Overview

URL gzjfhx.com/html/football/2018/387498.html
IP154.91.25.52
ASNAS2905 TICSA-ASN
Location Seychelles
Report completed2018-08-17 22:46:38 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-08-17 22:45:41 CEST 1  154.91.25.52 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
2018-08-17 22:45:41 CEST 1  154.91.25.52 Client IP ET TROJAN PE EXE or DLL Windows file download Text
2018-08-17 22:45:41 CEST 1  154.91.25.52 Client IP ET TROJAN RAMNIT.A M2


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-08-17 2 gzjfhx.com/html/football/2018/387498.html Malware
2018-08-17 2 www.gzjfhx.com/html/football/2018/min.js Malware
2018-08-17 2 www.gzjfhx.com/html/app/js/common_index.js Malware
2018-08-17 2 www.gzjfhx.com/html/football/2018/387498.html Malware
2018-08-17 2 www.gzjfhx.com/html/php/check.php Malware
2018-08-17 2 www.gzjfhx.com/ Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 4 reports on IP: 154.91.25.52

Date UQ / IDS / BL URL IP
2018-10-01 18:07:53 +0200
0 - 0 - 1 www.gzjfhx.com/html/live/cn/jx/jxjjtv4.html 154.91.25.52
2018-08-20 21:15:17 +0200
2 - 8 - 10 www.gzjfhx.com/html/event/weifangbei 154.91.25.52
2018-08-17 23:21:39 +0200
2 - 8 - 8 www.gzjfhx.com/html/live/cn/gd/jmhszh.html 154.91.25.52
2018-08-15 05:17:32 +0200
2 - 7 - 11 gzjfhx.com/html/basketball/2018 154.91.25.52

Last 10 reports on ASN: AS2905 TICSA-ASN

Date UQ / IDS / BL URL IP
2019-06-27 06:53:20 +0200
0 - 0 - 0 www.bj-jindian.com 45.203.121.232
2019-06-25 22:38:43 +0200
0 - 0 - 0 www.acaeglobal.com 154.0.168.131
2019-06-21 18:52:57 +0200
0 - 0 - 0 webdisk.gcu.org.za/ 154.0.174.58
2019-06-17 21:03:50 +0200
0 - 0 - 0 supernovafoundation.org/ 197.242.144.48
2019-06-14 15:20:09 +0200
0 - 0 - 0 interpol.ipudev.com 154.92.135.241
2019-06-14 13:18:56 +0200
0 - 0 - 0 www.naturalmedicina.net/7wns.js 45.197.81.109
2019-06-13 06:56:55 +0200
0 - 0 - 0 https://www.metrofilegroup.com 197.242.158.118
2019-06-12 14:50:16 +0200
0 - 0 - 0 https://eurostar-tgv.com/ 154.91.206.177
2019-06-12 14:49:02 +0200
0 - 0 - 0 eurostar-tgv.com/ 154.91.206.177
2019-06-11 00:58:00 +0200
0 - 0 - 1 www.nfcfzk.com/news/zmqy/5.html 154.81.100.208

Last 4 reports on domain: gzjfhx.com

Date UQ / IDS / BL URL IP
2018-10-01 18:07:53 +0200
0 - 0 - 1 www.gzjfhx.com/html/live/cn/jx/jxjjtv4.html 154.91.25.52
2018-08-20 21:15:17 +0200
2 - 8 - 10 www.gzjfhx.com/html/event/weifangbei 154.91.25.52
2018-08-17 23:21:39 +0200
2 - 8 - 8 www.gzjfhx.com/html/live/cn/gd/jmhszh.html 154.91.25.52
2018-08-15 05:17:32 +0200
2 - 7 - 11 gzjfhx.com/html/basketball/2018 154.91.25.52


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (9)


Request Response
                                        
                                            GET /html/football/2018/387498.html HTTP/1.1 
Host: gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         154.91.25.52
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.gzjfhx.com/html/football/2018/387498.html
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Set-Cookie: PHPSESSID=vpujvab3lbavgg9f2chhroeri3; path=/
Date: Fri, 17 Aug 2018 20:45:02 GMT
Content-Length: 175


--- Additional Info ---
Magic:  HTML document text
Size:   175
Md5:    3c59d79fff3de5b5ab9c458109ab025c
Sha1:   3fc2bdfef27316c61aa172349736229d0a2acabe
Sha256: d5f6d7d057968479e3db1b74bddb3bdcdb5cb253884144b1f2379eec5c375fd8

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /html/app/images/tiyubalogo.gif HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/football/2018/387498.html
Cookie: PHPSESSID=d5lgo6hdfhu4uoc83q72a8t1c2

