Overview

URL 4004.cn
IP60.169.79.30
ASNAS4134 Chinanet
Location China
Report completed2017-08-03 19:56:36 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-08-03 19:55:59 CEST 3 Client IP  Internal IP ET MALWARE All Numerical .cn Domain Likely Malware Related


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-08-03 2 js.tongji.linezing.com/2973024/tongji.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 60.169.79.30

Date UQ / IDS / BL URL IP
2017-10-16 16:16:59 +0200
0 - 0 - 2 artlens.web073.host888.net/ 60.169.79.30
2017-10-12 17:11:49 +0200
0 - 0 - 2 artlens.web073.host888.net/ 60.169.79.30
2017-10-09 15:06:22 +0200
0 - 0 - 2 artlens.web073.host888.net/ 60.169.79.30
2017-09-30 09:36:02 +0200
0 - 0 - 2 artlens.web073.host888.net/ 60.169.79.30
2017-08-09 14:49:13 +0200
0 - 1 - 1 4004.cn/ 60.169.79.30
2017-08-07 17:24:02 +0200
0 - 0 - 1 4004.cn/ 60.169.79.30
2017-08-07 17:04:13 +0200
0 - 0 - 1 4004.cn/ 60.169.79.30
2017-08-05 09:10:51 +0200
0 - 0 - 2 lspx88.com/ 60.169.79.30
2017-07-20 10:08:22 +0200
0 - 1 - 0 4004.cn/ 60.169.79.30
2017-07-18 08:55:24 +0200
0 - 0 - 1 artlens.web073.host888.net/wisp.php 60.169.79.30

Last 10 reports on ASN: AS4134 Chinanet

Date UQ / IDS / BL URL IP
2017-12-11 16:34:10 +0100
0 - 1 - 1 f3.8866.org/h.exe 117.24.161.225
2017-12-11 16:21:56 +0100
0 - 0 - 0 113.139.225.245 113.139.225.245
2017-12-11 16:16:40 +0100
0 - 0 - 0 222.178.90.43 222.178.90.43
2017-12-11 16:13:17 +0100
0 - 0 - 1 attachments.goapk.com/forum/201301/04/135352b (...) 122.228.193.89
2017-12-11 14:42:10 +0100
0 - 0 - 1 xunzhong.com/(S(2y55g5a5qwrdv5ejhwtf4qy1))/Ca (...) 219.145.194.27
2017-12-11 14:15:00 +0100
0 - 0 - 1 www.qjyz.net/guest/guest/index.php 218.63.200.3
2017-12-11 13:58:28 +0100
0 - 2 - 0 200878.top/ 222.186.138.60
2017-12-11 13:29:51 +0100
0 - 1 - 0 download.ccb.com/cn/html1/office/ebank/dzb/su (...) 27.155.71.30
2017-12-11 12:33:41 +0100
0 - 2 - 1 iel8x7k.edvekfit.cn/cn104072k/AppScan%E5%AE%98 122.228.248.120
2017-12-11 12:31:45 +0100
0 - 1 - 0 122.225.36.138 122.225.36.138

No other reports on domain: .



JavaScript

Executed Scripts (3)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 63, repeated: 1) - SHA256: cde2c60ac6741b1de778080270ba780b68a2b0970032bb4eb45ae3ca211868ca

                                        < script src = 'http://4004.cn/akcms_inc.php?i=1&stat=1' > < /script>
                                    


HTTP Transactions (13)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: 4004.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         60.169.79.30
HTTP/1.1 200 OK
Content-Type: text/html;charset=gbk
                                        
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.5, ASP.NET
Date: Thu, 03 Aug 2017 17:56:01 GMT
Connection: close
Content-Length: 7543


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   7543
Md5:    2133400721b38e634762fdd10b8c1c4f
Sha1:   3dae9a6296f235e5e1890ad1ef80c9db90fd6e15
Sha256: cc6e1fef83d5f88e4fa229b10e332b6ba5b4d4a1107c7db437ce41ac2db31bae
                                        
                                            GET /20120825.css HTTP/1.1 
Host: 4004.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://4004.cn/

                                         
                                         60.169.79.30
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Length: 928
Content-Encoding: gzip
Last-Modified: Wed, 19 Jul 2017 08:06:10 GMT
Accept-Ranges: bytes
Etag: "0c591e1650d31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 03 Aug 2017 17:56:01 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   928
Md5:    1e310bfa10cf8cd39eaede488474f1d1
Sha1:   7b67c2223ce007b1e9bbad1e3059a5940953c5bc
Sha256: a1f097241352dadbd1690b7d392f1786cb814b460672aaa53de6656746ad0323
                                        
                                            GET //images/dot1.gif HTTP/1.1 
Host: www.4004.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://4004.cn/

                                         
                                         60.169.79.30
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 90
Last-Modified: Wed, 19 Jul 2017 08:06:10 GMT
Accept-Ranges: bytes
Etag: "cff9aee1650d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 03 Aug 2017 17:56:01 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 14 x 15
Size:   90
Md5:    6295eecfa14e809f42b30ef8b899f422
Sha1:   790edfa8380e23e6fbf57d35ed89c04e98017c0a
Sha256: be9888b49fa7933e867740fa31c0635e627d59a2c528ec634ad1fe8ae488b0e6
                                        
                                            GET /images/dot2.gif HTTP/1.1 
Host: 4004.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://4004.cn/

