Overview

URL kufoto.com/qywh/get_news.php-id=21155.htm
IP50.117.73.101
ASNAS18779 EGIHosting
Location United States
Report completed2019-03-21 04:38:40 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-03-21 04:38:08 CET 1  50.117.73.101 Client IP ET TROJAN RAMNIT.A M2
2019-03-21 04:38:08 CET 1  50.117.73.101 Client IP ET TROJAN RAMNIT.A M1
2019-03-21 04:38:08 CET 1  50.117.73.101 Client IP ET TROJAN RAMNIT.A M2
2019-03-21 04:38:09 CET 1  50.117.73.101 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
2019-03-21 04:38:08 CET 1  50.117.73.101 Client IP ET TROJAN PE EXE or DLL Windows file download Text
2019-03-21 04:38:08 CET 1  50.117.73.101 Client IP ET TROJAN PE EXE or DLL Windows file download Text
2019-03-21 04:38:09 CET 1  50.117.73.101 Client IP ET TROJAN RAMNIT.A M1
2019-03-21 04:38:09 CET 1  50.117.73.101 Client IP ET TROJAN RAMNIT.A M1
2019-03-21 04:38:07 CET 1  50.117.73.101 Client IP ET TROJAN PE EXE or DLL Windows file download Text
2019-03-21 04:38:08 CET 1  50.117.73.101 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-03-21 2 kufoto.com/qywh/js.js Malware
2019-03-21 2 kufoto.com/top03.html Malware
2019-03-21 2 kufoto.com/xw_right02.html Malware
2019-03-21 2 kufoto.com/qywh/get_news.php-id=21155.htm Malware
2019-03-21 2 kufoto.com/top01.html Malware
2019-03-21 2 kufoto.com/js.js Malware
2019-03-21 2 kufoto.com/qywh/js.js Malware
2019-03-21 2 kufoto.com/qywh/js.js Malware
2019-03-21 2 kufoto.com/qywh/top_qywh.html Malware
2019-03-21 2 kufoto.com/bottom.html Malware
2019-03-21 2 kufoto.com/qywh/qywh_right.html Malware
2019-03-21 2 kufoto.com/right.html Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 5 reports on IP: 50.117.73.101

Date UQ / IDS / BL URL IP
2019-04-19 04:15:34 +0200
0 - 0 - 12 kufoto.com/qywh/get_news.php-id=21623.htm 50.117.73.101
2019-03-25 05:14:58 +0100
0 - 0 - 10 kufoto.com/jcxx/get_news.php-id=21744.htm 50.117.73.101
2019-03-23 05:09:53 +0100
0 - 10 - 12 kufoto.com/qydj/get_lb_news.php-id=21839.htm 50.117.73.101
2019-03-22 06:12:30 +0100
0 - 10 - 11 kufoto.com/smzr/index.php.htm 50.117.73.101
2019-03-18 02:10:22 +0100
0 - 0 - 12 kufoto.com/qydj/get_lb_news.php-id=21698.htm 50.117.73.101

Last 10 reports on ASN: AS18779 EGIHosting

Date UQ / IDS / BL URL IP
2019-04-26 16:02:17 +0200
0 - 0 - 1 xvidly.com/download/1374434166.34/xvidly_setup.exe 172.121.187.187
2019-04-26 15:56:09 +0200
0 - 0 - 1 xvidly.com/download/1375917357.308/xvidly_set (...) 172.121.187.187
2019-04-26 12:49:56 +0200
0 - 3 - 0 tiirtqs.icu/ 172.120.73.203
2019-04-26 12:48:17 +0200
0 - 3 - 0 kmctgdl.icu/ 45.39.142.103
2019-04-26 12:42:57 +0200
0 - 3 - 0 gvdudsx.icu/ 45.39.128.163
2019-04-26 12:36:52 +0200
0 - 1 - 0 whphvj.gdn/ 45.39.104.233
2019-04-26 12:23:12 +0200
0 - 1 - 0 pmqom.gdn/ 104.252.239.28
2019-04-26 12:20:06 +0200
0 - 1 - 0 larnxq.gdn/ 104.252.239.46
2019-04-26 12:19:29 +0200
0 - 0 - 4 nianfeng58.com/2019/0308/983014.shtml 172.121.11.39
2019-04-26 12:18:25 +0200
0 - 1 - 0 mrkqzlw.icu/ 107.165.63.220

