Overview

URL hebwanshun.com/html/htmlldjh2016072538222.html
IP104.223.149.49
ASNAS46573 Global Frag Networks
Location United States
Report completed2018-10-13 11:44:36 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-10-13 11:44:00 CEST 1  104.223.149.49 Client IP ET TROJAN PE EXE or DLL Windows file download Text
2018-10-13 11:44:01 CEST 1  104.223.149.49 Client IP ET TROJAN RAMNIT.A M1
2018-10-13 11:44:00 CEST 1  104.223.149.49 Client IP ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
2018-10-13 11:44:00 CEST 1  104.223.149.49 Client IP ET TROJAN RAMNIT.A M2


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-10-13 2 hebwanshun.com/yesads.js Malware
2018-10-13 2 hebwanshun.com/html/htmlldjh2016072538222.html Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.223.149.49

Date UQ / IDS / BL URL IP
2018-11-25 08:52:13 +0100
0 - 0 - 2 hebwanshun.com/html/htmlghxw2016120249283.html 104.223.149.49
2018-11-24 10:33:49 +0100
0 - 4 - 2 hebwanshun.com/html/hynlslghjntskc20160727374 (...) 104.223.149.49
2018-11-24 04:02:48 +0100
0 - 0 - 2 hebwanshun.com/html/hynlslghlmgz2016101244415.html 104.223.149.49
2018-11-24 03:37:00 +0100
0 - 4 - 2 hebwanshun.com/html/nyghlmgz2016092042909.html 104.223.149.49
2018-11-22 17:51:16 +0100
0 - 0 - 4 aixuesmile.com/html/2016112930641395.html 104.223.149.49
2018-10-30 10:11:03 +0100
0 - 0 - 4 aixuesmile.com/html/2016111730608893.html 104.223.149.49
2018-10-30 03:43:48 +0100
0 - 0 - 2 hebwanshun.com/html/htmljcsj2016110947343.html 104.223.149.49
2018-10-29 03:51:16 +0100
0 - 0 - 2 hebwanshun.com/html/htmljcdt2016121350344.html 104.223.149.49
2018-10-24 11:53:34 +0200
0 - 0 - 2 hebwanshun.com/html/htmlhdfc2016120249252.html 104.223.149.49
2018-10-13 11:29:14 +0200
0 - 3 - 1 hebwanshun.com/htmlghdh.html 104.223.149.49

Last 10 reports on ASN: AS46573 Global Frag Networks

Date UQ / IDS / BL URL IP
2019-06-10 18:25:41 +0200
0 - 0 - 1 lcxunjie.cn/html/hdxzxstd86190.html 107.179.119.78
2019-06-10 18:25:19 +0200
0 - 0 - 1 sdvmj.cn/html/info345....xbjjxbjj.html 107.179.119.158
2019-06-10 18:25:02 +0200
0 - 0 - 1 jxylmuye.cn/html/bmgkjgsz.html 107.179.119.198
2019-06-10 18:24:57 +0200
0 - 0 - 1 phyxgs.com.cn/html/zsjz14252847496.html 107.179.119.182
2019-06-10 17:50:47 +0200
0 - 0 - 1 lylhf.com.cn/html/jiuyebaozhanghezuodanwei201 (...) 107.179.119.197
2019-06-10 17:50:45 +0200
0 - 0 - 1 jensmay.cn/html/.tztg201611....hysqk.html 107.179.119.216
2019-06-10 17:50:11 +0200
0 - 0 - 1 lyjiuhua136.cn/html/hyzx7641.html 107.179.119.198
2019-06-10 17:49:34 +0200
0 - 0 - 1 jinaotanye.com.cn/htmlzt2016bkhpc_hashaymnR1.html 107.179.119.16
2019-06-10 17:49:17 +0200
0 - 0 - 2 lczhggwz.com.cn/xzzxxwbgzl.html 107.179.119.77
2019-06-10 17:48:36 +0200
0 - 0 - 2 lczhggwz.com.cn/html/jxsw234404.html 107.179.119.77