                                         
                                         60.169.79.30
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 298
Last-Modified: Wed, 19 Jul 2017 08:06:10 GMT
Accept-Ranges: bytes
Etag: "cff9aee1650d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 03 Aug 2017 17:56:02 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 8 x 12
Size:   298
Md5:    ce8de61f4ae9c56145bac16c00530503
Sha1:   1565aa28bf209dc5ac6b69f8dd68d9eeecea86e9
Sha256: 72f771f43f5f85c9dbe190a5ad1723ed7e229464eb8a2e9fa6c5aa2496758e3a
                                        
                                            GET /images/sub_rss.gif HTTP/1.1 
Host: 4004.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://4004.cn/

                                         
                                         60.169.79.30
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 272
Last-Modified: Wed, 19 Jul 2017 08:06:10 GMT
Accept-Ranges: bytes
Etag: "83beb3e1650d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 03 Aug 2017 17:56:02 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 16 x 16
Size:   272
Md5:    86dc5c4d34eb51ceba2bf3a7e68b1501
Sha1:   fcd743dd4d263e17063c85b723758fb55902b400
Sha256: d20c745c765009ea082494d5106a9bd13ac04576bde58a4f773ce672744a5c90
                                        
                                            GET /images/bg.gif HTTP/1.1 
Host: 4004.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://4004.cn/20120825.css

                                         
                                         60.169.79.30
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 131
Last-Modified: Wed, 19 Jul 2017 08:06:10 GMT
Accept-Ranges: bytes
Etag: "59499ee1650d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 03 Aug 2017 17:56:02 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 910 x 1
Size:   131
Md5:    7b0a7c54ccd980e4c6058dfa319d594f
Sha1:   04296abeac63d0a694f57314c8218b6cbfe7da0d
Sha256: 37c4a75d96cf5caa4bdb6e924c6f56eee4e136c8ec54be9a098733124c95bf8d
                                        
                                            GET /akcms_inc.php?i=1 HTTP/1.1 
Host: 4004.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://4004.cn/

                                         
                                         60.169.79.30
HTTP/1.1 200 OK
Content-Type: text/html;charset=gbk
                                        
Content-Length: 81
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.5, ASP.NET
Date: Thu, 03 Aug 2017 17:56:02 GMT
Connection: close


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   81
Md5:    24c543e71c473a6de88c3f33beb09e01
Sha1:   b2a93f6827b460e3c27599f50d6b4ea07d369245
Sha256: d65c8ac629d619aa20a2b300700a90ac89d62cfc58deb7010cd4d9580dd6e34a
                                        
                                            GET /js/tm-1.js?theme=blog HTTP/1.1 
Host: s.akcms.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://4004.cn/

                                         
                                         202.172.28.155
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Thu, 03 Aug 2017 17:56:02 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 182
Connection: close


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   182
Md5:    8b61d1ad4137ee0287b847d4facffa78
Sha1:   d52af1ac565d91e691e2759133344445716eb9bc
Sha256: 02833cfef458fb50572a9892a30ef8aee3e572ca19c1f501c4edf8dfad5e1589
                                        
                                            GET /images/bottom.png HTTP/1.1 
Host: 4004.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://4004.cn/20120825.css

                                         
                                         60.169.79.30
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 325
Last-Modified: Wed, 19 Jul 2017 08:06:10 GMT
Accept-Ranges: bytes
Etag: "cff9aee1650d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 03 Aug 2017 17:56:02 GMT


--- Additional Info ---
Magic:  PNG image, 14 x 80, 8-bit colormap, non-interlaced
Size:   325
Md5:    5527ece97b8f27b7edae244e31198e13
Sha1:   a87d066465d4379d5b9a90f7b71d4645b3035c92
Sha256: be74c6264bcd9a4c8fd5f3cee17d540a8cc68e798b747f01cf49a5e5e762b5bd
                                        
                                            GET /images/topbacking.gif HTTP/1.1 
Host: 4004.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://4004.cn/20120825.css

                                         
                                         60.169.79.30
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 1241
Last-Modified: Wed, 19 Jul 2017 08:06:10 GMT
Accept-Ranges: bytes
Etag: "83beb3e1650d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 03 Aug 2017 17:56:02 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 4 x 115
Size:   1241
Md5:    03e7a223f9eb9a9f35383af7bb0a9259
Sha1:   87611f5777f26ad74c6a39bcd447ba4cbadf508f
Sha256: 07c486514729e55b9df02d89875a417151452e1b2398075ffa2185cddfabeeca
                                        
                                            GET /images/navbg.gif HTTP/1.1 
Host: 4004.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://4004.cn/20120825.css

                                         
                                         60.169.79.30
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 143
Last-Modified: Wed, 19 Jul 2017 08:06:10 GMT
Accept-Ranges: bytes
Etag: "83beb3e1650d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 03 Aug 2017 17:56:02 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 24
Size:   143
Md5:    f741a0ddbddaccdd124c53f00fa36085
Sha1:   4747599685e35e96d8c14e08d4274263862a72d7
Sha256: 308e1b0d84590cd964f77de334570101674a593fab841220c5790639f03a7623
                                        
                                            GET /akcms_inc.php?i=1&stat=1 HTTP/1.1 
Host: 4004.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://4004.cn/

                                         
                                         60.169.79.30
HTTP/1.1 200 OK
Content-Type: text/html;charset=gbk
                                        
Content-Length: 1
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.5, ASP.NET
Date: Thu, 03 Aug 2017 17:56:02 GMT
Connection: close


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    cfcd208495d565ef66e7dff9f98764da
Sha1:   b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
Sha256: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
                                        
                                            GET /2973024/tongji.js HTTP/1.1 
Host: js.tongji.linezing.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://4004.cn/

                                         
                                         0.0.0.0
                                        


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware