Overview

URL yuyu58.com/index.php?m=vod-search-starring-大�
IP123.184.34.199
ASNAS4134 Chinanet
Location China
Report completed2017-10-18 01:23:34 CEST
StatusLoading report..
urlquery Alerts Malicious VBScript dropping file


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-10-18 01:29:34 CEST 1  123.184.34.199 Client IP ET TROJAN RAMNIT.A M2
2017-10-18 01:29:43 CEST 1  123.184.34.199 Client IP ET TROJAN PE EXE or DLL Windows file download Text
2017-10-18 01:29:34 CEST 1  123.184.34.199 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
2017-10-18 01:29:50 CEST 1  123.184.34.199 Client IP ET TROJAN RAMNIT.A M1
2017-10-18 01:29:43 CEST 1  123.184.34.199 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
2017-10-18 01:29:40 CEST 1  123.184.34.199 Client IP ET TROJAN RAMNIT.A M1
2017-10-18 01:29:43 CEST 1  123.184.34.199 Client IP ET TROJAN RAMNIT.A M2
2017-10-18 01:29:34 CEST 1  123.184.34.199 Client IP ET TROJAN PE EXE or DLL Windows file download Text


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-10-18 2 yuyu58.com/js/jq/jquery.lazyload.js Malware
2017-10-18 2 yuyu58.com/template/itdy/js/jquery.base.js Malware
2017-10-18 2 yuyu58.com/js/jq/jquery.autocomplete.js Malware
2017-10-18 2 yuyu58.com/template/itdy/js/playclass.js Malware
2017-10-18 2 yuyu58.com/js/jquery.js Malware
2017-10-18 2 yuyu58.com/template/itdy/js/qrlazyload.js Malware
2017-10-18 2 yuyu58.com/template/itdy/js/home.js Malware
2017-10-18 2 yuyu58.com/template/itdy/js/tbmovobj.js Malware
2017-10-18 2 yuyu58.com/template/itdy/js/js.js Malware
2017-10-18 2 yuyu58.com/template/itdy/font/font_1397718713_957379.woff Malware
2017-10-18 2 yuyu58.com/template/itdy/ads/h950x90.js Malware
2017-10-18 2 yuyu58.com/template/itdy/ads/h240x90.js Malware
2017-10-18 2 yuyu58.com/js/tj.js Malware
2017-10-18 2 yuyu58.com/template/itdy/js/top.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 123.184.34.199

Date UQ / IDS / BL URL IP
2017-11-23 09:37:34 +0100
2 - 7 - 16 www.yuyu58.com/ 123.184.34.199
2017-11-22 22:33:19 +0100
2 - 10 - 17 yuyu58.com/?m=vod-detail-id-8904.html 123.184.34.199
2017-11-22 08:15:37 +0100
2 - 0 - 15 yuyu58.com/index.php?m=vod-search-starring-u8 (...) 123.184.34.199
2017-11-22 07:29:37 +0100
2 - 0 - 17 yuyu58.com/?m=vod-detail-id-8904.html 123.184.34.199
2017-11-19 11:37:46 +0100
2 - 8 - 15 yuyu58.com/index.php?m=vod-search-starring- (...) 123.184.34.199
2017-11-19 02:16:47 +0100
2 - 8 - 15 yuyu58.com/index.php?m=vod-search-starring- (...) 123.184.34.199
2017-11-18 07:43:49 +0100
2 - 10 - 17 yuyu58.com/?m=vod-detail-id-10426.html 123.184.34.199
2017-11-04 21:11:28 +0100
2 - 0 - 0 yuyu58.com/index.php?m=vod-search-starring-a¤§ 123.184.34.199
2017-11-04 17:11:23 +0100
2 - 0 - 0 yuyu58.com/index.php?m=vod-search-starring-au (...) 123.184.34.199
2017-11-04 15:53:58 +0100
2 - 4 - 0 yuyu58.com/index.php?m=vod-search-starring-au (...) 123.184.34.199

