Overview

URLwww.wesiedu.com/
IP124.232.153.79
ASNAS4134 Chinanet
Location China
Report completed2017-04-21 15:56:09 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Referer
Pool
Access Levelpublic


Intrusion Detection Systems

Snort /w Sourcefire VRT No alerts detected
Suricata /w Emerging Threats Pro No alerts detected


Blacklists

Fortinet's Web Filter / fortiguard.com
Added / Verified Severity Host Comment
2017-04-212static.mediav.com/js/mvf_g2.jsMalware
MDL / malwaredomainlist.com No alerts detected
DNS-BH / malwaredomains.com No alerts detected
mnemonic secure DNS / mnemonic.no No alerts detected
OpenPhish / openphish.com No alerts detected
PhishTank / phishtank.com No alerts detected
Spamhaus DBL / spamhaus.org No alerts detected


Files Captured



Recent reports on same IP/ASN/Domain

Last 6 reports on ASN: AS4134 Chinanet

Date UQ / IDS / BL URL IP
2017-04-29 11:04:170 - 0 - 1down23.7r7z.com/down/setup_523i66b.exe221.234.40.46
2017-04-29 10:59:550 - 0 - 1xz1.uzzf.com/adesk2012zc.zip61.183.52.15
2017-04-29 10:53:240 - 0 - 1down23.7r7z.com/down/setup_524jehh.exe122.228.207.246
2017-04-29 10:53:190 - 0 - 1down23.7r7z.com/down/game_358b1cx.exe122.228.207.246
2017-04-29 10:51:270 - 0 - 1down23.7r7z.com/down/setup_540ezw5.exe122.228.207.246
2017-04-29 10:44:010 - 0 - 1hgsfgw.gov.cn/d/file/tzgg/2012-04-06/bfc5131bea850ef835db13a416970877.rar61.184.136.213



JavaScript

Executed Scripts (22)


Executed Evals (0)


Executed Writes (7)

#1 JavaScript::Write (size: 1725, repeated: 1)

<!doctype html><html><body><iframe style="display:none" data-ad-client="ca-pub-8388468767617346" id="google_esf" name="google_esf" src="https://googleads.g.doubleclick.net/pagead/html/r20170417/r20170110/zrt_lookup.html#"></iframe><script>google_ad_slot="1740408111";google_ad_client="ca-pub-8388468767617346";google_adsbygoogle_status="done";google_ad_width=300;google_ad_height=250;google_available_width=980;google_ad_modifications={"plle":true,"eids":[],"loeids":[]};google_loader_used="aa";google_reactive_tag_first=true;google_ad_format="300x250";google_ad_unit_key="2298471886";google_ad_dom_fingerprint="807048394";google_show_ads_impl=true;google_unique_id=1;google_async_iframe_id="aswift_0";google_start_time=1492782920587;google_pub_vars = "JTdCJTIyZ29vZ2xlX2FkX3Nsb3QlMjIlM0ElMjIxNzQwNDA4MTExJTIyJTJDJTIyZ29vZ2xlX2FkX2NsaWVudCUyMiUzQSUyMmNhLXB1Yi04Mzg4NDY4NzY3NjE3MzQ2JTIyJTJDJTIyZ29vZ2xlX2Fkc2J5Z29vZ2xlX3N0YXR1cyUyMiUzQSUyMmRvbmUlMjIlMkMlMjJnb29nbGVfYWRfd2lkdGglMjIlM0EzMDAlMkMlMjJnb29nbGVfYWRfaGVpZ2h0JTIyJTNBMjUwJTJDJTIyZ29vZ2xlX2F2YWlsYWJsZV93aWR0aCUyMiUzQTk4MCUyQyUyMmdvb2dsZV9hZF9tb2RpZmljYXRpb25zJTIyJTNBJTdCJTIycGxsZSUyMiUzQXRydWUlMkMlMjJlaWRzJTIyJTNBJTVCJTVEJTJDJTIybG9laWRzJTIyJTNBJTVCJTVEJTdEJTJDJTIyZ29vZ2xlX2xvYWRlcl91c2VkJTIyJTNBJTIyYWElMjIlMkMlMjJnb29nbGVfcmVhY3RpdmVfdGFnX2ZpcnN0JTIyJTNBdHJ1ZSUyQyUyMmdvb2dsZV9hZF9mb3JtYXQlMjIlM0ElMjIzMDB4MjUwJTIyJTJDJTIyZ29vZ2xlX2FkX3VuaXRfa2V5JTIyJTNBJTIyMjI5ODQ3MTg4NiUyMiUyQyUyMmdvb2dsZV9hZF9kb21fZmluZ2VycHJpbnQlMjIlM0ElMjI4MDcwNDgzOTQlMjIlN0Q=";google_bpp=180;google_async_rrc=0;google_iframe_start_time=new Date().getTime();</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20170417/r20170110/show_ads_impl.js"></script></body></html>

