572bf60a65c982338

                                        &
                                    

#6 JavaScript::Write (size: 9, repeated: 1) - SHA256: 196c7c813d82c026b1111acb891087e8f52e9e7c936a6ea3edd38fcf0eea3a3e

                                        < /object>
                                    

#7 JavaScript::Write (size: 7, repeated: 9) - SHA256: 411fdb22d8d9298e5d32f2cdcc7e865f8f3bf55c5ad15133b18e1b86bb7a2499

                                        < /span>
                                    

#8 JavaScript::Write (size: 20, repeated: 1) - SHA256: 0fe171a3fdb9ff71836c430540fc5c443de0aa4d0697c7f9b6c167060dab3d5f

                                        < bgsound id = "sound" >
                                    

#9 JavaScript::Write (size: 100, repeated: 1) - SHA256: 072394991c2247a5c2b59e7292e3fc11d4dad562c230e57ab4ddb7b524150465

                                        < embed src = "mpg/rd-bi.swf"
quality = "high"
pluginspage = "http://www.macromedia.com/go/getflashplayer"
                                    

#10 JavaScript::Write (size: 61, repeated: 1) - SHA256: bd1c54934c0d083fa190920b692f444a161028f2311ae7b41c11e4e750e63392

                                        < object classid = "clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
                                    

#11 JavaScript::Write (size: 42, repeated: 1) - SHA256: aa155bde35b0af515f27911a99e95a12b355d5543bc74512d654ac0df1272d99

                                        < param name = "movie"
value = "mpg/rd-bi.swf" >
                                    

#12 JavaScript::Write (size: 35, repeated: 1) - SHA256: 233cc3b290ded14fee5bbf18227bceac11fc03dd905f34a334f670ffe2f4a10c

                                        < param name = "quality"
value = "high" >
                                    

#13 JavaScript::Write (size: 40, repeated: 1) - SHA256: 06362e5024291510b510c1ba4cafc04d07b684a5b3e5541dbf3483adfe292d6e

                                        < param name = "wmode"
value = "transparent" >
                                    

#14 JavaScript::Write (size: 35, repeated: 1) - SHA256: 0eb475c37c765cbc0e615ed3c00d64203b3f7cb08f219a996464b726f48d76fe

                                        < span id = 'span0'
class = 'spanstyle' >
                                    

#15 JavaScript::Write (size: 35, repeated: 1) - SHA256: 50aeb3a8a7cb4419f2566eff7b8d87ca0d2a903d14fa80b1e1301fd69ad842e0

                                        < span id = 'span1'
class = 'spanstyle' >
                                    

#16 JavaScript::Write (size: 35, repeated: 1) - SHA256: 92f7d781a444f06d93c63df49a19c0284a92b1253511ac7fdad80ce86a23cec8

                                        < span id = 'span2'
class = 'spanstyle' >
                                    

#17 JavaScript::Write (size: 35, repeated: 1) - SHA256: f6cb0b68167280446aad13e336d52a7a8be9397d119e82f0e71a186bc5e40091

                                        < span id = 'span3'
class = 'spanstyle' >
                                    

#18 JavaScript::Write (size: 35, repeated: 1) - SHA256: 2430d34bcb183ae3c1f3f7ff768657bc877eb2e8902becf3d242e62f400a061d

                                        < span id = 'span4'
class = 'spanstyle' >
                                    

#19 JavaScript::Write (size: 35, repeated: 1) - SHA256: 59a1953652bbba5b2e974ad9f55a9aa331f382547931cb7a9e7459b1cd001278

                                        < span id = 'span5'
class = 'spanstyle' >
                                    

#20 JavaScript::Write (size: 35, repeated: 1) - SHA256: 364e9484a71c6ad21885346b5644bcdd60922a56c63098e1bd0bbb0494a933a7

                                        < span id = 'span6'
class = 'spanstyle' >
                                    

#21 JavaScript::Write (size: 35, repeated: 1) - SHA256: f542b33a3a943e43eaea4f258210ae1a61833eeb71843983f31b66267f512fac

                                        < span id = 'span7'
class = 'spanstyle' >
                                    

#22 JavaScript::Write (size: 35, repeated: 1) - SHA256: 2d1d7744668717fc73a77fc8936f55fd0602bd9b164e2e3bf9a7131ec94c25b4

