Gen:Variant.Strictor.74096 (BitDefender), HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Siggen6.47921 (DrWeb), Gen:Variant.Strictor.74096 (B) (Emsisoft), SAPE.Heur.82F31 (Symantec), Backdoor.Win32.BlackHole (Ikarus), Gen:Variant.Strictor.74096 (FSecure), Generic_s.EWG (AVG), Win32:Malware-gen (Avast), Gen:Variant.Strictor.74096 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Backdoor, Malware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 2945c7495fe862de5b3639fcdf405959
SHA1: 75adbf61cfcc209dd34b3cf0f5c8a32e07967069
SHA256: 548b6a5c4348309809e1abbfa52556bfa9030281a759707f865d93cc494dbc3e
SSDeep: 24576:pRzDf9OG2qL/J4TQSmj/ue8L4mBF39tO94VO/08Z6J1qtmZi3sJbT bO0/DuUDbD:pRuTEmzsmBDW3s5ItnD
Size: 2314240 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: no certificate found
Created at: 2015-10-21 18:30:48
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan-PSW. Trojan program intended for stealing users passwords.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:872
The Trojan injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:872 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1OITCXMZ\35887743[1].htm (421 bytes)
C:\svchost.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\35887743[1].htm (16232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4N740QDH\35887743[1].htm (17422 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\35887743[1].htm (0 bytes)
Registry activity
The process %original file name%.exe:872 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 7F D7 4F 69 C2 F8 BE 13 D9 3C D5 FB 7C 81 61"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Play_Background_Sounds" = "no"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"%original file name%.exe" = "c:\%original file name%.exe"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
MD5 | File path |
---|---|
0fa14e09d6f8af8b0430417f3d465cd9 | c:\svchost.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:872
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1OITCXMZ\35887743[1].htm (421 bytes)
C:\svchost.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\35887743[1].htm (16232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4N740QDH\35887743[1].htm (17422 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"%original file name%.exe" = "c:\%original file name%.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name: Window ?????
Product Version: 1.0.0.0
Legal Copyright: Window ?????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: Window ?????
Comments: Window ?????
Language: Language Neutral
Company Name: Product Name: Window ?????Product Version: 1.0.0.0Legal Copyright: Window ?????Legal Trademarks: Original Filename: Internal Name: File Version: 1.0.0.0File Description: Window ?????Comments: Window ?????Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 946151 | 946176 | 4.41475 | f0e48a43de943b3edb0557da536d5428 |
.rdata | 950272 | 1272742 | 1273856 | 4.30656 | c790a82c20739957103422acf73fb915 |
.data | 2224128 | 192618 | 65536 | 3.48946 | 2b1ca8a23cfeadbd1e6786a3db51d210 |
.rsrc | 2420736 | 23784 | 24576 | 3.55038 | 0dcea93969f8acb0cc78e39d70e12db6 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://duowan.xdwscache.ourglb0.com/ | |
hxxp://www.yy.com/9050 | 113.107.236.195 |
hxxp://duowan.xdwscache.ourglb0.com/pc/js/lib/jQuery/jquery-1.11.1.min.js | |
hxxp://duowan.xdwscache.ourglb0.com/pc/css/studio.css?20160602135939 | |
hxxp://duowan.xdwscache.ourglb0.com/pc/css/headfoot.mix.css?20160602135939 | |
hxxp://duowan.xdwscache.ourglb0.com/duowan.js | |
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849065284&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849065284 | 14.17.119.59 |
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849065831&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849065831 | 14.17.119.59 |
hxxp://duowan.xdwscache.ourglb0.com/hiido_internal.js?siteid=www@yy | |
hxxp://res.udb.duowan.com/lgn/js/oauth/udbsdk/pcweb/udb.sdk.pcweb.embed.min.js | 222.73.61.81 |
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849066144&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849066144 | 14.17.119.59 |
hxxp://duowan.xdwscache.ourglb0.com/pc/js/headfoot.mix.js?20160602135939 | |
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&isnew=1&io=1&ut=1464849067566&rnd=0.79673912970488821464849067566 | 14.17.119.59 |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/default_portrait.jpg | |
hxxp://res.udb.duowan.com/lgn/js/oauth/udbsdk/udb.sdk.getmm.min.js | 222.73.61.81 |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/2wm.png | |
hxxp://duowan.xdwscache.ourglb0.com/pc/js/liveplayerInline.js?20160602135939 | |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-head/images/w-head-sprite.png?$cssjsdate | |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-leftMenu/images/icons-menuclose.png | |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-leftMenu/images/icons-leftMenu2.png | |
hxxp://cm.hiido.cn/cm/user?time=1464849065&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 | 103.30.231.70 |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-thirdpartyLogin/images/login-close.png | |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-liveplayerToolBar/images/w-liveplayerToolBar-sprite.png?201605261526 | |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/default_load.png | |
hxxp://duowan.xdwscache.ourglb0.com/pc/js/lib/requirejs/require.js?20160602135939 | |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-chatroom/images/alpha-bg.png | |
hxxp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|& | 103.30.231.70 |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/icons-index.png?20160505002 | |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-liveplayer/images/w-liveplayer-sprite-p24.png?201605261526 | |
hxxp://weblbs.yystatic.com/s/36588833/2488366466/yycomscene.swf | 115.238.59.218 |
hxxp://cm.hiido.cn/cm/user?time=1464849066&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 | 103.30.231.70 |
hxxp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|& | 103.30.231.70 |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-thirdpartyLogin/images/login_btn.png | |
hxxp://res.udb.duowan.com/lgn/css/oauth/udbsdk/xelogin.sdk.css | 222.73.61.81 |
hxxp://duowan.xdwscache.ourglb0.com/pc/js/studio.js?20160602135939 | |
hxxp://hm.e.shifen.com/hm.js?c493393610cdccbddc1f124d567e36ab | |
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6& | |
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=807722698&si=c493393610cdccbddc1f124d567e36ab&st=1&v=1.1.26&lv=1&tt=å¸ è±ª ╞ 讲 │Ю è§£ 大 厅╡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’网站 | |
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6& | |
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=1000,1000&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=607327760&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=1 | |
hxxp://cm.hiido.cn/cm/user?time=1464849073&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 | 103.30.231.70 |
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=5984&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&isnew=1&io=0&ut=1464849073691&rnd=0.79673912970488821464849073691 | 14.17.119.59 |
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0<=1464849073&nv=0&rnd=498269031&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª ╞ 讲 │Ю è§£ 大 厅╡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’网站 | |
hxxp://dw.dlmix.ourdvs.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://www.yy.com/9050 | |
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6& | |
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=1&ut=1464849074691&rnd=0.79673912970488821464849074691 | 14.17.119.59 |
hxxp://www.yy.com/ | 113.107.236.195 |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526 | |
hxxp://log.gds.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6 | |
hxxp://log.gds.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6 | |
hxxp://duowan.xdwscache.ourglb0.com/MGFhN2YyZTEtZWM1YS00MWJiLWFkZjAtNWYyYTExZDQzNTg0.jpg | |
hxxp://duowan.xdwscache.ourglb0.com/ZTE4NDIzY2MtZDA5OS00YjQzLWI2NGUtMzBmODc3M2ZmMzQz.jpg | |
hxxp://duowan.xdwscache.ourglb0.com/ODQzOGMzMTYtYWMyMi00MzBjLTg1MjEtYTA1ZTlmMjhkZWQx.jpg | |
hxxp://duowan.xdwscache.ourglb0.com/MTFhOWY1ODAtYTc2Zi00OGI2LThlNGUtMDE2YmFkZWY4OTIw.jpg | |
hxxp://duowan.xdwscache.ourglb0.com/pc/images/loading-white-mini.gif?201605261526 | |
hxxp://duowan.xdwscache.ourglb0.com/ZDJlZDFmYWEtMjgxOS00NmU3LWE1NzQtMjYzYWM4NDkwMWVj.jpg | |
hxxp://duowan.xdwscache.ourglb0.com/NDQ1NzI4OTctZjBkMi00NzRkLTk4OGItYWRkN2NjZWU4ZjY4.jpg | |
hxxp://duowan.xdwscache.ourglb0.com/ZGZhMGQ3YjgtNzViYS00ZThiLTlkYjktZTY0M2RlZWE0OTI2.jpg | |
hxxp://duowan.xdwscache.ourglb0.com/MjJlMDk2YjEtODlkMS00OGVkLWIzNmItMGFhOGZiMzUyOGQy.jpg | |
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849075&username= | 14.17.119.59 |
hxxp://duowan.xdwscache.ourglb0.com/OWE1YWJkNTEtMTgyNy00MGQzLTg2YzMtN2RiZjYxNTdmNmJi.jpg | |
hxxp://log.gds.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6 | |
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/DF/D3/tz0M9VdIH4YAAAAAAABCXwapNGU050.jpg | |
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/DB/E1/tz0M9Vc1T9UAAAAAAAA9GCmL_PA833.jpg | |
hxxp://duowan.xdwscache.ourglb0.com/1354080893_1464664091.891954.jpg?ips_thumbnail/4/0/w/363/h/330/format=jpeg | |
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/2F/B8/tz0M9VVAXDEAAAAAAAApeRzzhWQ610.jpg | |
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/A8/67/d7wtWVZMVGYAAAAAAAAsUBB5Ylo338.jpg | |
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/AB/24/tz0M9VZb9NQAAAAAAAAquzvx9eg282.jpg | |
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/BA/4B/d7wtWVbNX2QAAAAAAABV3x-aSpw439.jpg | |
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&cna=rMDWDx5FnCUCASU5EL04/DMR | |
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H | |
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&act_type=200&source=0_0&time=1464849075&username= | 14.17.119.59 |
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849073831&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849073831 | 14.17.119.59 |
hxxp://weblbs.yystatic.com/crossdomain.xml | 115.238.59.218 |
hxxp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&tanx_tid=rzQriA3wFNQ= | 103.30.231.70 |
hxxp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=9Cingj_B4CY= | 103.30.231.70 |
hxxp://weblbs.yystatic.com//get-data/36588833?subSid=2488366466&type=yycomscene&referer=hxxp://www.yy.com/9050&_=38874345 | 115.238.59.218 |
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6& | |
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY | |
hxxp://log.gds.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6 | |
hxxp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY= | 103.30.231.70 |
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY | |
hxxp://dw.dlmix.ourdvs.com/r/rc/yycomscene/core/1/14/core.bmp | |
hxxp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY= | 103.30.231.70 |
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=6188,6188&et=3&fl=11.6&ja=1&ln=en-us&lo=0<=1464849073&nv=0&rnd=1454432038&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2 | |
hxxp://cm.hiido.cn/cm/user?time=1464849080&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 | 103.30.231.70 |
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=5468&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=0&ut=1464849080175&rnd=0.79673912970488821464849080175 | 14.17.119.59 |
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849080378&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849080378 | 14.17.119.59 |
hxxp://duowan.xdwscache.ourglb0.com/huya/main/pkg/auto_combine_334bb_d5d43b2.css | |
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0<=1464849073&nv=0&rnd=490742383&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª ╞ 讲 │Ю è§£ 大 厅╡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’网站 | |
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=1&ut=1464849081066&rnd=0.79673912970488821464849081066 | 14.17.119.59 |
hxxp://weblbs.yystatic.com//get-data/36588833?subSid=2488366466&type=yycomscene&referer=hxxp://www.yy.com/9050&_=39600410 | 115.238.59.218 |
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849082&username= | 14.17.119.59 |
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&act_type=200&source=0_0&time=1464849082&username= | 14.17.119.59 |
hxxp://dw.dlmix.ourdvs.com/r/sc/yycomscene/defaultScene/1/72/defaultScene.swf | |
hxxp://m.yy.com/statistics/StatisticsAction.json?uri=studio_ie6_windows xp&value=1 | 115.238.189.225 |
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=7594,7594&et=3&fl=11.6&ja=1&ln=en-us&lo=0<=1464849073&nv=0&rnd=1123212515&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2 | |
hxxp://cm.hiido.cn/cm/user?time=1464849088&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 | 103.30.231.70 |
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=7687&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=0&ut=1464849088784&rnd=0.79673912970488821464849088784 | 14.17.119.59 |
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849088972&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849088972 | 14.17.119.59 |
hxxp://m.yy.com/statistics/YycomPageLoadTimeStatisticsAction.json?uri=head-headfoot.mix.css&time=78 | 115.238.189.225 |
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=1&ut=1464849089894&rnd=0.79673912970488821464849089894 | 14.17.119.59 |
hxxp://weblbs.yystatic.com//get-data/36588833?subSid=2488366466&type=yycomscene&referer=hxxp://www.yy.com/9050&_=19542649 | 115.238.59.218 |
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849091&username= | 14.17.119.59 |
hxxp://dw.dlmix.ourdvs.com/r/sc/yycomscene/defaultScene/1/72/liveBaseSceneConfig.xml | |
hxxp://dw.dlmix.ourdvs.com/r/sc/yycomscene/defaultScene/1/72/danmaku.swf | |
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=807722698&si=c493393610cdccbddc1f124d567e36ab&st=1&v=1.1.26&lv=1&tt=å¸ è±ª ╞ 讲 │Ю è§£ 大 厅╡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’网站 | 220.181.7.190 |
hxxp://a.dwstatic.com/huya/main/pkg/auto_combine_334bb_d5d43b2.css | 87.245.198.83 |
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6& | 140.205.34.97 |
hxxp://yyweb.yystatic.com/pc/images/2wm.png | 87.245.198.83 |
hxxp://yyweb.yystatic.com/pc/images/default_load.png | 87.245.198.83 |