Last 5 reports on domain: kufoto.com

Date UQ / IDS / BL URL IP
2019-04-19 04:15:34 +0200
0 - 0 - 12 kufoto.com/qywh/get_news.php-id=21623.htm 50.117.73.101
2019-03-25 05:14:58 +0100
0 - 0 - 10 kufoto.com/jcxx/get_news.php-id=21744.htm 50.117.73.101
2019-03-23 05:09:53 +0100
0 - 10 - 12 kufoto.com/qydj/get_lb_news.php-id=21839.htm 50.117.73.101
2019-03-22 06:12:30 +0100
0 - 10 - 11 kufoto.com/smzr/index.php.htm 50.117.73.101
2019-03-18 02:10:22 +0100
0 - 0 - 12 kufoto.com/qydj/get_lb_news.php-id=21698.htm 50.117.73.101


JavaScript

Executed Scripts (6)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 129, repeated: 4) - SHA256: 8655ed7d6c207eaeac962aea8cba787b132fc9afdbbb5a86cd4eee2aa32320b3

                                        < iframe src = 'https://www.st89.com/?att=cp6xx/'
rel = 'nofollow'
scrolling = 'no'
frameborder = '0'
width = '100%'
height = '3910' < /iframe>
                                    


HTTP Transactions (43)


Request Response
                                        
                                            GET /qywh/js.js HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/get_news.php-id=21155.htm
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT
Content-Length: 63


--- Additional Info ---
Magic:  UTF-8 Unicode text, with no line terminators
Size:   63
Md5:    a2b3ceb2591c94dbac7b35519de0e8cf
Sha1:   b5079b99c8e8d5d0f3d232345cfa30e2ea6a3730
Sha256: cc8a65d84ecebb6325c954c778fd0add5e61cfb288c89226b31125b35e30528d

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /images/biao_tit.gif HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/get_news.php-id=21155.htm
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Sat, 02 Feb 2019 04:58:57 GMT
Accept-Ranges: bytes
Etag: "5dd2cc0b4bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT
Content-Length: 129


--- Additional Info ---
Magic:  GIF image data, version 89a, 11 x 11
Size:   129
Md5:    d4e7f282cbb582f9e4a62f5212352f48
Sha1:   7c0846fd48db788ba7dea63e45aa71dde9417928
Sha256: 21790ae075cc805531fb6d87733356cf49a878fef23ab4f369497271f7b6b2f8
                                        
                                            GET /css/topbg.css HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/get_news.php-id=21155.htm
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Sat, 02 Feb 2019 07:00:32 GMT
Accept-Ranges: bytes
Etag: "314b4dfdc4bad41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT
Content-Length: 186


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   186
Md5:    e444ffed80471b3de53a158f414a3cfd
Sha1:   2db72b9ffd986c20393341193627d7ba54c5b64e
Sha256: c57a8a6400167168fdaa8dcff0d8c1e2c9682018b2d48b3f25427deded80ecfb
                                        
                                            GET /css/public.css HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/get_news.php-id=21155.htm
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Sat, 02 Feb 2019 07:00:32 GMT
Accept-Ranges: bytes
Etag: "4c394cfdc4bad41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT
Content-Length: 1847


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   1847
Md5:    93eefb31721b4a482774c230ba704edd
Sha1:   407147f1b8c2026baf18a72f2781bade47b45e4b
Sha256: bf6d9e062120032df686db23a5b5382f06191688bb2bf2b9ff9f046fdcb70ce7
                                        
