Overview

URL ad.51pc114.cn/ad/dd2.htm
IP121.40.44.51
ASNAS37963 Hangzhou Alibaba Advertising Co.,Ltd.
Location China
Report completed2018-06-23 01:56:03 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-06-23 2 ad.51pc114.cn/ad/dd2.htm Malware
2018-06-23 2 js.tongji.linezing.com/2048519/tongji.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 121.40.44.51

Date UQ / IDS / BL URL IP
2018-10-12 18:19:33 +0200
0 - 0 - 1 ad.51pc114.cn/ad9.htm 121.40.44.51
2018-10-12 14:41:00 +0200
0 - 0 - 2 ad.51pc114.cn/ad/dd2.htm 121.40.44.51
2018-10-12 14:40:58 +0200
0 - 0 - 2 ad.51pc114.cn/ad/ffdd24.htm 121.40.44.51
2018-10-12 02:40:55 +0200
0 - 0 - 2 ad.51pc114.cn/ad/ffkj23.htm 121.40.44.51
2018-10-12 02:40:55 +0200
0 - 0 - 1 ad.51pc114.cn/1.htm 121.40.44.51
2018-10-11 16:41:47 +0200
0 - 0 - 2 ad.51pc114.cn/ad/ffkj23.htm 121.40.44.51
2018-10-11 14:41:09 +0200
0 - 0 - 1 ad.51pc114.cn/ad/kj22.htm 121.40.44.51
2018-10-10 16:31:07 +0200
0 - 0 - 1 ad.51pc114.cn/ad9.htm 121.40.44.51
2018-10-10 12:30:37 +0200
0 - 0 - 2 ad.51pc114.cn/ad/ffdd24.htm 121.40.44.51
2018-10-10 12:30:37 +0200
0 - 0 - 2 ad.51pc114.cn/ad/kj22.htm 121.40.44.51

Last 10 reports on ASN: AS37963 Hangzhou Alibaba Advertising Co.,Ltd.

Date UQ / IDS / BL URL IP
2018-12-14 23:41:43 +0100
0 - 0 - 1 url.222bz.com/down/adobe%20illustrator%20cc%2 (...) 120.27.186.114
2018-12-14 23:39:54 +0100
0 - 0 - 1 url.7wkw.com/down/DAV%E6%92%AD%E6%94%BE%E5%99 (...) 120.27.186.114
2018-12-14 23:35:58 +0100
0 - 4 - 1 25856.xc.wenpie.com/down/filemaker%20pro%2017 (...) 101.201.62.45
2018-12-14 23:33:58 +0100
0 - 0 - 1 url.222bz.com/down/spss17.0%E4%B8%AD%E6%96%87 (...) 120.27.186.114
2018-12-14 23:33:25 +0100
0 - 0 - 1 14614.xc.41gw.com/xiaz/wifi%E4%B8%87%E8%83%BD (...) 120.27.186.114
2018-12-14 23:33:08 +0100
0 - 0 - 1 y21066.xc.mieseng.com/down/microsoft%20visio% (...) 120.27.186.114
2018-12-14 23:31:13 +0100
0 - 0 - 1 24877.xc.mieseng.com/xiaz/pdf%E8%99%9A%E6%8B% (...) 101.201.62.45
2018-12-14 23:31:12 +0100
0 - 0 - 1 14614.xc.05cg.com/xiaz/%E5%BE%AE%E4%BF%A1%20P (...) 120.27.186.114
2018-12-14 23:31:09 +0100
0 - 4 - 1 25884.xc.mieseng.com/xiaz/%E7%81%AB%E7%8B%90% (...) 101.201.62.45
2018-12-14 23:30:55 +0100
0 - 4 - 1 14614.xc.41gw.com/xiaz/%E6%A1%8C%E9%9D%A2%E6% (...) 120.27.186.114

No other reports on domain: 51pc114.cn



JavaScript

Executed Scripts (2)


Executed Evals (0)


Executed Writes (2)

#1 JavaScript::Write (size: 81, repeated: 1) - SHA256: b48413f14d93d0827156baa957a2094ae84ce79df112514353a1600fd134cf6f

                                        < div style = "background:#F0F0F0;text-align:center" > 106: No match advertising. < /div>
                                    

#2 JavaScript::Write (size: 101, repeated: 1) - SHA256: db78619f769134048dd46a2f699a3c866635d8fac70ac7b2963cf5ffb4276d23

                                        < script type = "text/javascript"
src = "http://popup.jointreport-switch.com/close.php?uid=1130" > < /script>
                                    


HTTP Transactions (5)


Request Response
                                        
                                            GET /ad/dd2.htm HTTP/1.1 
Host: ad.51pc114.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         121.40.44.51
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 22 Jun 2018 23:51:02 GMT
Last-Modified: Fri, 16 Mar 2018 05:58:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5aab5cf8-5d2"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   791
Md5:    177f01caf2652556625fb9d1ce75a8ab
Sha1:   c86f45076fcc33a5e4cb97aa231647ad2c17d07b
Sha256: 3e90c51fb98f0a52a7dd98f809125cb61cee1c8f85a17e7ed9c2b403d20d5ba0

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /close.php?uid=1130 HTTP/1.1 
Host: popup.jointreport-switch.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ad.51pc114.cn/ad/dd2.htm

                                         
                                         115.238.244.82
HTTP/1.1 200 OK
Content-Type: text/html; charset=gb2312
                                        
Server: tengine
Date: Fri, 22 Jun 2018 23:55:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.28
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache, must-revalidate


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   102
Md5:    4994713b6ebaacb5f5b0b8ea931732d1
Sha1:   4ba5b275a009c60fb751fcaac3031ce705bdcf9f
Sha256: 65c6a52948c9dbb6927b5c69fd6f7fd33fd89ad089ab272918903d5a539ad174
                                        
                                            GET /2048519/tongji.js HTTP/1.1 
Host: js.tongji.linezing.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ad.51pc114.cn/ad/dd2.htm

                                         
                                         213.244.178.240
HTTP/1.1 504 Gateway Time-out
Content-Type: application/x-javascript
                                        
Server: Tengine
Content-Length: 0
Connection: keep-alive
Via: cache8.l2hk1[0,504-269,M], cache27.l2hk1[10001,0], cache6.nl1[10483,504-1281,M], cache5.nl1[10480,10484,504001]
X-Swift-Error: forward connect timeout, orig response 5xx error
Age: 0
X-Cache: MISS TCP_MISS dirn:-2:-2 mlen:-1
X-Swift-SaveTime: Fri, 22 Jun 2018 23:55:45 GMT
X-Swift-CacheTime: 1
Timing-Allow-Origin: *
EagleId: d5f4b28515297117248557290e


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ad.51pc114.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         121.40.44.51
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Fri, 22 Jun 2018 23:51:24 GMT
Content-Length: 5558
Last-Modified: Mon, 02 Apr 2018 02:27:11 GMT
Connection: keep-alive
Etag: "5ac194ff-15b6"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   5558
Md5:    3abd37506e4577e502f7acafa694e606
Sha1:   575d50871cd155fca3bcf2281a3791324a10c12c
Sha256: a51222cf44af8ccced7b886975eb501abe60d1f7f4f7d9e816c64718b5c03bf0
                                        
                                            GET /fclose.php?id=152695 HTTP/1.1 
Host: u291014.778669.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ad.51pc114.cn/ad/dd2.htm

                                         
                                         0.0.0.0
                                        


--- Additional Info ---