Overview

URL egbh.hb.cn/list?5_2.html
IP121.12.119.112
ASNAS58543 Guangdong
Location China
Report completed2017-07-17 15:19:57 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-07-17 2 egbh.hb.cn/list?5_2.html Malware
2017-07-17 2 egbh.hb.cn/list?5_2.html Malware
2017-07-17 2 mm.aa88567.cn/index/mm.js Malware
2017-07-17 2 mm.aa88567.cn/index/mm.js Malware
2017-07-17 2 mm.aa88567.cn/index/mm.js Malware
2017-07-17 2 mm.aa88567.cn/index/mm.js Malware
2017-07-17 2 mm.aa88567.cn/index/mm.js Malware
2017-07-17 2 mm.aa88567.cn/index/mm.js Malware
2017-07-17 2 mm.aa88567.cn/index/mm.js Malware
2017-07-17 2 mm.aa88567.cn/index/mm.js Malware
2017-07-17 2 mm.aa88567.cn/index/mm.js Malware
2017-07-17 2 mm.aa88567.cn/index/mm.js Malware
2017-07-17 2 egbh.hb.cn/flash/slideflash.swf Malware
2017-07-17 2 egbh.hb.cn/list/?5_2.html Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 121.12.119.112

Date UQ / IDS / BL URL IP
2017-07-25 09:59:49 +0200
0 - 0 - 12 egbh.hb.cn/list/ 121.12.119.112
2017-07-24 00:49:54 +0200
0 - 0 - 3 www.sedchina.com/product/wei001.html?WebShiel (...) 121.12.119.112
2017-07-23 09:03:22 +0200
0 - 0 - 3 sedchina.com/product-1.html?WebShieldDRSessio (...) 121.12.119.112
2017-07-22 23:36:59 +0200
0 - 4 - 10 www.qk-ex.com/ups/?WebShieldDRSessionVerify=w (...) 121.12.119.112
2017-07-21 10:51:02 +0200
0 - 0 - 5 weyyeanq.com/En_Product.asp 121.12.119.112
2017-07-18 23:08:52 +0200
0 - 0 - 5 weyyeanq.com/En_Product.asp?EnBigClassName=El (...) 121.12.119.112
2017-07-16 04:32:36 +0200
0 - 4 - 17 www.egbh.hb.cn/list/?228_2.html 121.12.119.112
2017-07-15 11:40:43 +0200
0 - 0 - 3 egbh.hb.cn/Product.asp 121.12.119.112
2017-07-15 01:08:58 +0200
0 - 4 - 11 qk-ex.com/news_us/2016nian4yuefenwosigequdaor (...) 121.12.119.112
2017-07-15 01:08:48 +0200
0 - 4 - 9 qk-ex.com/news_us/ouzhoujiaqitongzhi 121.12.119.112

Last 10 reports on ASN: AS58543 Guangdong

Date UQ / IDS / BL URL IP
2017-07-27 03:55:12 +0200
0 - 0 - 2 szjsnf.huxi.hyfdcb.cn/mvy/32085.apk 59.37.85.18
2017-07-27 03:52:21 +0200
0 - 0 - 0 www.cncn.net/cardpage/ 121.10.141.179
2017-07-27 03:29:12 +0200
0 - 0 - 2 szjsnf.huxi.hyfdcb.cn/mvy/32085.apk 59.37.85.18
2017-07-27 03:09:40 +0200
0 - 0 - 1 gameapp.37.com/controller/client.php?game_id=462 121.201.25.130
2017-07-27 02:40:47 +0200
0 - 0 - 2 szjsnf.huxi.hyfdcb.cn/mvy/32085.apk 59.37.85.18
2017-07-27 02:29:44 +0200
0 - 0 - 1 dx.mt30.com/201408/QQxzqyjdlgj.rar 121.10.140.243
2017-07-27 02:29:37 +0200
0 - 0 - 1 dl.dxcnd.cn/apks/demand/newsarticle1.apk 119.146.74.48
2017-07-27 02:10:46 +0200
0 - 0 - 1 css.jipinfeiche.cn/advert/v4/setup_get.php?type=1 183.61.19.211
2017-07-27 01:56:08 +0200
0 - 0 - 1 dl.dxcnd.cn/apks/own/toolbox-power.apk 119.146.74.48
2017-07-27 01:33:38 +0200
0 - 0 - 1 www7.edowning.net/down/yingfudata.rar 113.107.148.202

No other reports on domain: .



