urlquery.net - Report

Overview

URL	ad.51pc114.cn/ad/ffdd24.htm
IP	121.40.44.51
ASN	AS37963 Hangzhou Alibaba Advertising Co.,Ltd.
Location	China
Report completed	2018-06-23 01:56:03 CEST
Status	Loading report..
urlquery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Blacklists

MDL

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Added / Verified	Severity	Host	Comment
2018-06-23	2	ad.51pc114.cn/ad/ffdd24.htm	Malware
2018-06-23	2	js.tongji.linezing.com/2048519/tongji.js	Malware

DNS-BH

No alerts detected

mnemonic secure dns

No alerts detected

Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 121.40.44.51

Date	UQ / IDS / BL	URL	IP
2018-10-12 18:19:33 +0200	0 - 0 - 1	ad.51pc114.cn/ad9.htm	121.40.44.51
2018-10-12 14:41:00 +0200	0 - 0 - 2	ad.51pc114.cn/ad/dd2.htm	121.40.44.51
2018-10-12 14:40:58 +0200	0 - 0 - 2	ad.51pc114.cn/ad/ffdd24.htm	121.40.44.51
2018-10-12 02:40:55 +0200	0 - 0 - 2	ad.51pc114.cn/ad/ffkj23.htm	121.40.44.51
2018-10-12 02:40:55 +0200	0 - 0 - 1	ad.51pc114.cn/1.htm	121.40.44.51
2018-10-11 16:41:47 +0200	0 - 0 - 2	ad.51pc114.cn/ad/ffkj23.htm	121.40.44.51
2018-10-11 14:41:09 +0200	0 - 0 - 1	ad.51pc114.cn/ad/kj22.htm	121.40.44.51
2018-10-10 16:31:07 +0200	0 - 0 - 1	ad.51pc114.cn/ad9.htm	121.40.44.51
2018-10-10 12:30:37 +0200	0 - 0 - 2	ad.51pc114.cn/ad/ffdd24.htm	121.40.44.51
2018-10-10 12:30:37 +0200	0 - 0 - 2	ad.51pc114.cn/ad/kj22.htm	121.40.44.51

Last 10 reports on ASN: AS37963 Hangzhou Alibaba Advertising Co.,Ltd.

Date	UQ / IDS / BL	URL	IP
2019-02-21 13:36:55 +0100	0 - 0 - 1	27471.xc.05cg.com/xiaz/%E6%88%90%E7%9C%9F%E8% (...)	101.201.62.45
2019-02-21 09:03:42 +0100	0 - 0 - 1	27395.xc.05cg.com/xiaz/%E9%87%91%E5%B1%B1%E7% (...)	120.27.186.114
2019-02-21 09:01:24 +0100	0 - 4 - 1	27433.xc.05cg.com/xiaz/%E9%80%89%E7%9C%BC%E9% (...)	101.201.62.45
2019-02-21 09:01:19 +0100	0 - 0 - 1	21526.xc.tduou.com/xiaz/transmac%2011%E7%A0%B (...)	120.27.186.114
2019-02-21 09:01:11 +0100	0 - 0 - 1	27395.xc.tduou.com/xiaz/%E5%AF%8C%E5%A3%AB%E6 (...)	101.201.62.45
2019-02-21 09:01:09 +0100	0 - 0 - 1	27333.xc.wenpie.com/xiaz/v28.5@48_115214.exe	101.201.62.45
2019-02-21 09:01:06 +0100	0 - 4 - 1	27371.xc.05cg.com/xiaz/%E8%B6%85%E5%BC%BA%E7% (...)	101.201.62.45
2019-02-21 09:01:06 +0100	0 - 4 - 1	27370.xc.05cg.com/xiaz/gillsansmt%E5%AD%97%E4 (...)	120.27.186.114
2019-02-21 08:46:06 +0100	0 - 0 - 1	27538.xc.05cg.com/xiaz/%E5%8D%8E%E5%B8%88%E5% (...)	101.201.62.45
2019-02-21 08:27:33 +0100	0 - 0 - 0	ebk.sosokan8.com	121.42.251.88

