Overview

URL jbbnzm.ltd/
IP173.208.133.70
ASNAS32097 WholeSale Internet, Inc.
Location United States
Report completed2018-08-10 10:09:19 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-08-10 10:08:50 CEST 1  173.208.133.70 Client IP ET TROJAN RAMNIT.A M2
2018-08-10 10:08:50 CEST 1  173.208.133.70 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
2018-08-10 10:08:51 CEST 1  173.208.133.70 Client IP ET TROJAN RAMNIT.A M1
2018-08-10 10:08:47 CEST 1  173.208.133.70 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
2018-08-10 10:08:47 CEST 1  173.208.133.70 Client IP ET TROJAN RAMNIT.A M2
2018-08-10 10:08:48 CEST 1  173.208.133.70 Client IP ET TROJAN RAMNIT.A M1


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-08-10 2 jbbnzm.ltd/wsgg.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 173.208.133.70

Date UQ / IDS / BL URL IP
2018-12-15 00:55:12 +0100
0 - 0 - 2 tpsknq.ltd/sitemap.html 173.208.133.70
2018-12-15 00:50:41 +0100
0 - 0 - 3 lllian.top/b85.php 173.208.133.70
2018-12-15 00:25:35 +0100
0 - 0 - 3 smtgpt.ltd/b92.php 173.208.133.70
2018-12-14 23:35:34 +0100
0 - 0 - 1 zzgptw.ltd/vip/m4.html 173.208.133.70
2018-12-14 22:57:44 +0100
0 - 0 - 2 31236p.ltd/ 173.208.133.70
2018-12-14 22:55:05 +0100
0 - 0 - 1 foctm.info/vip/m23.html 173.208.133.70
2018-12-14 22:45:38 +0100
0 - 0 - 3 rlmed.info/b87.php 173.208.133.70
2018-12-14 22:45:32 +0100
0 - 0 - 1 rdlian.top/vip/m28.html 173.208.133.70
2018-12-14 22:44:40 +0100
0 - 0 - 1 m.18822u.ltd/vip/m12.html 173.208.133.70
2018-12-14 22:44:30 +0100
0 - 0 - 1 mpqmmf.ltd/vip/m4.html 173.208.133.70

Last 10 reports on ASN: AS32097 WholeSale Internet, Inc.

Date UQ / IDS / BL URL IP
2018-12-15 02:08:14 +0100
0 - 0 - 3 pclian.top/b11.php 173.208.133.67
2018-12-15 02:02:11 +0100
0 - 0 - 3 tljjgt.loan/b92.php 173.208.133.68
2018-12-15 02:00:22 +0100
0 - 0 - 1 zarfv.info/vip/m7.html 173.208.133.66
2018-12-15 01:59:11 +0100
2 - 0 - 33 myarcadegames.org/steel-dino-toy%EF%BC%9Apter (...) 204.12.214.188
2018-12-15 01:58:52 +0100
0 - 0 - 2 tfist.info/video/svchost.exe 173.208.133.69
2018-12-15 01:53:33 +0100
0 - 0 - 1 tsjkgw.loan/vip/m26.html 173.208.133.66
2018-12-15 01:49:57 +0100
0 - 0 - 2 ynblc.info/v.php 173.208.133.67
2018-12-15 01:35:13 +0100
2 - 0 - 30 myarcadegames.org/category/fighting 204.12.214.188
2018-12-15 01:26:58 +0100
0 - 3 - 1 dzfctz.ltd/vip/m8.html 173.208.133.69
2018-12-15 00:55:12 +0100
0 - 0 - 2 tpsknq.ltd/sitemap.html 173.208.133.70

Last 5 reports on domain: jbbnzm.ltd

Date UQ / IDS / BL URL IP
2018-12-01 23:46:06 +0100
0 - 3 - 2 jbbnzm.ltd/ 173.208.133.70
2018-09-30 11:53:44 +0200
0 - 2 - 0 jbbnzm.ltd/lff 173.208.133.70
2018-09-28 19:09:38 +0200
0 - 3 - 0 jbbnzm.ltd/b91.php 173.208.133.70
2018-08-15 04:28:29 +0200
0 - 2 - 3 jbbnzm.ltd/b34.php 173.208.133.70
2018-07-02 11:31:18 +0200
0 - 9 - 3 jbbnzm.ltd/b93.php 173.208.133.70


JavaScript

Executed Scripts (4)


Executed Evals (0)


Executed Writes (3)

#1 JavaScript::Write (size: 156, repeated: 1) - SHA256: 4bbbdbcf9f68f0dfcfa81d12f47539d571ce21d5e057e72fe4fa641454b20c5c