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6& | 140.205.34.97 |
hxxp://yyweb.yystatic.com/pc/images/components/w-thirdpartyLogin/images/login-close.png | 87.245.198.83 |
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY | 140.205.34.97 |
hxxp://res.m.yystatic.com/group16/M00/A8/67/d7wtWVZMVGYAAAAAAAAsUBB5Ylo338.jpg | 87.245.198.83 |
hxxp://yyweb.yystatic.com/pc/images/components/w-leftMenu/images/icons-menuclose.png | 87.245.198.83 |
hxxp://yyweb.yystatic.com/pc/images/default_portrait.jpg | 87.245.198.83 |
hxxp://m.yy.com/zone/1151027897/ | 115.238.189.225 |
hxxp://yyweb.yystatic.com/pc/images/loading-white-mini.gif?201605261526 | 87.245.198.83 |
hxxp://www.huya.com/ | 87.245.198.83 |
hxxp://c2.web.yystatic.com/r/sc/yycomscene/defaultScene/1/72/defaultScene.swf | 87.245.198.84 |
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=1000,1000&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=607327760&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=1 | 220.181.7.190 |
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0<=1464849073&nv=0&rnd=498269031&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª ╞ 讲 │Ю è§£ 大 厅╡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’网站 | 220.181.7.190 |
hxxp://yyweb.yystatic.com/pc/images/components/w-liveplayerToolBar/images/w-liveplayerToolBar-sprite.png?201605261526 | 87.245.198.83 |
hxxp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://www.yy.com/9050 | 87.245.198.84 |
hxxp://yyweb.yystatic.com/pc/css/studio.css?20160602135939 | 87.245.198.83 |
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=7594,7594&et=3&fl=11.6&ja=1&ln=en-us&lo=0<=1464849073&nv=0&rnd=1123212515&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2 | 220.181.7.190 |
hxxp://c2.web.yystatic.com/r/rc/yycomscene/core/1/14/core.bmp | 87.245.198.84 |
hxxp://yyweb.yystatic.com/pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526 | 87.245.198.83 |
hxxp://emyfs.bs2cdn.yy.com/MjJlMDk2YjEtODlkMS00OGVkLWIzNmItMGFhOGZiMzUyOGQy.jpg | 87.245.198.83 |
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=6188,6188&et=3&fl=11.6&ja=1&ln=en-us&lo=0<=1464849073&nv=0&rnd=1454432038&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2 | 220.181.7.190 |
hxxp://statistics.yy.com/statistics/StatisticsAction.json?uri=studio_ie6_windows xp&value=1 | 115.238.189.225 |
hxxp://m.yy.com/zone/35887743/ | 115.238.189.225 |
hxxp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6 | 140.205.174.1 |
hxxp://mobilelivephoto.bs2dl.yy.com/1354080893_1464664091.891954.jpg?ips_thumbnail/4/0/w/363/h/330/format=jpeg | 87.245.198.83 |
hxxp://res.m.yystatic.com/group16/M00/DB/E1/tz0M9Vc1T9UAAAAAAAA9GCmL_PA833.jpg | 87.245.198.83 |
hxxp://yyweb.yystatic.com/pc/css/headfoot.mix.css?20160602135939 | 87.245.198.83 |
hxxp://emyfs.bs2cdn.yy.com/MTFhOWY1ODAtYTc2Zi00OGI2LThlNGUtMDE2YmFkZWY4OTIw.jpg | 87.245.198.83 |
hxxp://yyweb.yystatic.com/pc/images/icons-index.png?20160505002 | 87.245.198.83 |
hxxp://emyfs.bs2cdn.yy.com/ZGZhMGQ3YjgtNzViYS00ZThiLTlkYjktZTY0M2RlZWE0OTI2.jpg | 87.245.198.83 |
hxxp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6 | 140.205.174.1 |
hxxp://emyfs.bs2cdn.yy.com/NDQ1NzI4OTctZjBkMi00NzRkLTk4OGItYWRkN2NjZWU4ZjY4.jpg | 87.245.198.83 |
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0<=1464849073&nv=0&rnd=490742383&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª ╞ 讲 │Ю è§£ 大 厅╡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’网站 | 220.181.7.190 |
hxxp://emyfs.bs2dl.yy.com/MGFhN2YyZTEtZWM1YS00MWJiLWFkZjAtNWYyYTExZDQzNTg0.jpg | 87.245.198.83 |
hxxp://yyweb.yystatic.com/pc/images/components/w-chatroom/images/alpha-bg.png | 87.245.198.83 |
hxxp://yyweb.yystatic.com/pc/js/headfoot.mix.js?20160602135939 | 87.245.198.83 |
hxxp://yyweb.yystatic.com/pc/images/components/w-liveplayer/images/w-liveplayer-sprite-p24.png?201605261526 | 87.245.198.83 |
hxxp://yyweb.yystatic.com/pc/images/components/w-leftMenu/images/icons-leftMenu2.png | 87.245.198.83 |
hxxp://emyfs.bs2cdn.yy.com/ODQzOGMzMTYtYWMyMi00MzBjLTg1MjEtYTA1ZTlmMjhkZWQx.jpg | 87.245.198.83 |
hxxp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6 | 140.205.174.1 |
hxxp://m.yy.com/zone/35887743 | 115.238.189.225 |
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6& | 140.205.34.97 |
hxxp://www.duowan.com/duowan.js | 87.245.198.83 |
hxxp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6 | 140.205.174.1 |
hxxp://res.m.yystatic.com/group16/M00/DF/D3/tz0M9VdIH4YAAAAAAABCXwapNGU050.jpg | 87.245.198.83 |
hxxp://yyweb.yystatic.com/pc/images/components/w-thirdpartyLogin/images/login_btn.png | 87.245.198.83 |
hxxp://yyweb.yystatic.com/pc/js/lib/requirejs/require.js?20160602135939 | 87.245.198.83 |
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H | 140.205.34.97 |
hxxp://emyfs.bs2cdn.yy.com/OWE1YWJkNTEtMTgyNy00MGQzLTg2YzMtN2RiZjYxNTdmNmJi.jpg | 87.245.198.83 |
hxxp://res.m.yystatic.com/group16/M00/2F/B8/tz0M9VVAXDEAAAAAAAApeRzzhWQ610.jpg | 87.245.198.83 |
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY | 140.205.34.97 |
hxxp://hm.baidu.com/hm.js?c493393610cdccbddc1f124d567e36ab | 220.181.7.190 |
hxxp://res.m.yystatic.com/group16/M00/AB/24/tz0M9VZb9NQAAAAAAAAquzvx9eg282.jpg | 87.245.198.83 |
hxxp://c2.web.yystatic.com/r/sc/yycomscene/defaultScene/1/72/liveBaseSceneConfig.xml | 87.245.198.84 |
hxxp://yyweb.yystatic.com/pc/js/liveplayerInline.js?20160602135939 | 87.245.198.83 |
hxxp://emyfs.bs2dl.yy.com/ZTE4NDIzY2MtZDA5OS00YjQzLWI2NGUtMzBmODc3M2ZmMzQz.jpg | 87.245.198.83 |
hxxp://yyweb.yystatic.com/pc/js/studio.js?20160602135939 | 87.245.198.83 |
hxxp://m.yy.com/zone/1151027897 | 115.238.189.225 |
hxxp://yyweb.yystatic.com/pc/js/lib/jQuery/jquery-1.11.1.min.js | 87.245.198.83 |
hxxp://emyfs.bs2dl.yy.com/ZDJlZDFmYWEtMjgxOS00NmU3LWE1NzQtMjYzYWM4NDkwMWVj.jpg | 87.245.198.83 |
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&cna=rMDWDx5FnCUCASU5EL04/DMR | 140.205.34.97 |
hxxp://yyweb.yystatic.com/pc/images/components/w-head/images/w-head-sprite.png?$cssjsdate | 87.245.198.83 |
hxxp://hdjs.hiido.com/hiido_internal.js?siteid=www@yy | 87.245.198.83 |
hxxp://res.m.yystatic.com/group16/M00/BA/4B/d7wtWVbNX2QAAAAAAABV3x-aSpw439.jpg | 87.245.198.83 |
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6& | 140.205.34.97 |
lgn.yy.com | 111.206.234.57 |
dataaq.yy.com |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /ODQzOGMzMTYtYWMyMi00MzBjLTg1MjEtYTA1ZTlmMjhkZWQx.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: emyfs.bs2cdn.yy.com
Connection: Keep-Alive
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 05:31:17 GMT
Date: Thu, 02 Jun 2016 05:31:17 GMT
Server: openresty
Content-Type: image/jpeg
Content-Length: 58508
Accept-Ranges: bytes
Last-Modified: Mon, 16 May 2016 07:35:00 GMT
ETag: "4ac5610c6e90504634bca718aaa21645b428adcd"
Cache-Control: public,max-age=86400
Age: 1
X-Via: 1.1 fuzhou189:88 (Cdn Cache Server V2.0), 1.1 db78:2 (Cdn Cache Server V2.0)
Connection: keep-alive
......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....>1......S.h.2..[.Y,.v....F..!f.....$...^.....'.....-.....q... ......Kx.3.......5..}.SY!;...i...........A|Q..>$....]......Z.._.?|O....!f........*......P:....x~..:..@.4.Q../.7.?R .:.3...|l..e.^......]..ml...n$PG...~..}.......e..kkk...Qnu\&.r....= ..u..<ia.......l.\..@....}....B.My=.f;d...x...}.....j..qTmT..?..8..U..N.y.=jI..2[...,...;N..8.b.c..i..q.cK....&.........@X.NO..j..O....;...D..D}.?.x.]..?!^K..[..Rp..W......W...t.e.....tz..k..Z..nd....&.M.-5...9."#.....\.....?.4=a.O.^-..........A.8..=E||....w..<W...._.@......d}........k.kK.....>)......X."..$'./\.......~._.b......A#..\......Y...f..0<.8.....7...I....2M\.S.....P...Mzc..;R....Wd..'..x...]...X.9......:N..08.s...u..X.....o.} 5...J....f.........u)....s.{..*....C(..)....U.Z..#.$Y..O....k.TL.n0x..}.{.....^2.V;..k...]..g..z....._....e.?.FA............_..G...p..T....qJ7D.vr|z...?.<P=1.......W..~&.......XQ.......Xv.....2X\FFB..R...)
<<< skipped >>>
GET /NDQ1NzI4OTctZjBkMi00NzRkLTk4OGItYWRkN2NjZWU4ZjY4.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: emyfs.bs2cdn.yy.com
Connection: Keep-Alive
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074
HTTP/1.1 200 OK
Expires: Thu, 02 Jun 2016 07:39:04 GMT
Date: Wed, 01 Jun 2016 07:39:04 GMT
Server: openresty
Content-Type: image/jpeg
Content-Length: 49495
Accept-Ranges: bytes
Last-Modified: Wed, 18 May 2016 11:43:51 GMT
ETag: "12a3c1718d7d10cca17468109f57cf1aa949f71a"
Cache-Control: public,max-age=86400
Age: 1
X-Via: 1.1 jfzh181:8111 (Cdn Cache Server V2.0), 1.1 db77:8 (Cdn Cache Server V2.0)
Connection: keep-alive
....$.Exif..MM.*...............T.......................................................................................(...........1...........2...........i............. ............'.......'.Adobe Photoshop CS6 (Windows).2016:04:14 15:30:10.............0221...................................................................n...........v.(.....................~..........#........H.......H.........XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.
<<< skipped >>>
GET /MjJlMDk2YjEtODlkMS00OGVkLWIzNmItMGFhOGZiMzUyOGQy.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: emyfs.bs2cdn.yy.com
Connection: Keep-Alive
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 05:18:19 GMT
Date: Thu, 02 Jun 2016 05:18:19 GMT
Server: openresty
Content-Type: image/jpeg
Content-Length: 92356
Accept-Ranges: bytes
Last-Modified: Tue, 19 Apr 2016 09:16:37 GMT
ETag: "a95678e5c13d1ab1ef3ba420c68d4450b5bd0207"
Cache-Control: public,max-age=86400
Age: 1
X-Via: 1.1 db78:5 (Cdn Cache Server V2.0)
Connection: keep-alive
......Exif..MM.*...............@...............................................................................................................(...........1...........2.......................i.............H......Apple.iPhone 6s.......'.......'.Adobe Photoshop CC (Windows).2016:04:12 17:01:53..............................."...........'.......}..........0221............................................................................................................................................278.........278.........0100.......................b...........B.........................................................................2...........3...........4.....#...$...........!........2016:03:22 19:30:48.2016:03:22 19:30:48............/.......m...............S...........2...S.......S....................Apple.iPhone 6s back camera 4.15mm f/2.2.........................................(.........................................H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.................?.. ..`.&%p.&..J]:d.)p.2t.......J$.$...N......0>.a8...fX.m.a...
<<< skipped >>>
GET /hm.js?c493393610cdccbddc1f124d567e36ab HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=AD4692A2C64DD9D0
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 8796
Content-Type: application/javascript
Date: Thu, 02 Jun 2016 06:31:04 GMT
Etag: a6182c7abd554fdec141e481c8a3b5e5
Server: apache
...............(function(){var h={},mt={},c={id:"c493393610cdccbddc1f124d567e36ab",dm:["yy.com"],js:"tongji.baidu.com/hm-web/js/",etrk:[],icon:'',ctrk:false,align:-1,nv:-1,vdur:1800000,age:31536000000,rec:0,rp:[],trust:0,vcard:0,qiao:0,lxb:0,conv:0,med:0,cvcc:'',cvcf:[],apps:''};.;.{......p..`5........l.]....X..I..l...c..IZ...wF.CN...{.....3....d.<5R.LB.....wi..E...;.9.....[.....,..a.....~H'.s..V.....Ij/2.>..8'j........[..e..../6..k1~z;.......%.4.Oc.F.g5.F..../..D..*..x<^...f.].M.....(...Pv..bvhd.Xa......U......T..^.~>.l..m..........GK&DI.D...kN..`2.UlAQ.Uov&r.,b/.......Y/A.|'..m.,`.X.Ox......3a...h.6L#..dV .m..m.m. ..........eg.4.N..|...)....}....0....v......<...EJ...8-..".&vn..#....:.."..S.e....A.6.l..;..b9.{.$......7B.|x6...GZ......X.j1P.4.......3.eox..d.$..2.6..|..k.... ..[RX.....j.....~{7......9...g.1....S4..#Kb..F.......`.s.g....9H.....T0..D<.'.{%...&...Yd..@.."O..{...8....$.,3.A.R.x.M,....J.....)...Q[. ` .....Z...?]B....[,....UMK.,Y..L.|...u....p_.&.tE.D....9.&r%...t.Kf.H..d.i....&.....b...Xf..I.N.&`...&...-.YC...P.......%0.e..%_.....!..!ShaU..D0.........&...K.pJt.....H..V......)(}.d...Z.d...*.Z~......T;... ......=_d...nAX...._...&@.mo..r}3...50.TG....#..`K.|....~......,..c......E.4.|gp..a!^..w<Z.......Fh....(l*..ge.....i..,Y....I..`."5.3i.....F.........n......:*t.`..QL.<...v....ge..!.9...yt..@....`I......E.k._.'..(A...].0.........n... .......n!k...>...(x..Fnm....n...7.l...e3.f ..6S.LM.8..on...y#;....f.....F..#........".E..p......GM..3W....f..8.!. .b.>.c....J.......7I"..j...
<<< skipped >>>
GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=807722698&si=c493393610cdccbddc1f124d567e36ab&st=1&v=1.1.26&lv=1&tt=å¸ è±ª ╞ 讲 │Ю è§£ 大 厅╡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’网站 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=AD4692A2C64DD9D0
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 02 Jun 2016 06:31:04 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Control: private, max-age=0, no-cache..Content-Length: 43..Content-Type: image/gif..Date: Thu, 02 Jun 2016 06:31:04 GMT..Pragma: no-cache..Server: apache..X-Content-Type-Options: nosniff..GIF89a.............!.......,...........L..;....
GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=1000,1000&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=607327760&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=1 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=AD4692A2C64DD9D0
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 02 Jun 2016 06:31:05 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;....
GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0<=1464849073&nv=0&rnd=498269031&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª ╞ 讲 │Ю è§£ 大 厅╡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’网站 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=AD4692A2C64DD9D0
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 02 Jun 2016 06:31:05 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Control: private, max-age=0, no-cache..Content-Length: 43..Content-Type: image/gif..Date: Thu, 02 Jun 2016 06:31:05 GMT..Pragma: no-cache..Server: apache..X-Content-Type-Options: nosniff..GIF89a.............!.......,...........L..;....
GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=6188,6188&et=3&fl=11.6&ja=1&ln=en-us&lo=0<=1464849073&nv=0&rnd=1454432038&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=AD4692A2C64DD9D0
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 02 Jun 2016 06:31:12 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;....
