Overview

URL tongyuanba.com/thread-202-1-1.html
IP123.254.104.58
ASNAS24544 Pang International Limited-AS number
Location Hong Kong
Report completed2018-11-12 17:47:51 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-11-12 2 tongyuanba.com/thread-202-1-1.html Malware
2018-11-12 2 tongyuanba.com/wp-content/themes/begin/css/fonts/fonts.css?ver=2017.07.26 Malware
2018-11-12 2 tongyuanba.com/wp-content/themes/begin/js/jquery.min.js?ver=1.10.1 Malware
2018-11-12 2 tongyuanba.com/wp-content/themes/begin/style.css?ver=5.2 Malware
2018-11-12 2 tongyuanba.com/wp-content/themes/begin/css/fonts/iconfont.ttf?t=1500726547934 Malware
2018-11-12 2 tongyuanba.com/wp-content/themes/begin/js/slides.js?ver=2017.07.26 Malware
2018-11-12 2 tongyuanba.com/wp-content/themes/begin/js/script.js?ver=2017.07.26 Malware
2018-11-12 2 tongyuanba.com/wp-content/themes/begin/js/superfish.js?ver=2017.07.26 Malware
2018-11-12 2 tongyuanba.com/wp-content/themes/begin/js/gb2big5.js?ver=2017.07.26 Malware
2018-11-12 2 tongyuanba.com/wp-content/themes/begin/js/wpzm.js?ver=2017.07.26 Malware
2018-11-12 2 tongyuanba.com/wp-content/themes/begin/js/sticky.js?ver=1.6.0 Malware
2018-11-12 2 tongyuanba.com/wp-content/themes/begin/js/jquery-ias.js?ver=2.2.1 Malware
2018-11-12 2 tongyuanba.com/wp-content/themes/begin/js/jquery.lazyload.js?ver=2017.07.26 Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 7 reports on IP: 123.254.104.58

Date UQ / IDS / BL URL IP
2019-03-17 18:54:22 +0100
0 - 0 - 1 jinjiaoben.com/thread-55611-1-1.html 123.254.104.58
2019-02-23 16:06:25 +0100
0 - 0 - 1 jinjiaoben.com/thread-2491-1-1.html 123.254.104.58
2019-01-12 15:15:44 +0100
0 - 0 - 1 jinjiaoben.com/thread-10393-1-1.html 123.254.104.58
2018-11-12 18:09:09 +0100
0 - 0 - 13 tongyuanba.com/thread-144-1-1.html 123.254.104.58
2018-11-12 18:04:25 +0100
0 - 0 - 13 tongyuanba.com/thread-122-1-1.html 123.254.104.58
2018-11-12 17:43:58 +0100
0 - 0 - 13 tongyuanba.com/thread-153-1-1.html 123.254.104.58
2018-11-12 17:35:09 +0100
0 - 0 - 13 tongyuanba.com/thread-133-1-1.html 123.254.104.58

Last 10 reports on ASN: AS24544 Pang International Limited-AS number

Date UQ / IDS / BL URL IP
2019-03-21 19:22:33 +0100
0 - 0 - 4 lixiaoqiang120.com/ 182.237.3.3
2019-03-21 18:42:43 +0100
0 - 0 - 1 ibm-cert.com/Documents/Complaint/Id/5635DF453 (...) 182.237.0.67
2019-03-19 18:50:17 +0100
0 - 0 - 1 www.nhjsk120.com/zysy/66.html 123.254.105.42
2019-03-19 10:40:50 +0100
0 - 0 - 1 foratlitthen.com/64keylogger.bin 182.237.0.67
2019-03-19 10:40:42 +0100
0 - 0 - 1 foratlitthen.com/64webinject32.bin 182.237.0.67
2019-03-19 10:40:43 +0100
0 - 0 - 1 foratlitthen.com/64backsocks.bin 182.237.0.67
2019-03-19 09:43:27 +0100
0 - 0 - 1 foratlitthen.com/64grabber.bin 182.237.0.67
2019-03-19 09:43:25 +0100
0 - 0 - 1 foratlitthen.com/64vnc32.bin 182.237.0.67
2019-03-19 09:43:17 +0100
0 - 0 - 1 foratlitthen.com/64vnc64.bin 182.237.0.67
2019-03-19 09:43:02 +0100
0 - 0 - 1 foratlitthen.com/64webinject64.bin 182.237.0.67