JavaScript

Executed Scripts (2)


Executed Evals (0)


Executed Writes (6)

#1 JavaScript::Write (size: 9, repeated: 1) - SHA256: 196c7c813d82c026b1111acb891087e8f52e9e7c936a6ea3edd38fcf0eea3a3e

                                        < /object>
                                    

#2 JavaScript::Write (size: 391, repeated: 1) - SHA256: 1babad384cb2ef673cb1ba28c07dea059f638160623b53b811c4497250a58967

                                        < embed src = "/flash/slideflash.swf"
wmode = "opaque"
FlashVars = "bcastr_file=/upLoad/slide/month_1109/01.jpg|/upLoad/slide/month_1109/01.jpg|/upLoad/slide/month_1109/01.jpg&bcastr_link=#||&bcastr_title=undefined&bcastr_config=0xffffff:�W�r|2:�WMn|0x000000:�W�o�r|30:�W�o�|0xffffff:	.�W�r|0x4f6898:	.ؤ�r|0x000033:	.SM�r|8:ꨭ>��|3:�G�!H�|1:/&>:	�|_blank:S
                                    

#3 JavaScript::Write (size: 184, repeated: 1) - SHA256: 81fed38b4b287c5ef915cf76616f58e87251d4c7468156dab1f60544fe103d12

                                        < object classid = "clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase = "http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"
width = "100%"
height = "404" >
                                    

#4 JavaScript::Write (size: 361, repeated: 1) - SHA256: dd7a5e4e069486f4c0d934d44c2d97fe34c52dbd448bb6880d9b41c790271edc

                                        < param name = "FlashVars"
value = "bcastr_file=/upLoad/slide/month_1109/01.jpg|/upLoad/slide/month_1109/01.jpg|/upLoad/slide/month_1109/01.jpg&bcastr_link=#||&bcastr_title=undefined&bcastr_config=0xffffff:�W�r|2:�WMn|0x000000:�W�o�r|30:�W�o�|0xffffff:	.�W�r|0x4f6898:	.ؤ�r|0x000033:	.SM�r|8:ꨭ>��|3:�G�!H�|1:/&>:	�|_blank:S
                                    

#5 JavaScript::Write (size: 66, repeated: 1) - SHA256: 5a2f7c8295471fc699e4d60ac96c0a660dc53d455c7c1c11d3c8ce4a04df25ab

                                        < param name = "menu"
value = "false" > < param name = wmode value = "opaque" >
                                    

#6 JavaScript::Write (size: 85, repeated: 1) - SHA256: 291ae1a8ca1e5800ba293950e9356ea1c41f65c3ac8abbbffe24e40c74294e7a

                                        < param name = "movie"
value = "/flash/slideflash.swf" > < param name = "quality"
value = "high" >
                                    


HTTP Transactions (24)


Request Response
                                        
                                            GET /list?5_2.html HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         121.12.119.112
HTTP/1.1 302 Found
Content-Type: text/html
                                        
Server: Safedog/4.0.0
Location: /list?5_2.html&WebShieldDRSessionVerify=QGSvXDLObkysgIz4bdzR
Content-Length: 0
Connection: Close


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /list?5_2.html&WebShieldDRSessionVerify=QGSvXDLObkysgIz4bdzR HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         121.12.119.112
HTTP/1.1 302 Found
Content-Type: text/html
                                        
Server: Safedog/4.0.0
Location: /list?5_2.html
Content-Length: 0
Connection: Close


--- Additional Info ---
                                        
                                            GET /list?5_2.html HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         121.12.119.112
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Content-Length: 155
Location: http://egbh.hb.cn/list/?5_2.html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 17 Jul 2017 13:17:54 GMT


--- Additional Info ---
Magic:  HTML document text
Size:   155
Md5:    c53714ed175f855d4dedfbe25dfc884c
Sha1:   33be73f3444da61b2a8d33f3b68991c1c31e1abf
Sha256: 998c7e463839ee27409037c052e3a2caac11482d97f2bca5b709c2d4e9b3609d

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /index/mm.js HTTP/1.1 
Host: mm.aa88567.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html