                                        < a href = 'http://www.cnzz.com/stat/website.php?web_id=1273677048'
target = _blank title = '&#31449;&#38271;&#32479;&#35745;' > & #31449;&# 38271; & #32479;&# 35745; < /a>
                                    

#2 JavaScript::Write (size: 84, repeated: 1) - SHA256: 18311f057dc8ddd8fa215a45cda57d07e7730ce2336026a194d7e9c5b519d104

                                        < script language = 'JavaScript'
src = 'http://fenzi.zjhee.com:588/js/fenzi.js' > < /script>
                                    

#3 JavaScript::Write (size: 112, repeated: 1) - SHA256: b1d5bb549232726383c29513aabd8352f8f08d17e734e7c2cd8bb87e41afa0b0

                                        < script src = 'https://c.cnzz.com/core.php?web_id=1273677048&t=z'
charset = 'utf-8'
type = 'text/javascript' > < /script>
                                    


HTTP Transactions (20)


Request Response
                                        
                                            GET /wsgg.js HTTP/1.1 
Host: jbbnzm.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Mon, 21 May 2018 13:15:48 GMT
Accept-Ranges: bytes
Etag: "ce306ad55f1d31:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 10 Aug 2018 08:08:40 GMT
Content-Length: 212


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   212
Md5:    7f6a51f6095acf6b8ca1ce382ce1347c
Sha1:   b3667a4f656f7dfb36f2417201590d4aa822f64e
Sha256: fbcf19aa77178a9d5320ef716b0e216b7f22d0e4d6560ea4f49e7a829bafead0

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /pic/114.jpg HTTP/1.1 
Host: jbbnzm.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 16348
Last-Modified: Thu, 02 Nov 2017 01:30:03 GMT
Accept-Ranges: bytes
Etag: "ef66351b7a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 10 Aug 2018 08:08:40 GMT


--- Additional Info ---
Magic:  JPEG image data
Size:   16348
Md5:    9c05f120a5c6fdd9dd8652a8f555176d
Sha1:   cc0b271f2f5aa13d4978bbc5f4fc52563109b09d
Sha256: e7e28ad997abd24ac71ba7ab73401b43b335a111b64839c2088e7bb1df141294
                                        
                                            GET /pic/98.jpg HTTP/1.1 
Host: jbbnzm.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 27724
Last-Modified: Thu, 02 Nov 2017 01:29:58 GMT
Accept-Ranges: bytes
Etag: "ff7079187a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 10 Aug 2018 08:08:40 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   27724
Md5:    4c950406d38fa2f13c9074b780a231f2
Sha1:   9a083170108a99b9db9162a6a71f1eaab32697b2
Sha256: bae60186b152fa90b1183bc19d82f0fc734143dfd8e8d54dccd4cc37a8001ff8
                                        
                                            GET /pic/96.jpg HTTP/1.1 
Host: jbbnzm.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 39301
Last-Modified: Thu, 02 Nov 2017 01:29:56 GMT
Accept-Ranges: bytes
Etag: "a9211e177a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 10 Aug 2018 08:08:41 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   39301
Md5:    3ba19283ad78e792175902cd29a25aca
Sha1:   4306a2a1cf7501b97c4b2bc54464f1c01e6000d2
Sha256: 7a13043f6b4ee1296609cf30544e6f8dea01d22e64d4f99475f845e9852a2761
                                        
                                            GET /pic/299.jpg HTTP/1.1 
Host: jbbnzm.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 11460
Last-Modified: Thu, 02 Nov 2017 01:31:55 GMT
Accept-Ranges: bytes
Etag: "975475e7a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 10 Aug 2018 08:08:41 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   11460
Md5:    9ea5e696ff7989690a9414b1fc3b3a23
Sha1:   29109f79b81ebf3343db02403cad920c353ac4f6
Sha256: f6c18e48dc097cc7c579fede06cf8681c72eb7cce7af6f62c673b095136815bf
                                        
                                            GET /pic/127.jpg HTTP/1.1 
Host: jbbnzm.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 35838
Last-Modified: Thu, 02 Nov 2017 01:30:09 GMT
Accept-Ranges: bytes
Etag: "5913121f7a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 10 Aug 2018 08:08:41 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   35838
Md5:    addfb42d5894429e82b2fcc42e0c4c02
Sha1:   a457813756ebd066d48be0553e56ce11e662f62c
Sha256: e83bb11a35208fe8274195b39baae82a199760d88f683ff03786287daf01a2c7
                                        