                                            GET /css/mainstyle.css HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/get_news.php-id=21155.htm
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Sat, 02 Feb 2019 07:29:23 GMT
Accept-Ranges: bytes
Etag: "248c95c9bad41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT
Content-Length: 5162


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   5162
Md5:    687453d6886d593e595dd882429c9859
Sha1:   9d9cc75b7351d2d911c710ac055965b163b7c43c
Sha256: e5f740cb91249e7787190cf5b3bb50dd67e59796095e2296d2d1692adae3d46b
                                        
                                            GET /top03.html HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/get_news.php-id=21155.htm
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Last-Modified: Sat, 02 Feb 2019 07:36:10 GMT
Accept-Ranges: bytes
Etag: "a61043f7c9bad41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT
Content-Length: 2508


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   2508
Md5:    894588d98021b6f14d4f2a7b5e238770
Sha1:   4e4bbb3ab3ef980bd465156daf385901fdd8538c
Sha256: 66413629b583139a6872a6d2b4abdeff4ed246be8548317880689995c7d7bb51

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /xw_right02.html HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/get_news.php-id=21155.htm
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT
Content-Length: 63


--- Additional Info ---
Magic:  UTF-8 Unicode text, with no line terminators
Size:   63
Md5:    a2b3ceb2591c94dbac7b35519de0e8cf
Sha1:   b5079b99c8e8d5d0f3d232345cfa30e2ea6a3730
Sha256: cc8a65d84ecebb6325c954c778fd0add5e61cfb288c89226b31125b35e30528d

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /qywh/get_news.php-id=21155.htm HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Last-Modified: Sat, 02 Feb 2019 09:13:23 GMT
Accept-Ranges: bytes
Etag: "80fbfd8bd7bad41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be; expires=Sun, 24-Mar-19 11:38:07 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT
Content-Length: 67786


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   67786
Md5:    885be29645d21a17ffc5819ef204ce4c
Sha1:   681d0a5d1362ee02999425dd933e1c4bce77cc7a
Sha256: 5f358d298997488a156285e23ce5211cce518c2883fd9aa5d184b4c2b832a9a3

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET TROJAN RAMNIT.A M1
    - ET TROJAN PE EXE or DLL Windows file download Text
                                        
                                            GET /images/topbg.gif HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/css/topbg.css
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Sat, 02 Feb 2019 04:48:22 GMT
Accept-Ranges: bytes
Etag: "178c8686b2bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:08 GMT
Content-Length: 57


--- Additional Info ---
Magic:  GIF image data, version 89a, 10 x 25
Size:   57
Md5:    5eab26b79b5164fa7c0496e9b5531806
Sha1:   80faf779ea7f432489b18a5081f6e57d3a909e28
Sha256: 54ddc14c897cae4ba4529945a88fe008cab807aa2392cce2f28ca04f47d8c0df
                                        
                                            GET /images/tabbg02.gif HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/css/mainstyle.css
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Sat, 02 Feb 2019 04:48:33 GMT
Accept-Ranges: bytes
Etag: "94ba368db2bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:08 GMT
Content-Length: 676


--- Additional Info ---
Magic:  GIF image data, version 89a, 10 x 30
Size:   676
Md5:    dfe7ecd69ca9a9c32c3d9c3529372c7c
Sha1:   39c003c65b5e147235ad0a3df4023f030d8ee53e
Sha256: f5efe76aae7b28cf86e930912f2857542d7bde788e74b897401f40d02292ba65
                                        
                                            GET /css/mainstyletop.css HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/top03.html
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Sat, 02 Feb 2019 07:29:23 GMT
Accept-Ranges: bytes
Etag: "a95fb5c9bad41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:08 GMT
Content-Length: 554


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   554
Md5:    48420b103960823235e0ff522fd5189d
Sha1:   580f755c0f4bb9f0c151e0eff46b62205cc1ae7c
Sha256: 7477e62e6a3e625849db7747b7feb7090915cd24b24f98d230503d4d30e8de02
                                        