Last 6 reports on domain: tongyuanba.com

Date UQ / IDS / BL URL IP
2019-03-11 09:45:27 +0100
0 - 0 - 1 tongyuanba.com/thread-137-1-1.html 103.57.24.251
2019-02-02 06:41:19 +0100
0 - 0 - 1 tongyuanba.com/thread-137-1-1.html 103.57.24.251
2018-11-12 18:09:09 +0100
0 - 0 - 13 tongyuanba.com/thread-144-1-1.html 123.254.104.58
2018-11-12 18:04:25 +0100
0 - 0 - 13 tongyuanba.com/thread-122-1-1.html 123.254.104.58
2018-11-12 17:43:58 +0100
0 - 0 - 13 tongyuanba.com/thread-153-1-1.html 123.254.104.58
2018-11-12 17:35:09 +0100
0 - 0 - 13 tongyuanba.com/thread-133-1-1.html 123.254.104.58


JavaScript

Executed Scripts (19)


Executed Evals (1)

#1 JavaScript::Eval (size: 5638, repeated: 1) - SHA256: 2b15de7a230f2c49852fb3f3b885788340b27253b3edf1d3d66623fcdee95599

                                        (function($) {
    $.fn.flexisel = function(options) {
        var defaults = $.extend({
            visibleItems: 4,
            animationSpeed: 200,
            autoPlay: false,
            autoPlaySpeed: 3000,
            pauseOnHover: true,
            setMaxWidthAndHeight: false,
            enableResponsiveBreakpoints: true,
            clone: true,
            responsiveBreakpoints: {
                portrait: {
                    changePoint: 480,
                    visibleItems: 1
                },
                landscape: {
                    changePoint: 640,
                    visibleItems: 2
                },
                tablet: {
                    changePoint: 768,
                    visibleItems: 14
                }
            }
        }, options);
        var object = $(this);
        var settings = $.extend(defaults, options);
        var itemsWidth;
        var canNavigate = true;
        var itemsVisible = settings.visibleItems;
        var totalItems = object.children().length;
        var responsivePoints = [];
        var methods = {
            init: function() {
                return this.each(function() {
                    methods.appendHTML();
                    methods.setEventHandlers();
                    methods.initializeItems()
                })
            },
            initializeItems: function() {
                var listParent = object.parent();
                var innerHeight = listParent.height();
                var childSet = object.children();
                methods.sortResponsiveObject(settings.responsiveBreakpoints);
                var innerWidth = listParent.width();
                itemsWidth = (innerWidth) / itemsVisible;
                childSet.width(itemsWidth);
                if (settings.clone) {
                    childSet.last().insertBefore(childSet.first());
                    childSet.last().insertBefore(childSet.first());
                    object.css({
                        'left': -itemsWidth
                    })
                }
                object.fadeIn();
                $(window).trigger("resize")
            },
            appendHTML: function() {
                object.addClass("nbs-flexisel-ul");
                object.wrap("<div class='nbs-flexisel-container'><div class='nbs-flexisel-inner'></div><div class='clear'></div></div>");
                object.find("li").addClass("nbs-flexisel-item");
                var flexiselInner = object.parent();
                if (settings.setMaxWidthAndHeight) {
                    var baseWidth = $(".nbs-flexisel-item img").width();
                    var baseHeight = $(".nbs-flexisel-item img").height();
                    $(".nbs-flexisel-item img").css("max-width", baseWidth);
                    $(".nbs-flexisel-item img").css("max-height", baseHeight)
                }
                $("<div class='nbs-flexisel-nav-left'><i class='be be-arrowleft'></i></div><div class='nbs-flexisel-nav-right'><i class='be be-arrowright'></i></div>").insertAfter(flexiselInner);
                if (settings.clone) {
                    var cloneContent = object.children().clone();
                    object.append(cloneContent)
                }
            },
            setEventHandlers: function() {
                var listParent = object.parent();
                var flexiselInner = listParent.parent();
                var childSet = object.children();
                var leftArrow = flexiselInner.find(".nbs-flexisel-nav-left");
                var rightArrow = flexiselInner.find(".nbs-flexisel-nav-right");
                $(window).on("resize", function(event) {
                    methods.setResponsiveEvents();
                    var innerWidth = $(listParent).width();
                    var innerHeight = $(listParent).height();
                    itemsWidth = (innerWidth) / itemsVisible;
                    childSet.width(itemsWidth);
                    if (settings.clone) {
                        object.css({
                            'left': -itemsWidth
                        })
                    } else {
                        object.css({
                            'left': 0
                        })
                    }
                    if (!settings.clone && totalItems <= itemsVisible) {
                        leftArrow.add(rightArrow).css('visibility', 'hidden')
                    } else {
                        leftArrow.add(rightArrow).css('visibility', 'visible');
                        var halfArrowHeight = (leftArrow.height()) / 2;
                        var arrowMargin = (innerHeight / 2) - halfArrowHeight;
                        leftArrow.css("top", arrowMargin + "px");
                        rightArrow.css("top", arrowMargin + "px")
                    }
                });
                $(leftArrow).on("click", function(event) {
                    methods.scrollLeft()
                });
                $(rightArrow).on("click", function(event) {