                                            POST /gsorganizationvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Aug 2018 08:08:48 GMT
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d7270b5e3ba17e40a141fbaf6aac46caf1533888528; expires=Sat, 10-Aug-19 08:08:48 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Fri, 10 Aug 2018 05:03:57 GMT
Expires: Tue, 14 Aug 2018 05:03:57 GMT
Etag: "95542c875dddd0c6f880c5c5d70594479bf5b3c5"
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4480fa0766894285-OSL


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   136492
Md5:    100425dcd8cda9f94d60c9bc28a7e124
Sha1:   c2725a9fef268c7350081d35a19ddc03a202bd1d
Sha256: ee25d7bbdc2152b4b3681a7a8a630e9f0e1e044789cf9c6c9ab85a04ffc2d6f1
                                        
                                            GET /pic/147.jpg HTTP/1.1 
Host: jbbnzm.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 96449
Last-Modified: Thu, 02 Nov 2017 01:30:59 GMT
Accept-Ranges: bytes
Etag: "82aa63d7a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 10 Aug 2018 08:08:40 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   96449
Md5:    2cfd4e05c436499eb8b57ef3d77a6492
Sha1:   b4f3c68f729327698e505e0242901dcbec3e6f1c
Sha256: 52c3c226221a32b52d132f279f0539bed7c5e35fd262a5c93b85d51bb6819904
                                        
                                            GET /img/01.png HTTP/1.1 
Host: jbbnzm.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 2356
Last-Modified: Wed, 19 Jul 2017 01:38:26 GMT
Accept-Ranges: bytes
Etag: "a2ea30b72f0d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 10 Aug 2018 08:08:41 GMT


--- Additional Info ---
Magic:  PNG image, 198 x 45, 8-bit/color RGBA, non-interlaced
Size:   2356
Md5:    006992f6a13d22249d1045a756963ad4
Sha1:   4771f700e6f4c228b356f490726d370d3fc0eb45
Sha256: 916ea871226eb8310b143c8928c7825fb9f0565755f3ce86615658225abc2fb0
                                        
                                            GET /pic/93.jpg HTTP/1.1 
Host: jbbnzm.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 84517
Last-Modified: Thu, 02 Nov 2017 01:29:57 GMT
Accept-Ranges: bytes
Etag: "13c1a0177a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 10 Aug 2018 08:08:40 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   84517
Md5:    e9f19fb3369afe785382872c933697cf
Sha1:   c6467824224899a0ac6dec475cbf14ffdf48f6f1
Sha256: 1ea2b39cbe83b3bdba77ca6f5b3d313add14808e3cc8a00887bfafc23fd11b49
                                        
                                            GET /pic/64.jpg HTTP/1.1 
Host: jbbnzm.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 32962
Last-Modified: Thu, 02 Nov 2017 01:29:28 GMT
Accept-Ranges: bytes
Etag: "69e19367a53d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 10 Aug 2018 08:08:41 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   32962
Md5:    d0e3bb06efaef9541a8eaa6476e7818d
Sha1:   ec3a3c1a3ba925824699644c2eb80d04af767431
Sha256: 719811caa774ad21eb5baba1bbc5ab0313b33a641f87c445c54084823b0cf552
                                        
                                            GET /img/02.png HTTP/1.1 
Host: jbbnzm.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 2041
Last-Modified: Wed, 19 Jul 2017 01:38:35 GMT
Accept-Ranges: bytes
Etag: "8d4b6bc2f0d31:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 10 Aug 2018 08:08:41 GMT


--- Additional Info ---
Magic:  PNG image, 198 x 45, 8-bit/color RGBA, non-interlaced
Size:   2041
Md5:    5a8b8d81a66b15aaffa572bd1676b7f4
Sha1:   f6c899115b243f910c23331228f66f1dc04aaed3
Sha256: eea2b2ef767cd967fb517b54f5b2f92248f4f5060400e7ae15177fff07113daf
                                        
                                            GET /z_stat.php?id=1273677048&web_id=1273677048 HTTP/1.1 
Host: s22.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         124.160.136.179
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: Tengine
Content-Length: 11265
Connection: keep-alive
Date: Fri, 10 Aug 2018 07:08:08 GMT
Last-Modified: Fri, 10 Aug 2018 07:08:08 GMT
Cache-Control: max-age=5400,s-maxage=5400
Via: cache29.l2cn126[26,200-0,M], cache43.l2cn126[27,0], kunlun10.cn130[0,200-0,H], kunlun9.cn130[0,0]
Age: 3641
X-Cache: HIT TCP_MEM_HIT dirn:9:867554068 mlen:-1
X-Swift-SaveTime: Fri, 10 Aug 2018 07:08:08 GMT
X-Swift-CacheTime: 5400
Timing-Allow-Origin: *
EagleId: 7ca0888a15338885291705901e