GET /hm.js?c493393610cdccbddc1f124d567e36ab HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=AD4692A2C64DD9D0
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 8796
Content-Type: application/javascript
Date: Thu, 02 Jun 2016 06:31:12 GMT
Etag: a6182c7abd554fdec141e481c8a3b5e5
Server: apache
...............(function(){var h={},mt={},c={id:"c493393610cdccbddc1f124d567e36ab",dm:["yy.com"],js:"tongji.baidu.com/hm-web/js/",etrk:[],icon:'',ctrk:false,align:-1,nv:-1,vdur:1800000,age:31536000000,rec:0,rp:[],trust:0,vcard:0,qiao:0,lxb:0,conv:0,med:0,cvcc:'',cvcf:[],apps:''};.;.{......p..`5........l.]....X..I..l...c..IZ...wF.CN...{.....3....d.<5R.LB.....wi..E...;.9.....[.....,..a.....~H'.s..V.....Ij/2.>..8'j........[..e..../6..k1~z;.......%.4.Oc.F.g5.F..../..D..*..x<^...f.].M.....(...Pv..bvhd.Xa......U......T..^.~>.l..m..........GK&DI.D...kN..`2.UlAQ.Uov&r.,b/.......Y/A.|'..m.,`.X.Ox......3a...h.6L#..dV .m..m.m. ..........eg.4.N..|...)....}....0....v......<...EJ...8-..".&vn..#....:.."..S.e....A.6.l..;..b9.{.$......7B.|x6...GZ......X.j1P.4.......3.eox..d.$..2.6..|..k.... ..[RX.....j.....~{7......9...g.1....S4..#Kb..F.......`.s.g....9H.....T0..D<.'.{%...&...Yd..@.."O..{...8....$.,3.A.R.x.M,....J.....)...Q[. ` .....Z...?]B....[,....UMK.,Y..L.|...u....p_.&.tE.D....9.&r%...t.Kf.H..d.i....&.....b...Xf..I.N.&`...&...-.YC...P.......%0.e..%_.....!..!ShaU..D0.........&...K.pJt.....H..V......)(}.d...Z.d...*.Z~......T;... ......=_d...nAX...._...&@.mo..r}3...50.TG....#..`K.|....~......,..c......E.4.|gp..a!^..w<Z.......Fh....(l*..ge.....i..,Y....I..`."5.3i.....F.........n......:*t.`..QL.<...v....ge..!.9...yt..@....`I......E.k._.'..(A...].0.........n... .......n!k...>...(x..Fnm....n...7.l...e3.f ..6S.LM.8..on...y#;....f.....F..#........".E..p......GM..3W....f..8.!. .b.>.c....J.......7I"..j...
<<< skipped >>>
GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0<=1464849073&nv=0&rnd=490742383&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª ╞ 讲 │Ю è§£ 大 厅╡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’网站 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=AD4692A2C64DD9D0
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 02 Jun 2016 06:31:13 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Control: private, max-age=0, no-cache..Content-Length: 43..Content-Type: image/gif..Date: Thu, 02 Jun 2016 06:31:13 GMT..Pragma: no-cache..Server: apache..X-Content-Type-Options: nosniff..GIF89a.............!.......,...........L..;....
GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=7594,7594&et=3&fl=11.6&ja=1&ln=en-us&lo=0<=1464849073&nv=0&rnd=1123212515&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=AD4692A2C64DD9D0
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 02 Jun 2016 06:31:20 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Control: private, max-age=0, no-cache..Content-Length: 43..Content-Type: image/gif..Date: Thu, 02 Jun 2016 06:31:20 GMT..Pragma: no-cache..Server: apache..X-Content-Type-Options: nosniff..GIF89a.............!.......,...........L..;..
GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849065831&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849065831 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490570624496829100001; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849088972&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849088972 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849065284&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849065284 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490570624496829400246; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6& HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.tanx.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Thu, 02 Jun 2016 06:31:04 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Server: Tengine
P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Location: hXXp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6
Timing-Allow-Origin: *
GIF89a...................!.......,...........T..;..
GET /r/rc/yycomscene/core/1/14/core.bmp HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c2.web.yystatic.com
Connection: Keep-Alive
Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433
HTTP/1.1 200 OK
Content-Length: 312536
Content-Type: text/html;charset=UTF-8
Last-Modified: Wed,02-Dec-15 18:31:11 GMT
Via: 1.1 db80:8032 (Cdn Cache Server V2.0)
Connection: keep-alive
....F.)}!.C"k.......C#.d...._....Rk.S.{S.0:...t.<.....`n.K........p.Z...l.!....".j....$"..!...8.[.B...adp.......U.py..xZ^.1.<.:...2(.!G..-....9m.....B.?.....!C.`.r...w.A..$.........-.X....X`%...tZ..Pp\. B.Y.%...j? .JGvK.\.....iB.x$w.....v.B....d..)s..#..T&..F..:l. .y.H.....0......[..@.. ....,..0..>.....&..*..i.M.On...T.g.&...xuE....c......5..!.)X4..^4....ak..A....l.R)..*B.v-.M....D..8v]../.\M...../x<....-....u.....Z7... ....~.YM.....i.^C.iw.....bv.._$....p}E.............v..P.M..........^.aq....{:.Psh...{.f.G.@...M.l...j..ym..H..@~.S..E.1.V..\..5......$./.b..:..y..W..fR?X.T>..JP.........g.\.....$.._.N.G.l..Us..[..u)........j..X!VYS..hf*re.........D..8..P......W..96!.U..s.........R..oJi.c.....Kb.H.....[n..v......o..`..B|....A...<...2S.. G...u.3...v....V..r.Pyx....d.I..L.t%_.O..z.....NG..m.Ln.F.{E.=....sz.@...7...^R..!..0..b.n.RgW..2.....7..t'}P...r.094._H..._.O.PXk.....c3.....>.....wI.Hx..px..t....g.L..[..;lW...x4.qV....$Z...5.D DLwM...B..S&..................I........v..3G..P@.#.D#..r.e..(.@cV.a'.2...... $...?.m.......St......`..T....H[#N..0^.wd..z.Xml.f.T....).........&.U...6H....,.......V%...<.]./*..C..6../...3..R.Y.v.~<'.m..Sp..g$........Xt.....x..4.^.ZQx...t..W_....&..pV\FV...X..._..x..1(..S p-.....3L`;R..9.aT49..<...}..Eo....z....Z.......x....XMx^G.!\..8........`...].;'k.....G.L.X......f..f...<..?]..MQ.&..k16t8..D.@p^.P...|.......: .w..Vr.E.n.,.2.^v.&y...#..p'.;..xv(..t..t..1...r.|@..Z...p........n...w$.V8.i&.1.F.<...8..QFp.c.u`[....v..T....y.GF(.\.$.......O...|.;Y...Gdh..
<<< skipped >>>
GET /r/sc/yycomscene/defaultScene/1/72/liveBaseSceneConfig.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c2.web.yystatic.com
Connection: Keep-Alive
Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433
HTTP/1.1 200 OK
Content-Length: 918
Content-Type: text/xml;charset=UTF-8
Last-Modified: Wed,02-Dec-15 18:31:25 GMT
Via: 1.1 db79:90 (Cdn Cache Server V2.0)
Connection: close
...<?xml version="1.0" encoding="utf-8" ?>..<data>...<!-- ........................... -->...<isStartCache>true</isStartCache>......<scene>....<version>liveBaseScene1.0.0.1</version>....<layers>.....<layer name="layer0" />.....<layer name="layer1" />.....<layer name="layer2" />.....<layer name="layer4" />....</layers>...</scene>......<modules>....<module type="scene" name="liveCard" value="liveCard.swf">.....<addChild>......<module name="liveCard" container="scene" layer="layer0" />.....</addChild>...</module>...<module type="scene" name="danmaku" value="danmaku.swf">....<addChild>.....<module name="danmaku" container="scene" layer="layer1" ></module>....</addChild>...</module>...<!-- ......... -->....<module type="scene" name="controlBar" value="controlBar.swf">.....<addChild>......<module name="controlBar" container="scene" layer="layer4" ></module>.....</addChild>....</module>...</modules>..</data>..
GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY
Connection: Keep-Alive
Host: cms.tanx.com
HTTP/1.1 302 Found
Date: Thu, 02 Jun 2016 06:31:10 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Server: Tengine
P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Location: hXXp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY=
Timing-Allow-Origin: *
GIF89a...................!.......,...........T..;..
GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.tanx.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Thu, 02 Jun 2016 06:31:08 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Server: Tengine
P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: cna=rMDWD7pw/UgCASU5EL0I34H ; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=tanx.com
Location: hXXp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=9Cingj_B4CY=
Timing-Allow-Origin: *
GIF89a...................!.......,...........T..;..
GET /r/rc/yycomscene/core/1/14/core.bmp HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c2.web.yystatic.com
Connection: Keep-Alive
Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433
HTTP/1.1 200 OK
Content-Length: 312536
Content-Type: text/html;charset=UTF-8
Last-Modified: Wed,02-Dec-15 18:31:11 GMT
Age: 2
Via: 1.1 db80:8032 (Cdn Cache Server V2.0)
Connection: keep-alive
....F.)}!.C"k.......C#.d...._....Rk.S.{S.0:...t.<.....`n.K........p.Z...l.!....".j....$"..!...8.[.B...adp.......U.py..xZ^.1.<.:...2(.!G..-....9m.....B.?.....!C.`.r...w.A..$.........-.X....X`%...tZ..Pp\. B.Y.%...j? .JGvK.\.....iB.x$w.....v.B....d..)s..#..T&..F..:l. .y.H.....0......[..@.. ....,..0..>.....&..*..i.M.On...T.g.&...xuE....c......5..!.)X4..^4....ak..A....l.R)..*B.v-.M....D..8v]../.\M...../x<....-....u.....Z7... ....~.YM.....i.^C.iw.....bv.._$....p}E.............v..P.M..........^.aq....{:.Psh...{.f.G.@...M.l...j..ym..H..@~.S..E.1.V..\..5......$./.b..:..y..W..fR?X.T>..JP.........g.\.....$.._.N.G.l..Us..[..u)........j..X!VYS..hf*re.........D..8..P......W..96!.U..s.........R..oJi.c.....Kb.H.....[n..v......o..`..B|....A...<...2S.. G...u.3...v....V..r.Pyx....d.I..L.t%_.O..z.....NG..m.Ln.F.{E.=....sz.@...7...^R..!..0..b.n.RgW..2.....7..t'}P...r.094._H..._.O.PXk.....c3.....>.....wI.Hx..px..t....g.L..[..;lW...x4.qV....$Z...5.D DLwM...B..S&..................I........v..3G..P@.#.D#..r.e..(.@cV.a'.2...... $...?.m.......St......`..T....H[#N..0^.wd..z.Xml.f.T....).........&.U...6H....,.......V%...<.]./*..C..6../...3..R.Y.v.~<'.m..Sp..g$........Xt.....x..4.^.ZQx...t..W_....&..pV\FV...X..._..x..1(..S p-.....3L`;R..9.aT49..<...}..Eo....z....Z.......x....XMx^G.!\..8........`...].;'k.....G.L.X......f..f...<..?]..MQ.&..k16t8..D.@p^.P...|.......: .w..Vr.E.n.,.2.^v.&y...#..p'.;..xv(..t..t..1...r.|@..Z...p........n...w$.V8.i&.1.F.<...8..QFp.c.u`[....v..T....y.GF(.\.$.......O...|.;Y...Gdh..
<<< skipped >>>
GET /r/sc/yycomscene/defaultScene/1/72/defaultScene.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c2.web.yystatic.com
Connection: Keep-Alive
Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433
HTTP/1.1 200 OK
Content-Length: 28691
Content-Type: application/x-shockwave-flash;charset=UTF-8
Last-Modified: Wed,02-Dec-15 18:31:18 GMT
Via: 1.1 db79:7002 (Cdn Cache Server V2.0)
Connection: close
CWS.X...x...y|.E.?.....=.;.b..*...t=..n...!.....8I&.h..3. ...,......r.}.... .}.@............LBP....._v......:..z...G .....JQ.../.4EQ...!S. ..U....g.....e.wU..p.!.W.Q.F..uq.@..W. ...WV.^}...D.PS}.;.G}...W....B.A.C....$..<....{w'...h....Z.eeE/_...W......72................/e.kt.PM...Q....U..P...Z.)M....]......e......iI..m...l)..N.....W....)b.(]Ccy.?T..F.S........@c}e..Z.)YE.....4QD...z.......}........5..}W...}i.K{...J!W.j..N.z.j._.G.J%W=~......7.-........mgr\.\.].._..S...6..K........BrUAo......T:)..x".l...x........r..O[..l...<{..H...h#.....@].....|.= .A_O.}....V.B<gH.Q......e......j.MFIC......@..[o.o....q...g.............o.{d]z.{C>.........}.:...h.Z..6.........J_0..*.g..F.f.y.8..E.Y..G........{..>k....o}....>|..*..><.r./..jj.H..>|....F_....I.y..!.>....a.RX...e!_.J).....W. .|.wA07P_...`...Z_._.B..R..B.&t....@.e....!."oc.&....446 ....h...m7Jc._.r......&=..!.F.s.AoSZ.>...^../h.6....I..5I...x.....j...%a..P._.BS...GB....N.........BP..m3.=....,AJ...v$.4%.><._..H..R]..t....w.._]...C....9.U...{u.k....QU;2....!...2.....\......0..^q...%..d...U..c...u&...5.....c.......K.3@..3..F.%..2.K....'.J..W.sd.g#.M.&=...@u ..|e..u.D?.z.6......g.......t.kp......*%.....H....B.F.l.bY....#,npS...(....C[).....b...oS.'..s{.:C%1R.T._?4.g.U..]N......OD~.|.[..[... ..M;..'6q.K.. . ...}..w<}..7.....Q...{w.....y\%.q...`e.M..,..(..W_9...a@..BX....h?.z....[..........b.#=..R..NN.15..5.m....t g..7..}.J..K.7..5t.....Ac...........1Uh.,Fi5....>.\.....n...!..Y.M.....5........\[)/.s....Z].~.....\{..<.@.#...S.=
<<< skipped >>>
GET /j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&act_type=200&source=0_0&time=1464849082&username= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6& HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.tanx.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Thu, 02 Jun 2016 06:31:04 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Server: Tengine
P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Location: hXXp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6
Timing-Allow-Origin: *
GIF89a...................!.......,...........T..;..