Last 10 reports on ASN: AS4134 Chinanet

Date UQ / IDS / BL URL IP
2017-11-25 00:21:10 +0100
0 - 0 - 1 www.hsqhdm.gov.cn/index.php/Home/Index/n_show (...) 58.51.194.241
2017-11-25 00:05:20 +0100
0 - 0 - 1 jszhoumi.jdzj.com/ 119.37.199.247
2017-11-24 23:38:56 +0100
0 - 0 - 1 aetchemical.lookchem.com/products/CasNo-839-9 (...) 183.129.228.216
2017-11-24 23:08:03 +0100
0 - 0 - 6 eva-group.imould.com/ 60.191.187.166
2017-11-24 22:45:31 +0100
0 - 0 - 11 ctwh.fsamtj.com/news/7972.html 61.164.252.236
2017-11-24 22:24:05 +0100
0 - 0 - 1 f5j6qdp3.ynshangji.com/ 116.55.242.247
2017-11-24 22:21:54 +0100
0 - 0 - 1 yztflsj.jdzj.com/ 119.37.199.247
2017-11-24 22:05:19 +0100
0 - 0 - 1 dalianganjingzi.mapleleaf.cn/ 59.46.193.54
2017-11-24 21:52:29 +0100
0 - 2 - 0 https://www.hsxdaj.com/cgi-bin/login 218.75.145.28
2017-11-24 21:33:09 +0100
0 - 0 - 1 ds.yunfan.com/?fm=inner 115.231.216.36

Last 10 reports on domain: yuyu58.com

Date UQ / IDS / BL URL IP
2017-11-23 09:37:34 +0100
2 - 7 - 16 www.yuyu58.com/ 123.184.34.199
2017-11-22 22:33:19 +0100
2 - 10 - 17 yuyu58.com/?m=vod-detail-id-8904.html 123.184.34.199
2017-11-22 08:15:37 +0100
2 - 0 - 15 yuyu58.com/index.php?m=vod-search-starring-u8 (...) 123.184.34.199
2017-11-22 07:29:37 +0100
2 - 0 - 17 yuyu58.com/?m=vod-detail-id-8904.html 123.184.34.199
2017-11-19 11:37:46 +0100
2 - 8 - 15 yuyu58.com/index.php?m=vod-search-starring- (...) 123.184.34.199
2017-11-19 02:16:47 +0100
2 - 8 - 15 yuyu58.com/index.php?m=vod-search-starring- (...) 123.184.34.199
2017-11-18 07:43:49 +0100
2 - 10 - 17 yuyu58.com/?m=vod-detail-id-10426.html 123.184.34.199
2017-11-04 21:11:28 +0100
2 - 0 - 0 yuyu58.com/index.php?m=vod-search-starring-a¤§ 123.184.34.199
2017-11-04 17:11:23 +0100
2 - 0 - 0 yuyu58.com/index.php?m=vod-search-starring-au (...) 123.184.34.199
2017-11-04 15:53:58 +0100
2 - 4 - 0 yuyu58.com/index.php?m=vod-search-starring-au (...) 123.184.34.199


JavaScript

Executed Scripts (18)


Executed Evals (0)


Executed Writes (8)

#1 JavaScript::Write (size: 0, repeated: 1) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                    

#2 JavaScript::Write (size: 36, repeated: 1) - SHA256: e565e0bf44e0d284af32899cd13f62432b575b62d44947a5e55764eb67476a0a

                                        ��, ��o�!�S / i
}�, �!
                                    

#3 JavaScript::Write (size: 130, repeated: 1) - SHA256: 9d2af40e8a663bf640082f3616e3674764f335025cf89bcd6e41ee5bcb87f0df

                                        < a href = "http://webscan.360.cn/index/checkwebsite/url/www.yuyu58.com"
name = "debcdd842c1d7a785eabde89c0f7a87c" > 360 Qىh� Ks� < /a>
                                    

#4 JavaScript::Write (size: 156, repeated: 2) - SHA256: 8d7ba44329cb988c7015448043ce1842ac5a287921255fada6f7df74834dc7b4