                                            GET /top01.html HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/get_news.php-id=21155.htm
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Transfer-Encoding: chunked
Content-Encoding: gzip
Last-Modified: Sat, 02 Feb 2019 09:13:25 GMT
Accept-Ranges: bytes
Etag: "a0dbb08dd7bad41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   84649
Md5:    b0f0c754065cbe96a43b4864eacc3403
Sha1:   34f01e79f23b249944466705c499009c1c920e31
Sha256: e3be8e08fc072065f0bed13add11579db56714107ff5519b5890e2c0693182b5

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET TROJAN RAMNIT.A M2
    - ET TROJAN PE EXE or DLL Windows file download Text
                                        
                                            GET /js.js HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/top03.html
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Tue, 22 Jan 2019 07:52:04 GMT
Accept-Ranges: bytes
Etag: "a65ab95d27b2d41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:08 GMT
Content-Length: 256


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   256
Md5:    bf609ac20e3d66fdaddad44cd0db9944
Sha1:   3c7bac28df0feb0558c75a534dee8c928ed03da5
Sha256: f89ab7ac3dce27ddc5cd92e2a23c114f271e762bd46cbf228a53bbf7aefdaa02

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /qywh/js.js HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/top_qywh.html
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:08 GMT
Content-Length: 63


--- Additional Info ---
Magic:  UTF-8 Unicode text, with no line terminators
Size:   63
Md5:    a2b3ceb2591c94dbac7b35519de0e8cf
Sha1:   b5079b99c8e8d5d0f3d232345cfa30e2ea6a3730
Sha256: cc8a65d84ecebb6325c954c778fd0add5e61cfb288c89226b31125b35e30528d

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /images/menuline.jpg HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/top03.html
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Last-Modified: Sat, 02 Feb 2019 04:48:44 GMT
Accept-Ranges: bytes
Etag: "2975ca93b2bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:08 GMT
Content-Length: 8373


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   8373
Md5:    211e644f4ef9dd076529ebc3e52e1404
Sha1:   d6380a540c258626f9f3607b214ea77903c89a4f
Sha256: c8cd60d248166a379853b68c3d571a10f473e376baabc2b325ceca75f31fb5b1
                                        
                                            GET /images/top.gif HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/top01.html
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Sat, 02 Feb 2019 04:48:43 GMT
Accept-Ranges: bytes
Etag: "73253093b2bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:08 GMT
Content-Length: 9404


--- Additional Info ---
Magic:  GIF image data, version 89a, 503 x 53
Size:   9404
Md5:    e1be0e44f6b1163030e74d60be321ea2
Sha1:   c881062e23affdeafc65dbc1a431c107c49926fe
Sha256: aa262cee14cc3bbae8ef1e6309fc643118bd897a07ab0522b2bc2f002226802e
                                        
                                            GET /images/biao01.gif HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/qywh_right.html
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Sat, 02 Feb 2019 05:00:44 GMT
Accept-Ranges: bytes
Etag: "938d8d40b4bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:08 GMT
Content-Length: 63


--- Additional Info ---
Magic:  GIF image data, version 89a, 9 x 9
Size:   63
Md5:    0b66b405ce04350b09949c449dad4f4e
Sha1:   04b7532b331c5f5e48c2c945e4e494ed791b1717
Sha256: 8e23a58084b57513ed4cb8a45e70a971e64a720c18b3b78e4cbc22b13a148832
                                        
                                            GET /qywh/js.js HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/qywh_right.html
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:09 GMT
Content-Length: 63


--- Additional Info ---
Magic:  UTF-8 Unicode text, with no line terminators
Size:   63
Md5:    a2b3ceb2591c94dbac7b35519de0e8cf
Sha1:   b5079b99c8e8d5d0f3d232345cfa30e2ea6a3730
Sha256: cc8a65d84ecebb6325c954c778fd0add5e61cfb288c89226b31125b35e30528d