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.huya.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 02 Jun 2016 06:30:43 GMT
Server: nginx
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
X-Powered-By: PHP/5.4.42
Cache-Control: no-cache
Content-Encoding: gzip
X-Via: 1.1 shx104:8080 (Cdn Cache Server V2.0), 1.1 fuzhou186:8108 (Cdn Cache Server V2.0), 1.1 db78:10 (Cdn Cache Server V2.0)
Connection: keep-alive
49b.............}yw.W.....B..m..P.`#....{.....y@{.h..*G*.8..L..<%.8d....I.$.@...(/.......95.$.&.`..C.......=..6.SM...."Yk87.....MR........%E..T(jV&Z.......Z.HR{.d.f..L..).....,C.i..b.--..4uH......L...U....).4y.a...5....`..........hI|...y.2.\..H9-C..$K.ZJ..KK.j.C7.h....k.\(..!....H....#Zf.u.#9.a).R.M.h..XN..].uQ.-.h...AT.`.b............5.G...V..3.w.>I.6..@...I..y....$9.g..........R........ DAWyUa...E *.c...sW.T._.\.P..^.............O....>r.r.......w.d.....?$....g...v.>w.|... f......Sw 3...{.<}d.......L...|.r...4......NA..g....cg........<..@.../.........9x...D..y.r.x..{....K.}t.>{.>}.<5.<GU.?...>.2...G..3.jph.V.2'.............pc.kh.s.x.....^'.y....v..........K^..%.QI....-.z... ....&.<....!.dw..........*R.....z#...gz.....ccc.li\J).p.7...T&ji...R.2.b.Ek<...........H)u.h..).$TdzX2....Ci.d...X6.. M3.<..*C.T.......|m..-.[..%.tZ.[...oJ.}j,..BDR9M.....k....`.e....<.G...C...W...4..EJ.\..K...@.Sr.R.|j|... ....dn...A...N.8.J........&.b.q..j....nD.,)...4..W(.d..Ky.U.....S9SRw....^...eK.j..Rj.....u...C....NiI.Q.B..- Tto|"...?.]Fp=.R!.e,....T..~.....1->.'E...f!..[.B&.M(.....w {........-f....U*.#.jf...........-......._(..._.-..(<...Q.{G..bAq.F...8P....BIi79.5....2ym,.E.4.5Z.T.N..N-..2000....x...a.rF1.0...4k.1......Lt.5......nro&..R.L#..F..N...c..S....zz,...... .. .yE3...BA...A.&&&b.x......5.....%G.qw!["......D..7.5......owG.uQ.EE....)B.I.,. .....W.P.z....o..:./.=.....m..............Hv....[_~...r59'.A......:.L0>.$.JAh.;.~....XT............6....]...7.........l..9CN.{w...... .
<<< skipped >>>
GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&io=1&ut=1464849081066&rnd=0.79673912970488821464849081066 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /9050 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.yy.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:30:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Language: en-US
X-Cache: EXPIRED
Content-Encoding: gzip
4a4.............}ks.G..g.j...6......,qq.\.)lBb..S)j$...G3bfd[..*.1.... ..........cl.z~....<..).....h...d..-.Ra4.}..........%...R."rb........Rd....D.H.H^..}..8.O...,....x..P<...4......R.aZD....&x........S.......x....baw P*..m.. .".nKs....T.4(...p.. <V..d..^....b&..)r.$[.......SEzd...&....YC ......{T.b...K0.........@.....uh...R............".L./."...xz.N.(.............1........FH...B.#&..'..._...`.Q. )R;v...E:O........&................!!......"...C..?.P[.......!....,."CuH......$.u..Q].......o. ...$...c.. S..q._~..47_.....3...3........t....me.Z..[{......Ti..3..l.......>>......3.R..........o.0h......]k2...5i........n....<.G..A.L..v..... ..b7...v...tz....b.,gx.......YSu....c.D"..}.....K<...._....]z....o.....,Y.4...uoy....!.M.YY..aiC...r.|..-E..I......-..-(....,R.BW.H.........l..Dc.3.o.L..!..o@f.|)p@R....j_&..qf... ..J.Q.X_....... .34...?..C.`<..Eb.H...$KI......$..L......!.A...\.s....Q..p.mH,..o..g..../..E!.c.H.@X......]`.1Z.:.sO.1:::.]...!(..k..P...6.H.,.R&....#.b.....a0h`...6....j..)*.,..._{,.!..B.c.!3.n\......f...S....~..%X'....v}?..i...O).>f@..F>...../~... ..D.!........P..E@!BLp@..d...D..d(v....l..7@<..=.."..*g..".....GS.b!.z....0.I....Jqc>D.....8.....yi..i.2X~..g....[...........2b1f...VW...|..f.W..H......0#M...xe......RuaA..Ue.......{........H.)....,@...e..4..Y......z.X...xnT...PO.E...r.....N............q.... .m@..._.*...*...BI....|..)z......o....E ....=.....G..w...O.!c....l./`X.. .>2w..A.R$.`..&.`.iV..P..fEm1TT....\.*CZ......M(..I(.l..O7.......@...f.Z_.)..3...u.r.....h.a..!
<<< skipped >>>
GET / HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.yy.com
Connection: Keep-Alive
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074; hdjs_ui=0.7967391297048882
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:31:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Jun 2016 06:31:06 GMT
Content-Encoding: gzip
4c8..............kw.G.?.:g...t<.L.ub...\.e#.1..c"..f...%aI.,....8....;.$.1........ccX.y.<.c....|..U..rKjs.Q.c.....w.....v......8??....\v........X.....I.?.%../....I....~_7......b...]..T"YH..|........&.'..xc6=5. $._t%.......$.Ou.R..EW...?......=..E>...=.|....dn~_.g..%...&.N.b.... $.=3....L~66.=,.......Lz..];%.t...u...s..r.3...o}~.f..=...3.......[..."..H~..).Aw..&......3..4....,..............}s.!nN~../..yP.. .`......D..U.?.M%g}......O.z>.K.?...o....?.M..6..|.B.Q.O....?...gFf..y.....n...?=..TO...C.0......H....7.|....#..feeA.s.z.Hu...|\....rY.Gx.LXz.._zR/....I.u#..7...ia.~..9k..R..}......../j?/.Hy..|.....O........g.,..\>[.|..j.o.^..............3.._........._.....JO..g.. ..- .....j..C..'...}.>(...?g29?./$..o....v.h..9.......g....Gem.r|I..y...R].]^_.$..=~.>.Ka.. E~>.,..I~k..../..i..s=..G.A).B0.'Y...Al.u.\.../C.(.....;?h....}.<...5........=.^...>..=...V.L..S...=...C..n3..~.....U....m.G...z......&..6..w./m..l.4;1.. ...S~p................I.........:S...... ...|...6Q.. e..#.T.....VHj....L!.[...........}..4.U..Y...h.Lc.......kz./....}..D. J....'>."..y0 ...g?....Dr.3_*....o(..?...-........x6V,~..Nv.L'....s..$d=..|.x~N........0.*_..6..N..CU............ .ko..7.....K.k.7.G.....'..S..l......zmuU8s..~Om....~......'VH...1.>.e....1000....'......d>./..w...=../.g.......|~..p1V..b76..M...=yQyt..S..s....hci....H....>.pR..... 0......-a?.T...D..6.{V..._:........n(....`..W@.",..G.........b.b..]...)....t..x.m...?...Od..y=}.8.-.7(.:.8...Q..b..O@....7.V.Y.[...L...X.....\...:a....$...3....v........B
<<< skipped >>>
GET /pc/js/liveplayerInline.js?20160602135939 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Thu, 09 Jun 2016 06:31:00 GMT
Date: Thu, 02 Jun 2016 06:31:00 GMT
Server: nginx
Content-Type: application/x-javascript
Last-Modified: Thu, 02 Jun 2016 06:06:11 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=604800
Content-Encoding: gzip
X-Via: 1.1 fuzhou185:8107 (Cdn Cache Server V2.0), 1.1 db78:10 (Cdn Cache Server V2.0)
Connection: keep-alive
610.............Wmo.6.. ...b...['.<!H..K.5E....w.).f*..I.1....(.........E........I...Re.^\3....[..k.(.,...NDf.H.7.p.......2....Nu..c..._..W.[$..Lf..5.mob.h.~.2...6....!...=....c..]...J....x..........n'....R..(b....6....j&..3..G,D(Db2....X...z..d.*I|....j.E.....".'U...........Y..X..#.I.Fa-...;.......'..c*aX.~..*.DF.N.wq.5.{L..p../....jy..5~gV`p..j..<\x.Y*..-..@{.ot...m].....{.m.v..[h.@-...)8.......<.*ip...@.0.y,...]Ob*..{w9Bd. 2...y.CbF...{.../.="..`r.*.^...o.A._...H.h8...^k.z..4O.L......4..9..K.&...bY.Y..KL*.(l.............ey....B..%.Y..{'.=.m.-...p2.DP.e...w.{.>.P..(..."I...)axIfLg...d .u.=..}.;.Bk.y..B.n1I..-&)3..Z,......-....Q....nw?.v.....c.......r;....<.......[.;.2.p2X..u......#.Hys{....a..N.......].1......}..|.K..LP3K...E.....\...(..2.!.h6. ...Z..A}.wb..dl..&Y.(.."c!Gc....v..t.k'g#q.'......i....5.bg.Sn...e.d....o.._ ..g,.9.rT.....QQ..R..0..y..}..DBGq.........6..;.U..bXY,.*.F....EQJ.U....F.[. .b.M..b1.v.....=?...A..[r=4.(.}b"F8dM.W..(G...rE..R)jU.....p.....5...E.U,.|:=Q.\e...L.....T#...#..^..).ec.b...GM.Oe|G.9L1A,.c.O.:hX!.eM, .....*?..2I.`......A.}.........^..?.............9x.....b.l...!8F......$..x...0.D.FL....Ho..y&2.6.V@..Q.....o.....!..D...0S....fc..h..H.....!&S....gh*.S.e'\.m=..,..[&7..E..C.1..{|.X...|..0f....).%.a;ai:d......-T(.r..\....5&....I...>...?%.Ih...\;...;.....cW..evj..#.C.uF.nIr........I%.j..Wog'v........b. o......u.-.VDkd./.......k#.....~....G6.......:f.l.}.*...{....rq$.u..4}.;.I...%d..k>& ...=t_&D..<..Ip..-..xA.=.%...*)...o.c;I..@!P.s.J......W......(8iBNV....d...k!
<<< skipped >>>
GET /pc/images/components/w-liveplayerToolBar/images/w-liveplayerToolBar-sprite.png?201605261526 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 09:29:57 GMT
Date: Fri, 27 May 2016 09:29:57 GMT
Server: nginx
Content-Type: image/png
Content-Length: 17611
Last-Modified: Fri, 27 May 2016 08:54:43 GMT
ETag: "57480b53-44cb"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR.............5.J.....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:E60E10165BFDE511AA47E9FC9BD5880F" xmpMM:DocumentID="xmp.did:C10D9CCA0C4C11E6A9B9FA7167593658" xmpMM:InstanceID="xmp.iid:C10D9CC90C4C11E6A9B9FA7167593658" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:777E1206C20AE611AB2BC543F5F7AE8B" stRef:documentID="xmp.did:E60E10165BFDE511AA47E9FC9BD5880F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..x...@.IDATx..}.|T.....d...... ...Q.B"...Z...b.......[..U.........b.j.Zw....DvDvY.d.d..?..;a2Lf..L...|..^....{...s.......#..G(.........QV.,Dy.....;....w.}..o.}.......P..4.\.B.~z.v..(.1.........4....n$....{"..q....k...(.!.......QV.......g..i.cL^r..8/...qs?. I.}).O...u..$.5}pc...!.....u..0..#...(.B.... ..Pr..@,.]....6w.-oN.......w..[Q..Y8H.?.,Cy..*..GY."......i.=..j..b8n.G)....([..A(.P......'...!.....=...I/..p.....u.6...?.F.cz.Y...r...(/....KQ=.O...8..y..RH.'(/Q..,\S....[..mK#2...k...h...e.I.T.3..._.........CN.9@..=a../..=....
<<< skipped >>>
GET /pc/images/default_load.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 15:00:52 GMT
Date: Fri, 27 May 2016 15:00:52 GMT
Server: nginx
Content-Type: image/png
Content-Length: 6001
Last-Modified: Tue, 24 May 2016 09:18:47 GMT
ETag: "57441c77-1771"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 fuzhou186:8108 (Cdn Cache Server V2.0), 1.1 db78:4 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR...<...<.....:..r....gAMA......a....(IDATh..Z]l.Wv>.'G?TL*.Z.q.$..v..].1...R..b.4X.6.-..@.4....>....v.....R B.}.Po.J]$[H....].6..6D'....)..-R.P.Pd....E..Zr.9.g......w.=........-..n..Gro\...........~.....O".#G.#W..4..q.l...G.....)R.."n^N..*.|..j...-...Qu-".1...D.~Wx....v...5. ...5MD..?...z.P~........k.|..1v}..H.G@..!........=.,(....%......=A..-d.aAdI<.kS7W..esr.......qW6".'.K....V..K..b2J..8.;8.,V).|Y./.V..|...:\.#.......w/.w....k ...[.WeYj...z)........X....t'../.v.MB-p(.h...0.......&W>..j.....10....T4.......K....Q6D.od. .j......PeC..*i.....X=.[...-M......&1"p....T../..60...u.... ........2..Mu`.E..L.D%.#.uz...M...,..-V.t?...3..b.(.'R.%....PVF...15..Xh.6hx....z:C...z...V....r....SI..mm.T/G@V...)..&q.\..n........z........`.D . .l.iK.pW...^..."(.u.......M.D..(A..xH...,....#.!..M#.l..a......oV......d..v.\.-.J@........`N.DD..CUcO.D.Y..Y.Z L.M..TL$..e...aWg..N.'.....u.)XmHk.(...{..&>.y...x.Aq..8..yH.D.YC.i].....A.Cc#.....z.a.....;^.1[8w...&@Z....|.....N. ....Z..z...5w7j..FGr.y..VQ.g..[....j..- .........P@f.....M..s....P.fkWw.^..|.G..0.["..FO.@.X/.o........x....v...;K...F.F..5.G....8......S..m...:;5..9..]e....9......|..;....l.ZW.Uc.].V{.0e.\......5ylv...{~..H$DN.d6.....f...,.5..6.....j....N..;.m.k.SC.}/.f..0(W.\...{`.....<..c......Y}.L.......%....;...R(.Ff..c;.#5.A.Qr...|..:...u.A.....g.. 'Nn.....Kejz..L...M.Q.MH.S.H ....28...E0..Dp.I>..>X.Z..5..../P..y.Ft..NYS>!.A/.J..%..\$.%....@!..^.a......\G......;..tt.d.C...p.....LI.....zY...b.}.B.z.g00i.....7..\.j2m...e.D........KY
<<< skipped >>>
GET /pc/images/components/w-chatroom/images/alpha-bg.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Thu, 02 Jun 2016 13:23:30 GMT
Date: Thu, 26 May 2016 13:23:30 GMT
Server: nginx
Content-Type: image/png
Content-Length: 1165
Last-Modified: Wed, 25 May 2016 10:22:44 GMT
ETag: "57457cf4-48d"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 fuzhou186:8108 (Cdn Cache Server V2.0), 1.1 db77:1 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR.......F.......^'....tEXtSoftware.Adobe ImageReadyq.e<...qiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8ad64beb-0567-7b4c-a3c5-f03681ebd8e9" xmpMM:DocumentID="xmp.did:6CFE6418FC9D11E59BDE8CC47D964442" xmpMM:InstanceID="xmp.iid:6CFE6417FC9D11E59BDE8CC47D964442" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6c08b5c3-eee2-7f43-81b4-21b6d0020688" stRef:documentID="xmp.did:8ad64beb-0567-7b4c-a3c5-f03681ebd8e9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx...K..0.D.....;...$2.\/[vy.;...L.^B......p0h.u..R(zJ.T..(....*..3W..#\s.,....|Q...6.-.,.......t.c..pG=..A.>..T.w.Y.Q...]..^...6.`...*.9.].....A....*...^ Oe..x.e..D{}........}.`..(.=....IEND.B`.....