#2 JavaScript::Write (size: 686, repeated: 1)

<div id='mvdiv_1384878_holder' style='display:block;overflow:hidden;float:none;width:590px;height:150px'><div style='display:block;float:none;position:relative;z-index:4;width:590px;overflow:visible'><div id='mvdiv_1384878' style='display:block;float:none'></div><a id="mvlogo_1384878" target="_blank" style="display:none;position:absolute;z-index:4;right:0;top:136px" href="http://juxiao.mediav.com/" onmouseover="mediav.logo.over(this)" onmouseout="mediav.logo.out(this)"><img style="border:0;width:32px;height:14px" src="//material.mediav.com/bjjs/dsp/ad.png"/><img src="//material.mediav.com/bjjs/dsp/360ad.png" style="display:none;border:0;width:64px;height:14px"/></a></div></div>

#3 JavaScript::Write (size: 686, repeated: 1)

<div id='mvdiv_1601462_holder' style='display:block;overflow:hidden;float:none;width:300px;height:250px'><div style='display:block;float:none;position:relative;z-index:4;width:300px;overflow:visible'><div id='mvdiv_1601462' style='display:block;float:none'></div><a id="mvlogo_1601462" target="_blank" style="display:none;position:absolute;z-index:4;right:0;top:236px" href="http://juxiao.mediav.com/" onmouseover="mediav.logo.over(this)" onmouseout="mediav.logo.out(this)"><img style="border:0;width:32px;height:14px" src="//material.mediav.com/bjjs/dsp/ad.png"/><img src="//material.mediav.com/bjjs/dsp/360ad.png" style="display:none;border:0;width:64px;height:14px"/></a></div></div>

#4 JavaScript::Write (size: 686, repeated: 1)

<div id='mvdiv_1601535_holder' style='display:block;overflow:hidden;float:none;width:590px;height:120px'><div style='display:block;float:none;position:relative;z-index:4;width:590px;overflow:visible'><div id='mvdiv_1601535' style='display:block;float:none'></div><a id="mvlogo_1601535" target="_blank" style="display:none;position:absolute;z-index:4;right:0;top:106px" href="http://juxiao.mediav.com/" onmouseover="mediav.logo.over(this)" onmouseout="mediav.logo.out(this)"><img style="border:0;width:32px;height:14px" src="//material.mediav.com/bjjs/dsp/ad.png"/><img src="//material.mediav.com/bjjs/dsp/360ad.png" style="display:none;border:0;width:64px;height:14px"/></a></div></div>

#5 JavaScript::Write (size: 686, repeated: 1)

<div id='mvdiv_1601554_holder' style='display:block;overflow:hidden;float:none;width:300px;height:250px'><div style='display:block;float:none;position:relative;z-index:4;width:300px;overflow:visible'><div id='mvdiv_1601554' style='display:block;float:none'></div><a id="mvlogo_1601554" target="_blank" style="display:none;position:absolute;z-index:4;right:0;top:236px" href="http://juxiao.mediav.com/" onmouseover="mediav.logo.over(this)" onmouseout="mediav.logo.out(this)"><img style="border:0;width:32px;height:14px" src="//material.mediav.com/bjjs/dsp/ad.png"/><img src="//material.mediav.com/bjjs/dsp/360ad.png" style="display:none;border:0;width:64px;height:14px"/></a></div></div>

#6 JavaScript::Write (size: 1235, repeated: 1)

<iframe id="google_ads_frame1" name="google_ads_frame1" width="300" height="250" frameborder="0" src="https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8388468767617346&amp;format=300x250&amp;output=html&amp;h=250&amp;slotname=1740408111&amp;adk=2298471886&amp;adf=807048394&amp;w=300&amp;lmt=1492782911&amp;avail_w=980&amp;ea=0&amp;flash=10.0.45&amp;url=http%3A%2F%2Fwww.wesiedu.com%2F&amp;wgl=0&amp;dt=1492782920587&amp;bpp=180&amp;fdt=206&amp;idt=998&amp;shv=r20170417&amp;cbv=r20170110&amp;saldr=aa&amp;correlator=405661288133&amp;frm=20&amp;ga_vid=1658338619.1492782922&amp;ga_sid=1492782922&amp;ga_hid=1576728091&amp;ga_fc=0&amp;pv=2&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=120&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=90&amp;ady=2031&amp;biw=1159&amp;bih=775&amp;eid=575144605&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=272&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C775&amp;vis=0&amp;rsz=%7C%7Cbr%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=16&amp;bc=1&amp;ifi=1&amp;dtd=1036" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no" allowfullscreen="true"></iframe>