Last 10 reports on domain: hebwanshun.com

Date UQ / IDS / BL URL IP
2019-05-23 23:29:35 +0200
0 - 0 - 1 hebwanshun.com/html/hynlslghgsgg2016072637324.html 154.211.208.150
2019-03-27 20:46:35 +0100
0 - 0 - 1 hebwanshun.com/html/htmljrtt2016121250036.html 154.211.208.150
2019-03-04 16:05:38 +0100
0 - 0 - 1 hebwanshun.com/html/htmlzgfwzdjs2016112548595.html 154.211.208.150
2019-02-25 11:58:14 +0100
0 - 0 - 1 hebwanshun.com/html/jtjsgsgg2016080939399.html 103.75.45.5
2019-02-25 11:58:02 +0100
0 - 0 - 1 hebwanshun.com/html/htmlcgzs2016062834953.html 103.75.45.5
2019-01-04 01:59:43 +0100
0 - 0 - 1 hebwanshun.com/html/htmljrtt2016082941469.html 50.63.202.94
2018-11-25 08:52:13 +0100
0 - 0 - 2 hebwanshun.com/html/htmlghxw2016120249283.html 104.223.149.49
2018-11-24 10:33:49 +0100
0 - 4 - 2 hebwanshun.com/html/hynlslghjntskc20160727374 (...) 104.223.149.49
2018-11-24 04:02:48 +0100
0 - 0 - 2 hebwanshun.com/html/hynlslghlmgz2016101244415.html 104.223.149.49
2018-11-24 03:37:00 +0100
0 - 4 - 2 hebwanshun.com/html/nyghlmgz2016092042909.html 104.223.149.49


JavaScript

Executed Scripts (6)


Executed Evals (0)


Executed Writes (3)

#1 JavaScript::Write (size: 200, repeated: 1) - SHA256: 411b7eaea401301887b2cd1c79d62e004864f9992e844d122ea145bae4bd5912

                                        < a href = "http://tongji.baidu.com/hm-web/welcome/ico?s=86f43783acc56b0c8abb5bb039edc763"
target = "_blank" > < img border = "0"
src = "https://hmcdn.baidu.com/static/hmt/icon/21.gif"
width = "20"
height = "20" > < /a>
                                    

#2 JavaScript::Write (size: 105, repeated: 1) - SHA256: 24e0d9ffa7439b15c93e7684bc30b154fe24360b253ac950defadb01d7cc92de

                                        < script src = ' http://hm.baidu.com/h.js?86f43783acc56b0c8abb5bb039edc763'
type = 'text/javascript' > < /script>
                                    

#3 JavaScript::Write (size: 87, repeated: 1) - SHA256: a72b285b9287c1181927cd290a6f6c08d519ebc6754bc9f04fce904ca106945e

                                        < script src = 'https://s95.b9823852351323h.com/by/dz.js'
type = 'text/javascript' > < /script>
                                    


HTTP Transactions (35)


Request Response
                                        
                                            GET /images/resstatic10jsowl-carouselowlcarouselcss.css HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/html/htmlldjh2016072538222.html

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Length: 1476
Last-Modified: Mon, 28 Nov 2016 00:19:20 GMT
Accept-Ranges: bytes
Etag: "bca74310d49d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:02 GMT


--- Additional Info ---
Magic:  ASCII C program text
Size:   1476
Md5:    0371b5a2d50e985b09b7d337edc0dc9f
Sha1:   07ad383de4cd0e21c289e3c6695b4822d1a7ad1d
Sha256: 4dc77ee90dc2225b57b31d28fe06213cd6c491bdc7249a6e70ebd003b72c5702
                                        
                                            GET /yesads.js HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/html/htmlldjh2016072538222.html

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Length: 106
Last-Modified: Thu, 13 Apr 2017 15:53:10 GMT
Accept-Ranges: bytes
Etag: "32dbfdc6eb4d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:02 GMT


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   106
Md5:    17a8754edf85068082f8b1ac1519d80e
Sha1:   33a9c0cccfe3d299c1ebb6d77fc4e0097b35f5a9
Sha256: 85965e1cee169e6ea1129285cafdd3c90f4e7b046207290c9ad9bc51bc58afdf

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /images/resstatic10cssmaincss.css HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/html/htmlldjh2016072538222.html

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Length: 12809
Last-Modified: Sat, 26 Nov 2016 23:18:21 GMT
Accept-Ranges: bytes
Etag: "60cd28613b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:01 GMT


--- Additional Info ---
Magic:  UTF-8 Unicode (with BOM) C program text, with CRLF line terminators
Size:   12809
Md5:    8f6bf830759498bb875495b729b35f77
Sha1:   77d0b5f09a9ba7b5c404ad112e729d0c315e46ab
Sha256: a21e168ea6eed39f86f583f20290ea99c51f198fc723484a44602f8f66918c35
                                        