<<< skipped >>>
GET /pc/images/icons-index.png?20160505002 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Thu, 02 Jun 2016 14:14:10 GMT
Date: Thu, 26 May 2016 14:14:10 GMT
Server: nginx
Content-Type: image/png
Content-Length: 5235
Last-Modified: Thu, 26 May 2016 10:13:16 GMT
ETag: "5746cc3c-1473"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zhdx182:8109 (Cdn Cache Server V2.0), 1.1 db78:5 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR...g.........e......:IDATx............p.A......`.*Q...$FQL.Jb.E..%X..E#&....\...'.(.U....R.H...Z....^.K.D.N"p...|..7G.0;;;.=...M..vw.gv..mw...c..4...x.d......A=...FO!..N.h..&r.".ipP}A...".ab`8.A.d#E..".'8]A..P...............2.......^]S...j>.-4.wb..g..-4........\h."?p&...kb&.g.....\}..A.g.*.Gn....16.2=.......tqP8.A.......UP8.ElL.z)............s..S.z.........^l... A....u.l).......-.%ll.@.f/...j.....b#0...a8...8m....7o.|..-[F..8.|..?..-.m.......?.............._|.o..mM...Vg.R.....\.`..........c.._~..i..i...l.ps.....y3Bp....L.Y&.s!m.....c...G..^.....0../.Z..S.....CQ....Cf...IP....T.A.U.l..&.A.9.}...PW..R#.~..A....&K/!...cl...|..'.....<.\.@..gb?K..U.V.@....C..n.Z[..9....yu....w.....tx.......K#..~.....ZH..o ......a..Mccc.n.t..b...;A.w.....f.|....... ........."...[w......P.....a....2!o...=.,..pX..e...J...m&.......W.\iK.rAh.a#5.[.m&..pl.aT!'i`.V.....F...........J.....t...*8..a.....Ep.J~.....^....;FX..d....{.... ].....~..;.......:.T$.N9.......\.h..r.8......$s.[(...;w.4w..mB#W.8.A.AU6C?...h....=.../.u.....r......:.?.TQ6.....i.....^.O..........\.".....A....t....a.....9.T..N.d.e..;...b...^2.;(,.B...`..8.Pr..S...;n.\...$..`.e60.p*...d..N..8X....b0../. .A..W.]X....,}.. N... ........E.`e# m.:...l0`p....:.!.9.....P.~....I.3r.9.Z4..8.r..IN0...^..[..P...........&..g.u..H,.<.9.}Y.........Y.p...#..(....E..>.;<....5.;.,8..4/{..4UWj4.A.j...#...A.n..b.c^..".b.g.4D.....*...}...5...*F..[".X.a....#..^"...w.~.......z.....pR.BN.5.t:.3.....=.$8..>*...=.......(*QM....s.=...m..n..$.O.:.....cyC.....T4.N.T.....
<<< skipped >>>
GET /pc/images/components/w-liveplayer/images/w-liveplayer-sprite-p24.png?201605261526 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 09:29:57 GMT
Date: Fri, 27 May 2016 09:29:57 GMT
Server: nginx
Content-Type: image/png
Content-Length: 2761
Last-Modified: Fri, 27 May 2016 08:54:49 GMT
ETag: "57480b59-ac9"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 db77:7 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR.......K.......~.....tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:b75df607-b6fe-42c1-b920-70eefaf4d55c" xmpMM:DocumentID="xmp.did:41791D48173E11E68975F2632BFDC67F" xmpMM:InstanceID="xmp.iid:41791D47173E11E68975F2632BFDC67F" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D1BEB5342817E6119B3DA3A9C7231D3E" stRef:documentID="xmp.did:b75df607-b6fe-42c1-b920-70eefaf4d55c"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx...Mh.U...{I.&.WI.MC...i..7~A Y.7..P\6...A(......"..(H..H.....S..2.K..b.-..../.M...MgB?...7.......$M;....;...{...$.......;w..w..u....=.T.Pp....566...&.e...k.*.|k....r~.i.5;;.l.$PJ.f.X,^....?d.......}......b.l.......d[.n]6....d#...Q.....w.d.d..gd.d.^.E........hsUP.,...}...F....vH..........Z[[##.mr...}#;'.P.....e/.v..,]xW..#.....w.uZ0}....d.....{J.6m...a.~3............U..\.533...9.bss.o..=..S.gZ...........E..ZZZ6.X_.N.....}........655.J..C....S.X.... Z..!..................wd..t.......v`..........dG'&&..q..o
<<< skipped >>>
GET /pc/images/components/w-thirdpartyLogin/images/login_btn.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Thu, 09 Jun 2016 01:15:21 GMT
Date: Thu, 02 Jun 2016 01:15:21 GMT
Server: nginx
Content-Type: image/png
Content-Length: 8363
Last-Modified: Wed, 01 Jun 2016 11:26:51 GMT
ETag: "574ec67b-20ab"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR.......".............tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:0844673FFD5611E59329C7AD930B1631" xmpMM:InstanceID="xmp.iid:0844673EFD5611E59329C7AD930B1631" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7F002BF2F26911E5B20D9BEF70BA27A9" stRef:documentID="xmp.did:7F002BF3F26911E5B20D9BEF70BA27A9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.....T.....o.o.F.../....ED......&jf...$..|:.._t....q>...2j...E.A..."..BC. ..k.U.9......f.Bo..............}.........B0W.......!g/A.jE[".Z..o.h.).B.R.....m.^.... $.P....*BH,EzZ.B..".o.7.^d.e.306..|..6..MN...z.QU...hG...."..B.?.7.M|..l...9...m.......;...]....a....&...A.X~E.q.!......|,...V..=FR[ ...x..b.J..3..x.."..1.T.H....\\|.7....p..\..IM..91..f.i....9....s$..b.fc....>.].fW..`........i[.03E<BHJ..4...s.....Hj.$.q....^.b.....v.._@.4...@...`Xf..W`7..9..=...)M7cL.5....G.W!D..q...?.,...Y.ER@ .f.<......jG .|...b6.Ty...HF.X`10P'....crP.aN.y..s~ot6{.hW .j.8&y7..B ..%...,.Ifaa.
<<< skipped >>>
GET /pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 13:46:52 GMT
Date: Fri, 27 May 2016 13:46:52 GMT
Server: nginx
Content-Type: image/png
Content-Length: 4789
Last-Modified: Fri, 27 May 2016 11:23:26 GMT
ETag: "57482e2e-12b5"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 db77:9 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR...............e.....tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:fce01c82-3482-443c-b8b3-396eb82a1c25" xmpMM:DocumentID="xmp.did:E9A322F8231A11E6BED4EFD29F3E9143" xmpMM:InstanceID="xmp.iid:E9A322F7231A11E6BED4EFD29F3E9143" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A8C2D00A6022E611938EA93BE443F9C0" stRef:documentID="xmp.did:fce01c82-3482-443c-b8b3-396eb82a1c25"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>j..v....PLTE.......JJ9.%....ttj..........f..3v.i..........D....-...z..""......VVV.QQD.1...X.G...,..............".......|..L...<..4....Y...........................2............44.......jj...........u...|..K..d...........)..s.......................N.=.......bbK.V...........).....>D.2V.............Q...'..........S...............\....,I.!.xxk.\....--...S..A.2................>>..$-..............x.....\..2....?.................u..AF.*G.$.....C....c-.......**........<..<.....9......@.-d.T......d.~...B......
<<< skipped >>>
GET /pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 13:46:52 GMT
Date: Fri, 27 May 2016 13:46:52 GMT
Server: nginx
Content-Type: image/png
Content-Length: 4789
Last-Modified: Fri, 27 May 2016 11:23:26 GMT
ETag: "57482e2e-12b5"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 db77:9 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR...............e.....tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:fce01c82-3482-443c-b8b3-396eb82a1c25" xmpMM:DocumentID="xmp.did:E9A322F8231A11E6BED4EFD29F3E9143" xmpMM:InstanceID="xmp.iid:E9A322F7231A11E6BED4EFD29F3E9143" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A8C2D00A6022E611938EA93BE443F9C0" stRef:documentID="xmp.did:fce01c82-3482-443c-b8b3-396eb82a1c25"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>j..v....PLTE.......JJ9.%....ttj..........f..3v.i..........D....-...z..""......VVV.QQD.1...X.G...,..............".......|..L...<..4....Y...........................2............44.......jj...........u...|..K..d...........)..s.......................N.=.......bbK.V...........).....>D.2V.............Q...'..........S...............\....,I.!.xxk.\....--...S..A.2................>>..$-..............x.....\..2....?.................u..AF.*G.$.....C....c-.......**........<..<.....9......@.-d.T......d.~...B......
<<< skipped >>>
GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=5468&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&io=0&ut=1464849080175&rnd=0.79673912970488821464849080175 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /ZTE4NDIzY2MtZDA5OS00YjQzLWI2NGUtMzBmODc3M2ZmMzQz.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: emyfs.bs2dl.yy.com
Connection: Keep-Alive
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 03:43:06 GMT
Date: Thu, 02 Jun 2016 03:43:06 GMT
Server: openresty
Content-Type: image/jpeg
Content-Length: 90086
Accept-Ranges: bytes
Last-Modified: Fri, 08 Apr 2016 12:06:06 GMT
ETag: "a11ef96c09b67d8f71967939120bef49b82d626b"
Cache-Control: public,max-age=86400
Age: 1
X-Via: 1.1 zhenjiang80:8104 (Cdn Cache Server V2.0), 1.1 db77:1 (Cdn Cache Server V2.0)
Connection: keep-alive
......Exif..II*.................Ducky.......b.....*hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:9F06E0B7FD7411E5BE36C7906B3F28A8" xmpMM:InstanceID="xmp.iid:9F06E0B6FD7411E5BE36C7906B3F28A8" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:33200C90FC9E11E5BDB9F8B305C1B02C" stRef:documentID="xmp.did:33200C91FC9E11E5BDB9F8B305C1B02C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................B.b..............................................................................................!1..A.Q".aq2...B#...R3...b$45.6..rS7...Ccde8...T%....UV..t.u&Fx......................!1..AQa..q.."......2..#..BRb3.4.r..Cc$56Sd.7...s%.t.DTUu.8............?...N.%)&.........y.Zc....F.*......k:M S...s....T%B..I.KZ_.D...C:.jM|s.o.?8%.../y.Z$.......4:....T\.VN9....z..1.............$...N2.B.@!@@Q...ly.@.UU....*h...*.=...%q[w~..c.Xla.k...6....QZ.....=1... ...../1. r.&..Lb.
<<< skipped >>>
GET /MTFhOWY1ODAtYTc2Zi00OGI2LThlNGUtMDE2YmFkZWY4OTIw.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: emyfs.bs2cdn.yy.com
Connection: Keep-Alive
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 06:26:37 GMT
Date: Thu, 02 Jun 2016 06:26:37 GMT
Server: openresty
Content-Type: image/jpeg
Content-Length: 90063
Accept-Ranges: bytes
Last-Modified: Wed, 11 May 2016 09:30:45 GMT
ETag: "f8fcd7d98b256b623af2fce04b860dfe3747f60d"
Cache-Control: public,max-age=86400
Age: 1
X-Via: 1.1 db77:10 (Cdn Cache Server V2.0)
Connection: keep-alive
.....0Exif..MM.*.......1..............VVV.meitu.com....C....................................................................C.........................................................................&...............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....R....~.......{.[s.M....}.......4..........@.i..?.....,.<.........]..%._..?.......{N........N..R.#.6O)..~..U..;....."1\...3..UdZwW..2.'....N.a..}.........2.'....E....}.........R.. ........]...bas&.B.......z..e.O..?.........#.c..E......X#."...F?....&R.Z.d..uu..sd|....!...*....nW.9..o... .XY.d.rT.M..)Tp~..m..=.....h.*.....U....U]D.v..(Pq.....Q.F;...G.,.'.....#]..R.L-.3^.m.m.8.UE_....M..j:....Q...(....:..8.>$v....Y..u...C..].eK....X..........d.....Sz...?..%..`7n^{yc.*[&D..P1........k(..3qb\.....x..`..L.. .'.]......K). ......o....Q............QV1.4.T.T..?..\.f.2].o?8...Z.cx.%.R..9.t.....2.~.. .Nc.d...VN:..3N7e{.Jrwo..(.c. ..~.z...v..g=....... ....p....W....Y..A,...B.A.... ...gE..d_....q.........*.3.....EO)..H.w....'9>..(rQ@...Q.........Rsf.\...m.........>.s..=...@.........SV.5n.s_.....]..)7r.S..s{t.........q..Q..........1...A>q..S.4..55;.m.a......,.?.....
<<< skipped >>>
GET /ZGZhMGQ3YjgtNzViYS00ZThiLTlkYjktZTY0M2RlZWE0OTI2.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: emyfs.bs2cdn.yy.com
Connection: Keep-Alive
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074
HTTP/1.1 200 OK
Expires: Thu, 02 Jun 2016 23:34:04 GMT
Date: Wed, 01 Jun 2016 23:34:04 GMT
Server: openresty
Content-Type: image/jpeg
Content-Length: 34692
Accept-Ranges: bytes
Last-Modified: Mon, 23 May 2016 03:16:48 GMT
ETag: "0a3ccb1c7d41902d280adece9217688d8c11fe14"
Cache-Control: public,max-age=86400
Age: 1
X-Via: 1.1 chshx40:8105 (Cdn Cache Server V2.0), 1.1 fuzhou191:88 (Cdn Cache Server V2.0), 1.1 db78:3 (Cdn Cache Server V2.0)
Connection: keep-alive
......Exif..II*.................Ducky.......P.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4D7B5B88AA12E611B5E5A87810B57366" xmpMM:DocumentID="xmp.did:C2B19FA1209411E6B614C6FF3ABB0594" xmpMM:InstanceID="xmp.iid:C2B19FA0209411E6B614C6FF3ABB0594" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:901A9FEFFC1CE611A66DF0953CD9D519" stRef:documentID="xmp.did:4D7B5B88AA12E611B5E5A87810B57366"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................B.b...........................................................................................!1..AQ.aq"2...B....R#3..b...r.C4...S$..cs5...DTU....d%V.W......................!1..AQ"..aq.2.B.....#3..R.............?..=...6.q.../B....&.i......)R[2@H.....L...I..t... i..i .sHC.............y.. .... bQ1...B.?L.....2..1....*.*.*.*.*..k.U..?l&!Z/.p.....l1......G.=&.wm...j.-....R./>..-S..5-...=.........