                                        < a href = 'http://www.cnzz.com/stat/website.php?web_id=1260220709'
target = _blank title = '&#31449;&#38271;&#32479;&#35745;' > & #31449;&# 38271; & #32479;&# 35745; < /a>
                                    

#5 JavaScript::Write (size: 7, repeated: 1) - SHA256: 5d1473b89b21150b16e2507b47d2beccb2026e2bcf190e34433b7fb316dea787

                                        < blink >
                                    

#6 JavaScript::Write (size: 109, repeated: 1) - SHA256: a50ca5894a78bb738c5d6b4452f0d5db50b2e798e6a8212798d1bcb966ef0333

                                        < script src = "https://s95.cnzz.com/z_stat.php?id=1260220709&web_id=1260220709"
language = "JavaScript" > < /script>
                                    

#7 JavaScript::Write (size: 53, repeated: 1) - SHA256: 079876d0502c5fd4994c57406d83e61c008901434518c7e3cbd4b38634d50cde

                                        < script src = '/index.php?m=label-login.html' > < /script>
                                    

#8 JavaScript::Write (size: 112, repeated: 2) - SHA256: 4704d474124d7fbb764da07ccd66daf4e88a8d95dce0665d12b09b2e1cca5105

                                        < script src = 'https://c.cnzz.com/core.php?web_id=1260220709&t=z'
charset = 'utf-8'
type = 'text/javascript' > < /script>
                                    


HTTP Transactions (35)


Request Response
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:35 GMT
Content-Length: 1305


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1305
Md5:    5bbd8e65c038c65342ff309b772e15fc
Sha1:   ae84c95d02c84f0dbded470ebdfd2acec2a21e15
Sha256: c06a1683be99bd82a8926bd4b4c322e11f8d456cda7efdde62571bbd7b601afe
                                        
                                            GET /js/jq/jquery.lazyload.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2017 05:36:43 GMT
Accept-Ranges: bytes
Etag: "25f7ea5251bd31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:35 GMT
Content-Length: 918


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   918
Md5:    aee713cc820c2f59ada01ac70c8a2077
Sha1:   f2a349c7b249f54571c6209938d2b90a6a7751da
Sha256: 12f767233066dedca643b321e1871353195bcaedea6735d33874ce5c7c057f44

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/itdy/css/qirebox.css HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2017 05:41:29 GMT
Accept-Ranges: bytes
Etag: "80ca12fd51bd31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:35 GMT
Content-Length: 4583


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   4583
Md5:    d48424c0b01e0e77ea16911979a7d6b9
Sha1:   b3a745cd264e3da0cc4e91633d5d2d1bbcdc1292
Sha256: bb0b0cdd783b4203f25416abc24a9648d1cd7edaebdb020384f3bdb29c3baa64
                                        
                                            GET /template/itdy/js/jquery.base.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2017 05:42:02 GMT
Accept-Ranges: bytes
Etag: "031be1052bd31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:35 GMT
Content-Length: 1467


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   1467
Md5:    c4ddf9cbc62094c6ca2afeab23d1f163
Sha1:   ba29d07c060d20228cb3b18c05acca0ae921766c
Sha256: 913052bf969f5467818e50f29b0debb33e2cbd8710b28f36dc5bc417a4238b58

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /js/jq/jquery.autocomplete.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2017 05:36:42 GMT
Accept-Ranges: bytes
Etag: "01125251bd31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:35 GMT
Content-Length: 4669


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   4669
Md5:    16513999615314caa070d2817dcdbdc1
Sha1:   f1b0138be3c0356d4610a2753334f2e09e1f1206
Sha256: cb06351560477ebafddc0db0ac1b302bced0aea6aa875e10898be487d532d1c0

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/itdy/js/playclass.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2017 05:42:03 GMT
Accept-Ranges: bytes
Etag: "80c7561152bd31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:35 GMT
Content-Length: 3291


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   3291
Md5:    5b2c22c21e5da7f8185cea887e9be381
Sha1:   d55326efa76f99a36ac85b79c4240e45ebde24af
Sha256: c3ce0361e7884d79c4ffc714531352e3aa7d4b834d93b58f5f2f1b23d40384e9