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   11265
Md5:    1fdb68a931ef8c3a8120cf3053bb2f66
Sha1:   919095c2e53000723dc76ac790b2cd09060ea088
Sha256: 0a248a71f12e0c7e1a5a6dd0be8ac1ccf8ab8bd58ec57b39f1f2f8432634089b
                                        
                                            GET /core.php?web_id=1273677048&t=z HTTP/1.1 
Host: c.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         124.160.136.179
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: Tengine
Content-Length: 994
Connection: keep-alive
Date: Fri, 10 Aug 2018 08:01:32 GMT
Last-Modified: Fri, 10 Aug 2018 08:01:32 GMT
Expires: Fri, 10 Aug 2018 08:16:32 GMT
Via: cache1.l2eu6[150,200-0,M], cache11.l2eu6[151,0], kunlun10.cn130[0,200-0,H], kunlun6.cn130[1,0]
Age: 438
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2 mlen:-1
X-Swift-SaveTime: Fri, 10 Aug 2018 08:01:32 GMT
X-Swift-CacheTime: 900
Timing-Allow-Origin: *
EagleId: 7ca0888715338885304188714e


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   994
Md5:    06a5d540e308dcc1915b89380c5defb6
Sha1:   1cdeab88c5e3e72fec533ac89d67873b12639ee2
Sha256: 91972b1f959de3bbdd3e5d73f01b0248a7354e91104596874a60234d43ff3063
                                        
                                            POST /gsorganizationvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request
Cookie: __cfduid=d7270b5e3ba17e40a141fbaf6aac46caf1533888528

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 10 Aug 2018 08:08:54 GMT
Content-Length: 1570
Connection: keep-alive
Last-Modified: Fri, 10 Aug 2018 05:16:20 GMT
Expires: Tue, 14 Aug 2018 05:16:20 GMT
Etag: "2ef2f9ec8aa4d2bd85f18a6bf3f8bae3ebd37bcd"
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4480fa2ba2fb4285-OSL


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   136005
Md5:    66b9aca4520a6ac8f4bef9a820d18ebb
Sha1:   d668210afe8bea4a9775c5fff634690971a0a215
Sha256: ac4b53cbb88b394366f612b2f2ab1a052ff2afaf5a943bf00f34ce4ae843cf3e
                                        
                                            GET /9.gif?abc=1&rnd=371745424 HTTP/1.1 
Host: cnzz.mmstat.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         106.11.250.81
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Fri, 10 Aug 2018 08:08:57 GMT
Content-Length: 43
Connection: close
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=GTb0E5u+a28CAU0ogXuEZMr8; expires=Mon, 07-Aug-28 08:08:57 GMT; path=/; domain=.mmstat.com sca=1fa1bc2f; path=/; domain=.cnzz.mmstat.com atpsida=effd1c5c95f363e367cd8e80_1533888537_1; path=/; domain=.cnzz.mmstat.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /stat.htm?id=1273677048&r=&lg=en-us&ntime=none&cnzz_eid=1238556202-1533884888-&showp=1176x885&t=2017%E6%92%AD%E6%94%BE%E7%A3%81%E5%8A%9B%E9%93%BE%E6%8E%A5%E7%9A%84app&umuuid=16522e183903-0ed1be55029409-6c242d76-fe178-16522e183911a&h=1&rnd=617623379 HTTP/1.1 
Host: z1.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: jbbnzm.ltd
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         173.208.133.70
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.2.17, ASP.NET
Date: Fri, 10 Aug 2018 08:08:40 GMT
Connection: close


--- Additional Info ---

Alerts:
  IDS:
    - ET TROJAN RAMNIT.A M2
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
    - ET TROJAN RAMNIT.A M1
                                        
                                            GET /js/fenzi.js HTTP/1.1 
Host: fenzi.zjhee.com:588
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /push.js HTTP/1.1 
Host: push.zhanzhang.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://jbbnzm.ltd/

                                         
                                         111.206.37.189
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Date: Fri, 10 Aug 2018 08:09:12 GMT
Etag: "4078521116"
Expires: Sat, 10 Aug 2019 08:09:12 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=DBE178E5DBB030992A1F8F34C7A70EC3:FG=1; max-age=31536000; expires=Sat, 10-Aug-19 08:09:12 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   227
Md5:    e548b6ce15bb616c2bfba36e9cfbf307
Sha1:   a348285d9928a6548a57569f1fb9d62bdd747f33
Sha256: 7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5