<<< skipped >>>
GET /OWE1YWJkNTEtMTgyNy00MGQzLTg2YzMtN2RiZjYxNTdmNmJi.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: emyfs.bs2cdn.yy.com
Connection: Keep-Alive
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074
HTTP/1.1 200 OK
Expires: Thu, 02 Jun 2016 13:39:27 GMT
Date: Wed, 01 Jun 2016 13:39:27 GMT
Server: openresty
Content-Type: image/jpeg
Content-Length: 62074
Accept-Ranges: bytes
Last-Modified: Tue, 31 May 2016 03:27:37 GMT
ETag: "652aa9c85a6b9889cd391adb8a16e2dbb21a805b"
Cache-Control: public,max-age=86400
Age: 1
X-Via: 1.1 db77:3 (Cdn Cache Server V2.0)
Connection: keep-alive
......JFIF.....,.,.....XExif..MM.*...................i.........&.................................................C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..a.P:.`=)..M...R.PM.<t4...vs.b..........4......rh.@..Bz.J........;.....m..,J..}.S...>"....m}.F..,R.d....}y$..W.|[...t_..Y...W.9.#......v.9.!9#.v..6.l...8.0..2.....}R..,-...O.Gs.R..l..27.v....dy._v=...Z."[&2.=3..M..p.$..Z...S.Np:...V.'>.d.w.L.~...O4.H....m^9..........ZB....R8...M...o.8..........#>Is.;s.MO..C...8.....!@\e..1..}j./A]..0......>.....8..........bL...E....2@<..A.O.=..kQ!.<v..q........Y...u$zTPF.~.Fgr};..J..AP3..<...T....}x.v.....n......H...\.S.,.q.G..H...F...9 .=..u....G..[r..9.J"..8...#....$........c...?.9U......'x.qT.@....L...W...qVE..#...4.l...P.......B.w..#M.6..v..........#.dT....4.....^A#...6.c.O..[w.....n0.I.v44..az......L.J.....v.E.#".. ...$0<..Q.w=wE. .....q..._,.Z6.k.!..8.q.]....D.....OJ..7...g.=...;.<.I......V#..$..~.ZH.j[y.@....f.M1...D.R...c...A.i.@..m...c}..).
<<< skipped >>>
GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849080378&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849080378 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /lgn/js/oauth/udbsdk/pcweb/udb.sdk.pcweb.embed.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: res.udb.duowan.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:30:59 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 25 May 2016 06:20:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 02 Jun 2016 06:40:59 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
10a5.............:]o.Jv.E............#8.S...S..........E.*I......X`...b........b......9.AR_I....E"..9s....n.../.,.....[....,..C\7.|.0{.ge.g........&..}.E.(.....I.....0.]!...8.e...B...HK..N.[...BX.&../....... ...])..'.......d.....H4`..,b#...q...v..(gy.....o.....s1M./.....X.K..s]......M...%G..P...{....E...`..."Ng..8-.b..P..J>....oo[. ..e.p.=.....4......U........v(.......`a.%,rc..)u...9......^....'O.X\..n_..s.<...pRo.Y.X..l.^.:.H.....>..c.D... .X.6..."7.A(8...{.-...F.....,. .Z.l...T....,ly.........8S....H}.h......%.9l.T..Z.5P...E.e3B.F_..y...j..}8{............N..?^..;. t.z.....T.eg......".......J|.c..N...D<*.....O......h5l?m.?.....?............=..9....^wa.g.{.........V....D4T..r..m.<.y\.?8:?;.yn......q:WV<.Am.0|t.....r.&..........o..8...'x|..'.9s.....L....g.....\...........?<H...8t.U."C6q.....9a)x..eb'"..Q?m.i.Z...2..........>.kg8..$.....?..N....S.^.1_..kv/.`...n...IgI.@.F....d...j.... ..e.p....1.Q N[...>z.........[G............7..tV.,.&.i{.!.-.F...5.....p.......DT.5.b.B5.5...tu..m...`...H....._{..x. ..... ...Q..8. j....{..id...2.6.p.g.8.nh_gqj.>...-..}.n#....W.W..'C...\]=...W...=....T.Q..A.. &..K..aA......5.7....1.;..Y.&.....:........Z..N..8J.....|n.qT........v.}.~.`h.c..$N...V.|.........?>.._>..o?.......@..PQ:.9.Z.......I3`....pK.9../v.d...&vzb.....4..!..|.T....x..p.....V...\PT......<.s.......M.*(..p~|...\P.... 1...o...b.R..b..16/..../$.....a.#..q/.D,..&$.!...&<.G\u..0...f.y.)..........H*...~.UV:...@..Y....W.X.|D........E.!.?2.....X...`b......6.q#s.o..Y..fh..2I.5.....`."
<<< skipped >>>
GET /lgn/js/oauth/udbsdk/udb.sdk.getmm.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: res.udb.duowan.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:31:00 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 25 May 2016 06:20:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 02 Jun 2016 06:41:00 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
571.............V...6..*..%R,|6`0...#.6.I.6...0$#.2...b...A?{..>`z.....K.Z.}.}.}.m.Q.i.9yl.-..2Yl...`.}.)W#.,......S...:......X...5m...8..............D...s,/...g-.n.......3}...f_..h.:.!.=s8.!.<-...5 &.`E.F.9...4f....G V.>.........t.B...h."....6..\Q..>..S1....c%_...%...[|,....~=..T'V._0.{x.}j.....4.P&Z.#ZB.*qN.."H...!............(>MJ..K)....tM.....g....3r..S.......1n..*.....6.S.-..8mw.?Z..Gw<h.....vt...... .....u....,h....*..n...64Ls.1G..hh....W..R...F.hs..3.j.0.L...v.Q.G.....>.W....... n...p&.n.9..G...pj...Lt.^....5..O..\...3w .c...g...7.v.W.-.mC.U...7$.r..9.)..n.o.....v...5....#\.!..P....I...V(.9....$.]L&.K...p..m. ..D...O..u......6i3F..E..#..T.2....".i4...p...NtD....H.E.2H..N.i..,?.[.Y..M.5.:.%..|h...$.R..A,1........M.!.^GAE..KG.R.d......Sm......o.%/.L...~..y..n..V.....(P.....M.H.... ....Kr.....y<.(.-@..m.n4i....B.q[!..........yp.37..X&.*2....dia........7x.2.q..n.m..=....-|h.W}.,..8=.~.0O......$.w...{.L.x@.k...7...L,.h...M..m.ny...6...3..........Y5ML...R.....G...y.8X(.(/.E......:........P.0.R8..]1Aj..4p[...^.,1..y%Q...<.....Y.. ..R.../.W..5R..8 ...h.MA.....!.....Z.a......V.0U8.2^_p...Y.4..8$V)BWF.....j..g..D.....4;?d..L[...=_........W......8..J...u...z.!..`l....F..q.........D........|{....2..#../h.X.....6;w..2.(A.}a......3..C......<..(...:.[..,X....w.`W.}.t...p...m.=..i<a...\..X.r/y&.'..Q..tP.......M.m..6.....=z.1..]mlh.`-A...p...w.=>7..]......[.C..[../.......^....O....G.....0......
<<< skipped >>>
GET /lgn/css/oauth/udbsdk/xelogin.sdk.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: res.udb.duowan.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:31:04 GMT
Content-Type: text/css
Content-Length: 667
Last-Modified: Wed, 25 May 2016 06:20:30 GMT
Connection: keep-alive
ETag: "5745442e-29b"
Expires: Thu, 02 Jun 2016 06:41:04 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
/*mark*/@CHARSET "UTF-8";.popup-mask{z-index:30001;position:absolute;top:0;left:0;-moz-opacity:0.5;opacity:0.5;filter:alpha(opacity=50);background-color:#000;width:100%;height:100%;zoom:1;}.popup-mask iframe{position:absolute; z-index: -1;}.udbsdk_login{display:none;}.udbsdk_close{font:13px/1.5 Tahoma,Arial,Verdana;text-align:right;position:relative;top:23px;right:-4px;}.udbsdk_href{TEXT-DECORATION:none;color:#A7CFEC;font-size:14px; font-weight:bold;}.udbsdk_href:hover{text-decoration:none !important;}.udbsdk_frm1{width:524px;*width:526px;_width:526px; height:298px;*height:300px;_height:312px;} .udbsdk_frm{width:320px ; height:273px; vertical-align: middle;}.HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:04 GMT..Content-Type: text/css..Content-Length: 667..Last-Modified: Wed, 25 May 2016 06:20:30 GMT..Connection: keep-alive..ETag: "5745442e-29b"..Expires: Thu, 02 Jun 2016 06:41:04 GMT..Cache-Control: max-age=600..Accept-Ranges: bytes../*mark*/@CHARSET "UTF-8";.popup-mask{z-index:30001;position:absolute;top:0;left:0;-moz-opacity:0.5;opacity:0.5;filter:alpha(opacity=50);background-color:#000;width:100%;height:100%;zoom:1;}.popup-mask iframe{position:absolute; z-index: -1;}.udbsdk_login{display:none;}.udbsdk_close{font:13px/1.5 Tahoma,Arial,Verdana;text-align:right;position:relative;top:23px;right:-4px;}.udbsdk_href{TEXT-DECORATION:none;color:#A7CFEC;font-size:14px; font-weight:bold;}.udbsdk_href:hover{text-decoration:none !important;}.udbsdk_frm1{width:524px;*width:526px;_width:526px; height:298px;*
<<< skipped >>>
GET /hiido_internal.js?siteid=www@yy HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hdjs.hiido.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 02 Jun 2016 06:30:59 GMT
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Thu, 26 May 2016 02:37:10 GMT
ETag: W/"59c1-154eaec37f0"
Content-Type: application/javascript
Content-Length: 22977
X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)
Connection: keep-alive
/*! hiido.js: v0.7.4 2016-05-26 10:37:00 */.!function(e){function n(r){if(i[r])return i[r].exports;var t=i[r]={exports:{},id:r,loaded:!1};return e[r].call(t.exports,t,t.exports,n),t.loaded=!0,t.exports}var i={};return n.m=e,n.c=i,n.p="",n(0)}([function(e,n,i){"use strict";!function(){var e=i(1),n=navigator.userAgent;try{new e(n,!0)}catch(r){console.dir(r);var t=new Image(1,1),o=encodeURIComponent,a=r.stack?o(r.stack):"";t.src=window.location.protocol "//wbugs.hiido.com/c.gif?e=" o(r) "|" a "|" o(window.location.href) "|" o(n),t.onload=function(){}}}()},function(e,n,i){"use strict";function r(e,n,i,r){e.addEventListener?e.addEventListener(n,i,!!r):e.attachEvent&&(e["e" n i]=i,e[n i]=function(){e["e" n i](window.event)},e.attachEvent("on" n,e[n i]))}function t(e){var n="; " document.cookie,i=n.split("; " e "=");return 1===i.length?"":decodeURIComponent(i[1].split(";")[0])}function o(e,n,i){i=i||{};var r=e "=" encodeURIComponent(n);if(i.expires&&"number"==typeof i.expires){var t=new Date;i.expires=1e3*i.expires*60*60*24,t=new Date(t.getTime() i.expires),r=r "; expires=" t.toUTCString()}i.path?r=r "; path=" i.path:"; path=/",i.domain?r=r "; domain=" i.domain:"",document.cookie=r}function a(){return window.location.hostname}function s(){var e,n=window._hiido_wid,i=Object.prototype.toString;if(n)if("[object Array]"===i.call(n))e=n.join("|");else if("function"==typeof n)try{e=n.call(window),"[object Array]"===i.call(e)&&(e=e.join("|"))}catch(r){window.console.log("_hiido_wid ..................!"),window.console.dir?wi
<<< skipped >>>
GET /hiido_internal.js?siteid=www@yy HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 26 May 2016 02:37:10 GMT
If-None-Match: W/"59c1-154eaec37f0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hdjs.hiido.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Date: Thu, 02 Jun 2016 06:31:05 GMT
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Thu, 26 May 2016 02:37:10 GMT
ETag: W/"59c1-154eaec37f0"
X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)
Connection: keep-alive
HTTP/1.1 304 Not Modified..Date: Thu, 02 Jun 2016 06:31:05 GMT..X-Powered-By: Express..Accept-Ranges: bytes..Cache-Control: public, max-age=0..Last-Modified: Thu, 26 May 2016 02:37:10 GMT..ETag: W/"59c1-154eaec37f0"..X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)..Connection: keep-alive......
GET /hiido_internal.js?siteid=www@yy HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 26 May 2016 02:37:10 GMT
If-None-Match: W/"59c1-154eaec37f0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hdjs.hiido.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Date: Thu, 02 Jun 2016 06:31:12 GMT
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Thu, 26 May 2016 02:37:10 GMT
ETag: W/"59c1-154eaec37f0"
X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)
Connection: keep-alive
HTTP/1.1 304 Not Modified..Date: Thu, 02 Jun 2016 06:31:12 GMT..X-Powered-By: Express..Accept-Ranges: bytes..Cache-Control: public, max-age=0..Last-Modified: Thu, 26 May 2016 02:37:10 GMT..ETag: W/"59c1-154eaec37f0"..X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)..Connection: keep-alive......
GET /hiido_internal.js?siteid=www@yy HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 26 May 2016 02:37:10 GMT
If-None-Match: W/"59c1-154eaec37f0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hdjs.hiido.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Date: Thu, 02 Jun 2016 06:31:21 GMT
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Thu, 26 May 2016 02:37:10 GMT
ETag: W/"59c1-154eaec37f0"
X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)
Connection: keep-alive
HTTP/1.1 304 Not Modified..Date: Thu, 02 Jun 2016 06:31:21 GMT..X-Powered-By: Express..Accept-Ranges: bytes..Cache-Control: public, max-age=0..Last-Modified: Thu, 26 May 2016 02:37:10 GMT..ETag: W/"59c1-154eaec37f0"..X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)..Connection: keep-alive..
GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849073831&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849073831 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849066144&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849066144 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /cm/user?time=1464849065&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.hiido.cn
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 02 Jun 2016 06:31:02 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: cm_ui="astyYDKFq0a2WlezmUN12A==|0.6"; Expires=Tue, 29 Nov 2016 06:31:02 GMT; Path=/
....
GET /cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|& HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.hiido.cn
Connection: Keep-Alive
Cookie: cm_ui="astyYDKFq0a2WlezmUN12A==|0.6"
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 02 Jun 2016 06:31:02 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&
....
GET /cm/user?time=1464849066&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.hiido.cn
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 02 Jun 2016 06:31:03 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: cm_ui="/CQ/vRyNOKd62lCrFSuMgA==|0.6"; Expires=Tue, 29 Nov 2016 06:31:03 GMT; Path=/
HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:03 GMT..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connection: keep-alive..Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: cm_ui="/CQ/vRyNOKd62lCrFSuMgA==|0.6"; Expires=Tue, 29 Nov 2016 06:31:03 GMT; Path=/......
GET /cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|& HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.hiido.cn
Connection: Keep-Alive
Cookie: cm_ui="/CQ/vRyNOKd62lCrFSuMgA==|0.6"
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 02 Jun 2016 06:31:04 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&
HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:04 GMT..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connection: keep-alive..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&......
GET /cm/user?time=1464849073&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.hiido.cn
Connection: Keep-Alive
Cookie: cm_ui="/CQ/vRyNOKd62lCrFSuMgA==|0.6"
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 02 Jun 2016 06:31:05 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&
HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:05 GMT..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connection: keep-alive..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&......
GET /cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|& HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.hiido.cn
Connection: Keep-Alive
Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 02 Jun 2016 06:31:08 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&
HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:08 GMT..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connection: keep-alive..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&......
GET /cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=9Cingj_B4CY= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.hiido.cn
Connection: Keep-Alive
Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:31:09 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: cm_mapping=tanx|0|1464852669; Expires=Tue, 29 Nov 2016 06:31:09 GMT; Path=/
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:09 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: cm_mapping=tanx|0|1464852669; Expires=Tue, 29 Nov 2016 06:31:09 GMT; Path=/..GIF89a.............!.......,...........L..;....
