Overview

URL xzfubang.com/html/asnews201502171174.html
IP104.223.149.150
ASNAS46573 Global Frag Networks
Location United States
Report completed2018-12-16 00:45:57 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-12-16 00:45:26 CET 1  104.223.149.150 Client IP ET TROJAN PE EXE or DLL Windows file download Text
2018-12-16 00:45:27 CET 1  104.223.149.150 Client IP ET TROJAN RAMNIT.A M1
2018-12-16 00:45:26 CET 1  104.223.149.150 Client IP ET TROJAN RAMNIT.A M2
2018-12-16 00:45:26 CET 1  104.223.149.150 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-16 2 xzfubang.com/yesads.js Malware
2018-12-16 2 xzfubang.com/html/asnews201502171174.html Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.223.149.150

Date UQ / IDS / BL URL IP
2019-01-11 22:36:20 +0100
0 - 4 - 2 xzfubang.com/html/asnews201502171170.html 104.223.149.150
2018-12-17 06:20:34 +0100
0 - 0 - 2 xzfubang.com/html/aunews201612022699.html 104.223.149.150
2018-12-17 02:13:31 +0100
0 - 0 - 2 xzfubang.com/html/asvisa201502171232.html 104.223.149.150
2018-12-17 00:45:10 +0100
0 - 0 - 2 xzfubang.com/html/ceos20150217255.html 104.223.149.150
2018-12-16 23:50:19 +0100
0 - 4 - 2 xzfubang.com/html/case201503031763.html 104.223.149.150
2018-12-16 21:31:10 +0100
0 - 0 - 2 xzfubang.com/html/asuniversity201502171189.html 104.223.149.150
2018-12-16 19:46:24 +0100
0 - 0 - 2 xzfubang.com/html/aulife201502171558.html 104.223.149.150
2018-12-16 08:18:03 +0100
0 - 4 - 2 xzfubang.com/html/asvisa201502171232.html 104.223.149.150
2018-12-16 06:33:39 +0100
0 - 0 - 2 xzfubang.com/html/asuniversity201502171193.html 104.223.149.150
2018-12-15 07:17:08 +0100
0 - 0 - 2 xzfubang.com/html/aulife201502171562.html 104.223.149.150

Last 10 reports on ASN: AS46573 Global Frag Networks

Date UQ / IDS / BL URL IP
2019-06-10 18:25:41 +0200
0 - 0 - 1 lcxunjie.cn/html/hdxzxstd86190.html 107.179.119.78
2019-06-10 18:25:19 +0200
0 - 0 - 1 sdvmj.cn/html/info345....xbjjxbjj.html 107.179.119.158
2019-06-10 18:25:02 +0200
0 - 0 - 1 jxylmuye.cn/html/bmgkjgsz.html 107.179.119.198
2019-06-10 18:24:57 +0200
0 - 0 - 1 phyxgs.com.cn/html/zsjz14252847496.html 107.179.119.182
2019-06-10 17:50:47 +0200
0 - 0 - 1 lylhf.com.cn/html/jiuyebaozhanghezuodanwei201 (...) 107.179.119.197
2019-06-10 17:50:45 +0200
0 - 0 - 1 jensmay.cn/html/.tztg201611....hysqk.html 107.179.119.216
2019-06-10 17:50:11 +0200
0 - 0 - 1 lyjiuhua136.cn/html/hyzx7641.html 107.179.119.198
2019-06-10 17:49:34 +0200
0 - 0 - 1 jinaotanye.com.cn/htmlzt2016bkhpc_hashaymnR1.html 107.179.119.16
2019-06-10 17:49:17 +0200
0 - 0 - 2 lczhggwz.com.cn/xzzxxwbgzl.html 107.179.119.77
2019-06-10 17:48:36 +0200
0 - 0 - 2 lczhggwz.com.cn/html/jxsw234404.html 107.179.119.77