                                        < span id = 'span8'
class = 'spanstyle' >
                                    

#23 JavaScript::Write (size: 1, repeated: 1) - SHA256: fcb5f40df9be6bae66c1d77a6c15968866a9e6cbd7314ca432b019d17392f6f4

                                        W
                                    

#24 JavaScript::Write (size: 1, repeated: 1) - SHA256: 18f5384d58bcb1bba0bcd9e6a6781d1a6ac2cc280c330ecbab6cb7931b721552

                                        Y
                                    

#25 JavaScript::Write (size: 96, repeated: 1) - SHA256: 6e4e99a3b77be97d4709dd20e41fe0d7fa206a1745fd836fa37210ac978de0a5

                                        codebase = "http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0"
                                    

#26 JavaScript::Write (size: 90, repeated: 1) - SHA256: b2ee4f21ba653ec3cb118b7ebea4d0cc1acd252a4591d94d3c929fd6e103e83c

                                        type = "application/x-shockwave-flash"
wmode = "transparent"
width = "360"
height = "360" > < /embed>
                                    

#27 JavaScript::Write (size: 36, repeated: 1) - SHA256: 4dcccc65a33e628e03565d09bdffa0e24e1d7810d938fda21aadc9f84fe7b576

                                        width = "360"
height = "360"
id = "rd-bi" >
                                    

#28 JavaScript::Write (size: 3, repeated: 1) - SHA256: 83d544ccc223c057d2bf80d3f2a32982c32c3c0db8e2674820da5064783fb097



HTTP Transactions (13)


Request Response
                                        
                                            GET /shufa/flash3.js HTTP/1.1 
Host: nssx.nhedu.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://nssx.nhedu.net/shufa/gradefour/shangce/twentytwo/bi.html

                                         
                                         121.9.250.16
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Date: Thu, 11 Oct 2018 12:31:37 GMT
Server: Microsoft-IIS/7.5
Content-Encoding: gzip
Last-Modified: Wed, 14 Sep 2011 08:02:33 GMT
Accept-Ranges: bytes
Etag: "80f249a8b472cc1:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Content-Length: 1720
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   1720
Md5:    7be1bacdc31ccf80f08d949715459c20
Sha1:   16c8b65468add1520d8ca1b5aa3c53e6c98727d7
Sha256: 3060aac0ed355ef7657f0ac7148040e5affb0f3ccabebf38906064d8730d8395

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /shufa/shubiao.js HTTP/1.1 
Host: nssx.nhedu.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://nssx.nhedu.net/shufa/gradefour/shangce/twentytwo/bi.html

                                         
                                         121.9.250.16
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Date: Thu, 11 Oct 2018 12:31:37 GMT
Server: Microsoft-IIS/7.5
Last-Modified: Fri, 15 Jan 2010 09:31:42 GMT
Accept-Ranges: bytes
Etag: "053cc8bc595ca1:0"
X-Powered-By: ASP.NET
Content-Length: 260
Connection: close


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   260
Md5:    2146f4cc92aad5a917b6008ce13014ce
Sha1:   0139b744f58e5bb468b0470446cb4faea7a54459
Sha256: c4966572132a38c7e7997c400f5d168df750ed371eb76dccabaac14e4003b689

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /shufa/image/djyqx1.png HTTP/1.1 
Host: nssx.nhedu.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://nssx.nhedu.net/shufa/gradefour/shangce/twentytwo/bi.html

                                         
                                         121.9.250.16
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 11 Oct 2018 12:31:37 GMT
Server: Microsoft-IIS/7.5
Last-Modified: Wed, 06 Jan 2010 02:49:12 GMT
Accept-Ranges: bytes
Etag: "048fd37a8eca1:0"
X-Powered-By: ASP.NET
Content-Length: 6178
Connection: close


--- Additional Info ---
Magic:  PNG image, 136 x 51, 8-bit/color RGBA, interlaced
Size:   6178
Md5:    1ef2f077afd22d83ac37df17cb7d23c6
Sha1:   11e3c019ba9deaffc82bebda266d95ff7c425a4b
Sha256: ca5424e4a48c0825e8d6e6ac9dbce271768b2e8d885c7bea3047be2e1d1a0846
                                        