                                         
                                         103.232.215.138
HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=utf-8
                                        
Server: Tengine/1.4.2
Date: Mon, 17 Jul 2017 13:18:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   420
Md5:    2538aa96ff67d0d91118cf6b3feb6e23
Sha1:   4f089fb0b27a02c499d3e03dd26120986f16ae0f
Sha256: 2f1368ae6ca163c38812c4255e374bfac28cad7c71b61e80e9e7f48357418b55

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /index/mm.js HTTP/1.1 
Host: mm.aa88567.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html

                                         
                                         103.232.215.138
HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=utf-8
                                        
Server: Tengine/1.4.2
Date: Mon, 17 Jul 2017 13:18:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   420
Md5:    2538aa96ff67d0d91118cf6b3feb6e23
Sha1:   4f089fb0b27a02c499d3e03dd26120986f16ae0f
Sha256: 2f1368ae6ca163c38812c4255e374bfac28cad7c71b61e80e9e7f48357418b55

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /index/mm.js HTTP/1.1 
Host: mm.aa88567.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html

                                         
                                         103.232.215.138
HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=utf-8
                                        
Server: Tengine/1.4.2
Date: Mon, 17 Jul 2017 13:18:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   420
Md5:    2538aa96ff67d0d91118cf6b3feb6e23
Sha1:   4f089fb0b27a02c499d3e03dd26120986f16ae0f
Sha256: 2f1368ae6ca163c38812c4255e374bfac28cad7c71b61e80e9e7f48357418b55

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /index/mm.js HTTP/1.1 
Host: mm.aa88567.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html

                                         
                                         103.232.215.138
HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=utf-8
                                        
Server: Tengine/1.4.2
Date: Mon, 17 Jul 2017 13:18:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   420
Md5:    2538aa96ff67d0d91118cf6b3feb6e23
Sha1:   4f089fb0b27a02c499d3e03dd26120986f16ae0f
Sha256: 2f1368ae6ca163c38812c4255e374bfac28cad7c71b61e80e9e7f48357418b55

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /index/mm.js HTTP/1.1 
Host: mm.aa88567.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html

                                         
                                         103.232.215.138
HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=utf-8
                                        
Server: Tengine/1.4.2
Date: Mon, 17 Jul 2017 13:18:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   420
Md5:    2538aa96ff67d0d91118cf6b3feb6e23
Sha1:   4f089fb0b27a02c499d3e03dd26120986f16ae0f
Sha256: 2f1368ae6ca163c38812c4255e374bfac28cad7c71b61e80e9e7f48357418b55

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /index/mm.js HTTP/1.1 
Host: mm.aa88567.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html

                                         
                                         103.232.215.138
HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=utf-8
                                        
Server: Tengine/1.4.2
Date: Mon, 17 Jul 2017 13:18:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   420
Md5:    2538aa96ff67d0d91118cf6b3feb6e23
Sha1:   4f089fb0b27a02c499d3e03dd26120986f16ae0f
Sha256: 2f1368ae6ca163c38812c4255e374bfac28cad7c71b61e80e9e7f48357418b55

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /index/mm.js HTTP/1.1 
Host: mm.aa88567.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html

                                         
                                         103.232.215.138
HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=utf-8
                                        
Server: Tengine/1.4.2
Date: Mon, 17 Jul 2017 13:18:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   420
Md5:    2538aa96ff67d0d91118cf6b3feb6e23
Sha1:   4f089fb0b27a02c499d3e03dd26120986f16ae0f
Sha256: 2f1368ae6ca163c38812c4255e374bfac28cad7c71b61e80e9e7f48357418b55

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /Templates/cj/css/menu.css HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html
Cookie: ASPSESSIONIDQQARQACQ=PKIBPBPBLKAKMNMANOLBBHMD

                                         
                                         121.12.119.112
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Length: 1350
Last-Modified: Mon, 24 Nov 2014 09:30:01 GMT
Accept-Ranges: bytes
Etag: "ea409f38c97d01:1d8c3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 17 Jul 2017 13:18:00 GMT


--- Additional Info ---
Magic:  ISO-8859 C program text, with CRLF line terminators
Size:   1350
Md5:    fa0fb8c9fd483020b7c6d12d18fbf09d
Sha1:   806686b34aec9450e9bde607a52998db6a87d1b0
Sha256: f3ee10978588f04c348a71a45b3fe5530e455ef80440f44a16f3c34fb790511f
                                        