GET /cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.hiido.cn
Connection: Keep-Alive
Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; cm_mapping=tanx|0|1464852669
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:31:10 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: cm_mapping=tanx|0|1464852670; Expires=Tue, 29 Nov 2016 06:31:10 GMT; Path=/
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:10 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: cm_mapping=tanx|0|1464852670; Expires=Tue, 29 Nov 2016 06:31:10 GMT; Path=/..GIF89a.............!.......,...........L..;....
GET /cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: cm.hiido.cn
Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; cm_mapping=tanx|0|1464852670
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:31:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: cm_mapping=tanx|0|1464852671; Expires=Tue, 29 Nov 2016 06:31:11 GMT; Path=/
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:11 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: cm_mapping=tanx|0|1464852671; Expires=Tue, 29 Nov 2016 06:31:11 GMT; Path=/..GIF89a.............!.......,...........L..;....
GET /cm/user?time=1464849080&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.hiido.cn
Connection: Keep-Alive
Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; cm_mapping=tanx|0|1464852671
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:31:12 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:12 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..GIF89a.............!.......,...........L..;....
GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.tanx.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Thu, 02 Jun 2016 06:31:09 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Server: Tengine
P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY; expires=Sun, 31-May-26 06:31:09 GMT; path=/; domain=tanx.com
Location: hXXp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY=
Timing-Allow-Origin: *
GIF89a...................!.......,...........T..;..
GET /group16/M00/DF/D3/tz0M9VdIH4YAAAAAAABCXwapNGU050.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: res.m.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Mon, 25 May 2026 12:17:34 GMT
Date: Fri, 27 May 2016 12:17:34 GMT
Server: nginx
Content-Type: image/jpeg
Content-Length: 16991
Last-Modified: Fri, 27 May 2016 10:20:54 GMT
ETag: "57481f86-425f"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 fuzhou188:8105 (Cdn Cache Server V2.0), 1.1 db77:3 (Cdn Cache Server V2.0)
Connection: keep-alive
......JFIF...................................................%...#... , #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........@...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....2.&.n2......x..Qx.B..|.&..(\&.Sf.._.9..?....F....4a2..-...5......e...^.e...~9...Z...)......I. .;.....U....Dt. .\.....@. .phQ........U.r...t?...\{.)k...m..&.E"..G .G......C P....c@.N.......MNy;." 6.'....*....*!.A.I.hZ..E.*q..w.0...r8".eK.FP....)5....\2...z.t...b\u....R...[.b6....`.s...........N/.1.....|.V.D..)4.q..\z..\.s@...R.a.RB..#.2.....q:..@.$..B=*....8.E.0...S.V....*.h.G.j* ...f.\.M>......;.'..0......&gkJ....&q...^...1.SF......PN:K...Fk6.V. .........Z..I./....|z...\...[.z..d....jv.A*3.$W...A?y\.....Fr..1...".N.IX..&.R$`.K.>..s2Z:..eKe .1.w.L...ev.W..z.I>....3.F.......3w.qZ.l.]X... .....hCdP....Fy.P\.s.Fv.....*..r3b....;BF......X#..ZX.n>.[...6.e........-.F. ........*.c7...XUTw....#.@..\.E.!..>.?.Z..[.......w...8.....\6)Og..Y@...u....1....n..#.R.bkK.BT..U8.C4-&(..H#.VSV)j...A.E..a.....ZE...yY..8...........v..r*X..q.........8.zR.l'aT.6I..,EWA60..JC....;..."n....&.U.T-. .....i|(r..a... fBz...t..T
<<< skipped >>>
GET /group16/M00/2F/B8/tz0M9VVAXDEAAAAAAAApeRzzhWQ610.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: res.m.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Wed, 18 Feb 2026 06:26:42 GMT
Date: Sun, 21 Feb 2016 06:26:42 GMT
Server: nginx
Content-Type: image/jpeg
Content-Length: 10617
Last-Modified: Wed, 29 Apr 2015 04:21:23 GMT
ETag: "55405c43-2979"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zhdx182:8111 (Cdn Cache Server V2.0), 1.1 db77:4 (Cdn Cache Server V2.0)
Connection: keep-alive
......JFIF...................................................%...#... , #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........@...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......P.....P.@....P.@......v.P....P ....1@.(.(.........P...C@..!..b..Qp..J`....)....@.@.qY.Z.).P1h........(............(.S.....0..C@..........(.4.J.J.C@.L....%...J`..f..P.H.......(.....P.@....P.@..%.....P.@..A@......P.b..P.P.@.L........h.....BP.P.@.j....(.....P.@....P.@....P.@...P...%.aM.a...`....P.@X(.........J.C@.L....@%.......%.Z.((.P.@....P.@....P.@....P.1..=..`../4........6.y.d..v..J.4j2.?.|.i..k.rK|5....l..P?3N........9.d...ps......AA@.....P.P ..&).C@...J.J.J`...`..b..@.h..Aa@....P.@....P.@....P.@..Eu*A..#.@9&.>b.....Y.w6......cs.[._...a.zs...n.../.|k....&.guc...^...g`.....F...hHj.8...v....]/J...B.r..3FH...23.....K....)...'A.j.0N.$..9v..G=8=..zU$d.g...w......3M.G...E-.*.....s...6\7>.\..I...(......(...!.....%....!..P..@.L..Ch...5.....P.@....P.@..).z".....A...<Rn.....o<S F!T...O@J.....Z.;.....=0..G6.F...y...9.8.....j.5.Ab...79'=.[..n*..x....)zm[.F.O.>...1 ...#..c...X.!.V:%.q......Vi.FTprs.....#..G
<<< skipped >>>
GET /group16/M00/AB/24/tz0M9VZb9NQAAAAAAAAquzvx9eg282.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: res.m.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Fri, 06 Mar 2026 14:00:47 GMT
Date: Tue, 08 Mar 2016 14:00:47 GMT
Server: nginx
Content-Type: image/jpeg
Content-Length: 10939
Last-Modified: Mon, 30 Nov 2015 07:04:29 GMT
ETag: "565bf4fd-2abb"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 fuzhou188:8108 (Cdn Cache Server V2.0), 1.1 db78:7 (Cdn Cache Server V2.0)
Connection: keep-alive
......JFIF...................................................%...#... , #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........@...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........Lhp........\P..L....P..).\P.@..&..#SB.h...._..5.|-.Iyy"I..8..|.. *.F....>.z.rm.'.j..|U{$.gig..w..d2(.nN.H.......9k.)k)~.0...aq(..Z.K..m........n?:.6W. .?......./x...\.... ."..........\.<".6w......B.#WH....&O,d.p9n...rzt..1:.....M#T..l#.............z...%;.z.(......@.(..4.B(d."..0...F..F.C."qI.....B!"....(!.....KEYW..E......8..(..p...)..h.q@....qH...(.h.(....3@..`gk..v6...B.(26.r@..$..NH.."3. .$....-KP....y. .D.Ua.$..xT..1.$...Sz....aO..e..[.M.1;.$.. ...'....../.$....l.D..........g.NI..4..... ..m...d....;W.C...9....g)....F...?.......:z.4........C.7..........`.t..$0..O8.qM;.R.Z........Z.3a...)..h...F..,.......g'=..7.e ..v....=.)I=..Ns..B....!...A#M .E4!.PH.(..3@....M..E1...K .h!.%^j..i........0...9E .(...P.@....P.P.y.....W...8.<.I..P&.x....H....R......I9.... #.."..q...d..t(.Gy.?..6...<.a.|7(wc...G'.{.....l..i...{.M.,C.2v..:.o...j...&..Hd>F..U.....9..^.8.....z"%...E.$c...xn........V..........g'<
<<< skipped >>>
GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&isnew=1&io=1&ut=1464849067566&rnd=0.79673912970488821464849067566 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: log.mmstat.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: Tengine
Date: Thu, 02 Jun 2016 06:31:08 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=rMDWD7pw/UgCASU5EL0I34H ; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com
Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server: Tengine..Date: Thu, 02 Jun 2016 06:31:08 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=rMDWD7pw/UgCASU5EL0I34H ; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H ..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cache..GIF89a.............!.......,...........L..;t>....
GET /cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: log.mmstat.com
Connection: Keep-Alive
Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY
HTTP/1.1 302 Found
Server: Tengine
Date: Thu, 02 Jun 2016 06:31:09 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server: Tengine..Date: Thu, 02 Jun 2016 06:31:09 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cache..GIF89a.............!.......,...........L..;..
GET /cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: log.mmstat.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: Tengine
Date: Thu, 02 Jun 2016 06:31:08 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=rMDWDx5FnCUCASU5EL04/DMR; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com
Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&cna=rMDWDx5FnCUCASU5EL04/DMR
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....
GET /cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: log.mmstat.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: Tengine
Date: Thu, 02 Jun 2016 06:31:08 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com
Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server: Tengine..Date: Thu, 02 Jun 2016 06:31:08 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cache..GIF89a.............!.......,...........L..;..
GET /pc/js/lib/jQuery/jquery-1.11.1.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Sat, 04 Jun 2016 15:46:22 GMT
Date: Sat, 28 May 2016 15:46:22 GMT
Server: nginx
Content-Type: application/x-javascript
Content-Length: 96477
Last-Modified: Fri, 20 May 2016 09:37:21 GMT
ETag: "573edad1-178dd"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zhenjiang82:8111 (Cdn Cache Server V2.0), 1.1 db77:4 (Cdn Cache Server V2.0)
Connection: keep-alive
!function(e,t){"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){function n(e){var t=e.length,n=ie.type(e);return"function"===n||ie.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||0===t||"number"==typeof t&&t>0&&t-1 in e}function r(e,t,n){if(ie.isFunction(t))return ie.grep(e,function(e,r){return!!t.call(e,r,e)!==n});if(t.nodeType)return ie.grep(e,function(e){return e===t!==n});if("string"==typeof t){if(fe.test(t))return ie.filter(t,e,n);t=ie.filter(t,e)}return ie.grep(e,function(e){return ie.inArray(e,t)>=0!==n})}function i(e,t){do e=e[t];while(e&&1!==e.nodeType);return e}function o(e){var t=xe[e]={};return ie.each(e.match(be)||[],function(e,n){t[n]=!0}),t}function a(){he.addEventListener?(he.removeEventListener("DOMContentLoaded",s,!1),e.removeEventListener("load",s,!1)):(he.detachEvent("onreadystatechange",s),e.detachEvent("onload",s))}function s(){(he.addEventListener||"load"===event.type||"complete"===he.readyState)&&(a(),ie.ready())}function l(e,t,n){if(void 0===n&&1===e.nodeType){var r="data-" t.replace(Ee,"-$1").toLowerCase();if(n=e.getAttribute(r),"string"==typeof n){try{n="true"===n?!0:"false"===n?!1:"null"===n?null: n ""===n? n:Ne.test(n)?ie.parseJSON(n):n}catch(i){}ie.data(e,t,n)}else n=void 0}return n}function u(e){var t;for(t in e)if(("data"!==t||!ie.isEmptyObject(e[t]))&&"toJSON"!==t)return!1;r
<<< skipped >>>
GET /group16/M00/DB/E1/tz0M9Vc1T9UAAAAAAAA9GCmL_PA833.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: res.m.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Sun, 17 May 2026 03:08:27 GMT
Date: Thu, 19 May 2016 03:08:27 GMT
Server: nginx
Content-Type: image/jpeg
Content-Length: 15640
Last-Modified: Fri, 13 May 2016 03:54:44 GMT
ETag: "57355004-3d18"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 fuzhou185:80 (Cdn Cache Server V2.0), 1.1 db77:3 (Cdn Cache Server V2.0)
Connection: keep-alive
......JFIF...................................................%...#... , #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........@...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..1_.#..U...B...P...V..)..*.)...Z.-0.`-..HB..p...f....b...5,bf...s^.t(.]V.-.C.R.3...d.....0.j..r...2.....?...T..ze..@7M$...r...<d..W.C...j.%........U...=.......l.$....J.0d...z..g....=.. ....m"...kR}8...D.ik7.....|g.%...d......m~.n.v.........?......mk4.\..c....q..$~...^N *.a..%u..I.F.e......).L.<...8.....(.(.E0....(.. .h.2.xh..*...0.h....3E.\P...`&(.qJ.-0.......)..*.u4!A.LLp5W.g..i.e.?..l.5.zN.nu......6.......m...>c..{.^Q,k..4........J..-......"..|K{t.. m.fo5... q.#.H.......$.N6^G.w.....]iv....G...&.7...w.2........JO.)..UK..l..[...R.Kuc...rGL....|.AW.....\........5....|.....pz.........nn...b......N.....vv.8i:....$..^...i.p.......i..~..,..s@.m*J].3q..}p.N...c..L.$.&..~...s....dzh5...x5I...Uq...1..`..P..`..)..@.4.e....(.B.....P).p....1@.).b..P.).b......!i....LB...hLF'.|Ao.....7.,.d1..k).............Z4...%..r.W>i.R...hj..h..B..c...x.......;...i.. ..VK.8.....b_s..NMnA.px#x...;....`..P....._@ph.E;.....R.....Z.-
<<< skipped >>>
GET /group16/M00/A8/67/d7wtWVZMVGYAAAAAAAAsUBB5Ylo338.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: res.m.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Fri, 24 Apr 2026 02:27:07 GMT
Date: Tue, 26 Apr 2016 02:27:07 GMT
Server: nginx
Content-Type: image/jpeg
Content-Length: 11344
Last-Modified: Thu, 07 Apr 2016 12:54:11 GMT
ETag: "57065873-2c50"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 db77:6 (Cdn Cache Server V2.0)
Connection: keep-alive
......JFIF...................................................%...#... , #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........@...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..qY....B..q...@..(.=(..@..8..c....C..I.F.#..i6TV...!.y..G'.l.z.=k4j..n...d..U1...A..\.. ....D1...D..8...?.U.D.B...e..x.M..:.....8.r.K.Z..Pz..P.Z..k.;....8..E(....3 :.....O8...........1K...........1.T.Qk.....@....!S...%2H.L..... </N......\..<.).M..|?..... .-.sQ...0.H.}..V.d.sZ..........:U.........#..j.#7.>{2..;g..22q*:.Q..2.#B.....-..$..~...K.M..qz..[|.V..'.c...zV...w.]..`..P..D.F8..i....i.c.Z#&%h..=w.3A,.T.......L(%....@..B.P............/...-..&M.d.|.......D. |.r|.3.Q...Mu.6P...|.J.i.E.lb8...bnT.l...f..~Q..Z$.{....I...f...3&W$....h.....3..s.5..(......j.>.._..5<.....t..,....l.......(...-..k.v..SBf...P.....X6..?J..fP..}h....J.C%.=...U...8^(..ug.....15.4L.l.q...c.......r...q9.GG..*.t.:V.....]..7!..{r U#)D............-.l...A.8."..............|...~5%.GZ...q .2.../..:..*....1TM.b........(....P........c...*.B.3aT..{...*.z.B.>#[;I.Gj...........%dy...6.;y..2)..5..94....b....D....T$Y.&.A.../Dh.f......[..e).B
<<< skipped >>>
GET /group16/M00/BA/4B/d7wtWVbNX2QAAAAAAABV3x-aSpw439.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: res.m.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Mon, 02 Mar 2026 14:19:40 GMT
Date: Fri, 04 Mar 2016 14:19:40 GMT
Server: nginx
Content-Type: image/jpeg
Content-Length: 21983
Last-Modified: Wed, 24 Feb 2016 07:44:43 GMT
ETag: "56cd5f6b-55df"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 db77:2 (Cdn Cache Server V2.0)
Connection: keep-alive
......JFIF...................................................%...#... , #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........@...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...O...a\vGO3"m5..YO..>V..Ma*...}...U....O.............Xw. ..)..$.N..0.. .w.f.&..F...Rh.......F,i.9."$A.... .r..d...qk"....$}........q7..t.....[G.[.}.!O..?CX.....y3...!.<.......n...jj?v.V....Y...C*........k...FEY...b........).....'.`......<.hd?0..u..1.....n..u.....6..Ud!..`Gpk..{......JV(\T....ZTYb..>W...F.auu.-..Kwn........f....[4....B.CA.C....OUb.........8.....i..6..8.b....Xg...?.w...d..qN...D..hFei..x..x..#..\...4...fu..h(p9..[...T.Sv9..?|.'.1.q.qE.b..l....D.7..$.......0....^.....XN%'?.'.k..-...(........lW...LW.{d...7.,.u.P.R..)..v!... i.:....-....=.E..8...4\....}....E..%.(..(.w${XJ..}.&.*.....a...R..u.Z.a.....XP..p_..a&.iz...(.....6..,}.......U..c.{mkA..>fe.RdUP....w....q...psM.Gr.....q... ..X...~...E.u.i1.)..8..Tr.m..}Mo...iZ.r.S..@Gp.....c..~5..Y..vaET.<wA{k...}..2.v.......F]s....O.:..B..N.3.G.F ..B.....R.1..u....s.....9.g:......0...#.;.OJ.1.S...pQ..'.S..t.......M.T.u.H..x.R...3.....*....74...