No other reports on domain: 51pc114.cn

JavaScript

Executed Scripts (2)

Executed Evals (0)

Executed Writes (2)

#1 JavaScript::Write (size: 81, repeated: 1) - SHA256: b48413f14d93d0827156baa957a2094ae84ce79df112514353a1600fd134cf6f

                                        < div style = "background:#F0F0F0;text-align:center" > 106: No match advertising. < /div>

#2 JavaScript::Write (size: 92, repeated: 1) - SHA256: f6b0bb7fa4fbd5e346ff769b06bba7deb58e9cc32e7eda9f79853dc3ca68e284

                                        < script type = "text/javascript"
src = "http://popup.jointreport-switch.com/?uid=1130" > < /script>

HTTP Transactions (5)

Request	Response
GET /ad/ffdd24.htm HTTP/1.1 Host: ad.51pc114.cn User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	121.40.44.51 HTTP/1.1 200 OK Content-Type: text/html Server: nginx Date: Fri, 22 Jun 2018 23:51:05 GMT Last-Modified: Fri, 16 Mar 2018 05:59:15 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Etag: W/"5aab5d33-64a" Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 800 Md5: 672c568630ee200e03f1c8240d9f568c Sha1: f288de3580c40ca5bb445a10e8a2ea93fd29d194 Sha256: 29ad87e1eb33b9e4bb7b299567d4ae533a05d4e9c0618673640302f4465c3b42 Alerts: Blacklists: - fortinet: Malware
GET /?uid=1130 HTTP/1.1 Host: popup.jointreport-switch.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://ad.51pc114.cn/ad/ffdd24.htm	115.238.244.83 HTTP/1.1 200 OK Content-Type: text/html; charset=gb2312 Server: tengine Date: Fri, 22 Jun 2018 23:55:35 GMT Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.3.28 P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Cache-Control: no-cache, must-revalidate --- Additional Info --- Magic: ASCII text, with no line terminators Size: 102 Md5: 4994713b6ebaacb5f5b0b8ea931732d1 Sha1: 4ba5b275a009c60fb751fcaac3031ce705bdcf9f Sha256: 65c6a52948c9dbb6927b5c69fd6f7fd33fd89ad089ab272918903d5a539ad174
GET /2048519/tongji.js HTTP/1.1 Host: js.tongji.linezing.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://ad.51pc114.cn/ad/ffdd24.htm	213.244.178.240 HTTP/1.1 504 Gateway Time-out Content-Type: application/x-javascript Server: Tengine Content-Length: 0 Connection: keep-alive Via: cache8.l2hk1[0,504-269,M], cache27.l2hk1[10001,0], cache6.nl1[10483,504-1281,H], cache4.nl1[7655,10484,504001] X-Swift-Error: forward connect timeout, orig response 5xx error Age: 0 X-Cache: HIT TCP_MEM_HIT dirn:-2:-2 mlen:-1 X-Swift-SaveTime: Fri, 22 Jun 2018 23:55:45 GMT X-Swift-CacheTime: 1 Timing-Allow-Origin: * EagleId: d5f4b28415297117276641494e --- Additional Info --- Alerts: Blacklists: - fortinet: Malware
GET /favicon.ico HTTP/1.1 Host: ad.51pc114.cn User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive	121.40.44.51 HTTP/1.1 200 OK Content-Type: image/x-icon Server: nginx Date: Fri, 22 Jun 2018 23:51:24 GMT Content-Length: 5558 Last-Modified: Mon, 02 Apr 2018 02:27:11 GMT Connection: keep-alive Etag: "5ac194ff-15b6" Accept-Ranges: bytes --- Additional Info --- Magic: MS Windows icon resource - 1 icon Size: 5558 Md5: 3abd37506e4577e502f7acafa694e606 Sha1: 575d50871cd155fca3bcf2281a3791324a10c12c Sha256: a51222cf44af8ccced7b886975eb501abe60d1f7f4f7d9e816c64718b5c03bf0
GET /fshow.php?id=152695 HTTP/1.1 Host: u291014.778669.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://ad.51pc114.cn/ad/ffdd24.htm	0.0.0.0 --- Additional Info ---