                                            GET /index/mm.js HTTP/1.1 
Host: mm.aa88567.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html

                                         
                                         103.232.215.138
HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=utf-8
                                        
Server: Tengine/1.4.2
Date: Mon, 17 Jul 2017 13:18:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   420
Md5:    2538aa96ff67d0d91118cf6b3feb6e23
Sha1:   4f089fb0b27a02c499d3e03dd26120986f16ae0f
Sha256: 2f1368ae6ca163c38812c4255e374bfac28cad7c71b61e80e9e7f48357418b55

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /index/mm.js HTTP/1.1 
Host: mm.aa88567.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html

                                         
                                         103.232.215.138
HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=utf-8
                                        
Server: Tengine/1.4.2
Date: Mon, 17 Jul 2017 13:18:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   420
Md5:    2538aa96ff67d0d91118cf6b3feb6e23
Sha1:   4f089fb0b27a02c499d3e03dd26120986f16ae0f
Sha256: 2f1368ae6ca163c38812c4255e374bfac28cad7c71b61e80e9e7f48357418b55

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /index/mm.js HTTP/1.1 
Host: mm.aa88567.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html

                                         
                                         103.232.215.138
HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=utf-8
                                        
Server: Tengine/1.4.2
Date: Mon, 17 Jul 2017 13:18:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   420
Md5:    2538aa96ff67d0d91118cf6b3feb6e23
Sha1:   4f089fb0b27a02c499d3e03dd26120986f16ae0f
Sha256: 2f1368ae6ca163c38812c4255e374bfac28cad7c71b61e80e9e7f48357418b55

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /Templates/cj/css/css.css HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html
Cookie: ASPSESSIONIDQQARQACQ=PKIBPBPBLKAKMNMANOLBBHMD

                                         
                                         121.12.119.112
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Length: 11906
Last-Modified: Mon, 24 Nov 2014 09:30:01 GMT
Accept-Ranges: bytes
Etag: "58428038c97d01:1d8c3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 17 Jul 2017 13:17:56 GMT


--- Additional Info ---
Magic:  troff or preprocessor input text
Size:   11906
Md5:    20b96d6a11099c5096b603580251f188
Sha1:   9b4e86b0880ad2c81009ca0d60f8be34bb407e7f
Sha256: c8940c75d153e9da65e3da3126383cf2a6667177e1824c02ad9fe6ee10cca79c
                                        
                                            GET /Templates/cj/images/index_02.jpg HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/Templates/cj/css/css.css
Cookie: ASPSESSIONIDQQARQACQ=PKIBPBPBLKAKMNMANOLBBHMD

                                         
                                         121.12.119.112
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 1425
Last-Modified: Mon, 24 Nov 2014 09:30:05 GMT
Accept-Ranges: bytes
Etag: "3e852c3bc97d01:1d8c3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 17 Jul 2017 13:18:18 GMT


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   1425
Md5:    aff68885c235d6bb46d78e7c087f6b44
Sha1:   d008426a75ceba117e2e446061943066cf881a00
Sha256: b52bc6d8852e244a496d1949f253c34b9dbc29815f1aa34f374f2505cc91802b
                                        
                                            GET /flash/slideflash.swf HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/list/?5_2.html
Cookie: ASPSESSIONIDQQARQACQ=PKIBPBPBLKAKMNMANOLBBHMD

                                         
                                         121.12.119.112
HTTP/1.1 200 OK
Content-Type: application/x-shockwave-flash
                                        
Content-Length: 14371
Last-Modified: Mon, 24 Nov 2014 09:27:25 GMT
Accept-Ranges: bytes
Etag: "1cafe8dbc87d01:1d8c3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 17 Jul 2017 13:18:20 GMT


--- Additional Info ---
Magic:  Macromedia Flash data (compressed), version 8
Size:   14371
Md5:    d231928bd5bb91a1e7e3f0f81c970835
Sha1:   4abd3ff77708847b33a7af7873cc3b3e6c953534
Sha256: 79d070199c94367a5cbe572147ddc6de88209a7668bf6fcf853dda35951f9581

