Overview

URLwww.wyptk.com/openlink/xzq1.exe
IP14.204.144.140
ASNAS4837 CNCGROUP China169 Backbone
Location China
Report completed2017-04-21 15:36:47 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Referer
Pool
Access Levelpublic


Intrusion Detection Systems

Snort /w Sourcefire VRT No alerts detected
Suricata /w Emerging Threats Pro No alerts detected


Blacklists

Fortinet's Web Filter / fortiguard.com
Added / Verified Severity Host Comment
2017-04-212www.wyptk.com/openlink/xzq1.exeMalware
2017-04-212602.wypxj.com/xzq1.htmlMalware
2017-04-212www.gdxxb.com/ad776/?pos=93793Phishing
2017-04-212www.gdxxb.com/common/reg/harvest_v4.js?v=2016032902Phishing
2017-04-212www.gdxxb.com/common/reg/reg.jsPhishing
2017-04-212www.gdxxb.com/common/reg/jquery-1.8.3.min.jsPhishing
2017-04-212www.gdxxb.com/ad776/index.swfPhishing
2017-04-212www.gdxxb.com/common/reg/regpos.js?v=2015062901Phishing
2017-04-212www.gdxxb.com/ad776/bg.swfPhishing
2017-04-212www.gdxxb.com/ad776/sound.swfPhishing
2017-04-212www.gdxxb.com/ad776/ren.swfPhishing
MDL / malwaredomainlist.com No alerts detected
DNS-BH / malwaredomains.com No alerts detected
mnemonic secure DNS / mnemonic.no No alerts detected
OpenPhish / openphish.com No alerts detected
PhishTank / phishtank.com No alerts detected
Spamhaus DBL / spamhaus.org No alerts detected


Files Captured



Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 14.204.144.140

Date UQ / IDS / BL URL IP
2017-04-28 10:19:490 - 0 - 1boxtg2.241803.com/download/%CA%B5%C2%BF%C3%B6%C3%97%C3%A3%C3%87%C3%B22011_12@%E5%86%8 (...)14.204.144.140
2017-04-28 10:08:140 - 0 - 1hkyt.miswelt.com/qsvbksc/SFC%E5%8B%87%E8%80%85%E6%96%97%C3%A6%C2%815%C2%99%E9%A6%99%E (...)14.204.144.140
2017-04-28 10:05:100 - 0 - 1ygjbty.com/apk/0418-BGZJZ1101.zip14.204.144.140
2017-04-28 09:08:470 - 0 - 1d.heinote.com/downloads/7654/HNInstall_Setup_2547743641_7654_57018.exe14.204.144.140
2017-04-28 09:08:210 - 0 - 1dl.lmrjxz.com/downloads/special/kyzipx/Kuaizip_Setup_7654_1057018.exe14.204.144.140
2017-04-28 08:25:150 - 0 - 1d.heinote.com/downloads/7654/hninstall_setup_3641687311_7654_56939.exe14.204.144.140

Last 6 reports on ASN: AS4837 CNCGROUP China169 Backbone

Date UQ / IDS / BL URL IP
2017-04-29 11:08:440 - 0 - 16789.la/121.29.8.215
2017-04-29 11:03:130 - 0 - 2attachments.goapk.com/forum/201303/17/090655mxnxszaeunwxwejd.zip?f=zteu880a?aufffdufffd1.5.0.zi (...)123.147.166.13
2017-04-29 11:01:110 - 0 - 2attachments.goapk.com/forum/201303/17/090655mxnxszaeunwxwejd.zip?f=ZTEU880A???A??A?Aufffdufffd1 (...)123.147.166.51
2017-04-29 10:58:220 - 0 - 1apk.lenovomm.com/201704271237/1c33b06713954aad1db2ff448cb19a1d/dlserver/fileman/s3/apk/app/app- (...)211.90.29.218
2017-04-29 10:58:110 - 0 - 1apk.lenovomm.com/201704271234/f5e158e73d152114d8c97b3e41d1024c/dlserver/fileman/s3/apk/app/app- (...)61.240.137.139
2017-04-29 10:56:340 - 0 - 1www.hn3861.com/tianwen/twgg/201411/704.html218.28.19.157