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /images/menuline.gif HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/qywh_right.html
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Sat, 02 Feb 2019 05:00:43 GMT
Accept-Ranges: bytes
Etag: "213ff33fb4bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:09 GMT
Content-Length: 754


--- Additional Info ---
Magic:  GIF image data, version 89a, 238 x 2
Size:   754
Md5:    dd16dfd6530f94c132a2be43342a3bba
Sha1:   6c8530a3ade9d38dddefed86d2e8e26c1436df40
Sha256: 69017b5046459be83539a61e59d2924398af2130234511d11f2de84072694e6a
                                        
                                            GET /qywh/top_qywh.html HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/get_news.php-id=21155.htm
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Transfer-Encoding: chunked
Content-Encoding: gzip
Last-Modified: Sat, 02 Feb 2019 09:13:24 GMT
Accept-Ranges: bytes
Etag: "109648dd7bad41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   83872
Md5:    d24431b6c80bf9979a3166210389dbb3
Sha1:   f193665297571d62a66cd6194ef61db9bc9d8274
Sha256: 45ab85059397c56e7e6d5f1be31bdf59e5659e2c25e5793bab3d4334d8e83fea

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /images/menuline02.gif HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/qywh_right.html
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Sat, 02 Feb 2019 05:06:11 GMT
Accept-Ranges: bytes
Etag: "cf6ac03b5bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:09 GMT
Content-Length: 726


--- Additional Info ---
Magic:  GIF image data, version 89a, 220 x 2
Size:   726
Md5:    2e62afcc277979e3c184cbc0628b69cc
Sha1:   558960736034119e2f83c20b755a95fae07b2092
Sha256: 0a69e53b917a8338d615ecedfa1dbce1d24ed39b27cc34fcd387beedad00dde2
                                        
                                            GET /images/menubg01.jpg HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/css/public.css
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Last-Modified: Sat, 02 Feb 2019 04:48:42 GMT
Accept-Ranges: bytes
Etag: "fb1d7592b2bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:09 GMT
Content-Length: 9109


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   9109
Md5:    50588e3e6401a4af268dfc40cd964014
Sha1:   abc27a3bf3b9e245c431f1d24a321dc1fa10d70f
Sha256: c14e4795e661a07ebb75a8c87fb1b73f820182c3442884c09015c17361cb0966
                                        
                                            GET /bottom.html HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/get_news.php-id=21155.htm
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Transfer-Encoding: chunked
Content-Encoding: gzip
Last-Modified: Sat, 02 Feb 2019 09:13:18 GMT
Accept-Ranges: bytes
Etag: "b01d8689d7bad41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   84240
Md5:    a9cfd9036ddb490a139d0b35ed7560db
Sha1:   a678470901b779590584656f2bade23fa6d2aac2
Sha256: d36059139f26016bc1923c3d9c4c5f701d603971d9f2c31145e26fad0b1236fc

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
    - ET TROJAN RAMNIT.A M1
                                        
                                            GET /images/ditu.jpg HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/right.html
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Last-Modified: Sat, 02 Feb 2019 05:00:46 GMT
Accept-Ranges: bytes
Etag: "74d5d341b4bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:09 GMT
Content-Length: 7559


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   7559
Md5:    30fc6e01acdf5c16dfb908b5d5892f14
Sha1:   9a4a427fa8286b32d64326b7f5832d71b71ceba0
Sha256: 0dd42c62e1e1da606f4fa26068073f6eb9fac96f60c632cb77db9fd0b10d5b3b
                                        
                                            GET /images/menubg.jpg HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/css/public.css
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Last-Modified: Sat, 02 Feb 2019 04:48:41 GMT
Accept-Ranges: bytes
Etag: "b8862c92b2bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:09 GMT
Content-Length: 8037