Last 10 reports on domain: xzfubang.com

Date UQ / IDS / BL URL IP
2019-06-10 18:26:04 +0200
0 - 0 - 2 xzfubang.com/html/aulife201502171555.html 104.203.223.36
2019-06-09 13:48:02 +0200
0 - 0 - 2 xzfubang.com/html/canews20150217937.html 104.203.223.36
2019-05-05 21:08:15 +0200
0 - 0 - 2 xzfubang.com/html/uknews201612022280.html 85.208.116.36
2019-04-19 06:26:03 +0200
0 - 0 - 2 xzfubang.com/html/auuniversity201502171329.html 85.208.116.36
2019-01-11 22:36:20 +0100
0 - 4 - 2 xzfubang.com/html/asnews201502171170.html 104.223.149.150
2018-12-17 06:20:34 +0100
0 - 0 - 2 xzfubang.com/html/aunews201612022699.html 104.223.149.150
2018-12-17 02:13:31 +0100
0 - 0 - 2 xzfubang.com/html/asvisa201502171232.html 104.223.149.150
2018-12-17 00:45:10 +0100
0 - 0 - 2 xzfubang.com/html/ceos20150217255.html 104.223.149.150
2018-12-16 23:50:19 +0100
0 - 4 - 2 xzfubang.com/html/case201503031763.html 104.223.149.150
2018-12-16 21:31:10 +0100
0 - 0 - 2 xzfubang.com/html/asuniversity201502171189.html 104.223.149.150


JavaScript

Executed Scripts (2)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 87, repeated: 1) - SHA256: a72b285b9287c1181927cd290a6f6c08d519ebc6754bc9f04fce904ca106945e

                                        < script src = 'https://s95.b9823852351323h.com/by/dz.js'
type = 'text/javascript' > < /script>
                                    


HTTP Transactions (30)


Request Response
                                        
                                            GET /yesads.js HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Length: 106
Last-Modified: Thu, 13 Apr 2017 15:53:11 GMT
Accept-Ranges: bytes
Etag: "3cc185d6eb4d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:35 GMT


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   106
Md5:    17a8754edf85068082f8b1ac1519d80e
Sha1:   33a9c0cccfe3d299c1ebb6d77fc4e0097b35f5a9
Sha256: 85965e1cee169e6ea1129285cafdd3c90f4e7b046207290c9ad9bc51bc58afdf

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /images/imagesicon2.gif HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 492
Last-Modified: Thu, 01 Dec 2016 03:49:52 GMT
Accept-Ranges: bytes
Etag: "5c49e9f8854bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:35 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 28 x 28
Size:   492
Md5:    39e87289a946d45bf5a7740ea2452dc6
Sha1:   533f8a083268ac81a334ccc30f5a700b21e2a7f9
Sha256: 52842fd1869562d653116499b098c15a017f6c8fb5364e5f47246469dc74651d
                                        
                                            GET /images/imagesaec8839b-92a0-4c13-baa3-84f74453c41c.gif HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 564
Last-Modified: Thu, 01 Dec 2016 03:49:53 GMT
Accept-Ranges: bytes
Etag: "6edea0f9854bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:35 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 70 x 27
Size:   564
Md5:    fa03f9886562a94a5b3e945f4c917cf8
Sha1:   b7b6788d083cad7545ef245304c27dd16d398a52
Sha256: 77221b86f9522e6cba707115fc143eb46e6e89549bcba1341ba05989b9d763d2
                                        
                                            GET /images/imagesswot1.gif HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 934
Last-Modified: Thu, 01 Dec 2016 03:49:54 GMT
Accept-Ranges: bytes
Etag: "7015f9f9854bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:35 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 103 x 28
Size:   934
Md5:    5c199a3e56ff2895215027bdb8350f46
Sha1:   5eda0f219b6d7667cfc3189a8dc74dcb4a24862c
Sha256: be8ae488b42fb76d6732fad3d7b2444ed20b4954874fcb3a414196eaf9fd92a8
                                        
                                            GET /images/imageslogo.gif HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 3448
Last-Modified: Thu, 01 Dec 2016 03:49:53 GMT
Accept-Ranges: bytes
Etag: "f07e60f9854bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:35 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 143 x 84
Size:   3448
Md5:    14478507c4f0c6fdce13616393c4c1f5
Sha1:   c8d6476a5e0db706bc89046af9a5560b11076dcf
Sha256: 2afad9dedfcf51b40f8fb787d67a0158f19d94d6de3bac56519bf8331b390970
                                        
                                            GET /images/imagesswot2.gif HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 921
Last-Modified: Thu, 01 Dec 2016 03:49:54 GMT
Accept-Ranges: bytes
Etag: "724c51fa854bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:35 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 103 x 28
Size:   921
Md5:    952b3b88a1998eaa3efdb33e2f3da5ef
Sha1:   7f5571826e01e0471615eeb205e892064e735b60
Sha256: 92b81cbc27007a31a963f45f5fcea333963c2229b12476aea5b858bf1669bcbb
                                        