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/itdy/css/base.css HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2017 05:41:28 GMT
Accept-Ranges: bytes
Etag: "0347afc51bd31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:35 GMT
Content-Length: 27972


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   27972
Md5:    bc0ec2b286d53b811a3c2fc0619841f3
Sha1:   5d2b0ea814cef45abe18119e4125f1e6a5cd4722
Sha256: 7a7c653ac2aa5bf7c59633eb5b7c1f9defd826ca550b56aa5d457a29324e75e3
                                        
                                            GET /js/jquery.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2017 05:36:44 GMT
Accept-Ranges: bytes
Etag: "03e335351bd31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:35 GMT
Content-Length: 26920


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   26920
Md5:    9f2afe91147d9c6d969a946848d3076d
Sha1:   c3a1e212ffcdb0aefa985f503d1d7db1d09c5f97
Sha256: 02c89a5718bca073f01731b63d5de7846b12f40cd0506172fded09a9d9814998

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/itdy/js/qrlazyload.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:37 GMT
Content-Length: 1305


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1305
Md5:    5bbd8e65c038c65342ff309b772e15fc
Sha1:   ae84c95d02c84f0dbded470ebdfd2acec2a21e15
Sha256: c06a1683be99bd82a8926bd4b4c322e11f8d456cda7efdde62571bbd7b601afe

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/itdy/js/home.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2017 05:42:02 GMT
Accept-Ranges: bytes
Etag: "031be1052bd31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:37 GMT
Content-Length: 5987


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   5987
Md5:    0155d2fe9824f816df608d918c812f41
Sha1:   a026fdbcfe4ea5f53a8672973e92327623cbfb45
Sha256: 6b431f2e632d22f523d1764e2357e9884f3aeed2e7994a76817bdac16e41f847

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/itdy/js/tbmovobj.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2017 05:42:03 GMT
Accept-Ranges: bytes
Etag: "80c7561152bd31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:37 GMT
Content-Length: 2577


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   2577
Md5:    ba1ffec45a21bca071881ca73aa41d37
Sha1:   a6910e1d24f57bfac159efa69547a2d7f0512533
Sha256: ca1359e02518cdd3a57d9417e4cc817092d531791ba640abd73084b4b61d9fb8

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:39 GMT
Content-Length: 1305


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1305
Md5:    5bbd8e65c038c65342ff309b772e15fc
Sha1:   ae84c95d02c84f0dbded470ebdfd2acec2a21e15
Sha256: c06a1683be99bd82a8926bd4b4c322e11f8d456cda7efdde62571bbd7b601afe
                                        
                                            GET /template/itdy/js/js.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2017 05:42:03 GMT
Accept-Ranges: bytes
Etag: "80c7561152bd31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:42 GMT
Content-Length: 6724


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   6724
Md5:    518d86505aea78829c1992ceb18c2323
Sha1:   edbfc2fa32938ba8d076e435ef951f724a47a276
Sha256: 7c2786e7d64d172291bcab79a838cff8072cb8045faa81e21ce5b35f12970192

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/itdy/images/logo.png HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Last-Modified: Wed, 02 Aug 2017 05:41:51 GMT
Accept-Ranges: bytes
Etag: "7fdd9aa52bd31:0"
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:42 GMT
Content-Length: 5366


--- Additional Info ---
Magic:  PNG image, 220 x 75, 8-bit/color RGBA, non-interlaced
Size:   5366
Md5:    f584d283846cefa066603b682cad9300
Sha1:   0da7a5619804b81386825e50499013ac3ae781e4
Sha256: c256affe20eb6e24e696f88fe9b1ff00956da42b2c4cf872feb0f99d817956c7
                                        
                                            GET /template/itdy/images/top-bg.png HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/template/itdy/css/base.css
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Last-Modified: Wed, 02 Aug 2017 05:41:59 GMT
Accept-Ranges: bytes
Etag: "af6214f52bd31:0"
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:43 GMT
Content-Length: 3457