Last 6 reports on domain: www.wyptk.com

Date UQ / IDS / BL URL IP
2017-04-28 14:56:100 - 0 - 1www.wyptk.com/jsq/gameboxPro.exe121.31.30.144
2017-04-28 05:16:400 - 0 - 1www.wyptk.com/dll/broagent0328.dll42.56.76.104
2017-04-27 21:50:340 - 0 - 1www.wyptk.com/openlink/openlink3.exe60.217.249.24
2017-04-27 21:49:440 - 0 - 2www.wyptk.com/openlink/xzq1.exe119.167.164.12
2017-04-27 21:48:270 - 0 - 1www.wyptk.com/openlink/openlink-xzq.exe220.194.79.44
2017-04-27 21:43:280 - 0 - 1www.wyptk.com/openlink/openlink-azb.exe139.215.203.141



JavaScript

Executed Scripts (10)


Executed Evals (0)


Executed Writes (4)

#1 JavaScript::Write (size: 156, repeated: 1)

<a href='http://www.cnzz.com/stat/website.php?web_id=1258024947' target=_blank title='&#31449;&#38271;&#32479;&#35745;'>&#31449;&#38271;&#32479;&#35745;</a>

#2 JavaScript::Write (size: 7017, repeated: 1)

<div class="regbox" id="regbox" >                <div class="tab clearfix" id="tab">                    <strong class="cur">�(7��</strong><strong>(7{F</strong>                </div>                <div class="link"></div>                <div id="reg">                    <div class="reg ">                        <form id="formReg" method="post" action="http://web.2144.cn/site/adRegister" autocomplete="off" target="frm_register">                            <table class="reg_table">                                <tbody>                                    <tr>                                        <th>(7
</th>                                        <td>                                            <input class="txt_css ckname" type="text" id="register-username" name="RegisterForm[username]" onblur="checkuser(this)" ><p class="tips2"><!--<span class="sp1">��e�&�<
cn��:6-20W&</span><span class="sp1">�I�*&��ϫ��</span><span class="sp2">m���&�����</span>--></p>                                        </td>                                    </tr>                                    <tr>                                        <th>�</th>                                        <td>                                            <input class="txt_css" type="password" name="RegisterForm[password]" onblur="UserPassName(this)" id="txtPassWord" maxlength=20><p class="tips2"><!--<span class="sp1">��e��<
cn�:6-20W&</span><span class="sp2">�cn</span>--></p>                                        </td>                                    </tr>                                    <tr>                                        <th>n��</th>                                        <td>                                            <input type="password" class="txt_css" id="txtRPassWord" maxlength="20" onblur="UserRPass(this)" name="RegisterForm[repassword]" ><p class="tips2"><!--<span class="sp1">��e��<
cn�:6-20W&</span><span class="sp2">�cn</span>--></p>                                        </td>                                    </tr>                                </tbody>                            </table>                            <div class="link"></div>                            <div class="b_btn">                                <input type="button" id="reg_span" tabindex="15" value="" name="registersubmit" class="sub_css">                                <a href="#" class="qqbtn" id="qqbtn"></a>                            </div>                            <input id="ytRegisterForm_agree" type="hidden" value="1" name="RegisterForm[agree]" />                            <input id="ytRegisterForm_email" type="hidden" value="dump@2144.cn" name="RegisterForm[email]" />                            <input class="ytRegisterForm_posId" type="hidden" value="1" name="RegisterForm[posId]" />                            <input class="ytRegisterForm_adId" type="hidden" value="0" name="RegisterForm[adId]" />                            <input id="ytRegisterForm_checkurl" type="hidden" value="http://web.2144.cn/site/checkname" name="checkurl" />                            <input class="ytRegisterForm_redirecturl" type="hidden" value="http://web.2144.cn/lycq/" name="redirecturl" />                            <input id="dspid" type="hidden" value="0" name="RegisterForm[dspid]" />                        </form>                    </div>                    <div class="reg hidden">                        <form id="formLogin" method="post" action="http://web.2144.cn/site/adRegister" autocomplete="off" target="frm_register">                            <table class="reg_table">                                <tbody>                                    <tr>                                        <th>(7
</th>                                        <td>                                            <input class="txt_css on ckname"  type="text" value="" id="login-username" name="RegisterForm[username]" onblur="checkuser(this)"><p class="tips2"><!--<span class="sp1">��e�&�<
cn��:6-20W&</span><span class="sp1">�I�*&��ϫ��</span><span class="sp2">m���&�����</span>--></p>                                        </td>                                    </tr>                                    <tr>                                        <th>�</th>                                        <td>                                            <input class="txt_css" type="password" name="RegisterForm[password]" onblur="UserPassName(this)" id="login-password" maxlength=20><p class="tips2"><!--<span class="sp1">��e��<
cn�:6-20W&</span><span class="sp2">�cn</span>--></p>                                        </td>                                    </tr>                                </tbody>                            </table>                            <div class="link"></div>                            <div class="b_btn">                                <input type="button" id="log_span" tabindex="15" value="" name="registersubmit" class="sub_css">                                <a href="#" class="qqbtn" id="qqbtn"></a>                            </div>                            <input id="ytRegisterForm_agree" type="hidden" value="1" name="RegisterForm[agree]" />                            <input id="ytRegisterForm_email" type="hidden" value="dump@2144.cn" name="RegisterForm[email]" />                            <input class="ytRegisterForm_posId" type="hidden" value="1" name="RegisterForm[posId]" />                            <input id="ytRegisterForm_checkurl" type="hidden" value="http://web.2144.cn/site/checkname" name="checkurl" />                            <input class="ytRegisterForm_redirecturl" type="hidden" value="http://web.2144.cn/lycq/" name="redirecturl" />                            <input id="dspid" type="hidden" value="0" name="RegisterForm[dspid]" />                        </form>                    </div>                </div>                          <div class="pp" id="pp">                    <object height="100px" width="100%" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0" id="abcdef">                        <param value="http://www.gdxxb.com/common/reg/pingpai.swf" name="movie">                        <param value="high" name="quality">                        <param value="transparent" name="wmode">                        <param value="always" name="allowScriptAccess">                        <embed height="100px" width="100%" name="abcdef" wmode="transparent" type="application/x-shockwave-flash" pluginspage="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash" quality="high" src="http://www.gdxxb.com/common/reg/pingpai.swf">                    </object>                </div>                <span class="close" id="close">s�</span>        </div>