#7 JavaScript::Write (size: 107, repeated: 1)

<script src="http://js.passport.qihucdn.com/11.0.1.js?d78e616fd743227b6be8f2048daf1f69" id="sozz"></script>


HTTP Transactions (27)


Request Response
GET /pagead/js/adsbygoogle.js HTTP/1.1

Host: pagead2.googlesyndication.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
P3P: policyref=&quot;http://www.googleadservices.com/pagead/p3p.xml&quot;, CP=&quot;NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC&quot;
Timing-Allow-Origin: *
Etag: 11132308056319298991
Date: Fri, 21 Apr 2017 12:57:25 GMT
Expires: Fri, 21 Apr 2017 13:57:25 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename=&quot;f.txt&quot;
Content-Encoding: gzip
Server: cafe
Content-Length: 20728
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 3466
GET / HTTP/1.1

Host: www.wesiedu.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 124.232.153.79
HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Server: openresty
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 21 Apr 2017 19:28:45 +0530
Expires: Fri, 21 Apr 2017 13:58:55 GMT
GET /js/combines.js HTTP/1.1

Host: www.wesiedu.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 124.232.153.79
HTTP/1.1 200 OK
Content-Type: application/javascript
Server: openresty
Date: Fri, 21 Apr 2017 13:58:46 GMT
Content-Length: 406
Last-Modified: Sun, 31 Jul 2016 02:13:02 GMT
Connection: keep-alive
Etag: &quot;579d5eae-196&quot;
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
GET /assets/css/style.css?v=1.2.7 HTTP/1.1

Host: www.wesiedu.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 124.232.153.79
HTTP/1.1 200 OK
Content-Type: text/css
Server: openresty
Date: Fri, 21 Apr 2017 13:58:46 GMT
Content-Length: 6925
Last-Modified: Sun, 31 Jul 2016 02:13:02 GMT
Connection: keep-alive
Etag: &quot;579d5eae-1b0d&quot;
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
GET /assets/ws.png HTTP/1.1

Host: www.wesiedu.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 124.232.153.79
HTTP/1.1 200 OK
Content-Type: image/png
Server: openresty
Date: Fri, 21 Apr 2017 13:58:46 GMT
Content-Length: 13454
Last-Modified: Sun, 31 Jul 2016 02:13:02 GMT
Connection: keep-alive
Etag: &quot;579d5eae-348e&quot;
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
GET /favicon.png HTTP/1.1

Host: www.wesiedu.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 124.232.153.79
HTTP/1.1 200 OK
Content-Type: image/png
Server: openresty
Date: Fri, 21 Apr 2017 13:58:46 GMT
Content-Length: 7050
Connection: keep-alive
Last-Modified: Fri, 21 Apr 2017 13:58:46 GMT
Accept-Ranges: bytes
Etag: c4d99730c73b2f4be48cb0208723a8f9
GET /js/mvf_g2.js HTTP/1.1

Host: static.mediav.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 104.192.108.27
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Date: Fri, 21 Apr 2017 13:55:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 20 Apr 2017 03:12:20 GMT
Vary: Accept-Encoding
Expires: Fri, 21 Apr 2017 18:55:15 GMT
Cache-Control: max-age=18000
P3P: CP=&quot;IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT&quot;
Content-Encoding: gzip
X-QHCDN: HIT
QH-via: HIT from w-f01.lato;HIT from w-f02.zwt
GET /favicon.png HTTP/1.1

Host: www.wesiedu.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
If-Modified-Since: Fri, 21 Apr 2017 13:58:46 GMT
If-None-Match: c4d99730c73b2f4be48cb0208723a8f9
 124.232.153.79
HTTP/1.1 200 OK
Content-Type: image/png
Server: openresty
Date: Fri, 21 Apr 2017 13:58:49 GMT
Content-Length: 7050
Connection: keep-alive
Last-Modified: Fri, 21 Apr 2017 13:58:49 GMT
Accept-Ranges: bytes
Etag: f0ed1768919b29096627ff40db0b58a0
POST /ocsp HTTP/1.1