                    methods.scrollRight()
                });
                if (settings.pauseOnHover == true) {
                    $(".nbs-flexisel-item").on({
                        mouseenter: function() {
                            canNavigate = false
                        },
                        mouseleave: function() {
                            canNavigate = true
                        }
                    })
                }
                if (settings.autoPlay == true) {
                    setInterval(function() {
                        if (canNavigate == true) methods.scrollRight()
                    }, settings.autoPlaySpeed)
                }
            },
            setResponsiveEvents: function() {
                var contentWidth = $('html').width();
                if (settings.enableResponsiveBreakpoints) {
                    var largestCustom = responsivePoints[responsivePoints.length - 1].changePoint;
                    for (var i in responsivePoints) {
                        if (contentWidth >= largestCustom) {
                            itemsVisible = settings.visibleItems;
                            break
                        } else {
                            if (contentWidth < responsivePoints[i].changePoint) {
                                itemsVisible = responsivePoints[i].visibleItems;
                                break
                            } else continue
                        }
                    }
                }
            },
            sortResponsiveObject: function(obj) {
                var responsiveObjects = [];
                for (var i in obj) {
                    responsiveObjects.push(obj[i])
                }
                responsiveObjects.sort(function(a, b) {
                    return a.changePoint - b.changePoint
                });
                responsivePoints = responsiveObjects
            },
            scrollLeft: function() {
                if (object.position().left < 0) {
                    if (canNavigate == true) {
                        canNavigate = false;
                        var listParent = object.parent();
                        var innerWidth = listParent.width();
                        itemsWidth = (innerWidth) / itemsVisible;
                        var childSet = object.children();
                        object.animate({
                            'left': "+=" + itemsWidth
                        }, {
                            queue: false,
                            duration: settings.animationSpeed,
                            easing: "linear",
                            complete: function() {
                                if (settings.clone) {
                                    childSet.last().insertBefore(childSet.first())
                                }
                                methods.adjustScroll();
                                canNavigate = true
                            }
                        })
                    }
                }
            },
            scrollRight: function() {
                var listParent = object.parent();
                var innerWidth = listParent.width();
                itemsWidth = (innerWidth) / itemsVisible;
                var difObject = (itemsWidth - innerWidth);
                var objPosition = (object.position().left + ((totalItems - itemsVisible) * itemsWidth) - innerWidth);
                if ((difObject <= Math.ceil(objPosition)) && (!settings.clone)) {
                    if (canNavigate == true) {
                        canNavigate = false;
                        object.animate({
                            'left': "-=" + itemsWidth
                        }, {
                            queue: false,
                            duration: settings.animationSpeed,
                            easing: "linear",
                            complete: function() {
                                methods.adjustScroll();
                                canNavigate = true
                            }
                        })
                    }
                } else if (settings.clone) {
                    if (canNavigate == true) {
                        canNavigate = false;
                        var childSet = object.children();
                        object.animate({
                            'left': "-=" + itemsWidth
                        }, {
                            queue: false,
                            duration: settings.animationSpeed,
                            easing: "linear",
                            complete: function() {
                                childSet.first().insertAfter(childSet.last());
                                methods.adjustScroll();
                                canNavigate = true
                            }
                        })
                    }
                }
            },
            adjustScroll: function() {
                var listParent = object.parent();
                var childSet = object.children();
                var innerWidth = listParent.width();
                itemsWidth = (innerWidth) / itemsVisible;
                childSet.width(itemsWidth);
                if (settings.clone) {
                    object.css({
                        'left': -itemsWidth
                    })
                }
            }
        };
        if (methods[options]) {
            return methods[options].apply(this, Array.prototype.slice.call(arguments, 1))
        } else if (typeof options === 'object' || !options) {
            return methods.init.apply(this)
        } else {
            $.error('Method "' + method + '" does not exist in flexisel plugin!')
        }
    }
})(jQuery);
                                    