#3 JavaScript::Write (size: 78, repeated: 1)

<script src="http://www.gdxxb.com/common/reg/regpos.js?v=2015062901"></script>

#4 JavaScript::Write (size: 111, repeated: 1)

<script src='http://c.cnzz.com/core.php?web_id=1258024947&t=z' charset='utf-8' type='text/javascript'></script>


HTTP Transactions (20)


Request Response
GET /openlink/xzq1.exe HTTP/1.1

Host: www.wyptk.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 14.204.144.140
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 21 Apr 2017 13:35:48 GMT
Cache-Control: max-age=600
Expires: Fri, 21 Apr 2017 13:45:48 GMT
Last-Modified: Mon, 10 Apr 2017 02:28:27 GMT
Content-Length: 165888
X-NWS-LOG-UUID: 3f4637d6-2add-451a-810b-3baddaa3ddff
X-Cache-Lookup: Hit From Disktank
Accept-Ranges: bytes
GET /xzq1.html HTTP/1.1

Host: 602.wypxj.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 113.207.48.200
HTTP/1.1 200 OK
Content-Type: text/html
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 21 Apr 2017 13:35:53 GMT
Cache-Control: max-age=600
Expires: Fri, 21 Apr 2017 13:45:53 GMT
Last-Modified: Tue, 28 Mar 2017 05:50:22 GMT
Content-Length: 384
Content-Encoding: gzip
X-NWS-LOG-UUID: 1c2fe83f-0c6f-478a-aeb4-18d4e02e0e0f
X-Cache-Lookup: Hit From Disktank Gz, Hit From Inner Cluster
Accept-Ranges: bytes
X-Daa-Tunnel: hop_count=1
GET /stat.php?id=1258024947&web_id=1258024947 HTTP/1.1