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   8037
Md5:    cb4821745151895f2b314d6a065ec265
Sha1:   0816f3855ad30af380228d993e1e99247424e3f4
Sha256: 9b822ec8bcdebce0f705af80f187d591378012215d66fb9b5c34da82a15e3679
                                        
                                            GET /images/but_so.gif HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/css/public.css
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Sat, 02 Feb 2019 04:48:42 GMT
Accept-Ranges: bytes
Etag: "489fa292b2bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:09 GMT
Content-Length: 322


--- Additional Info ---
Magic:  GIF image data, version 89a, 50 x 18
Size:   322
Md5:    f8fc12e20586ece2ccabf8b07f5bdc7e
Sha1:   eaebf0dbf02b02fcd8318d9e1c73adff121c4f8c
Sha256: b3b2b73e89208e939bc3353433023b221e90c723b7914b659d1054dfa92c00a2
                                        
                                            GET /images/r_bg.gif HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/css/public.css
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Sat, 02 Feb 2019 04:48:24 GMT
Accept-Ranges: bytes
Etag: "b136c587b2bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:09 GMT
Content-Length: 2605


--- Additional Info ---
Magic:  GIF image data, version 89a, 258 x 27
Size:   2605
Md5:    339c81c8b0dbf559558cc091f799b7d0
Sha1:   5d5f7fb844b2ee4c8f309309ff9f0ae7c805197a
Sha256: 675dfd933e07f7491a4658414b2465f6ccd585c54dcfbed547fcdc87a9081d5c
                                        
                                            GET /images/conmenubg.gif HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/css/public.css
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Sat, 02 Feb 2019 04:48:41 GMT
Accept-Ranges: bytes
Etag: "c321ee91b2bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:10 GMT
Content-Length: 2642


--- Additional Info ---
Magic:  GIF image data, version 89a, 256 x 10
Size:   2642
Md5:    be2cdb836e4003c03b32c817521ea576
Sha1:   b8c605d25801eb79efac96676b9900640274ebf1
Sha256: 7685f5c6c6002a7ae53052d64e7b243f96eb30373ee0b7a399cb684391e5d6ad
                                        
                                            GET /images/bottombg.gif HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/css/public.css
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Last-Modified: Sat, 02 Feb 2019 04:48:40 GMT
Accept-Ranges: bytes
Etag: "f3843791b2bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:10 GMT
Content-Length: 12480


--- Additional Info ---
Magic:  GIF image data, version 89a, 960 x 27
Size:   12480
Md5:    d25f16d119dfcafe88e375179b51c1ce
Sha1:   94111f730fa0a16d16323ad87f0896d7d2a95b75
Sha256: 6d8123a6c20b10cfbee19591c3cdd0226a99fc73c64d997c4a2093dd12eadb73
                                        
                                            GET /qywh/qywh_right.html HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/get_news.php-id=21155.htm
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Transfer-Encoding: chunked
Content-Encoding: gzip
Last-Modified: Sat, 02 Feb 2019 09:13:24 GMT
Accept-Ranges: bytes
Etag: "90ec08dd7bad41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   167179
Md5:    d5b4d48e123edcbc74e05105a27cbe9f
Sha1:   f924ca40f2c46719fafb9cc2409234fc38785c94
Sha256: 4afcdcad0ed64e345810f373e80018e18d424f0fad9b13487ab1347d49e34a4e

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET TROJAN RAMNIT.A M2
    - ET TROJAN PE EXE or DLL Windows file download Text
    - ET TROJAN RAMNIT.A M1
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
                                        
                                            GET /images/menubg03.jpg HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/css/public.css
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Last-Modified: Sat, 02 Feb 2019 04:48:39 GMT
Accept-Ranges: bytes
Etag: "4d72f790b2bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:09 GMT
Content-Length: 8955