Executed Writes (2)

#1 JavaScript::Write (size: 120, repeated: 1) - SHA256: 21fb1d775675acb3c89b7847ebaf0249384bbea04fef2936343e73d06bc8fc40

                                        < script src = 'http://c.cnzz.com/core.php?web_id=1258510834&show=pic&t=z'
charset = 'utf-8'
type = 'text/javascript' > < /script>
                                    

#2 JavaScript::Write (size: 143, repeated: 1) - SHA256: 70e16b4c226fa295d50d9e5b88f42579d4d4feaf6fc81439cca0ea2d62bcbfe4

                                        < span id = 'cnzz_stat_icon_1258510834' > < /span><script src=' http:/ / s95.cnzz.com / stat.php ? id = 1258510834 & show = pic ' type='
text / javascript '></script>
                                    


HTTP Transactions (28)


Request Response
                                        
                                            GET /thread-202-1-1.html HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         123.254.104.58
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Length: 20851
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Server: Microsoft-IIS/7.5
Link: <http://tongyuanba.com/wp-json/>; rel="https://api.w.org/"
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:34 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   20851
Md5:    7d5e08c4adc2dc3f5799c1f31b16ae0b
Sha1:   cc8a0cca14655fcbbf4f7f956e92c78d09b5c7d5
Sha256: aab8e71f1ae6386c5f767d1ef8e9871b21f2c62c5ec1c57a9db6b4fec5644638

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/begin/css/fonts/fonts.css?ver=2017.07.26 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:04 GMT
Accept-Ranges: bytes
Etag: "bbf2c4f6576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:35 GMT
Content-Length: 1240


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   1240
Md5:    47e8d18252ba3291dfef069fad626db9
Sha1:   8fa3e4879c5652101fa59556c1cffbdaab4157bc
Sha256: 4d2e21aabc0a0f328fcb58ccb1475578bd46290869e6210113a2c5a90fa1408c

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/begin/img/favicon.ico HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Content-Length: 3606
Last-Modified: Wed, 24 Oct 2018 05:11:05 GMT
Accept-Ranges: bytes
Etag: "6ade47f7576bd41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:35 GMT


--- Additional Info ---
Magic:  MS Windows icon resource - 2 icons, 24x24, 256-colors
Size:   3606
Md5:    e3667c4edb5e97e459f54eaceeb055b6
Sha1:   cd4293be35e2fc6348b35e3729786d012a74df1a
Sha256: 8b13262fdac83a641d3091c752abf4ae55ac59a294439ef39b8021e1eee4a1b0
                                        