Host: s95.cnzz.com
GET /stat.php?id=1258024947&amp;web_id=1258024947 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://602.wypxj.com/xzq1.html
 222.186.49.224
HTTP/1.1 200 OK
Content-Type: application/javascript
Server: Tengine
Content-Length: 10987
Connection: keep-alive
Date: Fri, 21 Apr 2017 12:37:55 GMT
Last-Modified: Fri, 21 Apr 2017 12:37:55 GMT
Cache-Control: max-age=5400,s-maxage=5400
Via: cache4.l2et15[0,200-0,H], cache19.l2et15[0,0], kunlun8.cn74[0,200-0,H], kunlun4.cn74[0,0]
Age: 3483
X-Cache: HIT TCP_MEM_HIT dirn:11:349613935
X-Swift-SaveTime: Fri, 21 Apr 2017 12:42:02 GMT
X-Swift-CacheTime: 5153
Timing-Allow-Origin: *
EagleId: deba319d14927817584773349e
GET /stat.htm?id=1258024947&r=&lg=en-us&ntime=none&cnzz_eid=1610545686-1492778275-&showp=1176x885&t=&umuuid=15b90b9f886a7-06d983d8c07b3f8-67247b1c-fe178-15b90b9f8879e&h=1&rnd=1130863056 HTTP/1.1

Host: z4.cnzz.com
GET /stat.htm?id=1258024947&amp;r=&amp;lg=en-us&amp;ntime=none&amp;cnzz_eid=1610545686-1492778275-&amp;showp=1176x885&amp;t=&amp;umuuid=15b90b9f886a7-06d983d8c07b3f8-67247b1c-fe178-15b90b9f8879e&amp;h=1&amp;rnd=1130863056 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://602.wypxj.com/xzq1.html
 106.11.145.5
HTTP/1.1 200 OK
Content-Type: image/gif
Server: Tengine
Date: Fri, 21 Apr 2017 13:35:59 GMT
Content-Length: 43
Last-Modified: Thu, 16 Apr 2015 02:22:33 GMT
Connection: close
Accept-Ranges: bytes
GET /core.php?web_id=1258024947&t=z HTTP/1.1

Host: c.cnzz.com
GET /core.php?web_id=1258024947&amp;t=z HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://602.wypxj.com/xzq1.html
 222.186.49.224
HTTP/1.1 200 OK
Content-Type: application/javascript
Server: Tengine
Content-Length: 763
Connection: keep-alive
Date: Fri, 21 Apr 2017 13:26:58 GMT
Last-Modified: Fri, 21 Apr 2017 13:26:58 GMT
Expires: Fri, 21 Apr 2017 13:41:58 GMT
Via: cache1.l2et2-1[68,200-0,M], cache17.l2et2-1[69,0], kunlun9.cn74[0,200-0,H], kunlun4.cn74[15,0]
Age: 544
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
X-Swift-SaveTime: Fri, 21 Apr 2017 13:26:58 GMT
X-Swift-CacheTime: 900
Timing-Allow-Origin: *
EagleId: deba319d14927817620778838e
GET /favicon.ico HTTP/1.1

Host: 602.wypxj.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: UM_distinctid=15b90b9f886a7-06d983d8c07b3f8-67247b1c-fe178-15b90b9f8879e; CNZZDATA1258024947=1610545686-1492778275-%7C1492778275
 113.207.48.200
HTTP/1.1 200 OK
Content-Type: image/x-icon
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Fri, 21 Apr 2017 13:36:01 GMT
Cache-Control: max-age=600
Expires: Fri, 21 Apr 2017 13:46:01 GMT
Last-Modified: Tue, 28 Mar 2017 05:50:21 GMT
Content-Length: 1150
X-NWS-LOG-UUID: 964362d1-f25e-49fc-a054-e5ac829173b8
X-Cache-Lookup: Hit From MemCache, Hit From Inner Cluster
Accept-Ranges: bytes
X-Daa-Tunnel: hop_count=1
GET /ad776/?pos=93793 HTTP/1.1