--- Additional Info ---
Magic:  PNG image, 30 x 212, 8-bit/color RGB, non-interlaced
Size:   3457
Md5:    31cd28d7b59fe3267e8becafe9079cbd
Sha1:   77d36bbe0dc449488c392a77d9e3cf6ad40b19c0
Sha256: dcd70e3f33a5f7c260bd95367a5eaec007386965b54067501632baf5af7a4c90
                                        
                                            GET /template/itdy/images/yun_top.gif HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/template/itdy/css/base.css
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Wed, 02 Aug 2017 05:42:02 GMT
Accept-Ranges: bytes
Etag: "2a81d11052bd31:0"
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:43 GMT
Content-Length: 1976


--- Additional Info ---
Magic:  GIF image data, version 89a, 28 x 28
Size:   1976
Md5:    9d9441501140f248f1237c21489a67ea
Sha1:   072ab6d039e6ee2fca0e584e032feeeb5cbbb7f9
Sha256: 8bc6ca33e374c20b033f5e946a137fec27941896e3ea0cde06e3ef1a98cd59d9
                                        
                                            GET /template/itdy/images/information.gif HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/template/itdy/css/base.css
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Wed, 02 Aug 2017 05:41:50 GMT
Accept-Ranges: bytes
Etag: "9fbfee952bd31:0"
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:43 GMT
Content-Length: 1013


--- Additional Info ---
Magic:  GIF image data, version 89a, 19 x 17
Size:   1013
Md5:    d931a15a7c6c4a7fccc710fbc898d7f8
Sha1:   75da55404b038346e107be91028029ae436de202
Sha256: 7a6e22dd20206fddc3c60eea967b75ab27a1504b357a63dba23fec636c15c8af
                                        
                                            GET /template/itdy/font/font_1397718713_957379.woff HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/template/itdy/css/base.css
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: font/x-woff
                                        
Last-Modified: Wed, 02 Aug 2017 05:41:30 GMT
Accept-Ranges: bytes
Etag: "ab159fe51bd31:0"
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:43 GMT
Content-Length: 58140


--- Additional Info ---
Magic:  data
Size:   58140
Md5:    8fe3209d7bc86a7ce8ae254033949bda
Sha1:   e1b8c642de66669422499fe0748c8532a837f962
Sha256: d690cf8e52ba4db42cb3ba29bee7ea2712a87c68318f66f07192ddca375ce801

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /index.php?m=label-login.html HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: text/html;Charset=utf-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Transfer-Encoding: chunked
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/5.4.45
Set-Cookie: ZDEDebuggerPresent=php,phtml,php3; path=/
Date: Tue, 17 Oct 2017 23:29:43 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   169659
Md5:    478caf22b043e1d698fd558791e619ce
Sha1:   16eaa5e12030227a06cac60a9ea104a1d20cf072
Sha256: 8fa2a4bd3fe59b499ff15c3693705cce4ac2389deb37891988690ad760a6190a

Alerts:
  urlquery:
    - Malicious VBScript dropping file
  IDS:
    - ET TROJAN PE EXE or DLL Windows file download Text
    - ET TROJAN RAMNIT.A M1
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
    - ET TROJAN RAMNIT.A M2
                                        
                                            GET /template/itdy/ads/h950x90.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:51 GMT
Content-Length: 1305


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1305
Md5:    5bbd8e65c038c65342ff309b772e15fc
Sha1:   ae84c95d02c84f0dbded470ebdfd2acec2a21e15
Sha256: c06a1683be99bd82a8926bd4b4c322e11f8d456cda7efdde62571bbd7b601afe

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/itdy/images/navbg.png HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/template/itdy/css/base.css
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Last-Modified: Wed, 02 Aug 2017 05:41:52 GMT
Accept-Ranges: bytes
Etag: "aec222b52bd31:0"
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:50 GMT
Content-Length: 6837