                                            GET /wp-content/themes/begin/js/jquery.min.js?ver=1.10.1 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "7a2bcdf7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:35 GMT
Content-Length: 41661


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   41661
Md5:    ca7efa28eeff48ee26a6a3e528ed1077
Sha1:   1afb17e8c1dd2b889b6defe8367f7e5a2a66ff25
Sha256: 8bbbf0583512f1c50bed3d7fd796be853e389405038aab43bea70b1b2217549b

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/begin/style.css?ver=5.2 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "5d1decf7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:35 GMT
Content-Length: 42915


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   42915
Md5:    c55117b9ee9f57aeb24c7ef2222011d9
Sha1:   4e6a73c60d962ba1149f039f30f0e4216647cf5c
Sha256: c44e5a8e54ece1e200db7e1297f8749fc20f1d390511258430454912593561ff

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/begin/css/fonts/iconfont.woff?t=1500726547934 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/wp-content/themes/begin/css/fonts/fonts.css?ver=2017.07.26

                                         
                                         123.254.104.58
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: private
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:36 GMT
Content-Length: 7073


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   7073
Md5:    615a0546cdda157eb9ac84f9326bee41
Sha1:   753527dfbcad0019b81d232c9c0063830216ca51
Sha256: 66198f94399823baa00f9ef807fd7c3a20033ce1519524a48aaba39b5704dd8b
                                        
                                            GET /wp-content/themes/begin/css/fonts/iconfont.ttf?t=1500726547934 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/wp-content/themes/begin/css/fonts/fonts.css?ver=2017.07.26

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Content-Length: 26256
Last-Modified: Wed, 24 Oct 2018 05:11:04 GMT
Accept-Ranges: bytes
Etag: "bbf2c4f6576bd41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:37 GMT


--- Additional Info ---
Magic:  TrueType font data\012 raw G3 data, byte-padded
Size:   26256
Md5:    5b9079e8e51f484b75e4274138b18626
Sha1:   bfc56194b651b6bba674885a289652500c5e2a93
Sha256: cacd90bed6e38d5ae1d46e7e4e1818eaf2e687ed47fd9b4aafd9183aa10d2661

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /stat.php?id=1258510834&show=pic HTTP/1.1 
Host: s95.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html

                                         
                                         59.46.4.208
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: Tengine
Content-Length: 11737
Connection: keep-alive
Date: Mon, 12 Nov 2018 15:25:24 GMT
Last-Modified: Mon, 12 Nov 2018 15:25:24 GMT
Cache-Control: max-age=5400,s-maxage=5400
Via: cache12.l2cm9[0,200-0,H], cache4.l2cm9[1,0], kunlun4.cn332[73,200-0,M], kunlun8.cn332[85,0]
Age: 4918
Ali-Swift-Global-Savetime: 1542041242
X-Cache: MISS TCP_REFRESH_MISS dirn:2:476451238
X-Swift-SaveTime: Mon, 12 Nov 2018 16:47:22 GMT
X-Swift-CacheTime: 482
Timing-Allow-Origin: *
EagleId: 3b2e049c15420412422347813e


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   11737
Md5:    f24dab10448bb8f8a5cc6f372c75e7bd
Sha1:   44a3aec681f99225387390596dd9c455b1c6bb81
Sha256: 1e388beefbc999749f050d6ac2c53a84113e965836b45b2e2ee350eb82975ae4
                                        
                                            GET /core.php?web_id=1258510834&show=pic&t=z HTTP/1.1 
Host: c.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html