Host: www.gdxxb.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 77.67.51.98
HTTP/1.1 200 OK
Content-Type: text/html
Server: marco/0.27
Date: Fri, 21 Apr 2017 13:36:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Source: C/200
Last-Modified: Wed, 12 Oct 2016 09:13:51 GMT
Age: 3
X-Cache: MISS from pcw-cn-hkg-164, MISS|MISS from gtt-de-fra-103
X-Request-Id: 5a55b562ba6987e3e51f8656babce926
Via: S.pcw-cn-hkg-163, T.89167.M.1, V.pcw-cn-hkg-164, T.51103.M.2, T.51103.M.1, M.gtt-de-fra-103
Content-Encoding: gzip
GET /common/reg/css/common.css HTTP/1.1

Host: www.gdxxb.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gdxxb.com/ad776/?pos=93793
 77.67.51.98
HTTP/1.1 200 OK
Content-Type: text/css
Server: marco/0.27
Date: Fri, 21 Apr 2017 13:36:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Source: C/200
Last-Modified: Thu, 02 Jul 2015 07:13:21 GMT
Expires: Fri, 21 Apr 2017 05:55:11 GMT
Cache-Control: max-age=86400
Age: 82732
X-Cache: HIT from ntt-cn-hkg-012; HIT|HIT from gtt-de-fra-103
X-Request-Id: 07508975fc6c7a52b37efb9fe322dc13; c02e4ecb94423a3fa9e12b2b68ee3256
Etag: W/&quot;5594e491-d35&quot;
Via: T.51103.H.2, T.51103.H.1, M.gtt-de-fra-103
Content-Encoding: gzip
GET /common/reg/harvest_v4.js?v=2016032902 HTTP/1.1

Host: www.gdxxb.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gdxxb.com/ad776/?pos=93793
 77.67.51.98
HTTP/1.1 200 OK
Content-Type: application/javascript
Server: marco/0.27
Date: Fri, 21 Apr 2017 13:36:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Source: C/200
Last-Modified: Thu, 26 May 2016 10:39:51 GMT
Etag: W/&quot;5746d277-dfd&quot;
Expires: Wed, 19 Apr 2017 19:02:27 GMT
Cache-Control: max-age=86400
Age: 85625
X-Cache: HIT from ntt-cn-hkg-008; HIT|HIT from gtt-de-fra-103
X-Request-Id: e275386a0250bbef76c3d293ef05eb36; d97803c0dbcbcc617d7fffbf35f67714
Via: T.51103.H.2, T.51103.H.1, M.gtt-de-fra-103
Content-Encoding: gzip
GET /common/reg/reg.js HTTP/1.1

Host: www.gdxxb.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gdxxb.com/ad776/?pos=93793
 77.67.51.98
HTTP/1.1 200 OK
Content-Type: application/javascript
Server: marco/0.27
Date: Fri, 21 Apr 2017 13:36:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Source: C/304
Last-Modified: Thu, 26 May 2016 10:09:50 GMT
Etag: W/&quot;5746cb6e-1d60&quot;
Expires: Fri, 21 Apr 2017 19:18:16 GMT
Cache-Control: max-age=86400
Age: 85829
X-Cache: HIT(R) from pcw-cn-hkg-164; HIT|HIT from gtt-de-fra-102
X-Request-Id: 09f35468e4a0c2dc91436ab302bd5edf; c23fa543712e8290dec581f66df9c503
Via: T.51100.H.2, T.51100.H.1, M.gtt-de-fra-102
Content-Encoding: gzip
GET /common/reg/jquery-1.8.3.min.js HTTP/1.1