                                            GET /images/resstatic10cssnewscss.css HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/html/htmlldjh2016072538222.html

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Length: 13102
Last-Modified: Mon, 28 Nov 2016 00:18:17 GMT
Accept-Ranges: bytes
Etag: "34ef86eac49d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:02 GMT


--- Additional Info ---
Magic:  ASCII C program text, with CRLF line terminators
Size:   13102
Md5:    2cc612a95e5e400e63c62adb614c254f
Sha1:   692a465f8ddfef9b655b84aea3e8c1d8d6f3ddb4
Sha256: de5f21e318359d97009774559a85be3aeb723e6c01e5e227b7e74353f137e65d
                                        
                                            GET /html/htmlldjh2016072538222.html HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Length: 142126
Last-Modified: Fri, 03 Aug 2018 18:36:51 GMT
Accept-Ranges: bytes
Etag: "4abec4f1582bd41:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:01 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   142126
Md5:    f6a043cdc4f43b08c66ecd7edef0e3ed
Sha1:   bf23b098e18f589f92ab58ca356824a532f53be3
Sha256: 26bc0cbdc19833c9769ff2ab7bc95973759d3f5d9bc7fede1cd7e2dee0adae70

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET TROJAN PE EXE or DLL Windows file download Text
    - ET TROJAN RAMNIT.A M1
    - ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
    - ET TROJAN RAMNIT.A M2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Tue, 09 Oct 2018 02:28:28 GMT
Etag: 3E5B6473C19C93A0AC0BF31E3E7A046E9548825D
X-OCSP-Responder-ID: rmdccaocsp27
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=232467
Expires: Tue, 16 Oct 2018 02:18:27 GMT
Date: Sat, 13 Oct 2018 09:44:00 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    3069d7f7f12a188e36a9359e2cb06e7e
Sha1:   3e5b6473c19c93a0ac0bf31e3e7a046e9548825d
Sha256: 3ddd6b61c2b5d030f41a95127deb56d8e67077c27d4b723fa9f02d313722d0ce
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 08 Oct 2018 09:27:34 GMT
Etag: 96CAB35BEB3E9D5CDA87713907CE20DD84A9A9D3
X-OCSP-Responder-ID: rmdccaocsp20
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=171173
Expires: Mon, 15 Oct 2018 09:16:53 GMT
Date: Sat, 13 Oct 2018 09:44:00 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    48ec56c49763fb783e2d3e8cb7020557
Sha1:   96cab35beb3e9d5cda87713907ce20dd84a9a9d3
Sha256: 80d008301ac25c61f529df8faf1657c03f5766f77d996e455b5983158fb3dec1
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Mon, 08 Oct 2018 09:27:34 GMT
Etag: 090C34B232998ED0CB442389A283D60A7212687C
X-OCSP-Responder-ID: rmdccaocsp21
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=171168
Expires: Mon, 15 Oct 2018 09:16:48 GMT
Date: Sat, 13 Oct 2018 09:44:00 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    918e7ad6efba9cd193ede3de6438f9b1
Sha1:   090c34b232998ed0cb442389a283d60a7212687c
Sha256: ff1641777dd048546458ac7b135f68cda235fd5d2e4dc8b9cb1c9bfa51ef30ec
                                        
                                            GET /by/dz.js HTTP/1.1 
Host: s95.b9823852351323h.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/html/htmlldjh2016072538222.html

                                         
                                         45.65.46.3
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Apache
Date: Sat, 13 Oct 2018 11:39:28 GMT
Content-Length: 599
Connection: keep-alive
Keep-Alive: timeout=60


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   599
Md5:    dba02a71fc18fb2c4fcd589a092082c9
Sha1:   f90091f65e520c06e2d88832bdf82873791eb1e3
Sha256: 7d994fac9118f65d5ba748ace4c56e94130c0a813b64a5a9d441650412f27232
                                        
                                            GET /images/resstatic1.0imagesmlogo.png HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/html/htmlldjh2016072538222.html

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 3391
Last-Modified: Sat, 26 Nov 2016 23:17:08 GMT
Accept-Ranges: bytes
Etag: "cac6f353b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:03 GMT