                                         
                                         154.91.25.52
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.jisutiyu.com/app/images/tiyubalogo.gif
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 20:45:16 GMT
Content-Length: 172


--- Additional Info ---
Magic:  HTML document text
Size:   172
Md5:    2edc1596175e9074ecaaf720caa8abc0
Sha1:   653eda21af642f966d73daf53ee0ceb00d537df1
Sha256: a082f89860b473ac011969674e074a5fab8a72380df2c5b9bfa461449d3cc3cd
                                        
                                            GET /html/app/css/tiyuba_index.css?v=20160112 HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/football/2018/387498.html
Cookie: PHPSESSID=d5lgo6hdfhu4uoc83q72a8t1c2

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: text/css;charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 20:45:16 GMT
Content-Length: 7695


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   7695
Md5:    1fdf13e444ab8a83322b837907e5a525
Sha1:   a6e7c6ae6abea1a428a6a975190145ec7abab908
Sha256: 4c80df1fda8a91a5258af44f06cd6ea8c191281988615c2213d2d05a758d5b14
                                        
                                            GET /app/images/tiyubalogo.gif HTTP/1.1 
Host: www.jisutiyu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/football/2018/387498.html

                                         
                                         192.250.196.75
HTTP/1.1 403 Forbidden
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.4.8
Date: Fri, 17 Aug 2018 20:45:40 GMT
Content-Length: 607
Connection: close


--- Additional Info ---
Magic:  HTML document text
Size:   607
Md5:    17c2732934729972d03513918e10cdba
Sha1:   2dc034e3b3100954207b9df03097aa2b92fab2df
Sha256: ed8b8ea2c1b985bd26f12c9b42f8762250244893853b8bc661900f47ed5c8d79
                                        
                                            GET /html/football/2018/min.js HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/football/2018/387498.html
Cookie: PHPSESSID=d5lgo6hdfhu4uoc83q72a8t1c2

                                         
                                         154.91.25.52
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.gzjfhx.com/
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 20:45:28 GMT
Content-Length: 145


--- Additional Info ---
Magic:  HTML document text
Size:   145
Md5:    7aeb47a741e9cc17969e8bf91c53c668
Sha1:   40e45a8f9444ecd43c7c12209ebfc94f9fbba55f
Sha256: 4069578174ab8c4bfc0fc7bf225fb278baed5f14cea8f5109fb3a4d2f5d18df4

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /html/app/js/common_index.js HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/football/2018/387498.html
Cookie: PHPSESSID=d5lgo6hdfhu4uoc83q72a8t1c2

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 20:45:28 GMT
Content-Length: 6849


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   6849
Md5:    d69fb0d7644681a00bdf51f03d0cc506
Sha1:   143a658a18123da0ca88098e0af5af692388ef9a
Sha256: c5c74e80faa5d9e134765a155e24f71d7ece4fc2a46441339a61aa5d647ab80a

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /html/football/2018/387498.html HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Transfer-Encoding: chunked
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Set-Cookie: PHPSESSID=d5lgo6hdfhu4uoc83q72a8t1c2; path=/
Date: Fri, 17 Aug 2018 20:45:12 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   172422
Md5:    4e0f58f10dae6dbd277b8352be6d0716
Sha1:   be7234217098c0ba57cf63d2b9e7dee82b72e3cf
Sha256: 27f6d6d929c7bf849581345fe936e94e238666d24f6cb694609cb51356ab9a3f

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
    - ET TROJAN PE EXE or DLL Windows file download Text
    - ET TROJAN RAMNIT.A M2
                                        
                                            GET /html/php/check.php HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/football/2018/387498.html
Cookie: PHPSESSID=d5lgo6hdfhu4uoc83q72a8t1c2

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Transfer-Encoding: chunked
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 20:45:16 GMT


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   168522
Md5:    f3284be2839c540c4490c17a46f12446
Sha1:   1fad052f6716385954edd554a19880f73ae0fd0e
Sha256: e4c5db44ae7cc5cb4601e1dad2b5ce3b280d2165ab545705f8c55dac4d3319b7

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET / HTTP/1.1 
Host: www.gzjfhx.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gzjfhx.com/html/football/2018/387498.html
Cookie: PHPSESSID=d5lgo6hdfhu4uoc83q72a8t1c2

                                         
                                         154.91.25.52
HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
                                        
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Transfer-Encoding: chunked
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.6.34, ASP.NET
Date: Fri, 17 Aug 2018 20:45:29 GMT


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware