Overview

URL jlxsjcj.com/html/jxjy..xkjsindex.html
IP104.223.149.155
ASNAS46573 Global Frag Networks
Location United States
Report completed2018-10-11 14:26:07 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-10-11 14:25:36 CEST 1  104.223.149.155 Client IP ET TROJAN PE EXE or DLL Windows file download Text
2018-10-11 14:25:36 CEST 1  104.223.149.155 Client IP ET TROJAN RAMNIT.A M2
2018-10-11 14:25:36 CEST 1  104.223.149.155 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-10-11 2 jlxsjcj.com/yesads.js Malware
2018-10-11 2 jlxsjcj.com/html/jxjy..xkjsindex.html Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.223.149.155

Date UQ / IDS / BL URL IP
2019-02-13 18:27:41 +0100
0 - 0 - 1 jlxsjcj.com/html/xsgzxsdtindex.html 104.223.149.155
2019-01-18 18:49:10 +0100
0 - 0 - 2 jlxsjcj.com/html/kxyjkycgindex.html 104.223.149.155
2019-01-03 23:33:32 +0100
0 - 4 - 2 jlxsjcj.com/html/wjxz..mkszyyddzgwhjsxtcxzxin (...) 104.223.149.155
2018-12-27 20:54:09 +0100
0 - 0 - 2 jlxsjcj.com/html/xygg..xsgzindex.html 104.223.149.155
2018-12-27 11:27:21 +0100
0 - 3 - 2 jlxsjcj.com/html/jyjx..yqljindex.html 104.223.149.155
2018-12-27 10:03:35 +0100
0 - 3 - 2 jlxsjcj.com/html/bszn..sxkjyjdindex.html 104.223.149.155
2018-12-15 20:38:44 +0100
0 - 0 - 2 jlxsjcj.com/html/wjxz..xsgzindex.html 104.223.149.155
2018-12-15 20:24:20 +0100
0 - 0 - 2 jlxsjcj.com/html/xkjs..bsznindex.html 104.223.149.155
2018-12-10 14:17:54 +0100
0 - 0 - 2 hzetqy.com/html/htmlzypjjkyfx201307013b26a6c9 (...) 104.223.149.155
2018-12-08 04:31:35 +0100
0 - 0 - 2 jlxsjcj.com/html/jyjx..xstdindex.html 104.223.149.155

Last 10 reports on ASN: AS46573 Global Frag Networks

Date UQ / IDS / BL URL IP
2019-02-22 23:03:47 +0100
0 - 0 - 2 jianhuiys.cn/gzdt.html 107.179.119.26
2019-02-22 22:59:15 +0100
0 - 0 - 1 jinghaochem.cn/html/xuexiaoxinwen8717.shtml.html 107.179.119.190
2019-02-22 22:55:50 +0100
0 - 0 - 1 lcxunjie.cn/html/xygkxyjjindex.html 107.179.119.78
2019-02-22 22:54:35 +0100
0 - 0 - 21 fangsheng0901.com.cn/html/info100911269.html 107.179.119.226
2019-02-22 22:54:06 +0100
0 - 0 - 13 fangtaiventilation.com.cn/html/kxyj..xkjszysz.html 107.179.119.224
2019-02-22 22:53:43 +0100
0 - 0 - 1 sunfzcz.cn/html/info1012....jxkycg.html 107.179.119.133
2019-02-22 22:52:24 +0100
0 - 0 - 1 suiyuanyuanyi.cn/html/info10981998.html 107.179.119.136
2019-02-22 22:51:30 +0100
0 - 0 - 2 jinzuanfood.cn/html/200901220612.html 107.179.119.247
2019-02-22 22:51:24 +0100
0 - 0 - 1 jhanlian.com.cn/html/contentggtz201411125.html 107.179.119.207
2019-02-22 22:51:01 +0100
0 - 0 - 1 shssdq.cn/html/index.html 107.179.119.113

Last 10 reports on domain: jlxsjcj.com

Date UQ / IDS / BL URL IP
2019-02-13 18:27:41 +0100
0 - 0 - 1 jlxsjcj.com/html/xsgzxsdtindex.html 104.223.149.155
2019-01-18 18:49:10 +0100
0 - 0 - 2 jlxsjcj.com/html/kxyjkycgindex.html 104.223.149.155
2019-01-03 23:33:32 +0100
0 - 4 - 2 jlxsjcj.com/html/wjxz..mkszyyddzgwhjsxtcxzxin (...) 104.223.149.155
2018-12-27 20:54:09 +0100
0 - 0 - 2 jlxsjcj.com/html/xygg..xsgzindex.html 104.223.149.155
2018-12-27 11:27:21 +0100
0 - 3 - 2 jlxsjcj.com/html/jyjx..yqljindex.html 104.223.149.155
2018-12-27 10:03:35 +0100
0 - 3 - 2 jlxsjcj.com/html/bszn..sxkjyjdindex.html 104.223.149.155
2018-12-15 20:38:44 +0100
0 - 0 - 2 jlxsjcj.com/html/wjxz..xsgzindex.html 104.223.149.155
2018-12-15 20:24:20 +0100
0 - 0 - 2 jlxsjcj.com/html/xkjs..bsznindex.html 104.223.149.155
2018-12-08 04:31:35 +0100
0 - 0 - 2 jlxsjcj.com/html/jyjx..xstdindex.html 104.223.149.155
2018-12-04 22:49:28 +0100
0 - 0 - 2 jlxsjcj.com/html/xygg..jxspindex.html 104.223.149.155


JavaScript

Executed Scripts (1)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 87, repeated: 1) - SHA256: a72b285b9287c1181927cd290a6f6c08d519ebc6754bc9f04fce904ca106945e