--- Additional Info ---
Magic:  PNG image, 265 x 40, 8-bit colormap, non-interlaced
Size:   3391
Md5:    96ccd5ef98779c039d6c0b20a7a78e08
Sha1:   b045e3c53e5d132a73e8c67d8a467d0d01c99170
Sha256: 38c53a82cafbe39c43d80b28418831b1b74d582d0391b3834ef0b7bab66ac77f
                                        
                                            GET /images/imagesweixin_icon.png HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/images/resstatic10cssmaincss.css

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 553
Last-Modified: Sat, 26 Nov 2016 23:18:06 GMT
Accept-Ranges: bytes
Etag: "5c2420583b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:03 GMT


--- Additional Info ---
Magic:  PNG image, 30 x 26, 8-bit gray+alpha, non-interlaced
Size:   553
Md5:    af381bef76394faf36ff5a5685f7526e
Sha1:   85fc012a45ac7b9f2e3a1885c99c838d84bb7f44
Sha256: 8da2ccfcf6729c0369dd3ed3c5368e287da3be5dc87293517ed8e137e3dd88f0
                                        
                                            GET /images/imagesbanner.png HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/images/resstatic10cssmaincss.css

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 82442
Last-Modified: Sat, 26 Nov 2016 23:18:02 GMT
Accept-Ranges: bytes
Etag: "1679a553b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:03 GMT


--- Additional Info ---
Magic:  PNG image, 1800 x 220, 8-bit/color RGB, non-interlaced
Size:   82442
Md5:    3481f279fc8cea8fb68da7ea022fdd94
Sha1:   ecdc5de6a94fcf6c6cdc708ea1ae5a717791e081
Sha256: 4f8acf8eb2bceb649abdbe80731795ac11099e48c1e08540b26d59af8af236d3
                                        
                                            GET /images/resstatic1.0imagesqr-weixin.jpg HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/html/htmlldjh2016072538222.html

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 5925
Last-Modified: Sat, 26 Nov 2016 23:17:01 GMT
Accept-Ranges: bytes
Etag: "d43e32313b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:03 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   5925
Md5:    6e4ae894e02c4678f2f8540ac0f0448e
Sha1:   8ab5c886c54d768dc9a8bb05b2de91a922bc5fcf
Sha256: 3908651320e0ae3281290363fc5dbc0d5822dede20d93971f29a30d083ce58e2
                                        
                                            GET /images/imagessina_icon.png HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/images/resstatic10cssmaincss.css

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 620
Last-Modified: Sat, 26 Nov 2016 23:18:05 GMT
Accept-Ranges: bytes
Etag: "3e9fb9573b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:03 GMT


--- Additional Info ---
Magic:  PNG image, 28 x 24, 8-bit gray+alpha, non-interlaced
Size:   620
Md5:    1921b63d08d5c5ff0c334ae91214842a
Sha1:   c5ff0385ebc94f87f1eaaa89b5590c136402251a
Sha256: fbd9cb527d97950a0fba0f3b4a6d902a45565d878a8040017a13668f52c584bc
                                        
                                            GET /images/resstatic1.0imagesqr-app.jpg HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/html/htmlldjh2016072538222.html

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 32222
Last-Modified: Sat, 26 Nov 2016 23:17:07 GMT
Accept-Ranges: bytes
Etag: "f68bab343b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:03 GMT


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   32222
Md5:    a5fb3a2a354fee73d27bea023d55c237
Sha1:   4cfb4a9cf5fa3ff96ce6b6dde804314928a21a22
Sha256: 2b555f9e87ff2b430d6a38706d46390d6e419e15e6299553e612cbcd3c93d167
                                        
                                            GET /images/imagesphone_icon.png HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/images/resstatic10cssmaincss.css

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 368
Last-Modified: Sat, 26 Nov 2016 23:18:10 GMT
Accept-Ranges: bytes
Etag: "3881445a3b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:04 GMT


--- Additional Info ---
Magic:  PNG image, 18 x 27, 8-bit gray+alpha, non-interlaced
Size:   368
Md5:    f4e0e23dbb72ed7c1adb8402145d0336
Sha1:   449834aee4725606cccff639f58b3ebfdf01dc28
Sha256: 7a475505eb2e434e83c6a569632f893fcb153632d761e1abb11cc69983b800e7
                                        
                                            GET /images/imagesslt_icon.png HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/images/resstatic10cssmaincss.css