Host: clients1.google.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request
 216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 21 Apr 2017 13:55:20 GMT
Expires: Tue, 25 Apr 2017 13:55:20 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
GET /pagead/js/r20170417/r20170110/show_ads_impl.js HTTP/1.1

Host: pagead2.googlesyndication.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
P3P: policyref=&quot;http://www.googleadservices.com/pagead/p3p.xml&quot;, CP=&quot;NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC&quot;
Timing-Allow-Origin: *
Etag: 6042226906870722051
Date: Fri, 21 Apr 2017 13:55:20 GMT
Expires: Fri, 21 Apr 2017 13:55:20 GMT
Cache-Control: private, max-age=1209600
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename=&quot;f.txt&quot;
Content-Encoding: gzip
Server: cafe
Content-Length: 68020
X-XSS-Protection: 1; mode=block
POST / HTTP/1.1

Host: g.symcd.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 102
Content-Type: application/ocsp-request
 23.52.27.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx/1.10.2
Content-Length: 1377
Content-Transfer-Encoding: binary
Cache-Control: max-age=495506, public, no-transform, must-revalidate
Last-Modified: Thu, 20 Apr 2017 07:31:59 GMT
Expires: Thu, 27 Apr 2017 07:31:59 GMT
Date: Fri, 21 Apr 2017 13:55:21 GMT
Connection: keep-alive
GET /pub-config/r20160913/ca-pub-8388468767617346.js HTTP/1.1

Host: pagead2.googlesyndication.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/javascript
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 125
Date: Fri, 21 Apr 2017 13:55:21 GMT
Expires: Sat, 22 Apr 2017 01:55:21 GMT
Cache-Control: public, max-age=43200
Last-Modified: Thu, 20 Apr 2017 17:34:58 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=&quot;googleads.g.doubleclick.net:443&quot;; ma=2592000; v=&quot;37,36,35&quot;,quic=&quot;:443&quot;; ma=2592000; v=&quot;37,36,35&quot;
POST /ocsp HTTP/1.1

Host: clients1.google.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request
 216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 21 Apr 2017 13:55:21 GMT
Expires: Tue, 25 Apr 2017 13:55:21 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
GET /pagead/osd.js HTTP/1.1

Host: pagead2.googlesyndication.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
P3P: policyref=&quot;https://www.googleadservices.com/pagead/p3p.xml&quot;, CP=&quot;NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC&quot;
Timing-Allow-Origin: *
Etag: 6605605957342768507
Date: Fri, 21 Apr 2017 13:34:22 GMT
Expires: Fri, 21 Apr 2017 14:34:22 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename=&quot;f.txt&quot;
Content-Encoding: gzip
Server: cafe
Content-Length: 30854
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 1260
Alt-Svc: quic=&quot;googleads.g.doubleclick.net:443&quot;; ma=2592000; v=&quot;37,36,35&quot;,quic=&quot;:443&quot;; ma=2592000; v=&quot;37,36,35&quot;
GET /pagead/html/r20170417/r20170110/zrt_lookup.html HTTP/1.1

Host: googleads.g.doubleclick.net

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
P3P: policyref=&quot;https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml&quot;, CP=&quot;CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR&quot;
Timing-Allow-Origin: *
Etag: 5429314195991916810
Date: Wed, 19 Apr 2017 01:36:17 GMT
Expires: Wed, 03 May 2017 01:36:17 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 6247
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 217145
Alt-Svc: quic=&quot;googleads.g.doubleclick.net:443&quot;; ma=2592000; v=&quot;37,36,35&quot;,quic=&quot;:443&quot;; ma=2592000; v=&quot;37,36,35&quot;
GET /pagead/ads?client=ca-pub-8388468767617346&format=300x250&output=html&h=250&slotname=1740408111&adk=2298471886&adf=807048394&w=300&lmt=1492782911&avail_w=980&ea=0&flash=10.0.45&url=http%3A%2F%2Fwww.wesiedu.com%2F&wgl=0&dt=1492782920587&bpp=180&fdt=206&idt=998&shv=r20170417&cbv=r20170110&saldr=aa&correlator=405661288133&frm=20&ga_vid=1658338619.1492782922&ga_sid=1492782922&ga_hid=1576728091&ga_fc=0&pv=2&icsg=0&nhd=1&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=90&ady=2031&biw=1159&bih=775&eid=575144605&oid=3&rx=0&eae=4&fc=272&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C775&vis=0&rsz=%7C%7Cbr%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=1&ifi=1&dtd=1036 HTTP/1.1