Host: www.gdxxb.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gdxxb.com/ad776/?pos=93793
 77.67.51.98
HTTP/1.1 200 OK
Content-Type: application/javascript
Server: marco/0.27
Date: Fri, 21 Apr 2017 13:36:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Source: C/304
Last-Modified: Thu, 23 Apr 2015 09:58:29 GMT
Etag: W/&quot;5538c245-16dc5&quot;
Expires: Fri, 21 Apr 2017 15:34:35 GMT
Cache-Control: max-age=86400
Age: 69021
X-Cache: HIT(R) from pcw-cn-hkg-165; MISS(S)|HIT from gtt-de-fra-100
X-Request-Id: 8734f88fe4904709585b6a43870227bf; 4d8947f21cb6ac00d253e7b7b4f36797
Via: T.51103.N.2, T.89167.R.1, V.pcw-cn-hkg-166, T.51103.H.1, M.gtt-de-fra-100
Content-Encoding: gzip
GET /ad776/logo.png HTTP/1.1

Host: www.gdxxb.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gdxxb.com/ad776/?pos=93793
 77.67.51.98
HTTP/1.1 200 OK
Content-Type: image/png
Server: marco/0.27
Date: Fri, 21 Apr 2017 13:36:03 GMT
Content-Length: 52511
Connection: keep-alive
X-Source: C/304
Last-Modified: Thu, 30 Jun 2016 11:05:34 GMT
Accept-Ranges: bytes
Etag: &quot;5774fcfe-cd1f&quot;
Expires: Fri, 21 Apr 2017 23:01:27 GMT
Cache-Control: max-age=86400
Age: 52707
X-Cache: MISS(S) from pcw-cn-hkg-166; HIT|HIT from gtt-de-fra-103
X-Request-Id: f9badb6fa452604a4341ced6444c9494; 83084bcaf61a57a10e78047964853c79
Via: T.89164.S.1, S.pcw-cn-hkg-163, V.pcw-cn-hkg-166, T.51100.H.2, T.51100.H.1, M.gtt-de-fra-103
GET /ad776/index.swf HTTP/1.1

Host: www.gdxxb.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gdxxb.com/ad776/?pos=93793
 77.67.51.98
HTTP/1.1 200 OK
Content-Type: application/x-shockwave-flash
Server: marco/0.27
Date: Fri, 21 Apr 2017 13:36:04 GMT
Content-Length: 654
Connection: keep-alive
X-Source: C/304
Last-Modified: Thu, 30 Jun 2016 11:05:34 GMT
Accept-Ranges: bytes
Etag: &quot;5774fcfe-28e&quot;
Expires: Fri, 21 Apr 2017 23:01:22 GMT
Cache-Control: max-age=86400
Age: 41024
X-Cache: HIT from pcw-cn-hkg-166; MISS(S)|HIT from gtt-de-fra-103
X-Request-Id: b6eeb8c38741303bdaedb934051efa7d; d2a0d7253c3798b421133bf0628aa54e
Via: T.51102.N.2, T.89166.H.1, V.pcw-cn-hkg-163, T.51102.H.1, M.gtt-de-fra-103
GET /common/reg/regpos.js?v=2015062901 HTTP/1.1

Host: www.gdxxb.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gdxxb.com/ad776/?pos=93793
 77.67.51.98
HTTP/1.1 200 OK
Content-Type: application/javascript
Server: marco/0.27
Date: Fri, 21 Apr 2017 13:36:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Source: C/304
Last-Modified: Wed, 07 Dec 2016 07:27:20 GMT
Etag: W/&quot;5847b9d8-181b&quot;
Expires: Fri, 21 Apr 2017 20:50:19 GMT
Cache-Control: max-age=86400
Age: 76529
X-Cache: HIT(R) from pcw-cn-hkg-165; MISS(S)|HIT from gtt-de-fra-102
X-Request-Id: 5afc0b13bbbd438ae6aa4d4681fda6d8; f6166bdc13256cf86fc25223a7916618
Via: T.51100.N.2, T.89164.R.1, V.pcw-cn-hkg-164, T.51100.H.1, M.gtt-de-fra-102
Content-Encoding: gzip
GET /get/flashplayer/update/current/xml/version_en_win_pl.xml HTTP/1.1

Host: fpdownload2.macromedia.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 195.159.219.19
HTTP/1.1 200 OK
Content-Type: text/xml
Server: Apache
Last-Modified: Tue, 11 Apr 2017 08:33:54 GMT
Etag: &quot;60c-54cdff3c7e6f5&quot;
Accept-Ranges: bytes
Content-Length: 1548
Date: Fri, 21 Apr 2017 13:36:04 GMT
Connection: keep-alive
GET /ad776/bg.swf HTTP/1.1