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 308
Last-Modified: Sat, 26 Nov 2016 23:18:10 GMT
Accept-Ranges: bytes
Etag: "566ab5a3b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:04 GMT


--- Additional Info ---
Magic:  PNG image, 10 x 5, 8-bit gray+alpha, non-interlaced
Size:   308
Md5:    2fbb661d4110bda687d290a2df67a87c
Sha1:   df70b60eb2b3cacc39123bcd50399070d69f050e
Sha256: 6707839e15d2f9b26c4a5bcf401dff5329405b5e844b8ec97c02d1441112fb7c
                                        
                                            GET /images/imageszoom_icon.png HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/images/resstatic10cssmaincss.css

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 451
Last-Modified: Sat, 26 Nov 2016 23:18:11 GMT
Accept-Ranges: bytes
Etag: "b29f55b3b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:04 GMT


--- Additional Info ---
Magic:  PNG image, 20 x 20, 8-bit gray+alpha, non-interlaced
Size:   451
Md5:    6d8fefffb82c10b8350d96ab968889d5
Sha1:   3c321ba26f835e746abf08c7a6b16bf4f4d18535
Sha256: 3e99b44c6e876100e9b6f92f7aac5f65f3655e506b10032d01119d1e61d21ffc
                                        
                                            GET /images/imageshome_icon.png HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/images/resstatic10cssmaincss.css

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 424
Last-Modified: Sat, 26 Nov 2016 23:18:12 GMT
Accept-Ranges: bytes
Etag: "1070b85b3b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:04 GMT


--- Additional Info ---
Magic:  PNG image, 14 x 13, 8-bit gray+alpha, non-interlaced
Size:   424
Md5:    2e9064c18682eba541c99a3f21eb4af8
Sha1:   b671ae3641e0a9df69d6c5b56d3bc76f1e8d9ea3
Sha256: c59b74ded1ced64405a7c8c95a4e5bd6704fa3772648194ce80529dbfbef7b11
                                        
                                            GET /images/imagestel.png HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/images/resstatic10cssmaincss.css

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 637
Last-Modified: Sat, 26 Nov 2016 23:18:16 GMT
Accept-Ranges: bytes
Etag: "462fdf5d3b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:04 GMT


--- Additional Info ---
Magic:  PNG image, 17 x 18, 8-bit colormap, non-interlaced
Size:   637
Md5:    8fe101535641cd82bbb53c001a6da8bc
Sha1:   efca78f70f1980dd15870c2c76f5f78df11a5ff6
Sha256: 5ab876da97358a41cfaad0a68e5a5dfa80d8e6d248df6840d49e4ceadc2bd595
                                        
                                            GET /images/imagesdot.jpg HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/images/resstatic10cssnewscss.css

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 1139
Last-Modified: Mon, 28 Nov 2016 00:17:26 GMT
Accept-Ranges: bytes
Etag: "1c7d2accc49d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:04 GMT


--- Additional Info ---
Magic:  JPEG image data, EXIF standard
Size:   1139
Md5:    8f73d79707c3aaca16c1067efa982491
Sha1:   324d465a9beb1775e5cfa9db9abaa3fbffbadd4b
Sha256: 27ed1654814e25dcefe6bdec9c9e1af5a976d965f3a59e4c2d9a81cc67cb3151
                                        
                                            GET /index.php?c=code&id=1&color=%23FFFFFF&icon=4&wind=0&num=2 HTTP/1.1 
Host: i.tianqi.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/html/htmlldjh2016072538222.html

                                         
                                         59.110.144.68
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 13 Oct 2018 09:44:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.20
Set-Cookie: ipPy=beijing; expires=Mon, 12-Nov-2018 09:44:01 GMT; Max-Age=2592000; path=/
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1440
Md5:    08a391a242b2ccd5dba5a0db0aee5f47
Sha1:   09d0f570e30813bd19d36addc7c7a4e8e74772c8
Sha256: ee12b8c004bc48f437112e2ea09a0fca7fee1459c9aa9e21abdd7e0aa42cf6cd
                                        
                                            GET /images/resstatic1.0imagesqr-weibo.jpg HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hebwanshun.com/html/htmlldjh2016072538222.html

                                         
                                         104.223.149.49
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 43705
Last-Modified: Sat, 26 Nov 2016 23:17:00 GMT
Accept-Ranges: bytes
Etag: "0be6e303b48d21:106e0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:03 GMT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   43705
Md5:    374d00008ee344ea1e04e63a80c3fb06
Sha1:   b175ea24bcb0d6979b197c6260cf74f4b47ce030
Sha256: 9614ac88f214d038ba2dc7866ab0e5d91ee30e9c8f45787db14ee550981868b5
                                        