Host: googleads.g.doubleclick.net
GET /pagead/ads?client=ca-pub-8388468767617346&amp;format=300x250&amp;output=html&amp;h=250&amp;slotname=1740408111&amp;adk=2298471886&amp;adf=807048394&amp;w=300&amp;lmt=1492782911&amp;avail_w=980&amp;ea=0&amp;flash=10.0.45&amp;url=http%3A%2F%2Fwww.wesiedu.com%2F&amp;wgl=0&amp;dt=1492782920587&amp;bpp=180&amp;fdt=206&amp;idt=998&amp;shv=r20170417&amp;cbv=r20170110&amp;saldr=aa&amp;correlator=405661288133&amp;frm=20&amp;ga_vid=1658338619.1492782922&amp;ga_sid=1492782922&amp;ga_hid=1576728091&amp;ga_fc=0&amp;pv=2&amp;icsg=0&amp;nhd=1&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=120&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=90&amp;ady=2031&amp;biw=1159&amp;bih=775&amp;eid=575144605&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=272&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C775&amp;vis=0&amp;rsz=%7C%7Cbr%7C&amp;abl=CS&amp;ppjl=u&amp;pfx=0&amp;fu=16&amp;bc=1&amp;ifi=1&amp;dtd=1036 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 216.58.209.130
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
P3P: policyref=&quot;https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml&quot;, CP=&quot;CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR&quot;
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Fri, 21 Apr 2017 13:55:22 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 21-Apr-2017 14:10:22 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic=&quot;googleads.g.doubleclick.net:443&quot;; ma=2592000; v=&quot;37,36,35&quot;,quic=&quot;:443&quot;; ma=2592000; v=&quot;37,36,35&quot;
Expires: Fri, 21 Apr 2017 13:55:22 GMT
Transfer-Encoding: chunked
GET /bjjs/dsp/ad.png HTTP/1.1

Host: material.mediav.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 104.192.108.27
HTTP/1.1 200 OK
Content-Type: image/png
Date: Fri, 21 Apr 2017 13:55:25 GMT
Content-Length: 1425
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 23 Aug 2016 03:18:57 GMT
Expires: Sat, 06 May 2017 13:55:25 GMT
Cache-Control: max-age=1296000
P3P: CP=&quot;IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT&quot;
X-QHCDN: HIT
QH-via: HIT from w-f01.lato
Accept-Ranges: bytes
GET /bjjs/dsp/360ad.png HTTP/1.1

Host: material.mediav.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 104.192.108.27
HTTP/1.1 200 OK
Content-Type: image/png
Date: Fri, 21 Apr 2017 13:55:25 GMT
Content-Length: 2402
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 23 Aug 2016 03:19:05 GMT
Expires: Sat, 06 May 2017 13:55:25 GMT
Cache-Control: max-age=1296000
P3P: CP=&quot;IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT&quot;
X-QHCDN: HIT
QH-via: HIT from w-f01.lato
Accept-Ranges: bytes
GET /static/api/js/share.js?v=89860593.js?cdnversion=414660 HTTP/1.1

Host: bdimg.share.baidu.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 61.135.162.21
HTTP/1.1 200 OK
Content-Type: text/javascript
Set-Cookie: BAIDUID=B84A68971A20AB494D29D626B77E1439:FG=1; max-age=31536000; expires=Sat, 21-Apr-18 13:55:23 GMT; domain=.baidu.com; path=/; version=1
P3P: CP=&quot; OTI DSP COR IVA OUR IND COM &quot;
Etag: &quot;2970148510&quot;
Accept-Ranges: bytes
Last-Modified: Mon, 28 Sep 2015 08:00:57 GMT
Expires: Sat, 21 Apr 2018 13:55:23 GMT
Cache-Control: max-age=31536000
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6211
Date: Fri, 21 Apr 2017 13:55:23 GMT
Server: apache
GET /assets/js/jquery.js HTTP/1.1

Host: www.wesiedu.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 124.232.153.79
HTTP/1.1 200 OK
Content-Type: application/javascript
Server: openresty
Date: Fri, 21 Apr 2017 13:59:01 GMT
Content-Length: 93106
Last-Modified: Sun, 31 Jul 2016 02:13:02 GMT
Connection: keep-alive
Etag: &quot;579d5eae-16bb2&quot;
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
GET /assets/js/bootstrap.min.js HTTP/1.1