                                            GET /shufa/gradefour/shangce/twentytwo/bi.html HTTP/1.1 
Host: nssx.nhedu.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         121.9.250.16
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Thu, 11 Oct 2018 12:31:37 GMT
Server: Microsoft-IIS/7.5
Content-Encoding: gzip
Last-Modified: Sun, 04 Dec 2016 18:14:56 GMT
Accept-Ranges: bytes
Etag: "0d0fd505a4ed21:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Content-Length: 64267
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   64267
Md5:    d1597be6c6edf9a9f20d19605b71cfc6
Sha1:   65df7dd1fc9f854d16253a09c705852045c81e2e
Sha256: 2549c958ee1fe94b2e0ae55d712632243e5a08e67e320ba451ec260760349f4f

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET TROJAN RAMNIT.A M2
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
    - ET TROJAN PE EXE or DLL Windows file download Text
    - ET TROJAN RAMNIT.A M1
                                        
                                            GET /shufa/image/jjsf1.png HTTP/1.1 
Host: nssx.nhedu.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://nssx.nhedu.net/shufa/gradefour/shangce/twentytwo/bi.html

                                         
                                         121.9.250.16
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 11 Oct 2018 12:31:37 GMT
Server: Microsoft-IIS/7.5
Last-Modified: Wed, 06 Jan 2010 02:19:58 GMT
Accept-Ranges: bytes
Etag: "0db17be768eca1:0"
X-Powered-By: ASP.NET
Content-Length: 5796
Connection: close


--- Additional Info ---
Magic:  PNG image, 136 x 51, 8-bit/color RGBA, interlaced
Size:   5796
Md5:    a0ade4acdfc078b82efa4d0f21ab5965
Sha1:   291ca4c019591fb08315c03c659c4dc2549cf9ba
Sha256: 43059ce36efcdb162061d4a96759c72ff22c291b1d75104136fbc7c5382641f9
                                        
                                            GET /shufa/image/backsp1.png HTTP/1.1 
Host: nssx.nhedu.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://nssx.nhedu.net/shufa/gradefour/shangce/twentytwo/bi.html

                                         
                                         121.9.250.16
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 11 Oct 2018 12:31:37 GMT
Server: Microsoft-IIS/7.5
Last-Modified: Tue, 29 Dec 2009 08:12:20 GMT
Accept-Ranges: bytes
Etag: "0a67a45e88ca1:0"
X-Powered-By: ASP.NET
Content-Length: 2989
Connection: close


--- Additional Info ---
Magic:  PNG image, 60 x 40, 8-bit/color RGBA, interlaced
Size:   2989
Md5:    5b1e22993b16f78e6a7540ff303012f6
Sha1:   f733e81163f5a2875b40710ff066ec34e034ff38
Sha256: 5f6fd4e2c4cf982afbd16d4eb70fda7b696e4e80133bdf1a66844e870d15977f
                                        
                                            GET /shufa/image/sfxs1.png HTTP/1.1 
Host: nssx.nhedu.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://nssx.nhedu.net/shufa/gradefour/shangce/twentytwo/bi.html

                                         
                                         121.9.250.16
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 11 Oct 2018 12:31:37 GMT
Server: Microsoft-IIS/7.5
Last-Modified: Wed, 06 Jan 2010 02:51:14 GMT
Accept-Ranges: bytes
Etag: "0bd461c7b8eca1:0"
X-Powered-By: ASP.NET
Content-Length: 5789
Connection: close


--- Additional Info ---
Magic:  PNG image, 136 x 51, 8-bit/color RGBA, interlaced
Size:   5789
Md5:    ebcf2bd5d2cb87158050eafb20db6b65
Sha1:   823009a48c1ac7134637aa552f63699d4c56a642
Sha256: d64c69668976737920eb78189297131e7220f312a6ec0fb52de30d0f3a6d64e8
                                        
                                            GET /shufa/1024.css HTTP/1.1 
Host: nssx.nhedu.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://nssx.nhedu.net/shufa/gradefour/shangce/twentytwo/bi.html