                                            GET /static/images/tianqi/b0.png HTTP/1.1 
Host: img.tianqi.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://i.tianqi.com/index.php?c=code&id=1&color=%23FFFFFF&icon=4&wind=0&num=2

                                         
                                         119.167.151.222
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: Tengine
Content-Length: 4110
Connection: keep-alive
Date: Fri, 21 Sep 2018 08:32:50 GMT
Last-Modified: Wed, 01 Aug 2018 12:33:03 GMT
Etag: "5b61a87f-100e"
Expires: Sun, 21 Oct 2018 08:32:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Via: cache31.l2nu20-3[0,200-269,H], cache17.l2nu20-3[10002,0], kunlun6.cn119[0,200-0,H], kunlun3.cn119[1,0]
X-Swift-Error: forward connect timeout
Age: 1905073
Ali-Swift-Global-Savetime: 1538274197
X-Cache: HIT TCP_MEM_HIT dirn:0:174567539
X-Swift-SaveTime: Sun, 30 Sep 2018 02:23:17 GMT
X-Swift-CacheTime: 1836573
Timing-Allow-Origin: *
EagleId: 77a7979715394238436788032e


--- Additional Info ---
Magic:  PNG image, 25 x 25, 8-bit/color RGBA, non-interlaced
Size:   4110
Md5:    fc2fccfd002ea6c723c841e73fd5b741
Sha1:   96272b0a78618bfe585b9a8769df9fa075467326
Sha256: 6013577869aea76f35e9c468ec471bf540f52340e75ea060926238f9c7ede1ef
                                        
                                            GET /js/jquery/1.8.2/jquery.min.js HTTP/1.1 
Host: lib.sinaapp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://i.tianqi.com/index.php?c=code&id=1&color=%23FFFFFF&icon=4&wind=0&num=2

                                         
                                         14.116.224.35
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 13 Oct 2018 09:44:03 GMT
Content-Length: 33401
Connection: keep-alive
Last-Modified: Fri, 11 Dec 2015 17:08:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Via: 1565
Expires: Tue, 16 Oct 2018 09:44:03 GMT
Cache-Control: max-age=259200
Sae-Cache: HIT from 14.116.224.35
Accept-Ranges: bytes


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   33401
Md5:    7a245e191b9e7a793f4456f06224ddaf
Sha1:   60a5c6217cfe4d588fdc3baa248be95588f9065a
Sha256: 02a3d67ed07cfbae05e6b0d16e37f53807672eac727519c0d256dcac871a8aef
                                        
                                            GET /static/images/tianqi/b1.png HTTP/1.1 
Host: img.tianqi.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://i.tianqi.com/index.php?c=code&id=1&color=%23FFFFFF&icon=4&wind=0&num=2

                                         
                                         119.167.151.222
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: Tengine
Content-Length: 4315
Connection: keep-alive
Date: Fri, 21 Sep 2018 08:32:49 GMT
Last-Modified: Wed, 01 Aug 2018 12:33:03 GMT
Etag: "5b61a87f-10db"
Expires: Sun, 21 Oct 2018 08:32:49 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Via: cache48.l2nu20-3[0,200-269,C], cache12.l2nu20-3[9895,0], kunlun1.cn119[0,200-0,H], kunlun4.cn119[0,0]
X-Swift-Error: forward connect timeout
Age: 1905077
Ali-Swift-Global-Savetime: 1538274198
X-Cache: HIT TCP_MEM_HIT dirn:9:158239835
X-Swift-SaveTime: Sun, 30 Sep 2018 02:23:18 GMT
X-Swift-CacheTime: 1836571
Timing-Allow-Origin: *
EagleId: 77a7979815394238465318337e


--- Additional Info ---
Magic:  PNG image, 25 x 25, 8-bit/color RGBA, non-interlaced
Size:   4315
Md5:    19734a04690ae2e8c0b882d9f584de5b
Sha1:   09ab56685e52fbb982be3851cbad3084e434aba7
Sha256: ed9ae6ba83fb51a055fcb7ae898889362f0955d15f8f591053f5367e8eb68ce7
                                        