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   8955
Md5:    8122bbc50c8fb498d24ea6529ee1dd96
Sha1:   4627885ffacf4160761dfb45446a3d9ededa6625
Sha256: b50e4a1da442e6897dbf412efdbb712cbbff2f445dad4b0d6571c5843811b949
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         80.239.159.17
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "CD14522720D74995E72BD18F02044388385F2096A8B4AD1632ABDB16B2FCC85E"
Last-Modified: Mon, 18 Mar 2019 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=43163
Expires: Thu, 21 Mar 2019 15:37:34 GMT
Date: Thu, 21 Mar 2019 03:38:11 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    a6c62604a8b213abfc4c6597f92277de
Sha1:   409a324b1470403c0ae916cd57acaf7d318d646c
Sha256: cd14522720d74995e72bd18f02044388385f2096a8b4ad1632abdb16b2fcc85e
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         80.239.159.56
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Wed, 20 Mar 2019 18:00:46 GMT
Etag: "118eba860300098a953cf0b57c7f79e243dbe0b8"
Content-Length: 1398
Cache-Control: public, no-transform, must-revalidate, max-age=10501
Expires: Thu, 21 Mar 2019 06:33:12 GMT
Date: Thu, 21 Mar 2019 03:38:11 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1398
Md5:    5ce62217fdf6f310924dbcdc37d71521
Sha1:   118eba860300098a953cf0b57c7f79e243dbe0b8
Sha256: d7498510065b9c2f1fb0716a743cc739c823c2d7e1459333d61689b61cf142b9
                                        
                                            GET /images/bulidbg.jpg HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/css/public.css
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Last-Modified: Sat, 02 Feb 2019 04:48:41 GMT
Accept-Ranges: bytes
Etag: "58cda291b2bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:10 GMT
Content-Length: 32159


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   32159
Md5:    803997789c2470134b97d6b11b3d9121
Sha1:   540f15ce435bb9c469e1ac6d0188ead0d9baef8b
Sha256: 76dbe22a8390010ef9c1304bc54b9eb73b915930147a1ba30d5a61555c0498f4
                                        
                                            GET /?att=cp6xx/ HTTP/1.1 
Host: www.st89.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/top03.html

                                         
                                         47.244.145.132
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 21 Mar 2019 03:38:11 GMT
Expires: Thu, 21 Mar 2019 03:38:10 GMT
Cache-Control: no-cache, no-store, no-cache, max-age=0
Content-Encoding: gzip
X-Cache: MISS from
Transfer-Encoding: chunked
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10998
Md5:    d3428518a1d9b8e60bb4a733732cb7c2
Sha1:   42210e33c52998c62c9f23ae483d21281b8870d6
Sha256: 4a0451377cea35cbbac73d9ae78bb918153783976da6534349a853031623a395
                                        
                                            GET /?att=cp6xx/ HTTP/1.1 
Host: www.st89.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/right.html

                                         
                                         47.244.145.132
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 21 Mar 2019 03:38:12 GMT
Expires: Thu, 21 Mar 2019 03:38:11 GMT
Cache-Control: no-cache, no-store, no-cache, max-age=0
Content-Encoding: gzip
X-Cache: MISS from
Transfer-Encoding: chunked
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10998
Md5:    d3428518a1d9b8e60bb4a733732cb7c2
Sha1:   42210e33c52998c62c9f23ae483d21281b8870d6
Sha256: 4a0451377cea35cbbac73d9ae78bb918153783976da6534349a853031623a395
                                        
                                            GET /images/top_qywh.jpg HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/top_qywh.html
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Last-Modified: Sat, 02 Feb 2019 05:06:00 GMT
Accept-Ranges: bytes
Etag: "d49a73fdb4bad41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:08 GMT
Content-Length: 136381


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   136381
Md5:    83779bb6b31cf3383e556c71a08e2081
Sha1:   482e38c8c5ec0d94186c0338acccbbb772a6f574
Sha256: 0dd20dccac755ef633109e7c8948dece484cc1658e5c267d14a6404b578a6838
                                        