                                         
                                         59.46.4.209
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: Tengine
Content-Length: 996
Connection: keep-alive
Date: Mon, 12 Nov 2018 16:43:28 GMT
Last-Modified: Mon, 12 Nov 2018 16:43:28 GMT
Expires: Mon, 12 Nov 2018 16:58:28 GMT
Via: cache9.l2cm9[0,200-0,H], cache19.l2cm9[1,0], kunlun4.cn332[27,200-0,M], kunlun4.cn332[28,0]
Age: 235
Ali-Swift-Global-Savetime: 1542041243
X-Cache: MISS TCP_REFRESH_MISS dirn:-2:-2
X-Swift-SaveTime: Mon, 12 Nov 2018 16:47:23 GMT
X-Swift-CacheTime: 665
Timing-Allow-Origin: *
EagleId: 3b2e049815420412433598228e


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   996
Md5:    b681666e3e48fee446eed5361c541620
Sha1:   0b1b7ee30f66f7389c1fc117a1fad7f4a7a8fce6
Sha256: c477d420b5948d4bbb1c61c00ef78cba1417a673bd2133df92cf6fffbbe76660
                                        
                                            GET /wp-content/themes/begin/img/favicon.png HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 3484
Last-Modified: Wed, 24 Oct 2018 05:11:05 GMT
Accept-Ranges: bytes
Etag: "cb3f4af7576bd41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:38 GMT


--- Additional Info ---
Magic:  PNG image, 114 x 114, 8-bit/color RGBA, non-interlaced
Size:   3484
Md5:    bdfa9dd7ab8965577aea6b461d5c483a
Sha1:   4993fc0d1c7c653aa93bc02ac3a0c215b2c27765
Sha256: 9b8239e7a6b6f39f4712a7f68b54313c95dd2d5cce6a2ef184cdd5dd6878acc1
                                        
                                            GET /wp-content/themes/begin/js/slides.js?ver=2017.07.26 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "da8ccff7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:38 GMT
Content-Length: 1972


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   1972
Md5:    1cedf3196553a1a719dda2e8ef9d7628
Sha1:   1605c7cdcc2de6ae1a1ba175a3ce057ba5701565
Sha256: 0ed0a7030f9f223189edd7413731555909ed00807fff8a6970f78979febd95f1

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/begin/js/3dtag.js?ver=2017.07.26 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "597c6f7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:38 GMT
Content-Length: 1935


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   1935
Md5:    d1cefb1ed0a8b4f039caa49778ae248e
Sha1:   c76f1cdafd3b569017781dbb6228a02fb222e957
Sha256: d6da0b51d0081877da843c2c68f7e84cbf9e57fa2bfd9428c8e9e7cdaa41094d
                                        
                                            GET /wp-content/themes/begin/js/tipso.js?ver=1.0.1 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "3aeed1f7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:39 GMT
Content-Length: 2367


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   2367
Md5:    69b251cffff12a3834f68433b9177ade
Sha1:   b62ba258da792d5a35ae702ebc228f9e840b5590
Sha256: 1365dd9b9d3187e56f71688b81b4301424136aa8348298e5f5e483fd0dbdc6d7
                                        
                                            GET /wp-content/themes/begin/js/jquery.qrcode.min.js?ver=2017.07.26 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "7a2bcdf7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:39 GMT
Content-Length: 6489


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   6489
Md5:    3a68e981a76bc26ded5461aceb59b7fe
Sha1:   0b86259c56e39a7032754d4c19319efef98066fe
Sha256: fc21b9b6cb8b344d8e4e09f9499007f8eb4f0a735542656ef1ad0e69c8f7614b
                                        
                                            GET /9.gif?abc=1&rnd=2044096541 HTTP/1.1 
Host: cnzz.mmstat.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html

                                         
                                         198.11.132.221
HTTP/1.1 302 Found
Content-Type: image/gif
                                        
Date: Mon, 12 Nov 2018 16:47:24 GMT
Content-Length: 43
Connection: close
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=nJxwFIV3YQ8CAU0ogXvSC3UB; expires=Thu, 09-Nov-28 16:47:24 GMT; path=/; domain=.mmstat.com sca=95f63353; path=/; domain=.cnzz.mmstat.com atpsida=fac7449cf1c4902a42911146_1542041244_1; path=/; domain=.cnzz.mmstat.com
Location: http://pcookie.cnzz.com/app.gif?&cna=nJxwFIV3YQ8CAU0ogXvSC3UB
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /wp-content/themes/begin/js/script.js?ver=2017.07.26 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "da8ccff7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:39 GMT
Content-Length: 6967