                                            GET /images/imagesswot3.gif HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 931
Last-Modified: Thu, 01 Dec 2016 03:49:55 GMT
Accept-Ranges: bytes
Etag: "cee5abfa854bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:35 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 103 x 28
Size:   931
Md5:    ed2d58eb6945c757419ddf751f8e7277
Sha1:   e210a47bad2409edfb67bac4310a559a1b2a256e
Sha256: d494eff6e3d13a87b91b0d963536afee254241f61e176807e5c692b2892051af
                                        
                                            GET /images/csslistcss.css HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Length: 7656
Last-Modified: Thu, 01 Dec 2016 03:52:53 GMT
Accept-Ranges: bytes
Etag: "f050aa64864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:35 GMT


--- Additional Info ---
Magic:  UTF-8 Unicode C program text, with CRLF line terminators
Size:   7656
Md5:    f1b3eae6922a6169b5cb87a2b294ae35
Sha1:   c7891a4a8291242cdd037f95b53332fe5622883f
Sha256: eea947c24bf99cd3f9296539ba028fffffa239a1c263da692af166abdc8316d6
                                        
                                            GET /images/imagesswot4.gif HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 924
Last-Modified: Thu, 01 Dec 2016 03:49:56 GMT
Accept-Ranges: bytes
Etag: "2a7f6fb854bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:35 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 103 x 28
Size:   924
Md5:    296a7b6ed8c26f59162fdd9689c33a04
Sha1:   de48f8683543b3711fc7f3ccb0ceba63c45770fc
Sha256: da1e3e05444c4ed7cf830ea1577d87d29844af16fbb3ebf2062158d20a4895a1
                                        
                                            GET /images/imagesswot5.gif HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 990
Last-Modified: Thu, 01 Dec 2016 03:49:56 GMT
Accept-Ranges: bytes
Etag: "eea16afb854bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:35 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 103 x 28
Size:   990
Md5:    c9fe51d24e32ccffb1239675cbe89a23
Sha1:   93d6f07d032739c251596cbd06352f5cde9c6b00
Sha256: c0a2203a3ae3d4ed161bbc3cf1ac50d4cfb25b43657c3ed6e06dccd87e1228e8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.16
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Tue, 11 Dec 2018 02:28:34 GMT
Etag: 6DE2BCF408FF1AF7C39AD211FEAADA75802A0773
X-OCSP-Responder-ID: mcdpcaocsp13
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=182014
Expires: Tue, 18 Dec 2018 02:19:00 GMT
Date: Sat, 15 Dec 2018 23:45:26 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    3f3528206c07c7acbc87c7120472e5a3
Sha1:   6de2bcf408ff1af7c39ad211feaada75802a0773
Sha256: 86688de5b3613f570b1959da2230936c2e761ba5dd6dab7a3d4df0f9738beefb
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.16
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Tue, 11 Dec 2018 14:14:26 GMT
Etag: A6EDA65C2973ECDDA323DB47E8D543C6D387F6FD
X-OCSP-Responder-ID: (null)
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=224319
Expires: Tue, 18 Dec 2018 14:04:05 GMT
Date: Sat, 15 Dec 2018 23:45:26 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    b3127c7a1c3adc112c0a789326bf5d6d
Sha1:   a6eda65c2973ecdda323db47e8d543c6d387f6fd
Sha256: 5d84bdeca71be004451765f4cc433edcd5a30d705a997ac128d2db7fa4fbe32b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Tue, 11 Dec 2018 14:14:26 GMT
Etag: 888D5FC4B0835169497CCCBE3030E1E8D59FED77
X-OCSP-Responder-ID: (null)
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=224349
Expires: Tue, 18 Dec 2018 14:04:35 GMT
Date: Sat, 15 Dec 2018 23:45:26 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    d55c7b89fc25a262f8272f9c2e169ba9
Sha1:   888d5fc4b0835169497cccbe3030e1e8d59fed77
Sha256: 7dab7f594b34e7483f7d4d6d8076140fda6696cb3c11b2cc432c23a6a4e4e75f
                                        
