Overview

URL ygcbzp.ltd/
IP173.208.133.70
ASNAS32097 WholeSale Internet, Inc.
Location United States
Report completed2018-09-25 11:44:02 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-09-25 11:43:34 CEST 1  173.208.133.70 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
2018-09-25 11:43:34 CEST 1  173.208.133.70 Client IP ET TROJAN RAMNIT.A M2
2018-09-25 11:43:34 CEST 1  173.208.133.70 Client IP ET TROJAN RAMNIT.A M1


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-09-25 2 ygcbzp.ltd/wsgg.js Malware
2018-09-25 2 ygcbzp.ltd/ Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 173.208.133.70

Date UQ / IDS / BL URL IP
2019-05-05 07:56:59 +0200
0 - 0 - 1 lnptgx.ltd/vip/m20.html 173.208.133.70
2019-05-05 07:56:58 +0200
0 - 0 - 1 lnptgx.ltd/vip/m17.html 173.208.133.70
2019-04-23 21:38:14 +0200
0 - 0 - 1 jrfbyb.ltd/555 173.208.133.70
2019-04-22 19:47:32 +0200
0 - 0 - 1 lfmjbn.ltd/vip/m19.html 173.208.133.70
2019-04-22 19:46:31 +0200
0 - 0 - 1 lfmjbn.ltd/vip/m1.html 173.208.133.70
2019-04-22 19:45:31 +0200
0 - 0 - 1 rppwlj.ltd/vip/m13.html 173.208.133.70
2019-04-17 16:26:35 +0200
0 - 0 - 1 hnwsbj.ltd/vip/m26.html 173.208.133.70
2019-04-17 16:16:35 +0200
0 - 0 - 1 qygcbn.ltd/vip/m28.html 173.208.133.70
2019-04-13 05:39:43 +0200
0 - 0 - 1 lfmjbn.ltd/IlOysTgNjFrGtHtEAwVo/index.php 173.208.133.70
2019-04-02 06:51:07 +0200
0 - 0 - 1 dddbbg.ltd/vip/m25.html 173.208.133.70

Last 10 reports on ASN: AS32097 WholeSale Internet, Inc.

Date UQ / IDS / BL URL IP
2019-06-30 13:06:38 +0200
0 - 0 - 0 https://www.nsaem.net/23077/%D8%AA%D8%B1%D8%A (...) 69.197.161.170
2019-06-30 01:20:00 +0200
0 - 0 - 0 cooksrecipes.club/?9888802307=460774605612385540 204.12.206.26
2019-06-27 00:48:22 +0200
0 - 0 - 0 cooksrecipes.club/?9888802307=460774605612385540 204.12.206.26
2019-06-25 03:04:06 +0200
0 - 0 - 0 carplace.website/pid-pidlink-40560.html 208.110.84.154
2019-06-25 02:58:06 +0200
0 - 0 - 0 cooksrecipes.club/?9888802307=460774605612385540 204.12.206.26
2019-06-19 09:12:05 +0200
0 - 0 - 10 xxgasm.com 173.208.189.242
2019-06-13 17:36:33 +0200
0 - 0 - 0 happiness.freevar.com/ 69.197.143.12
2019-06-12 18:49:58 +0200
0 - 0 - 0 happiness.freevar.com 69.197.143.12
2019-06-10 14:29:07 +0200
0 - 0 - 26 mineralpars.com/project-3-columns 185.94.98.117
2019-06-10 14:09:57 +0200
0 - 0 - 7 abaremits.com/ali.html 173.208.190.50

Last 8 reports on domain: ygcbzp.ltd

Date UQ / IDS / BL URL IP
2019-06-03 11:28:00 +0200
0 - 0 - 1 ygcbzp.ltd/lff 47.91.170.222
2019-03-05 19:18:25 +0100
0 - 0 - 1 ygcbzp.ltd/tnb 173.208.133.70
2019-03-05 18:53:22 +0100
0 - 0 - 1 ygcbzp.ltd/it 173.208.133.70
2018-11-29 06:57:30 +0100
0 - 3 - 3 ygcbzp.ltd/inter 173.208.133.70
2018-11-27 20:46:21 +0100
0 - 3 - 3 ygcbzp.ltd/b56.php 173.208.133.70
2018-11-27 19:23:51 +0100
0 - 9 - 3 ygcbzp.ltd/rlz 173.208.133.70
2018-10-03 11:49:09 +0200
0 - 3 - 3 ygcbzp.ltd/lff 173.208.133.70
2018-09-29 06:00:39 +0200
0 - 3 - 3 ygcbzp.ltd/b19.php?tag=www838ee,con 173.208.133.70


