Overview

URL cao914.com/xt/news/se18.html
IP103.134.136.15
ASN
Location Unknown
Report completed2019-04-16 12:15:17 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-04-16 2 cao914.com/js/diao.js Malware
2019-04-16 2 cao914.com/js/sosuo.js Malware
2019-04-16 2 cao914.com/xt/news/se18.html Malware
2019-04-16 2 cao914.com/js/top.js Malware
2019-04-16 2 cao914.com/js/tj.js Malware
2019-04-16 2 cao914.com/js/mg.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 1 reports on IP: 103.134.136.15

Date UQ / IDS / BL URL IP
2019-03-07 15:52:25 +0100
0 - 0 - 4 cao914.com/ 103.134.136.15

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2019-06-19 10:07:01 +0200
0 - 0 - 0 https://www.destinylab.com/forum/general-disc (...) 185.230.62.161
2019-06-19 10:01:33 +0200
0 - 0 - 0 freshproducts-shopping.com/5414qd16869516pw71 (...) 185.247.117.254
2019-06-19 10:00:26 +0200
0 - 0 - 0 https://coderwall.com/p/af8v1w/watch-john-wic (...) 52.45.111.123
2019-06-19 09:53:57 +0200
0 - 3 - 0 www.juicycouture.com 52.59.114.37
2019-06-19 09:46:03 +0200
0 - 0 - 0 https://coderwall.com/p/5n-mxw/123movies-john (...) 52.207.111.186
2019-06-19 09:40:14 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049633965/ 143.204.52.228
2019-06-19 09:35:44 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049333985/ 143.204.52.228
2019-06-19 09:35:39 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049333981/ 143.204.52.228
2019-06-19 09:35:35 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049333986/ 143.204.52.228
2019-06-19 09:35:31 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049333850/ 143.204.52.228

Last 1 reports on domain: cao914.com

Date UQ / IDS / BL URL IP
2019-03-07 15:52:25 +0100
0 - 0 - 4 cao914.com/ 103.134.136.15


JavaScript

Executed Scripts (4)


Executed Evals (0)


Executed Writes (5)

#1 JavaScript::Write (size: 785, repeated: 1) - SHA256: cc65455a3bf2d48238aefc39ee36f78fdaaabbf298b9d00953975a70b34b4e25

                                        < script language = 'javascript' > function is_mobile() {
    var regex_match = /(nokia|iphone|android|motorola|^mot-|softbank|foma|docomo|kddi|up.browser|up.link|htc|dopod|blazer|netfront|helio|hosin|huawei|novarra|CoolPad|webos|techfaith|palmsource|blackberry|alcatel|amoi|ktouch|nexian|samsung|^sam-|s[cg]h|^lge|ericsson|philips|sagem|wellcom|bunjalloo|maui|symbian|smartphone|midp|wap|phone|windows ce|iemobile|^spice|^bird|^zte-|longcos|pantech|gionee|^sie-|portalmmm|jigs browser|hiptop|^benq|haier|^lct|operas*mobi|opera*mini|320x320|240x320|176x220)/i;
    var u = navigator.userAgent;
    if (null == u) {
        return true;
    }
    var result = regex_match.exec(u);
    if (null == result) {
        return false
    } else {
        return true
    }
}
if (is_mobile()) {
    document.location.href = '/wap';
} < /script>
                                    

#2 JavaScript::Write (size: 75, repeated: 1) - SHA256: 7d24383ad5415aa1a9d1de4e8a5b11d3fca295b65e7100357cf2fcd63b1830d3

                                        < script type = "text/javascript"
src = "http://gg.660062.com:88/bc.js" > < /script>
                                    

#3 JavaScript::Write (size: 76, repeated: 1) - SHA256: 466e60e0a448e2aeca40771472643814b3ca321e89f4259336f93c6c39496544

                                        < script type = "text/javascript"
src = "http://gg.660062.com:88/bcc.js" > < /script>
                                    

#4 JavaScript::Write (size: 78, repeated: 1) - SHA256: c7b7a83c40b245d43474274f263461448306690378727ed4a701386a4f29a239

                                        < script type = "text/javascript"
src = "http://gg.660062.com:88/sosuo.js" > < /script>
                                    