                                         
                                         121.9.250.16
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 11 Oct 2018 12:31:38 GMT
Server: Microsoft-IIS/7.5
Content-Encoding: gzip
Last-Modified: Fri, 21 Dec 2012 11:06:20 GMT
Accept-Ranges: bytes
Etag: "09e90346bdfcd1:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Content-Length: 4438
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   4438
Md5:    b1b5e4c56f00c1661a3bd401a07e565f
Sha1:   3e3890a649d386c303dc4fe63d99ed6d485c1815
Sha256: 2518ba62e76b44b0c8ec2b7514fab76feaad8e2f4a3295ab5c210d9bfea90f19
                                        
                                            GET /get/flashplayer/update/current/xml/version_en_win_pl.xml HTTP/1.1 
Host: fpdownload2.macromedia.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         91.135.34.11
HTTP/1.1 200 OK
Content-Type: text/xml
                                        
Server: Apache
Last-Modified: Tue, 09 Oct 2018 08:27:38 GMT
Etag: "60e-577c782b457e7"
Accept-Ranges: bytes
Content-Length: 1550
Date: Thu, 11 Oct 2018 12:32:21 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  XML document text\012 XML document text
Size:   1550
Md5:    36e84d97795bce84cee349edcab22018
Sha1:   94429b6b430b9044e798093ebff3e1525f8dc785
Sha256: 9db73f3916c58164ec192187d5eed6a150a8f75c799f19db946f1f0cedca9312
                                        
                                            GET /shufa/image/100.jpg HTTP/1.1 
Host: nssx.nhedu.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://nssx.nhedu.net/shufa/1024.css

                                         
                                         121.9.250.16
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 11 Oct 2018 12:31:39 GMT
Server: Microsoft-IIS/7.5
Last-Modified: Wed, 13 Jan 2010 06:13:56 GMT
Accept-Ranges: bytes
Etag: "0ea48961794ca1:0"
X-Powered-By: ASP.NET
Content-Length: 137520
Connection: close


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "Intel(R) JPEG Library, version "
Size:   137520
Md5:    c7cdc660943cb4729ba996cff50089c5
Sha1:   9cfdf66c0c7710896d0702081a62069175196c74
Sha256: 12df996eb4977f2272d83f3f67ea643fb0478ee64482363ad34a6c41350f2b59
                                        
                                            GET /shufa/gradefour/shangce/twentytwo/mpg/rd-bi.swf HTTP/1.1 
Host: nssx.nhedu.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://nssx.nhedu.net/shufa/gradefour/shangce/twentytwo/bi.html

                                         
                                         121.9.250.16
HTTP/1.1 200 OK
Content-Type: application/x-shockwave-flash
                                        
Date: Thu, 11 Oct 2018 12:31:39 GMT
Server: Microsoft-IIS/7.5
Last-Modified: Wed, 20 Jan 2010 10:55:50 GMT
Accept-Ranges: bytes
Etag: "0bfb420bf99ca1:0"
X-Powered-By: ASP.NET
Content-Length: 272299
Connection: close


--- Additional Info ---
Magic:  Macromedia Flash data (compressed), version 8
Size:   272299
Md5:    76f773ef560d98bbd47813c2209a66a9
Sha1:   ddd9322927cec0ec55818a5580286054b426808d
Sha256: bcc9c7b4e715c2ad18f432ffe7dd03b6a8edab4990580f3fd298cfe85d9d73c1

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: nssx.nhedu.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         121.9.250.16
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Thu, 11 Oct 2018 12:31:42 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1163
Connection: close


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1163
Md5:    8363acaeab9cbb099b59b78a44127ca6
Sha1:   aef448ce5500e3734059ec285cf6ec0b547075f2
Sha256: 9b342ae7f25d65bdb817d8c995f3211ac398e41575fc5d149d994c1dcb008f0a
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: nssx.nhedu.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         121.9.250.16
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Thu, 11 Oct 2018 12:31:45 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1163
Connection: close


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1163
Md5:    8363acaeab9cbb099b59b78a44127ca6
Sha1:   aef448ce5500e3734059ec285cf6ec0b547075f2
Sha256: 9b342ae7f25d65bdb817d8c995f3211ac398e41575fc5d149d994c1dcb008f0a