JavaScript

Executed Scripts (4)


Executed Evals (0)


Executed Writes (3)

#1 JavaScript::Write (size: 156, repeated: 1) - SHA256: 4bbbdbcf9f68f0dfcfa81d12f47539d571ce21d5e057e72fe4fa641454b20c5c

                                        < a href = 'http://www.cnzz.com/stat/website.php?web_id=1273677048'
target = _blank title = '&#31449;&#38271;&#32479;&#35745;' > & #31449;&# 38271; & #32479;&# 35745; < /a>
                                    

#2 JavaScript::Write (size: 84, repeated: 1) - SHA256: 18311f057dc8ddd8fa215a45cda57d07e7730ce2336026a194d7e9c5b519d104

                                        < script language = 'JavaScript'
src = 'http://fenzi.zjhee.com:588/js/fenzi.js' > < /script>
                                    

#3 JavaScript::Write (size: 112, repeated: 1) - SHA256: b1d5bb549232726383c29513aabd8352f8f08d17e734e7c2cd8bb87e41afa0b0

                                        < script src = 'https://c.cnzz.com/core.php?web_id=1273677048&t=z'
charset = 'utf-8'
type = 'text/javascript' > < /script>
                                    


HTTP Transactions (20)


Request Response
                                        
                                            GET /wsgg.js HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Mon, 21 May 2018 13:15:48 GMT
Accept-Ranges: bytes
Etag: "ce306ad55f1d31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Sep 2018 09:43:28 GMT
Content-Length: 212


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   212
Md5:    7f6a51f6095acf6b8ca1ce382ce1347c
Sha1:   b3667a4f656f7dfb36f2417201590d4aa822f64e
Sha256: fbcf19aa77178a9d5320ef716b0e216b7f22d0e4d6560ea4f49e7a829bafead0

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            POST /gsorganizationvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 25 Sep 2018 09:43:31 GMT
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d27a88e145a0d01169ac547f721aaaed81537868611; expires=Wed, 25-Sep-19 09:43:31 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Tue, 25 Sep 2018 06:50:58 GMT
Expires: Sat, 29 Sep 2018 06:50:58 GMT
Etag: "04b2ffcc8721b636aa63924c5ee1ee7555d60111"
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 45fc8c05149a4255-OSL


--- Additional Info ---
Magic:  data
Size:   1570
Md5:    f27a2388e67983c4def546d72825572b
Sha1:   04b2ffcc8721b636aa63924c5ee1ee7555d60111
Sha256: 97826d169dbe9e627050361dad43b5a63c03cbb2ca909486e37c046a522d047e
                                        
                                            GET /pic/318.jpg HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 10511
Last-Modified: Thu, 02 Nov 2017 01:31:59 GMT
Accept-Ranges: bytes
Etag: "cba1c8607a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Sep 2018 09:43:28 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   10511
Md5:    331223f1c643d79e36d3353538700e1c
Sha1:   ecd1e86ad6952c6ce0d66d4dbd1ddbb204bfe5bf
Sha256: 8ec174a97083759227ade493b492b23070bb1e713150778ee724676878458f99
                                        
                                            GET /pic/7.jpg HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 47985
Last-Modified: Thu, 02 Nov 2017 01:28:51 GMT
Accept-Ranges: bytes
Etag: "1876a6f07953d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Sep 2018 09:43:28 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   47985
Md5:    755551fc41cbf54bd2541f198317f4c2
Sha1:   e54fee4448ea95b92df8519854c80894019fafa3
Sha256: e117c1bf326e4fde5fb95297c58fc695bd97402ee2bc5a4e9af8f87ebdadf3d1
                                        
                                            GET /pic/217.jpg HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 47985
Last-Modified: Thu, 02 Nov 2017 01:31:10 GMT
Accept-Ranges: bytes
Etag: "d8d695437a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Sep 2018 09:43:28 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   47985
Md5:    755551fc41cbf54bd2541f198317f4c2
Sha1:   e54fee4448ea95b92df8519854c80894019fafa3
Sha256: e117c1bf326e4fde5fb95297c58fc695bd97402ee2bc5a4e9af8f87ebdadf3d1
                                        