                                            GET /html/asnews201502171174.html HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Length: 127344
Last-Modified: Sat, 04 Aug 2018 14:14:54 GMT
Accept-Ranges: bytes
Etag: "5a65e583fd2bd41:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:34 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   127344
Md5:    8289a9184bc632370c01c6de5166e877
Sha1:   7fe89f2eacf82cbf506179e8a7a1ded4d7c7e833
Sha256: 90a8c71eddb591860b301a99a6f81c02f8380c2c3bd969086dfa67a8ba13b3c8

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET TROJAN PE EXE or DLL Windows file download Text
    - ET TROJAN RAMNIT.A M1
    - ET TROJAN RAMNIT.A M2
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
                                        
                                            GET /images/imagesicon1.gif HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/images/csslistcss.css

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Content-Length: 202
Last-Modified: Thu, 01 Dec 2016 03:52:25 GMT
Accept-Ranges: bytes
Etag: "b2c6554864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:36 GMT


--- Additional Info ---
Magic:  GIF image data, version 89a, 16 x 11
Size:   202
Md5:    576fa3cf1dd6426417f0b9c9ec4a807e
Sha1:   ad807b963b53871cbd5a0a3c0d10362426419856
Sha256: 2b18b47c7db9c2f50b1a39472367c9d9a2470d14a09fabf2d02664b11aa4b998
                                        
                                            GET /images/imageslxpg.jpg HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 5023
Last-Modified: Thu, 01 Dec 2016 03:50:57 GMT
Accept-Ranges: bytes
Etag: "a4e38a1f864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:36 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   5023
Md5:    abface9b91a10974c7811c379a3c7630
Sha1:   055031b683248113789df0deedbe128603fc20ee
Sha256: 7fe88b2fd142da41e5911986169c81fbe8a7cf769e7522b01363f544f6aab9bc
                                        
                                            GET /images/imageswxlx.jpg HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 5365
Last-Modified: Thu, 01 Dec 2016 03:50:56 GMT
Accept-Ranges: bytes
Etag: "b414b91e864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:36 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   5365
Md5:    d46b5abed58facd4db4b559563f6f822
Sha1:   1a97f7cbfa34f90c2247a03f6c86726e2c103781
Sha256: 218ed6d1ebfab257a5f2718b20e81ecd3ebe1da1411c82605c5536f73b00d7f8
                                        
                                            GET /images/images0f262b5e-4a7c-47b5-bede-98f0489fa37e.jpg HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 25411
Last-Modified: Thu, 01 Dec 2016 03:52:42 GMT
Accept-Ranges: bytes
Etag: "cc72765e864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:36 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   25411
Md5:    1e6ca1c00335acdf5055afe89673e050
Sha1:   9aedb0d3dd13fd5517e49fe54f259e03736fe2e2
Sha256: f9df0c7c6c6eb3a73ba71c19a682fc88bf7af6bda83dcc412820189a2bae3c79
                                        
                                            GET /images/imagesmfdh.jpg HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 4905
Last-Modified: Thu, 01 Dec 2016 03:50:54 GMT
Accept-Ranges: bytes
Etag: "5cbcdd1d864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:36 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   4905
Md5:    190f03369626fde930899e90e83b463a
Sha1:   b58d91c36c16812d5feac168b0f936ea23728a65
Sha256: 2c67ebe4cec8ba8a7225454450e26a906b6e86c22f92400c96ca9852b10cd586
                                        
                                            GET /images/images29dc50c0-1e5a-4866-a4b8-a45c68ad5a2f.jpg HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 8043
Last-Modified: Thu, 01 Dec 2016 03:52:49 GMT
Accept-Ranges: bytes
Etag: "6c1f3062864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:36 GMT


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   8043
Md5:    6830f557fdce54c3f7782badda348f5c
Sha1:   ca8ead915d454c856c3b55749b8024e062e8eb01
Sha256: d90f82855dbdf1ded8240c8c931249baf72e3a9dc08030ff13bd02eafd3a9174
                                        
                                            GET /images/images983fed33-0099-46cc-8a9d-48c52f9ea8a4.jpg HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 7653
Last-Modified: Thu, 01 Dec 2016 03:52:46 GMT
Accept-Ranges: bytes
Etag: "ee92be60864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:36 GMT


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   7653
Md5:    3fd791b3302e8c3fc072f0e36e435ae4
Sha1:   e5632e6f0d779b8bc8168610af16eada4b8fc387
Sha256: a2e43a70fe2860bd522d1f2c39900a093e9e0e8498bc9c417385146babd9804e
                                        