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   6967
Md5:    d6c74ca535ba364c42968975a875eb3a
Sha1:   3df9d507e0ca5ad2e0ce448417c887d1a376a33d
Sha256: fba4743b4835cbf726758a34772c2175ba44e5acf524f6450bd2fa1aef13be3a

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/begin/js/superfish.js?ver=2017.07.26 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "3aeed1f7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:39 GMT
Content-Length: 3966


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   3966
Md5:    c3b90710a1db21a4fc7c35d5d1a8b959
Sha1:   dceac6fdbf7af81eda2c32846ec17f63cc8f59af
Sha256: 639ddd24065003f0874ff241c930c384bec3194e0f01edc9eb1e3962a724324b

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/begin/js/gb2big5.js?ver=2017.07.26 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "b968c8f7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:39 GMT
Content-Length: 14304


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   14304
Md5:    dfa66598a650113e1add806e2c231d9e
Sha1:   4144e4e61b5df1d8096d223fb846b4b4e4e9901a
Sha256: 4949187542981d5c80de4c87a8373eb18f65da721c5429dff79d60a35b560cc0

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2018/10/weixin.png HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 19535
Last-Modified: Thu, 25 Oct 2018 12:28:36 GMT
Accept-Ranges: bytes
Etag: "4a459405e6cd41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:38 GMT


--- Additional Info ---
Magic:  PNG image, 200 x 200, 8-bit/color RGBA, non-interlaced
Size:   19535
Md5:    da4846705fc66579e0c39434d57ed4f6
Sha1:   3300b952f1b7816d2b8bae152d9ee0ef6b1174ef
Sha256: 380cbb916b853c2c3a74197260e29dc0a23239fe0466f8575a3ddb30056da7a0
                                        
                                            GET /wp-content/themes/begin/js/wpzm.js?ver=2017.07.26 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "3aeed1f7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:39 GMT
Content-Length: 555


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   555
Md5:    33a6a2e7b99e746890d6031ce7265095
Sha1:   4eceebdab26ea383d2dee87aef873a681ffc04b7
Sha256: 83d55b5d86eabf65f2cf0d29f649ab575e354ec884329dd06a0e9923ec1c0d34

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/begin/js/sticky.js?ver=1.6.0 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "da8ccff7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:39 GMT
Content-Length: 2477


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   2477
Md5:    4c0e84ced3c0d756c6c84947f07e0512
Sha1:   8d4b1f0a625d9721c1d1fa0ede9b36f0ddd7e413
Sha256: 4ad719c781566a71d3f3480bd67f3269c9859bd042801e665ddfc9f8baaf51b0

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /stat.htm?id=1258510834&r=&lg=en-us&ntime=none&cnzz_eid=551121782-1542036324-&showp=1176x885&t=%E4%BA%B2%EF%BC%8C%E4%BD%A0%E8%BF%B7%E8%B7%AF%E4%BA%86%EF%BC%81%7C%20%E7%AB%A5%E7%BC%98%E5%90%A7%E6%97%A9%E6%95%99%E8%B5%84%E6%BA%90%E7%BD%91&umuuid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb&h=1&rnd=362550666 HTTP/1.1 
Host: z4.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html

                                         
                                         203.119.128.195
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: Tengine
Date: Mon, 12 Nov 2018 16:47:24 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   22
Md5:    8bd3e739a9ba80a435f0214811da0c2a
Sha1:   bfc17d1e04e56542eb8037f08ed142efd252ea82
Sha256: a2dd5774b01bbfc29140279e02fea087df42a4c257dce8858226737a2e521986
                                        