                                            GET /static/css/mobile.css HTTP/1.1 
Host: img.tianqijun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://i.tianqi.com/index.php?c=code&id=1&color=%23FFFFFF&icon=4&wind=0&num=2

                                         
                                         119.167.151.223
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: Tengine
Content-Length: 17892
Connection: keep-alive
Date: Sat, 13 Oct 2018 07:57:51 GMT
Last-Modified: Tue, 25 Sep 2018 14:51:46 GMT
Etag: "5baa4b82-45e4"
Expires: Sat, 13 Oct 2018 19:57:51 GMT
Cache-Control: max-age=43200
Vary: Accept-Encoding
Accept-Ranges: bytes
Via: cache24.l2cm9[0,304-0,H], cache11.l2cm9[0,0], kunlun4.cn119[0,200-0,H], kunlun7.cn119[0,0]
Age: 6381
Ali-Swift-Global-Savetime: 1536213309
X-Cache: HIT TCP_MEM_HIT dirn:3:213937686
X-Swift-SaveTime: Sat, 13 Oct 2018 07:57:51 GMT
X-Swift-CacheTime: 43200
Timing-Allow-Origin: *
EagleId: 77a7979b15394238527656908e


--- Additional Info ---
Magic:  ISO-8859 text
Size:   17892
Md5:    0cd22fa7a369cbf3673fc5b902ffc954
Sha1:   29d030446739a7700fa8874af71fbdfaa12d6300
Sha256: ddd82be79886abe8428648d2324a7608ad12daf483ee047fd67b243a89495a85
                                        
                                            GET /h.js?86f43783acc56b0c8abb5bb039edc763 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://i.tianqi.com/index.php?c=code&id=1&color=%23FFFFFF&icon=4&wind=0&num=2

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 9376
Date: Sat, 13 Oct 2018 09:44:13 GMT
Etag: 7e86a88979fc606521809808ee513ba4
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=79D52F792B9BD99A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT


--- Additional Info ---
Magic:  gzip compressed data, from Unix, max speed
Size:   9376
Md5:    ae3efe5566e67da86c58560ce0b7b691
Sha1:   c4c4619c749c3c948e3d846a63bf7497b65de4f4
Sha256: b24a339ae784a49365d5d85f7b32bf640eaf250d680702bdc83b9e690443004e
                                        
                                            GET /static/images/tqicon4/b1.png HTTP/1.1 
Host: img.tianqi.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://i.tianqi.com/index.php?c=code&id=1&color=%23FFFFFF&icon=4&wind=0&num=2

                                         
                                         119.167.151.222
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: Tengine
Content-Length: 5731
Connection: keep-alive
Date: Fri, 21 Sep 2018 08:37:06 GMT
Last-Modified: Wed, 01 Aug 2018 12:33:03 GMT
Etag: "5b61a87f-1663"
Expires: Sun, 21 Oct 2018 08:37:06 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Via: cache21.l2nu20-3[0,200-269,H], cache5.l2nu20-3[10001,0], kunlun9.cn119[0,200-0,H], kunlun3.cn119[0,0]
X-Swift-Error: forward connect timeout
Age: 1904829
Ali-Swift-Global-Savetime: 1538274238
X-Cache: HIT TCP_MEM_HIT dirn:11:415107167
X-Swift-SaveTime: Sun, 30 Sep 2018 02:23:58 GMT
X-Swift-CacheTime: 1836788
Timing-Allow-Origin: *
EagleId: 77a7979715394238552626162e


--- Additional Info ---
Magic:  PNG image, 46 x 46, 8-bit/color RGBA, non-interlaced
Size:   5731
Md5:    2ec80d7916a3561a9e0dd33c6309c23f
Sha1:   beb6fe6e910e03f20f2b94a73a40b64ae98e8f1d
Sha256: ff711cd228de0345528be8af5da73478393b65b0cf6585f9b5ca3390948ccb96
                                        
                                            GET /static/images/tqicon4/b0.png HTTP/1.1 
Host: img.tianqi.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://i.tianqi.com/index.php?c=code&id=1&color=%23FFFFFF&icon=4&wind=0&num=2