--- Additional Info ---
Magic:  PNG image, 20 x 50, 8-bit/color RGBA, non-interlaced
Size:   6837
Md5:    95a64d39f06f7bf68142c1992afd58ec
Sha1:   b6993d8384c02195ccb9076f1c4434567a5805bb
Sha256: 7d8e451a20b307e33ea044ee69ac7ba750d0c2e896aadef16817ca017b780e97
                                        
                                            GET /template/itdy/ads/h240x90.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:51 GMT
Content-Length: 1305


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1305
Md5:    5bbd8e65c038c65342ff309b772e15fc
Sha1:   ae84c95d02c84f0dbded470ebdfd2acec2a21e15
Sha256: c06a1683be99bd82a8926bd4b4c322e11f8d456cda7efdde62571bbd7b601afe

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/itdy/images/bread-crumbs.gif HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/template/itdy/css/base.css
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Wed, 02 Aug 2017 05:41:45 GMT
Accept-Ranges: bytes
Etag: "16816752bd31:0"
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:51 GMT
Content-Length: 169


--- Additional Info ---
Magic:  GIF image data, version 89a, 6 x 12
Size:   169
Md5:    da123a78f3953f53dd19e392c7c2dddb
Sha1:   5042654fca21fd40c134c9ba600f129511c11ea3
Sha256: 208413459634cceefc038df7ff46b427d943f5fb6999e60147685e745345f01e
                                        
                                            GET /js/tj.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Tue, 03 Oct 2017 12:21:36 GMT
Accept-Ranges: bytes
Etag: "3def7028423cd31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:51 GMT
Content-Length: 382


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   382
Md5:    47b03b70769b2098010e7c4527475d02
Sha1:   467d2f82cdecadcc602d40e5313c052011843b27
Sha256: 8807f0d0f91058beac7c1f4a37e0b4406d36c3fbbcdb4ec9946f9dd06eb56d7b

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/itdy/images/input.gif HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/template/itdy/css/base.css
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Wed, 02 Aug 2017 05:41:51 GMT
Accept-Ranges: bytes
Etag: "2e03da52bd31:0"
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:51 GMT
Content-Length: 65


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 21
Size:   65
Md5:    754b5c2a350d7e1b2cc486a001a0f437
Sha1:   e785a725f620cb5dab86727862e29dafe8481602
Sha256: 13089d79d5dbfce50aa33eed42fc2e684569322472ddeafe3cb0361cabaffa35
                                        
                                            GET /template/itdy/images/zhanzhang.png HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Last-Modified: Wed, 02 Aug 2017 05:42:02 GMT
Accept-Ranges: bytes
Etag: "db87f01052bd31:0"
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:51 GMT
Content-Length: 5075


--- Additional Info ---
Magic:  PNG image, 124 x 47, 8-bit/color RGBA, non-interlaced
Size:   5075
Md5:    ad19ee934b6f6ffd6999d63c7ea79fa4
Sha1:   9361dafa21a305d2c78adf21809f7b0334d8867d
Sha256: 3ca45b0e785be6cdc7fd7ec14dbc09e96e30315985a6e09e86b868a12d492717
                                        
                                            GET /status/pai/hash/bab9ab62399a710b3fce2c9485a0c8fc HTTP/1.1 
Host: img.webscan.360.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?

                                         
                                         183.136.133.232
HTTP/1.1 403 Forbidden
Content-Type: text/html
                                        
Server: 360wzws
Date: Tue, 17 Oct 2017 23:29:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By-360WZB: wangzhan.360.cn
WZWS-RAY: 114-1508311790.136-s1nbt
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   131
Md5:    1874f6e6a8bbb4a415ff302a43da79e6
Sha1:   d8f54c7ffec56cd9396eb0c77f7aac20762c7e2d
Sha256: 7344211a0101e52478e0cbe4b7e5fa9fb2347431c42478c95d1a19df4027e58d
                                        
                                            POST /gsorganizationvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.31.75.124
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 17 Oct 2017 23:29:51 GMT
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d15a0995aa0f0585eaa3ed6522b7ad3c51508282991; expires=Wed, 17-Oct-18 23:29:51 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Tue, 17 Oct 2017 21:04:54 GMT
Expires: Sat, 21 Oct 2017 21:04:54 GMT
Etag: "235c2bd5cd9f65a15fa7807d338e7a39ce46c7d1"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 3af70adb80f94279-OSL