#5 JavaScript::Write (size: 76, repeated: 1) - SHA256: 54cee655c6988a05fb026a31b650702ca67a365ec27afb49e5bc4b6d381ef72a

                                        < script type = "text/javascript"
src = "http://gg.660062.com:88/top.js" > < /script>
                                    


HTTP Transactions (12)


Request Response
                                        
                                            GET /js/diao.js HTTP/1.1 
Host: cao914.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cao914.com/xt/news/se18.html

                                         
                                         103.134.136.15
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Last-Modified: Thu, 04 Oct 2018 23:10:50 GMT
Accept-Ranges: bytes
Etag: "df1bec7d375cd41:0"
Server: Microsoft-IIS/8.5
Date: Tue, 16 Apr 2019 10:14:26 GMT
Content-Length: 810


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   810
Md5:    8f6c5ed7d4e98b6aa02a012ffcc548c7
Sha1:   7a44a8946cece5e57214eeb8b11a01ab8532909d
Sha256: 5352e94508981fcc9813942b28e00f417b344049d84917b967b99d026cb962ce

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/xf/images/js/style_menu.css HTTP/1.1 
Host: cao914.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cao914.com/xt/news/se18.html

                                         
                                         103.134.136.15
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Last-Modified: Tue, 28 Feb 2017 11:32:40 GMT
Accept-Ranges: bytes
Etag: "f2a3df5eb691d21:0"
Server: Microsoft-IIS/8.5
Date: Tue, 16 Apr 2019 10:14:26 GMT
Content-Length: 1334


--- Additional Info ---
Magic:  ASCII C program text, with CRLF line terminators
Size:   1334
Md5:    b6310a1a557ad5114223dc269497538a
Sha1:   860bbdc9572a43076305f35b87f8f74758415d8e
Sha256: 03e5352d9687d6dcf9c52ebdc2a35881227414742aef8192659bd1692003bfab
                                        
                                            GET /js/sosuo.js HTTP/1.1 
Host: cao914.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cao914.com/xt/news/se18.html

                                         
                                         103.134.136.15
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Last-Modified: Fri, 11 Nov 2016 20:28:36 GMT
Accept-Ranges: bytes
Etag: "5c163d2e5a3cd21:0"
Server: Microsoft-IIS/8.5
Date: Tue, 16 Apr 2019 10:14:26 GMT
Content-Length: 107


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   107
Md5:    c7c82dc654354917f36fd7ac60cc154b
Sha1:   0a4bd2147214f2c1e6e0f1ebcf891b8bbf9f4153
Sha256: af4549c16f4a4b525a7b4a8c00614969c5107a08a84978250ad9e89b9c89c5dd

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/xf/images/logo.png HTTP/1.1 
Host: cao914.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cao914.com/xt/news/se18.html

                                         
                                         103.134.136.15
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Last-Modified: Wed, 01 Aug 2018 17:26:11 GMT
Accept-Ranges: bytes
Etag: "1dc6f7bdbc29d41:0"
Server: Microsoft-IIS/8.5
Date: Tue, 16 Apr 2019 10:14:26 GMT
Content-Length: 23221


--- Additional Info ---
Magic:  PNG image, 400 x 90, 8-bit/color RGBA, non-interlaced
Size:   23221
Md5:    6e1af508008062e85b960d83c21d33bf
Sha1:   fc88c0dc84a1f3b92c6b4f2a6355bdbf3e394645
Sha256: bbe762f50b8ea6805ea99c0ff842287edd7179a9a8945089072aaa20af4dac52
                                        
                                            GET /template/xf/images/js/style.css HTTP/1.1 
Host: cao914.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cao914.com/xt/news/se18.html

                                         
                                         103.134.136.15
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Last-Modified: Fri, 28 Sep 2018 06:27:37 GMT
Accept-Ranges: bytes
Etag: "458b8959f456d41:0"
Server: Microsoft-IIS/8.5
Date: Tue, 16 Apr 2019 10:14:26 GMT
Content-Length: 62973