                                         
                                         119.167.151.222
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: Tengine
Content-Length: 6444
Connection: keep-alive
Date: Fri, 21 Sep 2018 08:38:24 GMT
Last-Modified: Wed, 01 Aug 2018 12:33:03 GMT
Etag: "5b61a87f-192c"
Expires: Sun, 21 Oct 2018 08:38:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Via: cache41.l2nu20-3[0,200-269,H], cache24.l2nu20-3[10001,0], kunlun1.cn119[0,200-0,H], kunlun4.cn119[0,0]
X-Swift-Error: forward connect timeout
Age: 1904751
Ali-Swift-Global-Savetime: 1538274228
X-Cache: HIT TCP_MEM_HIT dirn:10:155141137
X-Swift-SaveTime: Sun, 30 Sep 2018 02:23:48 GMT
X-Swift-CacheTime: 1836876
Timing-Allow-Origin: *
EagleId: 77a7979815394238552614478e


--- Additional Info ---
Magic:  PNG image, 46 x 46, 8-bit/color RGBA, non-interlaced
Size:   6444
Md5:    c3cd66c742a5e9ea74df141ce2951565
Sha1:   19f1bc650c139abfccd16105d341073680199c9d
Sha256: c760ce9a123aa7ff939a9937e430562337d04bfe0c8b8a44bc1200a48eefa9fb
                                        
                                            GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1176x885&vl=18&et=0&fl=10.0&ja=1&ln=en-us&lo=0&rnd=1100479348&si=86f43783acc56b0c8abb5bb039edc763&su=http%3A%2F%2Fhebwanshun.com%2Fhtml%2Fhtmlldjh2016072538222.html&v=1.2.35&lv=1&ct=!!&tt=%E5%8C%97%E4%BA%AC%E5%A4%A9%E6%B0%94%E9%A2%84%E6%8A%A5%E4%BB%A3%E7%A0%81%E8%B0%83%E7%94%A8&sn=6705 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://i.tianqi.com/index.php?c=code&id=1&color=%23FFFFFF&icon=4&wind=0&num=2
Cookie: HMACCOUNT=79D52F792B9BD99A

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Sat, 13 Oct 2018 09:44:15 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            POST /gsorganizationvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 13 Oct 2018 09:44:17 GMT
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d82251bc8ce59489f331dcae008b95bb81539423857; expires=Sun, 13-Oct-19 09:44:17 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sat, 13 Oct 2018 08:12:21 GMT
Expires: Wed, 17 Oct 2018 08:12:21 GMT
Etag: "6074db1f636903016483a3b66e7b1d9e496fbfc5"
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4690dde4167442b5-OSL


--- Additional Info ---
Magic:  data
Size:   1570
Md5:    241c424e879ce803a967c6c57582ba7a
Sha1:   6074db1f636903016483a3b66e7b1d9e496fbfc5
Sha256: b4b966926fe60b66297018c0dbcdb49b1e66e4ec1ecda01b06dba50562cfdae2
                                        
                                            GET /static/hmt/icon/21.gif HTTP/1.1 
Host: hmcdn.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://i.tianqi.com/index.php?c=code&id=1&color=%23FFFFFF&icon=4&wind=0&num=2

                                         
                                         59.38.112.48
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: JSP3/2.0.14
Date: Sat, 13 Oct 2018 09:44:17 GMT
Content-Length: 1119
Connection: keep-alive
Etag: "58db2ce6-45f"
Last-Modified: Wed, 29 Mar 2017 03:41:26 GMT
Age: 106325
Accept-Ranges: bytes
Ohc-Response-Time: 1 0 0 0 0 0
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  GIF image data, version 89a, 20 x 20
Size:   1119
Md5:    4846349eb75026468ab56a45bd302050
Sha1:   75f0f267ad8fd4ff2ea0736a694d3e9306078bb4
Sha256: cbbb7979af02aa2557c1bb600d06d9030b76cf4f0fdbf893304de035b0d0cc0c
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.223.149.49
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Content-Length: 1308
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:20 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1308
Md5:    2923b250a3660c034aa7831d5e6d7f3c
Sha1:   646f109012bac000fe1bc58f40d112f77483f22a
Sha256: e682dfcdde010f6e15bae0d843696f6ae8d5a85e75441660b782789ee747f075
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: hebwanshun.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.223.149.49
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Content-Length: 1308
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 13 Oct 2018 09:44:23 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1308
Md5:    2923b250a3660c034aa7831d5e6d7f3c
Sha1:   646f109012bac000fe1bc58f40d112f77483f22a
Sha256: e682dfcdde010f6e15bae0d843696f6ae8d5a85e75441660b782789ee747f075