--- Additional Info ---
Magic:  data
Size:   1570
Md5:    1cab3faa25479cfe8289998f8055c606
Sha1:   235c2bd5cd9f65a15fa7807d338e7a39ce46c7d1
Sha256: 697bea2661849c3858a1a66de4659fb455eff46598ba5d4909ab15de9df43d6c
                                        
                                            GET /z_stat.php?id=1260220709&web_id=1260220709 HTTP/1.1 
Host: s95.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?

                                         
                                         122.228.95.178
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: Tengine
Content-Length: 10995
Connection: keep-alive
Date: Tue, 17 Oct 2017 22:46:00 GMT
Last-Modified: Tue, 17 Oct 2017 22:46:00 GMT
Cache-Control: max-age=5400,s-maxage=5400
Via: cache15.l2cn624[68,200-0,M], cache39.l2cn624[69,0], kunlun2.cn250[0,200-0,H], kunlun4.cn250[0,0]
Age: 2632
X-Cache: HIT TCP_MEM_HIT dirn:10:107597281 mlen:-1
X-Swift-SaveTime: Tue, 17 Oct 2017 22:46:00 GMT
X-Swift-CacheTime: 5400
Timing-Allow-Origin: *
EagleId: 7ae44a8415082829924104951e


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   10995
Md5:    b716e7ad0564f49ef397c14c8eb56b27
Sha1:   25d18ba41d06a0fa76ca0fd9803ab1d176c0b977
Sha256: 215bb31948c3464087d060c03ba93297a7677ff7fe15db49677c755a993a1695
                                        
                                            GET /core.php?web_id=1260220709&t=z HTTP/1.1 
Host: c.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?

                                         
                                         122.228.95.178
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: Tengine
Content-Length: 764
Connection: keep-alive
Date: Tue, 17 Oct 2017 23:28:31 GMT
Last-Modified: Tue, 17 Oct 2017 23:28:31 GMT
Expires: Tue, 17 Oct 2017 23:43:31 GMT
Via: cache24.l2cn624[93,200-0,M], cache25.l2cn624[93,0], kunlun6.cn250[0,200-0,H], kunlun2.cn250[1,0]
Age: 82
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2 mlen:-1
X-Swift-SaveTime: Tue, 17 Oct 2017 23:28:31 GMT
X-Swift-CacheTime: 900
Timing-Allow-Origin: *
EagleId: 7ae44a8915082829936115424e


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   764
Md5:    6d9831ba5374c73e6531652ee96fc5d4
Sha1:   5116bdd1a7abc73d15c1b7cf505619d232fec9ee
Sha256: fed725a44e2ebe64a7373a5a5ef28a82997654b9c648d2b2ede9591591df0961
                                        
                                            GET /template/itdy/js/top.js HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466; UM_distinctid=15f2cac07941a-03538b2210b16e8-6c242d76-fe178-15f2cac079571; CNZZDATA1260220709=1709340790-1508280360-%7C1508280360

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 02 Aug 2017 05:42:03 GMT
Accept-Ranges: bytes
Etag: "e4d9ac1152bd31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 17 Oct 2017 23:29:54 GMT
Content-Length: 511


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   511
Md5:    037f10ac68184576559a3aebaed30a6b
Sha1:   5292ef50b07b164e19edfe88eb42eb6f6d48aaa1
Sha256: 6504ae4fe48253a182c4a8cc036a6e2909934173768aa852260154db1b9ab964

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /stat.htm?id=1260220709&r=&lg=en-us&ntime=none&cnzz_eid=1709340790-1508280360-&showp=1176x885&t=%E6%90%9C%E7%B4%A2%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3%3F%E5%85%B3%E9%94%AE%E5%AD%97%20-%20%E9%98%BF%E9%9B%A8%E7%94%B5%E5%BD%B1%E7%BD%91%EF%BC%8C%E9%98%BF%E9%9B%A8%E5%85%8D%E8%B4%B9%E7%94%B5%E5%BD%B1%EF%BC%8C08%E5%BD%B1%E9%99%A2%EF%BC%8C%E4%BC%A6%E7%90%86%EF%BC%8C%E7%94%B5%E5%BD%B1%E4%B8%8B%E8%BD%BD%EF%BC%8C...&umuuid=15f2cac07941a-03538b2210b16e8-6c242d76-fe178-15f2cac079571&h=1&rnd=1165816947 HTTP/1.1 
Host: z4.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?

                                         
                                         140.205.218.67
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: Tengine
Date: Tue, 17 Oct 2017 23:29:54 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   22
Md5:    8bd3e739a9ba80a435f0214811da0c2a
Sha1:   bfc17d1e04e56542eb8037f08ed142efd252ea82
Sha256: a2dd5774b01bbfc29140279e02fea087df42a4c257dce8858226737a2e521986
                                        
                                            GET /stat.htm?id=1260220709&r=&lg=en-us&ntime=1508280360&cnzz_eid=1709340790-1508280360-&showp=1176x885&t=%E6%90%9C%E7%B4%A2%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3%3F%E5%85%B3%E9%94%AE%E5%AD%97%20-%20%E9%98%BF%E9%9B%A8%E7%94%B5%E5%BD%B1%E7%BD%91%EF%BC%8C%E9%98%BF%E9%9B%A8%E5%85%8D%E8%B4%B9%E7%94%B5%E5%BD%B1%EF%BC%8C08%E5%BD%B1%E9%99%A2%EF%BC%8C%E4%BC%A6%E7%90%86%EF%BC%8C%E7%94%B5%E5%BD%B1%E4%B8%8B%E8%BD%BD%EF%BC%8C...&umuuid=15f2cac07941a-03538b2210b16e8-6c242d76-fe178-15f2cac079571&h=1&rnd=1446838351 HTTP/1.1 
Host: z4.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?

                                         
                                         140.205.218.67
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: Tengine
Date: Tue, 17 Oct 2017 23:29:54 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   22
Md5:    8bd3e739a9ba80a435f0214811da0c2a
Sha1:   bfc17d1e04e56542eb8037f08ed142efd252ea82
Sha256: a2dd5774b01bbfc29140279e02fea087df42a4c257dce8858226737a2e521986
                                        
                                            GET /index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3? HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: text/html;Charset=utf-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Transfer-Encoding: chunked
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/5.4.45
Set-Cookie: ZDEDebuggerPresent=php,phtml,php3; path=/ PHPSESSID=8cvfoimcl0fungsiiksgsni466; path=/
Date: Tue, 17 Oct 2017 23:29:35 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   511491
Md5:    ef3e3621bd35729e7b659ecfd6e756cb
Sha1:   63916d3f40aeb047f5982ca70986dd16608c1773
Sha256: 8ee6deb0cc64c61a81614de83b8ce72c10edf0c0ba3d6baf127c24df601c4a8c

Alerts:
  IDS:
    - ET TROJAN RAMNIT.A M2
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
    - ET TROJAN RAMNIT.A M1
    - ET TROJAN PE EXE or DLL Windows file download Text
                                        
                                            GET /inc/timming.php?t=0.514052024596564 HTTP/1.1 
Host: yuyu58.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://yuyu58.com/index.php?m=vod-search-starring-%C3%A5%C2%A4%C2%A7%C3%A9%C2%A3?
Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=8cvfoimcl0fungsiiksgsni466; UM_distinctid=15f2cac07941a-03538b2210b16e8-6c242d76-fe178-15f2cac079571; CNZZDATA1260220709=1709340790-1508280360-%7C1508280360

                                         
                                         123.184.34.199
HTTP/1.1 200 OK
Content-Type: text/html;Charset=utf-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/5.4.45
Set-Cookie: ZDEDebuggerPresent=php,phtml,php3; path=/
Date: Tue, 17 Oct 2017 23:29:56 GMT
Content-Length: 0


--- Additional Info ---