--- Additional Info ---
Magic:  UTF-8 Unicode (with BOM) C program text, with CRLF line terminators
Size:   62973
Md5:    322b4a4e744302e9a3cf55c47184de83
Sha1:   45675982479fe69dc11c23b51e3b456e2b237ad4
Sha256: 8e4cbebba2467d92f475216238721499b3a293587e472a82b61a6681db6bfe11
                                        
                                            GET /xt/news/se18.html HTTP/1.1 
Host: cao914.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         103.134.136.15
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Last-Modified: Mon, 04 Mar 2019 15:09:58 GMT
Accept-Ranges: bytes
Etag: "067cc549cd2d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Date: Tue, 16 Apr 2019 10:14:26 GMT
Content-Length: 67052


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   67052
Md5:    219f825c0c1112fce0995b3e6fb5561f
Sha1:   d37a62b79c90b540e1481ba6680e197e93d81fe6
Sha256: 10c3eef614e29947c469d6083ef466cb923f9b4a8177d6578c26fa245bb631ab

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /js/top.js HTTP/1.1 
Host: cao914.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cao914.com/xt/news/se18.html

                                         
                                         103.134.136.15
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Last-Modified: Tue, 28 Feb 2017 11:17:20 GMT
Accept-Ranges: bytes
Etag: "59c73ab491d21:0"
Server: Microsoft-IIS/8.5
Date: Tue, 16 Apr 2019 10:14:48 GMT
Content-Length: 318


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   318
Md5:    0cbba1da12489b8f3f8dee26ab029580
Sha1:   761d0fac6eb4ddb67f034493b8aa1ebcfceb1dac
Sha256: 47d6f276ee4c063507b25090483836fd7946f6d14280131122a5c167d3234d0c

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /template/xf/images/bg_menu.png HTTP/1.1 
Host: cao914.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cao914.com/template/xf/images/js/style_menu.css

                                         
                                         103.134.136.15
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Last-Modified: Tue, 28 Feb 2017 01:39:21 GMT
Accept-Ranges: bytes
Etag: "5acac17b6391d21:0"
Server: Microsoft-IIS/8.5
Date: Tue, 16 Apr 2019 10:14:48 GMT
Content-Length: 314


--- Additional Info ---
Magic:  PNG image, 100 x 82, 8-bit/color RGB, non-interlaced
Size:   314
Md5:    263cafe81abe580390d0b2c522c8d12c
Sha1:   d7cba95d26f7b7e73a655bb0c88a588b5227cfb7
Sha256: 8171f47360ca953d111a8237114c15ffcee07acab60016c09ab4623dea3dfa4b
                                        
                                            GET /js/tj.js HTTP/1.1 
Host: cao914.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cao914.com/xt/news/se18.html

                                         
                                         103.134.136.15
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Last-Modified: Sat, 30 Mar 2019 03:06:03 GMT
Accept-Ranges: bytes
Etag: "41a99882a5e6d41:0"
Server: Microsoft-IIS/8.5
Date: Tue, 16 Apr 2019 10:14:48 GMT
Content-Length: 313


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   313
Md5:    a581cf325ed94f8a5f2527f3bfb18fa3
Sha1:   07b0d0f6a719c02067fa3b04775ca3915ff3c212
Sha256: a42d1847f03b9cec8722c77d9ba3560f2b16573263d40e4f2b455d3d02ab2987

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /js/mg.js HTTP/1.1 
Host: cao914.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cao914.com/xt/news/se18.html

                                         
                                         103.134.136.15
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Last-Modified: Tue, 28 Feb 2017 11:19:05 GMT
Accept-Ranges: bytes
Etag: "38c69678b491d21:0"
Server: Microsoft-IIS/8.5
Date: Tue, 16 Apr 2019 10:14:48 GMT
Content-Length: 211


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   211
Md5:    4c6a98122815014a5153370fa58e285f
Sha1:   1e00e881a02bd859132dcf65aa9d246c3ddc1fe9
Sha256: f4bf29623ce5371a7d155ec2eff84a25828f2cc2c37319f690c5422aab28ed7a

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /top.js HTTP/1.1 
Host: gg.660062.com:88
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cao914.com/xt/news/se18.html

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /sosuo.js HTTP/1.1 
Host: gg.660062.com:88
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://cao914.com/xt/news/se18.html

                                         
                                         0.0.0.0
                                        


--- Additional Info ---