                                            GET /images/images4cfa8283-c200-4bad-937c-53225c942885.jpg HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 7330
Last-Modified: Thu, 01 Dec 2016 03:52:45 GMT
Accept-Ranges: bytes
Etag: "52ae1760864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:36 GMT


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   7330
Md5:    ee062201c29f4dcb6d5b30f739bd46c1
Sha1:   0a5a8dbe24e44e7f7794cef357d52626d95b7eb5
Sha256: 6d4900c99e260bd54bd4188fd4b58a9aecc85e1eae3e4cbdba405804f2594852
                                        
                                            GET /images/images3dca247c-9923-4d35-9518-56a82f093fd9.jpg HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 8516
Last-Modified: Thu, 01 Dec 2016 03:52:48 GMT
Accept-Ranges: bytes
Etag: "e4f7d61864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:36 GMT


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   8516
Md5:    b196ebe7ed5a0a1b5f2f61e7a658a117
Sha1:   af4aa601480521e234ad26a3f7212365c34fc499
Sha256: 526122c9812a837e774c2405bcf6a9314587c658e76d463a9597bda21b7fa824
                                        
                                            GET /images/images76a59f9f-ab57-47f4-985f-1c78ce7a108d.jpg HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 7346
Last-Modified: Thu, 01 Dec 2016 03:52:44 GMT
Accept-Ranges: bytes
Etag: "32f2585f864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:36 GMT


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   7346
Md5:    b4ea5a784face25ed4c460925ad91984
Sha1:   9e8fccd8cfcaa77e45073ccce61849eccbef7ace
Sha256: 993f0283160ea19495a06cfb95e3d19a5dfa06e3f66364c3059169b23721ff15
                                        
                                            GET /images/images328dce4e-86f6-4470-a1e9-420a61cbadce.jpg HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 7586
Last-Modified: Thu, 01 Dec 2016 03:52:50 GMT
Accept-Ranges: bytes
Etag: "7eb4e762864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:37 GMT


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   7586
Md5:    1b1d3ae02dc54226b5cf6429860d7c1b
Sha1:   c5d3597fa90d78f1582064b831c07fd1d93bb22f
Sha256: 6ffe893928822bdce96e1287a67051305e26c238cdb7007fe95d6762e9958f5f
                                        
                                            GET /images/imagestitle_bg.jpg HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/images/csslistcss.css

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 919
Last-Modified: Thu, 01 Dec 2016 03:52:28 GMT
Accept-Ranges: bytes
Etag: "7ec5ca55864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:37 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   919
Md5:    5277e98483cc965d76ef870bd4ebce33
Sha1:   1fc3b91f6c5099bca87a2aae98c89f28eb4d33f0
Sha256: 5395f074d469b9ce1abd9592785afb0ec4e4809a75f2b5e7d067ec379e587f6b
                                        
                                            GET /images/imagestel.jpg HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         104.223.149.150
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 33760
Last-Modified: Thu, 01 Dec 2016 03:50:53 GMT
Accept-Ranges: bytes
Etag: "aa101d864bd21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:36 GMT


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   33760
Md5:    da57167f5ff8055219ea5b193bd7410f
Sha1:   0fd4c46648b3225085f5710ff6fda710be3d9a64
Sha256: ff21ab48a79330de466628db2f73229fc690978e788fe004d7ec128120143d8d
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.223.149.150
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Content-Length: 1308
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:37 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1308
Md5:    2923b250a3660c034aa7831d5e6d7f3c
Sha1:   646f109012bac000fe1bc58f40d112f77483f22a
Sha256: e682dfcdde010f6e15bae0d843696f6ae8d5a85e75441660b782789ee747f075
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: xzfubang.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.223.149.150
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Content-Length: 1308
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 15 Dec 2018 23:45:40 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1308
Md5:    2923b250a3660c034aa7831d5e6d7f3c
Sha1:   646f109012bac000fe1bc58f40d112f77483f22a
Sha256: e682dfcdde010f6e15bae0d843696f6ae8d5a85e75441660b782789ee747f075
                                        
                                            GET /by/dz.js HTTP/1.1 
Host: s95.b9823852351323h.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xzfubang.com/html/asnews201502171174.html

                                         
                                         0.0.0.0
                                        


--- Additional Info ---