Host: www.wesiedu.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 124.232.153.79
HTTP/1.1 200 OK
Content-Type: application/javascript
Server: openresty
Date: Fri, 21 Apr 2017 13:59:06 GMT
Content-Length: 27726
Last-Modified: Sun, 31 Jul 2016 02:13:02 GMT
Connection: keep-alive
Etag: &quot;579d5eae-6c4e&quot;
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
GET /hm.js?696d57323cc1ebd2ada454563a010011 HTTP/1.1

Host: hm.baidu.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
Cookie: BAIDUID=B84A68971A20AB494D29D626B77E1439:FG=1
 220.181.7.190
HTTP/1.1 200 OK
Content-Type: application/javascript
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 8695
Date: Fri, 21 Apr 2017 13:55:32 GMT
Etag: 11457024ab1a562dbae0d98690c6cff6
P3P: CP=&quot;CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR&quot;
Server: apache
Set-Cookie: HMACCOUNT=4900C9F986D3033F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1176x885&et=0&fl=10.0&ja=1&ln=en-us&lo=0&nv=1&rnd=421955968&si=696d57323cc1ebd2ada454563a010011&st=1&v=1.2.13&lv=1&tt=%E5%BE%AE%E6%80%9D%E4%BD%9C%E4%B8%9A%E6%9C%AC%20-%20%E4%B8%93%E4%B8%9A%E7%9A%84%E5%AD%A6%E7%94%9F%E4%BD%9C%E4%B8%9A%E9%97%AE%E7%AD%94%E7%BD%91%E7%AB%99&sn=26703 HTTP/1.1

Host: hm.baidu.com
GET /hm.gif?cc=0&amp;ck=1&amp;cl=24-bit&amp;ds=1176x885&amp;et=0&amp;fl=10.0&amp;ja=1&amp;ln=en-us&amp;lo=0&amp;nv=1&amp;rnd=421955968&amp;si=696d57323cc1ebd2ada454563a010011&amp;st=1&amp;v=1.2.13&amp;lv=1&amp;tt=%E5%BE%AE%E6%80%9D%E4%BD%9C%E4%B8%9A%E6%9C%AC%20-%20%E4%B8%93%E4%B8%9A%E7%9A%84%E5%AD%A6%E7%94%9F%E4%BD%9C%E4%B8%9A%E9%97%AE%E7%AD%94%E7%BD%91%E7%AB%99&amp;sn=26703 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
Cookie: BAIDUID=B84A68971A20AB494D29D626B77E1439:FG=1; HMACCOUNT=4900C9F986D3033F
 220.181.7.190
HTTP/1.1 200 OK
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Fri, 21 Apr 2017 13:55:33 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff
GET /assets/css/bootstrap.css?v=1.0.0 HTTP/1.1

Host: www.wesiedu.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 

GET /11.0.1.js?d78e616fd743227b6be8f2048daf1f69 HTTP/1.1

Host: js.passport.qihucdn.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 

GET /11.0.1.js?d78e616fd743227b6be8f2048daf1f69 HTTP/1.1

Host: js.passport.qihucdn.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 203.130.60.49
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Date: Mon, 04 Apr 2016 15:31:59 GMT
Server: nginx/1.2.9
Transfer-Encoding: chunked
X-Powered-By: PHP/5.2.5
Last-Modified: Thu, 24 Mar 2016 08:46:53 GMT
Cache-Control: max-age=600
Age: 1
X-Via: 1.1 hdwt39:88 (Cdn Cache Server V2.0), 1.1 td48:10 (Cdn Cache Server V2.0)
Connection: keep-alive
GET /static/ab77b6ea7f3fbf79.js HTTP/1.1

Host: s2.qhimg.com

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.wesiedu.com/
 52.85.173.222
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 353
Connection: keep-alive
Server: nginx
Date: Sat, 11 Mar 2017 11:32:58 GMT
Last-Modified: Sat, 06 Aug 2016 04:20:37 GMT
Etag: &quot;57a56595-161&quot;
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
X-QSTATIC-HIT: 1
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Vary: Accept-Encoding
Age: 3550959
X-Cache: Hit from cloudfront
Via: 1.1 87683b2e94f5a08f552b261ed269c83b.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 1CHDe2m30xLRDJHqwP4_8jx3j40zm8hIRqh3_g9ObyAq3CEuELBQOA==