                                            GET /?att=cp6xx/ HTTP/1.1 
Host: www.st89.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/top01.html

                                         
                                         47.244.145.132
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 21 Mar 2019 03:38:12 GMT
Expires: Thu, 21 Mar 2019 03:38:11 GMT
Cache-Control: no-cache, no-store, no-cache, max-age=0
Content-Encoding: gzip
X-Cache: MISS from
Transfer-Encoding: chunked
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10998
Md5:    d3428518a1d9b8e60bb4a733732cb7c2
Sha1:   42210e33c52998c62c9f23ae483d21281b8870d6
Sha256: 4a0451377cea35cbbac73d9ae78bb918153783976da6534349a853031623a395
                                        
                                            GET /static/data/configjs.js HTTP/1.1 
Host: www.st89.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.st89.com/?att=cp6xx/

                                         
                                         47.244.145.132
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Etag: W/"5c92a3d4-6a5"
Server: nginx
Date: Thu, 21 Mar 2019 01:35:39 GMT
Last-Modified: Wed, 20 Mar 2019 20:34:28 GMT
Expires: Thu, 21 Mar 2019 07:35:39 GMT
Cache-Control: max-age=21600
Content-Encoding: gzip
X-Cache: HIT from
Content-Length: 830
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   830
Md5:    4e2f2d5058a22145a5445f6e4eb3e25f
Sha1:   eb924a08fe1b29fcb703148097d2e3a102ff930f
Sha256: c2f0f81b0562e304ed9ee6254df163ae86b603cd52b72c2c123a6ffed3a2b050
                                        
                                            GET /?att=cp6xx/ HTTP/1.1 
Host: www.st89.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/bottom.html

                                         
                                         47.244.145.132
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Thu, 21 Mar 2019 03:38:12 GMT
Expires: Thu, 21 Mar 2019 03:38:11 GMT
Cache-Control: no-cache, no-store, no-cache, max-age=0
Content-Encoding: gzip
X-Cache: MISS from
Transfer-Encoding: chunked
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10998
Md5:    d3428518a1d9b8e60bb4a733732cb7c2
Sha1:   42210e33c52998c62c9f23ae483d21281b8870d6
Sha256: 4a0451377cea35cbbac73d9ae78bb918153783976da6534349a853031623a395
                                        
                                            GET /right.html HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kufoto.com/qywh/get_news.php-id=21155.htm
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Transfer-Encoding: chunked
Content-Encoding: gzip
Last-Modified: Sat, 02 Feb 2019 09:13:24 GMT
Accept-Ranges: bytes
Etag: "a0f558dd7bad41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:07 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   167233
Md5:    17759b433236c35512b1f6a1ec8e842f
Sha1:   d0af9c491b83d77454b12a92e586f4158c0e0165
Sha256: 3c490c9d9a96686226e2a7a642aedac4530f519090a962896d6183f758c6a021

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:14 GMT
Content-Length: 63


--- Additional Info ---
Magic:  UTF-8 Unicode text, with no line terminators
Size:   63
Md5:    a2b3ceb2591c94dbac7b35519de0e8cf
Sha1:   b5079b99c8e8d5d0f3d232345cfa30e2ea6a3730
Sha256: cc8a65d84ecebb6325c954c778fd0add5e61cfb288c89226b31125b35e30528d
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: kufoto.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: yunsuo_session_verify=ecc0ec37645caa8c19182c44663e67be

                                         
                                         50.117.73.101
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Mar 2019 03:38:14 GMT
Content-Length: 63


--- Additional Info ---
Magic:  UTF-8 Unicode text, with no line terminators
Size:   63
Md5:    a2b3ceb2591c94dbac7b35519de0e8cf
Sha1:   b5079b99c8e8d5d0f3d232345cfa30e2ea6a3730
Sha256: cc8a65d84ecebb6325c954c778fd0add5e61cfb288c89226b31125b35e30528d