                                            GET /pic/286.jpg HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 48262
Last-Modified: Thu, 02 Nov 2017 01:31:52 GMT
Accept-Ranges: bytes
Etag: "e7f8535c7a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Sep 2018 09:43:28 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   48262
Md5:    7b6bfd6eba2dabe977c95ed56b625d7f
Sha1:   1fe13436ddb4304f1fc13d74b63cf347c10860c8
Sha256: e436e747228c9e23d5b694e86e89ffc9e6b28fbec14aef5ec0bff8effa3de1bf
                                        
                                            GET /z_stat.php?id=1273677048&web_id=1273677048 HTTP/1.1 
Host: s22.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         58.215.145.77
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: Tengine
Content-Length: 11734
Connection: keep-alive
Date: Tue, 25 Sep 2018 09:22:51 GMT
Last-Modified: Tue, 25 Sep 2018 09:22:51 GMT
Cache-Control: max-age=5400,s-maxage=5400
Via: cache10.l2ne1[0,200-0,H], cache9.l2ne1[1,0], kunlun7.cn190[0,200-0,H], kunlun8.cn190[0,0]
Age: 1240
X-Cache: HIT TCP_MEM_HIT dirn:11:274023125 mlen:-1
X-Swift-SaveTime: Tue, 25 Sep 2018 09:24:06 GMT
X-Swift-CacheTime: 5325
Timing-Allow-Origin: *
EagleId: 3ad7910815378686117294219e


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   11734
Md5:    6cc3071da54c739dcec6a1eaff44c701
Sha1:   21f1b75f737b7742d91cf4849457ac058c6daad7
Sha256: e3b319a6176cb4240dd5877b7b0e435b7b8b8aee6a987a952118cdc815311e50
                                        
                                            GET /pic/44.jpg HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 44856
Last-Modified: Thu, 02 Nov 2017 01:29:16 GMT
Accept-Ranges: bytes
Etag: "512173ff7953d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Sep 2018 09:43:30 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   44856
Md5:    67fa965ae921c3d5484a82ba59eccd8f
Sha1:   35fb907010a12f0cf2d77300b155b3be88f47847
Sha256: 93f6ddbcfa0736db41cfe6b9e00f5049d49de0f9aec3f6d3ecf5082a70ded0ea
                                        
                                            GET /pic/231.jpg HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 48628
Last-Modified: Thu, 02 Nov 2017 01:31:11 GMT
Accept-Ranges: bytes
Etag: "fd5428447a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Sep 2018 09:43:28 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   48628
Md5:    f9ec5e3e21fbd292a4fbe3d89d9a1810
Sha1:   b2e73cb715b44ebf18c92cff317bc72c7b7dd5e5
Sha256: 49f0fef85245db9e1fe0fb8aa50e15b976d4ae15e8624b7e04497124142af7b4
                                        
                                            GET /img/01.png HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 2356
Last-Modified: Wed, 19 Jul 2017 01:38:26 GMT
Accept-Ranges: bytes
Etag: "a2ea30b72f0d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Sep 2018 09:43:30 GMT


--- Additional Info ---
Magic:  PNG image, 198 x 45, 8-bit/color RGBA, non-interlaced
Size:   2356
Md5:    006992f6a13d22249d1045a756963ad4
Sha1:   4771f700e6f4c228b356f490726d370d3fc0eb45
Sha256: 916ea871226eb8310b143c8928c7825fb9f0565755f3ce86615658225abc2fb0
                                        
                                            GET /pic/107.jpg HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 42370
Last-Modified: Thu, 02 Nov 2017 01:30:02 GMT
Accept-Ranges: bytes
Etag: "fb93b81a7a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Sep 2018 09:43:30 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   42370
Md5:    38299abf36e459de977930c0ddfbfb38
Sha1:   6ba97fde88bc09192fd7e7a255f38c211826c6f1
Sha256: 927950b94277a1d96cafe92865a58d79d382d5bbdc8da68478e91959330d1f47
                                        
                                            GET /pic/246.jpg HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 47830
Last-Modified: Thu, 02 Nov 2017 01:31:22 GMT
Accept-Ranges: bytes
Etag: "2d38be4a7a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Sep 2018 09:43:28 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   47830
Md5:    7e42cfee1b69415860d6604801f31038
Sha1:   ac9c0bd9c13dc94d2314c2ea51429b643084aff9
Sha256: ddb1dc3b822b2b4d2f602d6c6b4ea84ee1590a444a09e68b6975c6783646dabc
                                        