                                        < script src = 'https://s95.b9823852351323h.com/by/dz.js'
type = 'text/javascript' > < /script>
                                    


HTTP Transactions (9)


Request Response
                                        
                                            GET /yesads.js HTTP/1.1 
Host: jlxsjcj.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jlxsjcj.com/html/jxjy..xkjsindex.html

                                         
                                         104.223.149.155
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Length: 106
Last-Modified: Thu, 13 Apr 2017 15:53:10 GMT
Accept-Ranges: bytes
Etag: "101518d6eb4d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 11 Oct 2018 12:25:38 GMT


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   106
Md5:    17a8754edf85068082f8b1ac1519d80e
Sha1:   33a9c0cccfe3d299c1ebb6d77fc4e0097b35f5a9
Sha256: 85965e1cee169e6ea1129285cafdd3c90f4e7b046207290c9ad9bc51bc58afdf

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /images/jxjyxkjscsscsscss.css HTTP/1.1 
Host: jlxsjcj.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jlxsjcj.com/html/jxjy..xkjsindex.html

                                         
                                         104.223.149.155
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Length: 5514
Last-Modified: Sat, 03 Dec 2016 12:20:34 GMT
Accept-Ranges: bytes
Etag: "c477d4a55f4dd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 11 Oct 2018 12:25:38 GMT


--- Additional Info ---
Magic:  UTF-8 Unicode C program text, with CRLF line terminators
Size:   5514
Md5:    6ea9a47f0f24e579b557481e6ddef644
Sha1:   d80e76992a3d196a49c48a1acc5d1729adab2eef
Sha256: 0639663c4d0a63d80353f4cbf548b9effd5b03242d88b04b4401fe0e95614369
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.16
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Fri, 05 Oct 2018 14:28:29 GMT
Etag: 23FB1BBE064ECAB24D97EFF43349F76497C7BA2B
X-OCSP-Responder-ID: rmdccaocsp27
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=93169
Expires: Fri, 12 Oct 2018 14:18:26 GMT
Date: Thu, 11 Oct 2018 12:25:37 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    55f32288a888de0d83ed8f0e5ca2a225
Sha1:   23fb1bbe064ecab24d97eff43349f76497c7ba2b
Sha256: 37acd704e14bc2fba37a0305ac9d0b3a77aabab941561b7a8068985941048e2f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.16
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 08 Oct 2018 09:27:34 GMT
Etag: 96CAB35BEB3E9D5CDA87713907CE20DD84A9A9D3
X-OCSP-Responder-ID: rmdccaocsp21
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=334291
Expires: Mon, 15 Oct 2018 09:17:08 GMT
Date: Thu, 11 Oct 2018 12:25:37 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    48ec56c49763fb783e2d3e8cb7020557
Sha1:   96cab35beb3e9d5cda87713907ce20dd84a9a9d3
Sha256: 80d008301ac25c61f529df8faf1657c03f5766f77d996e455b5983158fb3dec1
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 08 Oct 2018 09:27:34 GMT
Etag: 090C34B232998ED0CB442389A283D60A7212687C
X-OCSP-Responder-ID: rmdccaocsp19
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=334364
Expires: Mon, 15 Oct 2018 09:18:21 GMT
Date: Thu, 11 Oct 2018 12:25:37 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    918e7ad6efba9cd193ede3de6438f9b1
Sha1:   090c34b232998ed0cb442389a283d60a7212687c
Sha256: ff1641777dd048546458ac7b135f68cda235fd5d2e4dc8b9cb1c9bfa51ef30ec
                                        
                                            GET /html/jxjy..xkjsindex.html HTTP/1.1 
Host: jlxsjcj.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.223.149.155
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Length: 113574
Last-Modified: Sat, 04 Aug 2018 02:44:51 GMT
Accept-Ranges: bytes
Etag: "aa8dc1d9d2bd41:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 11 Oct 2018 12:25:37 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   113574
Md5:    fb4cd91d1407c6d92aa17056b3af0806
Sha1:   c4e528d1b6b84448b24b7cf323f4d925ddd4b6d4
Sha256: 08dbbce6b42ee8dad2d6d31f9dd79574c96e6ce0a1098018af37a54f161e01d0

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET TROJAN PE EXE or DLL Windows file download Text
    - ET TROJAN RAMNIT.A M2
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
                                        
                                            GET /by/dz.js HTTP/1.1 
Host: s95.b9823852351323h.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jlxsjcj.com/html/jxjy..xkjsindex.html

                                         
                                         45.65.46.3
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Apache
Date: Thu, 11 Oct 2018 14:21:08 GMT
Content-Length: 599
Connection: keep-alive
Keep-Alive: timeout=60


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   599
Md5:    20f091c0674a150734971e060ab2aa62
Sha1:   9353b467d7b083f6a1d362ac1b17da58cbfec286
Sha256: b6311bf92598dab2e4f8399d03210ea6c1d554f5a994a9fe6dd6e5cc08226240
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: jlxsjcj.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.223.149.155
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Content-Length: 1308
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 11 Oct 2018 12:25:39 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1308
Md5:    2923b250a3660c034aa7831d5e6d7f3c
Sha1:   646f109012bac000fe1bc58f40d112f77483f22a
Sha256: e682dfcdde010f6e15bae0d843696f6ae8d5a85e75441660b782789ee747f075
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: jlxsjcj.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.223.149.155
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Content-Length: 1308
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 11 Oct 2018 12:25:42 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1308
Md5:    2923b250a3660c034aa7831d5e6d7f3c
Sha1:   646f109012bac000fe1bc58f40d112f77483f22a
Sha256: e682dfcdde010f6e15bae0d843696f6ae8d5a85e75441660b782789ee747f075