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /get/flashplayer/update/current/xml/version_en_win_pl.xml HTTP/1.1 
Host: fpdownload2.macromedia.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.159.219.18
HTTP/1.1 200 OK
Content-Type: text/xml
                                        
Server: Apache
Last-Modified: Tue, 11 Jul 2017 09:14:07 GMT
Etag: "60c-554071f1e42f6"
Accept-Ranges: bytes
Content-Length: 1548
Date: Mon, 17 Jul 2017 13:19:22 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  XML document text\012 XML document text
Size:   1548
Md5:    6f6c77f49fcfdfb17bf5f0cf27d29615
Sha1:   db51c40d34f90a5e5a4756300f1db7c94b8f7c27
Sha256: 75c0821f433d6f9292a9ae8572d7aba483473ca5bd5a3b690c98d3158782df4c
                                        
                                            GET /Templates/cj/images/index_12.jpg HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/Templates/cj/css/css.css
Cookie: ASPSESSIONIDQQARQACQ=PKIBPBPBLKAKMNMANOLBBHMD

                                         
                                         121.12.119.112
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 5373
Last-Modified: Mon, 24 Nov 2014 09:30:06 GMT
Accept-Ranges: bytes
Etag: "9a1e873bc97d01:1d8c3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 17 Jul 2017 13:18:24 GMT


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   5373
Md5:    faede8f807f93de0c6e32aff444f2432
Sha1:   ed2cf70648e49edece06e8708b20a09e4fc8d8c1
Sha256: a6bb2f10f4e680be00e91831f2d737a7e70f1812f23828d012deffe03a74442d
                                        
                                            GET /Templates/cj/images/index_07.jpg HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/Templates/cj/css/menu.css
Cookie: ASPSESSIONIDQQARQACQ=PKIBPBPBLKAKMNMANOLBBHMD

                                         
                                         121.12.119.112
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 3709
Last-Modified: Mon, 24 Nov 2014 09:30:05 GMT
Accept-Ranges: bytes
Etag: "1cbf463bc97d01:1d8c3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 17 Jul 2017 13:18:21 GMT


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   3709
Md5:    44bc9fa2d312cd2d243906b412b3580e
Sha1:   127f2ad749369d3fbebdbea29065eb6f2694ba8d
Sha256: 052a1935c5e72596ca7c12f559c442bf9bbd75c66a5cc4a7e9fe6f1ad1b74315
                                        
                                            GET /upLoad/slide/month_1109/01.jpg HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: ASPSESSIONIDQQARQACQ=PKIBPBPBLKAKMNMANOLBBHMD
Range: bytes=0-
If-Range: "246ffbcec87d01:1d8c3"

                                         
                                         121.12.119.112
HTTP/1.1 206 Partial Content
Content-Type: image/jpeg
                                        
Content-Length: 295804
Content-Range: bytes 0-295803/295804
Last-Modified: Mon, 24 Nov 2014 09:27:04 GMT
Accept-Ranges: bytes
Etag: "246ffbcec87d01:1d8c3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 17 Jul 2017 13:18:28 GMT


--- Additional Info ---
                                        
                                            GET /list/?5_2.html HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         121.12.119.112
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Connection: close
Date: Mon, 17 Jul 2017 13:17:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDQQARQACQ=PKIBPBPBLKAKMNMANOLBBHMD; path=/
Cache-Control: private


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /upLoad/slide/month_1109/01.jpg HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: ASPSESSIONIDQQARQACQ=PKIBPBPBLKAKMNMANOLBBHMD

                                         
                                         121.12.119.112
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 295804
Last-Modified: Mon, 24 Nov 2014 09:27:04 GMT
Accept-Ranges: bytes
Etag: "246ffbcec87d01:1d8c3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 17 Jul 2017 13:18:21 GMT


--- Additional Info ---
                                        
                                            GET /Templates/cj/images/index_04.jpg HTTP/1.1 
Host: egbh.hb.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://egbh.hb.cn/Templates/cj/css/css.css
Cookie: ASPSESSIONIDQQARQACQ=PKIBPBPBLKAKMNMANOLBBHMD

                                         
                                         121.12.119.112
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 102068
Last-Modified: Mon, 24 Nov 2014 09:30:05 GMT
Accept-Ranges: bytes
Etag: "a0965e3bc97d01:1d8c3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 17 Jul 2017 13:18:21 GMT


--- Additional Info ---