Overview

URL jeansexpo.com/hangyexinwen/12.html
IP104.222.239.106
ASNAS22552 eSited Solutions
Location United States
Report completed2018-08-24 21:17:25 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-08-24 21:16:54 CEST 1  104.222.239.106 Client IP ET TROJAN RAMNIT.A M2
2018-08-24 21:16:54 CEST 1  104.222.239.106 Client IP ET TROJAN RAMNIT.A M1
2018-08-24 21:16:54 CEST 1  104.222.239.106 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
2018-08-24 21:16:54 CEST 1  104.222.239.106 Client IP ET TROJAN PE EXE or DLL Windows file download Text


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-08-24 2 jeansexpo.com/hangyexinwen/12.html Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 7 reports on IP: 104.222.239.106

Date UQ / IDS / BL URL IP
2018-12-27 14:45:32 +0100
0 - 0 - 1 jeansexpo.com/attachments/2014/12/14187176605 (...) 104.222.239.106
2018-12-04 17:42:58 +0100
0 - 0 - 1 jeansexpo.com/hangyexinwen/14.html 104.222.239.106
2018-12-03 12:43:08 +0100
0 - 0 - 1 jeansexpo.com/hangyexinwen/15.html 104.222.239.106
2018-11-03 03:36:37 +0100
0 - 0 - 1 jeansexpo.com/hangyexinwen/11.html 104.222.239.106
2018-09-07 17:36:26 +0200
0 - 0 - 1 goldtripod.com.cn/ 104.222.239.106
2018-08-25 01:20:55 +0200
0 - 0 - 6 goldtripod.com.cn/gongsigonggao/52.html 104.222.239.106
2018-08-14 07:47:01 +0200
0 - 7 - 1 jeansexpo.com/hangyexinwen/55.html 104.222.239.106

Last 10 reports on ASN: AS22552 eSited Solutions

Date UQ / IDS / BL URL IP
2019-06-27 15:30:02 +0200
0 - 0 - 0 172.80.1.61 172.80.1.61
2019-06-10 17:55:18 +0200
0 - 0 - 1 dgzhaoxu.com/Index.html 66.254.175.133
2019-06-10 17:50:55 +0200
0 - 0 - 1 netuhaf.com/aura785668 192.119.136.53
2019-06-10 17:48:47 +0200
0 - 0 - 1 lyh123.com/a/zixun/list_2_1.html 104.171.188.230
2019-06-10 16:55:36 +0200
0 - 0 - 1 xyotc.com/index.html 104.222.225.56
2019-06-10 16:45:52 +0200
0 - 0 - 1 www.wangzhanzz.com/gongsigonggao/7.html 162.247.236.46
2019-06-10 15:51:01 +0200
0 - 0 - 1 rahasiajiwa.com/wp-content/plugins/akismete/i (...) 146.71.53.53
2019-06-10 09:30:44 +0200
0 - 0 - 1 gcslzp.com/product/class/2.html 104.221.148.30
2019-06-09 21:16:21 +0200
0 - 0 - 15 hacheyou.com/english/zhidao/gx1811302767.shtml 172.80.122.181
2019-06-09 21:15:36 +0200
0 - 0 - 1 www.hacheyou.com/english/zhidao/gx1811302767.shtml 172.80.122.181

Last 9 reports on domain: jeansexpo.com

Date UQ / IDS / BL URL IP
2019-06-05 21:54:04 +0200
0 - 0 - 1 https://www.jeansexpo.com/attachments/2014/12 (...) 157.52.204.108
2019-06-05 21:53:43 +0200
0 - 0 - 2 jeansexpo.com/attachments/2014/12/14187176605 (...) 157.52.204.108
2019-05-21 07:50:28 +0200
0 - 0 - 2 jeansexpo.com/attachments/2014/12/14187176605 (...) 157.52.204.108
2019-05-21 07:50:25 +0200
0 - 0 - 1 https://www.jeansexpo.com/attachments/2014/12 (...) 157.52.204.108
2018-12-27 14:45:32 +0100
0 - 0 - 1 jeansexpo.com/attachments/2014/12/14187176605 (...) 104.222.239.106
2018-12-04 17:42:58 +0100
0 - 0 - 1 jeansexpo.com/hangyexinwen/14.html 104.222.239.106
2018-12-03 12:43:08 +0100
0 - 0 - 1 jeansexpo.com/hangyexinwen/15.html 104.222.239.106
2018-11-03 03:36:37 +0100
0 - 0 - 1 jeansexpo.com/hangyexinwen/11.html 104.222.239.106
2018-08-14 07:47:01 +0200
0 - 7 - 1 jeansexpo.com/hangyexinwen/55.html 104.222.239.106


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (14)


Request Response
                                        
                                            GET /hangyexinwen/12.html HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.222.239.106
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Last-Modified: Fri, 20 Jul 2018 11:09:50 GMT
Accept-Ranges: bytes
Etag: "0d3302d1a20d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:52 GMT
Content-Length: 66522


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   66522
Md5:    6bc70d0d569edfc6bba37e836695d4ad
Sha1:   ce40a93be093837ee2cb8991e21f0b2c7d1453b6
Sha256: 639927e4fa47d2cfd68efe63701584b6e8bb61377324d5eed882453ef4d3b2d4

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET TROJAN RAMNIT.A M1
                                        
                                            GET /templets/n24/style/style.css HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jeansexpo.com/hangyexinwen/12.html

                                         
                                         104.222.239.106
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Last-Modified: Sun, 18 Nov 2012 09:14:16 GMT
Accept-Ranges: bytes
Etag: "0e41d156dc5cd1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:52 GMT
Content-Length: 11237


--- Additional Info ---
Magic:  ISO-8859 text, with CRLF line terminators
Size:   11237
Md5:    0a30f6afc50313f0f16bb183ab3f35b7
Sha1:   1a9101ce4f4f788264bed0386de5674348b73699
Sha256: 02c46e54421df75e965e6aac424af314df0418b6dc93659826a953a5002f048f
                                        
                                            GET /templets/n24/images/dilogo.gif HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jeansexpo.com/hangyexinwen/12.html

                                         
                                         104.222.239.106
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Sun, 18 Nov 2012 07:55:48 GMT
Accept-Ranges: bytes
Etag: "01aee1e62c5cd1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:52 GMT
Content-Length: 14751


--- Additional Info ---
Magic:  GIF image data, version 89a, 536 x 70
Size:   14751
Md5:    4d0185844f021192ff3da7d1dcf62b2a
Sha1:   21e5cbaca516027ba6c10588affc02e7de6cfeb1
Sha256: 4732c097397315bc07ae2c10c3973906face6e46e8fcd2763e702fd0ee44863b
                                        
                                            GET /templets/n24/images/top.gif HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jeansexpo.com/templets/n24/style/style.css

                                         
                                         104.222.239.106
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Mon, 24 Oct 2011 14:46:52 GMT
Accept-Ranges: bytes
Etag: "0964dc45b92cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:53 GMT
Content-Length: 3533


--- Additional Info ---
Magic:  GIF image data, version 89a, 57 x 135
Size:   3533
Md5:    156b3949e4bcda09e12246ce9c793918
Sha1:   3799eda4353e6f9e6999b75f70816d21057130e8
Sha256: 1ea03205755638862d947d01efe292878eaa813fd04cce0512983bb79562dc6d
                                        
                                            GET /templets/n24/images/header.gif HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jeansexpo.com/templets/n24/style/style.css

                                         
                                         104.222.239.106
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Wed, 20 Feb 2013 13:55:22 GMT
Accept-Ranges: bytes
Etag: "0c1ddec71fce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:53 GMT
Content-Length: 20791


--- Additional Info ---
Magic:  GIF image data, version 89a, 960 x 135
Size:   20791
Md5:    c64319e1a0075629951953e9c6a0d6d9
Sha1:   2e288da0fb527e27c32660e25719d60a0de20b97
Sha256: 6fa053d448762d4746fb17a137928e581c2bf7cdd73034f3ae5bac86bf891f26
                                        
                                            GET /templets/n24/images/contact.gif HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jeansexpo.com/templets/n24/style/style.css

                                         
                                         104.222.239.106
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Mon, 24 Oct 2011 14:46:52 GMT
Accept-Ranges: bytes
Etag: "0964dc45b92cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:53 GMT
Content-Length: 23813


--- Additional Info ---
Magic:  GIF image data, version 89a, 230 x 235
Size:   23813
Md5:    73bbbc99aff2ec8e3b0e1c3ec48e7fec
Sha1:   1e9753c23b99036307f4eacae33a73b9bfa66a6e
Sha256: dad35f332e858c3921b5828aa54645bec9bc524ab22a0c68fb0a3e768eb83f13
                                        
                                            GET /templets/n24/images/logo.gif HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jeansexpo.com/templets/n24/style/style.css

                                         
                                         104.222.239.106
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Wed, 20 Feb 2013 13:52:10 GMT
Accept-Ranges: bytes
Etag: "0e16c7a71fce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:53 GMT
Content-Length: 4047


--- Additional Info ---
Magic:  GIF image data, version 89a, 159 x 95
Size:   4047
Md5:    7f5f50b94066fcc85c928e7c50ede517
Sha1:   46d8a51df46035c045c554fdc8405abde45d973c
Sha256: 3faf3343dc01a3eadf44b8b03807009b0a2fddc18af1d27b530ac120accf90b4
                                        
                                            GET /templets/n24/images/nav_h.gif HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jeansexpo.com/templets/n24/style/style.css

                                         
                                         104.222.239.106
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Mon, 24 Oct 2011 14:46:52 GMT
Accept-Ranges: bytes
Etag: "0964dc45b92cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:53 GMT
Content-Length: 2999


--- Additional Info ---
Magic:  GIF image data, version 89a, 94 x 36
Size:   2999
Md5:    8116dc94e455c88b33a1da1003421fbb
Sha1:   68836c936b96ea18f6f27e05ea6a0774c5715628
Sha256: 8f45f2d11751633f406aa47b45ea9940be7b05b88a3f884fafcc1df2624bdf09
                                        
                                            GET /templets/n24/images/place.jpg HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jeansexpo.com/templets/n24/style/style.css

                                         
                                         104.222.239.106
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Last-Modified: Mon, 24 Oct 2011 14:46:52 GMT
Accept-Ranges: bytes
Etag: "0964dc45b92cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:53 GMT
Content-Length: 341


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   341
Md5:    13d64549de0ebdab970540cda9d1a66d
Sha1:   f3bfcd0b25478a70e2eba267e71792f79491aff5
Sha256: ed4fddd98e98ef7b97b7567b1a0a4e981eb9fe09d4c9fc5698d081ef991d8ca9
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.222.239.106
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Last-Modified: Tue, 12 Sep 2017 00:27:56 GMT
Accept-Ranges: bytes
Etag: "7573c2fa5d2bd31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:54 GMT
Content-Length: 1513


--- Additional Info ---
Magic:  PNG image, 15 x 16, 8-bit/color RGBA, non-interlaced
Size:   1513
Md5:    6cfdb36ca6f4ffa7217a84efa3ba5431
Sha1:   b6c7827d0623f0f43109328acdec6642a319be4c
Sha256: 17e28c0f0c4bb3ee9dc4e4adebb641ce9edf12a406937cdb62f6da2ed10a89e3
                                        
                                            GET /templets/n24/images/left.gif HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jeansexpo.com/templets/n24/style/style.css

                                         
                                         104.222.239.106
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:53 GMT
Content-Length: 114285


--- Additional Info ---

Alerts:
  IDS:
    - ET TROJAN RAMNIT.A M2
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
    - ET TROJAN PE EXE or DLL Windows file download Text
                                        
                                            GET /templets/n24/images/left_b.gif HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jeansexpo.com/templets/n24/style/style.css

                                         
                                         104.222.239.106
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:53 GMT
Content-Length: 114285


--- Additional Info ---
                                        
                                            GET /templets/n24/images/nav.gif HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jeansexpo.com/templets/n24/style/style.css

                                         
                                         104.222.239.106
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:53 GMT
Content-Length: 114285


--- Additional Info ---
                                        
                                            GET /templets/n24/images/content_b.gif HTTP/1.1 
Host: jeansexpo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jeansexpo.com/templets/n24/style/style.css

                                         
                                         104.222.239.106
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 24 Aug 2018 19:27:54 GMT
Content-Length: 114285


--- Additional Info ---