                                            GET /wp-content/themes/begin/js/selectordie.js?ver=2017.07.26 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "da8ccff7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:39 GMT
Content-Length: 3305


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   3305
Md5:    5c959cd6206bff81120758dd6ed4bcdf
Sha1:   04d71614e5f0ba7a74d75570e2a866c04ca265fb
Sha256: 257b3eca64e0f8648d1431642c38d8d8b4c37a52c5e4e827886d3f4342407bde
                                        
                                            GET /wp-content/themes/begin/js/flexisel.js?ver=2017.07.26 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "b968c8f7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:39 GMT
Content-Length: 2501


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   2501
Md5:    7dcc57c4d6a0abdac472c74be57762bd
Sha1:   53a4a7f43f37bd5da0a045b0b682f45fa80e0aa5
Sha256: 14309b109920e306d2695f890d792372989ee808c8c2544bf3fc812a96586573
                                        
                                            GET /wp-content/themes/begin/js/jquery-ias.js?ver=2.2.1 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "19cacaf7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:39 GMT
Content-Length: 5050


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   5050
Md5:    071bcfb7441b51c18f179d910798e27d
Sha1:   90b2f3b1db40e662f8b6e2f925f1759b4a7852a1
Sha256: edb1938e28f27a3846982cac6b990deca8090435a894691bc67db6ef4a91e49b

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/begin/js/jquery.lazyload.js?ver=2017.07.26 HTTP/1.1 
Host: tongyuanba.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html
Cookie: UM_distinctid=16708d20d2b3-061319f7cd847d-6c242d76-fe178-16708d20d2cfb; CNZZDATA1258510834=551121782-1542036324-%7C1542036324

                                         
                                         123.254.104.58
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 05:11:06 GMT
Accept-Ranges: bytes
Etag: "7a2bcdf7576bd41:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: WAF/2.0
Date: Mon, 12 Nov 2018 16:44:40 GMT
Content-Length: 1592


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
Size:   1592
Md5:    10ec0a4024bd74006859137d37024463
Sha1:   e6367380b2bb7959b1e47a57d89300e35c75227a
Sha256: bc47ca21a7429b57709d1cc85db8f3821a3e6cea9d80b261807fa6d0324e8ded

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /app.gif?&cna=nJxwFIV3YQ8CAU0ogXvSC3UB HTTP/1.1 
Host: pcookie.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html

                                         
                                         106.11.94.21
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Mon, 12 Nov 2018 16:47:26 GMT
Content-Length: 43
Connection: close
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=nJxwFIV3YQ8CAU0ogXvSC3UB; expires=Thu, 09-Nov-28 16:47:26 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /img/pic.gif HTTP/1.1 
Host: icon.cnzz.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://tongyuanba.com/thread-202-1-1.html

                                         
                                         116.207.118.89
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: Tengine
Content-Length: 719
Connection: keep-alive
Date: Mon, 12 Nov 2018 10:45:12 GMT
Last-Modified: Fri, 16 Jan 2009 08:10:47 GMT
Expires: Tue, 13 Nov 2018 10:45:12 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
Via: cache27.l2cn739[53,304-0,C], cache14.l2cn739[26,0], kunlun10.cn1241[0,200-0,H], kunlun3.cn1241[0,0]
Age: 21741
Ali-Swift-Global-Savetime: 1541933112
X-Cache: HIT TCP_MEM_HIT dirn:9:309617951
X-Swift-SaveTime: Mon, 12 Nov 2018 10:45:12 GMT
X-Swift-CacheTime: 86400
Timing-Allow-Origin: *
EagleId: 74cf71a115420412535153744e


--- Additional Info ---
Magic:  GIF image data, version 89a, 50 x 12
Size:   719
Md5:    bcdd9aa92c5876f207f70567d101a896
Sha1:   786c52002f857fcbff04a5781ec35792be11af4a
Sha256: 98a4ab97e12555ab969012d151a578dae7a3b8699d202485fcf8116e55497735