                                            GET /img/02.png HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 2041
Last-Modified: Wed, 19 Jul 2017 01:38:35 GMT
Accept-Ranges: bytes
Etag: "8d4b6bc2f0d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Sep 2018 09:43:30 GMT


--- Additional Info ---
Magic:  PNG image, 198 x 45, 8-bit/color RGBA, non-interlaced
Size:   2041
Md5:    5a8b8d81a66b15aaffa572bd1676b7f4
Sha1:   f6c899115b243f910c23331228f66f1dc04aaed3
Sha256: eea2b2ef767cd967fb517b54f5b2f92248f4f5060400e7ae15177fff07113daf
                                        
                                            GET /stat.htm?id=1273677048&r=&lg=en-us&ntime=none&cnzz_eid=728944284-1537867371-&showp=1176x885&t=cijilu%E5%9C%B0%E5%9D%8024%E5%B0%8F%E6%97%B6%E5%A4%B1%E6%95%88&umuuid=166101cc0fc3-0240b92cde4074-6c242d76-fe178-166101cc0fd5f&h=1&rnd=472719548 HTTP/1.1 
Host: z1.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         203.119.206.97
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: Tengine
Date: Tue, 25 Sep 2018 09:43:33 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   22
Md5:    8bd3e739a9ba80a435f0214811da0c2a
Sha1:   bfc17d1e04e56542eb8037f08ed142efd252ea82
Sha256: a2dd5774b01bbfc29140279e02fea087df42a4c257dce8858226737a2e521986
                                        
                                            GET /core.php?web_id=1273677048&t=z HTTP/1.1 
Host: c.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         58.215.145.188
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: Tengine
Content-Length: 994
Connection: keep-alive
Date: Tue, 25 Sep 2018 09:36:55 GMT
Last-Modified: Tue, 25 Sep 2018 09:36:55 GMT
Expires: Tue, 25 Sep 2018 09:51:55 GMT
Via: cache15.l2ne1[0,200-0,H], cache7.l2ne1[0,0], kunlun7.cn190[0,200-0,H], kunlun6.cn190[1,0]
Age: 398
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2 mlen:-1
X-Swift-SaveTime: Tue, 25 Sep 2018 09:40:51 GMT
X-Swift-CacheTime: 664
Timing-Allow-Origin: *
EagleId: 3ad7910615378686132184738e


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   994
Md5:    df79e7db036344a9d1e35645ca8f6b8a
Sha1:   6c1047b9499c7ccd5c7f4d8743994fd37a765aa3
Sha256: a03250bbffd63c1124059a6c5391a60756286201925dcb8b84840d5ca4294ddd
                                        
                                            GET / HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.17, ASP.NET
Date: Tue, 25 Sep 2018 09:43:28 GMT
Connection: close


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.17, ASP.NET
Date: Tue, 25 Sep 2018 09:43:30 GMT
Connection: close


--- Additional Info ---

Alerts:
  IDS:
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
    - ET TROJAN RAMNIT.A M2
    - ET TROJAN RAMNIT.A M1
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ygcbzp.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: UM_distinctid=166101cc0fc3-0240b92cde4074-6c242d76-fe178-166101cc0fd5f; CNZZDATA1273677048=728944284-1537867371-%7C1537867371

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.17, ASP.NET
Date: Tue, 25 Sep 2018 09:43:32 GMT
Connection: close


--- Additional Info ---

Alerts:
  IDS:
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
    - ET TROJAN RAMNIT.A M2
    - ET TROJAN RAMNIT.A M1
                                        
                                            GET /js/fenzi.js HTTP/1.1 
Host: fenzi.zjhee.com:588
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /push.js HTTP/1.1 
Host: push.zhanzhang.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://ygcbzp.ltd/

                                         
                                         111.206.37.189
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Date: Tue, 25 Sep 2018 09:43:56 GMT
Etag: "4078521116"
Expires: Wed, 25 Sep 2019 09:43:56 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=9EF7D7218152A6BD2E6E06A1E6D54474:FG=1; max-age=31536000; expires=Wed, 25-Sep-19 09:43:56 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   227
Md5:    e548b6ce15bb616c2bfba36e9cfbf307
Sha1:   a348285d9928a6548a57569f1fb9d62bdd747f33
Sha256: 7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5