Host: www.gdxxb.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 77.67.51.98
HTTP/1.1 200 OK
Content-Type: application/x-shockwave-flash
Server: marco/0.27
Date: Fri, 21 Apr 2017 13:36:04 GMT
Content-Length: 45867
Connection: keep-alive
X-Source: C/304
Last-Modified: Thu, 30 Jun 2016 11:05:33 GMT
Accept-Ranges: bytes
Etag: &quot;5774fcfd-b32b&quot;
Expires: Fri, 21 Apr 2017 19:41:58 GMT
Cache-Control: max-age=86400
Age: 51478
X-Cache: HIT(R) from pcw-cn-hkg-165; HIT|HIT from gtt-de-fra-100
X-Request-Id: 556b870ed22f40a9da90f75b22f2622f; e646e82b57d1e89025ed686191624703
Via: T.89165.R.1, V.pcw-cn-hkg-165, T.51101.H.2, T.51101.H.1, M.gtt-de-fra-100
GET /ad776/sound.swf HTTP/1.1

Host: www.gdxxb.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 77.67.51.98
HTTP/1.1 200 OK
Content-Type: application/x-shockwave-flash
Server: marco/0.27
Date: Fri, 21 Apr 2017 13:36:04 GMT
Content-Length: 39138
Connection: keep-alive
X-Source: C/200
Last-Modified: Thu, 30 Jun 2016 11:05:35 GMT
Accept-Ranges: bytes
Etag: &quot;5774fcff-98e2&quot;
Expires: Fri, 21 Apr 2017 23:01:33 GMT
Cache-Control: max-age=86400
Age: 52573
X-Cache: MISS(S) from pcw-cn-hkg-165; MISS(S)|HIT from gtt-de-fra-103
X-Request-Id: 7e21f27f390aae10e70c902b17788dea; 4b5af6414e60f824d6ee2e1d069693be
Via: T.89163.S.1, S.pcw-cn-hkg-163, V.pcw-cn-hkg-165, T.5199.N.2, T.5199.H.1, M.gtt-de-fra-103
GET /ad776/ren.swf HTTP/1.1

Host: www.gdxxb.com

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 77.67.51.98
HTTP/1.1 200 OK
Content-Type: application/x-shockwave-flash
Server: marco/0.27
Date: Fri, 21 Apr 2017 13:36:04 GMT
Content-Length: 554680
Connection: keep-alive
X-Source: C/304
Last-Modified: Thu, 30 Jun 2016 11:05:35 GMT
Accept-Ranges: bytes
Etag: &quot;5774fcff-876b8&quot;
Expires: Fri, 21 Apr 2017 23:09:17 GMT
Cache-Control: max-age=86400
Age: 86057
X-Cache: HIT from pcw-cn-hkg-164; MISS(S)|HIT from gtt-de-fra-103
X-Request-Id: fd721838c7fcec63b92eb12b4ff717f7; 16c1931511e8d2853c9b29a282b2bd04
Via: T.51102.N.2, T.89166.H.1, V.pcw-cn-hkg-165, T.51102.H.1, M.gtt-de-fra-103
GET /service/lookup/?pos=93793&_=1492781764327 HTTP/1.1

Host: web.2144.cn
GET /service/lookup/?pos=93793&amp;_=1492781764327 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gdxxb.com/ad776/?pos=93793
 222.73.113.62
HTTP/1.1 200 OK
Content-Type: text/html
Server: senginx/1.6.0
Date: Fri, 21 Apr 2017 13:36:09 GMT
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
GET /__beacon.gif?account=adClick&adpos=987642599&pos=93793&time=1492781769951 HTTP/1.1

Host: trace2144.2144.cn
GET /__beacon.gif?account=adClick&amp;adpos=987642599&amp;pos=93793&amp;time=1492781769951 HTTP/1.1

User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; SV1; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.gdxxb.com/ad776/?pos=93793