<<< skipped >>>
GET /statistics/StatisticsAction.json?uri=studio_ie6_windows xp&value=1 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: statistics.yy.com
Connection: Keep-Alive
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849081
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:31:18 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
3a.............VJI-NV.RR.Q*.I,)-V.2.QJI,IT.....2..@....7.F*.....0..HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:18 GMT..Content-Type: application/json;charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..Access-Control-Allow-Credentials: true..Content-Encoding: gzip..3a.............VJI-NV.RR.Q*.I,)-V.2.QJI,IT.....2..@....7.F*.....0......
GET /pc/css/headfoot.mix.css?20160602135939 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Thu, 09 Jun 2016 06:30:53 GMT
Date: Thu, 02 Jun 2016 06:30:53 GMT
Server: nginx
Content-Type: text/css
Last-Modified: Thu, 02 Jun 2016 06:06:15 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=604800
Content-Encoding: gzip
X-Via: 1.1 db77:7 (Cdn Cache Server V2.0)
Connection: keep-alive
1530.............<i..8r.. .;...d.}b..dll..O..6...Zbwk..4..~.....-....H....'..b..V....5.z08/....o..x..CS...2.....!x...s........... ..2..eU...kY..~..SS<:...|..8... @.t.P6..nj.t.n..}..O....}..xY..{?.....?.ro....E...g...bp.%....{n..{..k.^c......n..n..[.nS...v......u s..{..[.]......(......@.....~.0..{"P!..........!..............H.....#........mS............0Bz.e.U^V...p.....t]c.0...S66..*k.....X.}[e.....om..Y=<......d..|..6........1....c.I..........u...r..R......G.E..b....}x.....2...9...f......^.?e.......g......Y..Gy.3.......<.oe.})..z.o...x..O.......9@....s.....i..W8.u..].......b.5./5............`.....bsn.{.... ...[`k......R......J.- k...4. P.=.B...b%.?5.^^....jz ....p.. ........z}.......#.}.... .r?on...]y......j!w.C...d.l.. .....O....?."....n... .8..&C.Ep..L(....N.A~).Ky.g.s.....K....o.......).I*.a 3..g.....Q...OQ.n.8...8ys|.a.t.................;j............j..n.....^.]...?n..\..;.?....)...C..^.=.6.....38~.2R....L.{C.....z......`QG..y.e.....W...8#-....\.}......R...............|d.Z@...a.t..3..D.lf...>46.D{..)..aY.......).....b...Y...L$...[..4a..G.....Q.....:B/.9....v.=....s.._..=..Q..>....)U......V.y...>.f`).j..."..x!3U.8.u:j..-B.}..R.8...D..3.....E.j..|.@.R.Q...G)k..Lj.}.=..Q..iz4#.\.....v:...P.N.m.Y..m.V..X!.HN....m.........A..t.S.:p...o......g..c....N:.r.J...O...N.....6u.......*.*..@.m..........!.....]......H...7..T."".t...Z......Z...E..bAO...TQ.1'.I..e.k..~DZ.\...>.......... 0.'......Fv.=Zh..........X:.1..V5.&...y).cb~.e..o.C....y....h`..F.:........v...........}.|.y..........G...._.-...
<<< skipped >>>
GET /pc/js/headfoot.mix.js?20160602135939 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Thu, 09 Jun 2016 06:31:00 GMT
Date: Thu, 02 Jun 2016 06:31:00 GMT
Server: nginx
Content-Type: application/x-javascript
Last-Modified: Thu, 02 Jun 2016 06:06:15 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=604800
Content-Encoding: gzip
X-Via: 1.1 db77:10 (Cdn Cache Server V2.0)
Connection: keep-alive
3903.............}kw..u.....{d.[h4.R.H.5..c<L.G...'$G.......PwA Mb....v.....>...7{...............f...a..U.]....O...[l..........,.. ..y....=......=..l.Dlh...$...i....L...'^V.:M..%Q....I.4...l.o..g...N.c]9..\j...a-.J.G..>.,.......O........-.'d....x.i..GI......l....X.v...v{.8..7..?.z.....#oI..Y.........AH68...LL.....1K!E...V.H.$~.*...O...u...t..0...Z....a....i.\c..}.....).p#..b.WW..$.X.l7..@..m.J.b........805...........,.<..V..vt.x.\ZsW.v.....PL_M...M.0.... ...a......X.....O.}g..... 1.o.(.p...,.....C.[A..........c.5b>f..0-..OOR.&...~.P.6..6.....:.9..t....tkJ.O.....z.\h....r.:.^.).........C.....pG....H..........\,...B.t.O. r.1.S........3.'...}.i.B?...E.a6.hO..........g......].%...GcN....O]..?.'!}..0.$.EH..G.8...x.C........N.<..x...19...J...4.i:..`l......9K..)3-.t....n".x*.w.0.Y...lked.^.'~.N...F ...T..g..t.\?..=...T_\.....O.,....T..=-...0g.&|zy.9.......O.Y^[..T._^....H.P..a.D.y{.o..i.C.8.....z..h?.P ......w...s...{..{.......u......W.^..~.*Qdc..x...)..z....:.z(...........8.<../X{...m.......Io.`I.....r......>..F.`.z.4...9.."....e..-.6."..*..q....X..v.p6....V[.....~.....u..0..;.$......y.~8.O..:.".$.e..%%hEeJ]a..-....9}..!.F.....".}n.lr..D|..$..4.\4.......5.*E....LI>.rV.tN..Q.B.('v..%:?..`.....<.....K......).?>j..q ..........|C1.>.....Y..q.-.}.8p..A.R.R.@.....5..._.........L...?......&K...q?.......J/uA.....>M.5.J.4..#.z)_L., ~.J(J.e2IWS......ex....R..|._YB.*..Q..,K@.b......d..!A..duU.3.U2..:...P.N.P..cb...F..&.S...w.o{..=...t.\X.YO@..B...O..P@R.k.@n.8.?.........|.n)......(f...^...
<<< skipped >>>
GET /pc/images/2wm.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 15:00:52 GMT
Date: Fri, 27 May 2016 15:00:52 GMT
Server: nginx
Content-Type: image/png
Content-Length: 14508
Last-Modified: Mon, 23 May 2016 11:22:41 GMT
ETag: "5742e801-38ac"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zhdx182:8104 (Cdn Cache Server V2.0), 1.1 db78:10 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR..............X....8sIDATx..}..........HG@.#.."".@......RD..(.{SPQ.JQ..*E.....(.(..... .......u.3.;........f./..99.I2Y.....))))..n....4.t...).9s..Y.f......2_F.y.....Yg...8p./e...?...>....8..m..../m....3.6)Q.Df.'b.H. %.De..g..M........P... y....{.........j.. ....s.5....Q..s.9.6...w.mR.lY..`.OL........$.......@..C.#.......L.... ...t..*.d..\u.U.6..d..}N...M.$..?.4...,.4h.@[o.3..'....$.r.... v............QQ..5.H.R....y..7...*_....C.B.8p ..{..W.aq|..7n..m.....7...2....?......,..es..:..|...w.?.|m.....L...\.e[....m..MP......>}..G..q5,Vz.>'.~.!m".....r_z.%J.S.N%.....O....1#t.c.=.JO=P........Q.<....s^{.....Jy....|..m..{....'...~h....MS...v.;.<m.{...,.............W.hQm>..Q.F.Q....D.g[.n....O..i....c.{...D=.2..u.].mL.Q...r... n...CO..f..w.......X..F.S.&.........9..8.. ;w.t.=.5.y........U.V.y.....^{.....B...~.....z..i.c3.@.L.....v..#..A,@,@,@..aj.......A......I_..u.Z.jT.F.Xh..a....K..U.......&.z....Z.j.>/..2....X`^te,S...........|>@ti....e......^x..0.tr..I..t-w...............k.x.*U......h.~..E...-Z.{h.....g.}Vy...........o.....\r..#...d.....[..{..A._y..i... .n..i...8Hk..Q|>w.....M.<9f....f#.. .. .... .5....k^...9r...y..%......6.....s....*?..(. u..Q..u#.g....{..A2bA...n..Xx.E.P(.$.S,]Z.|.\^cP^.r..... ..aj..)...LW.../.......$#...........y...;..".. ..,p..(......K.... X...If.......W_}.........wh.0q.=.kG.;..)......H. (P,....H....5@...N8-.Z.OuS,....X.\9e.5k...yL.Rb.5....4..tU....z.d...........M`.....u......<Xy.......][Y."E.h.N..........yA...)>..XZ....Ml...r.4m?a........[>..e
<<< skipped >>>
GET /pc/images/components/w-head/images/w-head-sprite.png?$cssjsdate HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 15:03:34 GMT
Date: Fri, 27 May 2016 15:03:34 GMT
Server: nginx
Content-Type: image/png
Content-Length: 6079
Last-Modified: Fri, 27 May 2016 05:46:55 GMT
ETag: "5747df4f-17bf"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zhenjiang80:8105 (Cdn Cache Server V2.0), 1.1 db77:9 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR.......}.......w.....tEXtSoftware.Adobe ImageReadyq.e<...giTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:2BB29396CBA7E5119F439F0DA7ACDCF2" xmpMM:DocumentID="xmp.did:25078143CB2911E58A13920359E01A66" xmpMM:InstanceID="xmp.iid:25078142CB2911E58A13920359E01A66" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:285B92DA28CBE511A701DDAE9E0BDC70" stRef:documentID="xmp.did:2BB29396CBA7E5119F439F0DA7ACDCF2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.m......PLTE...........3.U-........N...,,,V........TTT...........{..7.....I.kP..8........6|M&..m,e.....d6...........o..E......aaaQ2"..4.....Q.....<..a..g.........*.......o...Br.uuu...Hh~.....0@??....g .l.......C(..~~...................w*.........1t.........:.Z*..W..A....uG..........r .y0..F.....Q..]....tl'Z....0z......=.......v..............f ..9........H......._5.....[.q.....z1iUK.....7.....j........g.....y.....x1.............>......3Xz.jE.r/|.`k:......./......c/.......................1.........................p-..?..
<<< skipped >>>
GET /pc/images/components/w-leftMenu/images/icons-menuclose.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Sat, 04 Jun 2016 04:36:25 GMT
Date: Sat, 28 May 2016 04:36:25 GMT
Server: nginx
Content-Type: image/png
Content-Length: 1914
Last-Modified: Tue, 24 May 2016 09:18:47 GMT
ETag: "57441c77-77a"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 fuzhou185:8111 (Cdn Cache Server V2.0), 1.1 db78:4 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR..............]Hr....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:A304DAA9EA8111E5BB679C93BB9C9144" xmpMM:DocumentID="xmp.did:A304DAAAEA8111E5BB679C93BB9C9144"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A304DAA7EA8111E5BB679C93BB9C9144" stRef:documentID="xmp.did:A304DAA8EA8111E5BB679C93BB9C9144"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..&.....IDATx...]HSq......9..S...S/..8D...q}.KH..S.C/.Db.%........C.T.$YT.Z.... .zp.A...t..s..........9p..x..........FGG..`...{...U..n...<..Qm.a8p|....B....U.4F.....>.0..>.=S....<....y...`.W".......L.:f..q:.zE...H)f..I..(**rc5..P.f.....S.9......A..........Ld.f........0....%.r.2.<c"[0.)..T)-..h.....b.....x..F].V.F%.UM3...).v...p...H....^..j.1.:.M......rc.)B'.....)b...bl.`... ..D.A..D.A...7 ===..Dx{:...j.9...`hh.......}U(g......6...zL..2<.....0.4Bu....iPSS.C.K..mj....:.....o........ ..G...........o..r.@ .......R.A..D.A..D.....!......U.....)...H.W.H.)..Fi.m..V".x.. ...:..'.a%2;
<<< skipped >>>
GET /pc/images/components/w-leftMenu/images/icons-leftMenu2.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Thu, 02 Jun 2016 13:23:29 GMT
Date: Thu, 26 May 2016 13:23:29 GMT
Server: nginx
Content-Type: image/png
Content-Length: 3501
Last-Modified: Wed, 25 May 2016 10:22:46 GMT
ETag: "57457cf6-dad"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zhdx182:8110 (Cdn Cache Server V2.0), 1.1 db78:7 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR...,...........9A....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78147A0941E8E511B4F18C60B26C9B4B" xmpMM:DocumentID="xmp.did:C28CA4F60A8911E6A7BC8ECC5119A4F7" xmpMM:InstanceID="xmp.iid:C28CA4F50A8911E6A7BC8ECC5119A4F7" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DE35EEEE6F08E61188C6FFEC2BF8B5A6" stRef:documentID="xmp.did:78147A0941E8E511B4F18C60B26C9B4B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.'w.....IDATx..\i..E...,...cP\..4....u."..h.?&.F.. ..!v...?....Q.D.}A.VdQ..]c......w..A.....m...f.......YvMW.ez._..MMu.W....<..H.nll....X..........W........e^.Cw=p'p!}9.m..X.Iu.v%.k.C......{.K..@7......\ ^J.A~.........S.^k4t........X..'....6.. .Q,.q\......r.....vi>r'_#.................|.V.a.....4`O.G.a..t.D.0...w.p~q...{G..G...2`...A}..-|.'.=:Bl.......d.x%~.....7..x0i.D.. ?.T.-..e~.K...,..n!.O.3....N.."s<..,../5?.-..8.8.}.......FS.....1.to.5.J.xo....|....~.....2.~.......m....1a*..Y.-.;....?Jp......../.(...:..6._....Y
<<< skipped >>>
GET /pc/images/components/w-thirdpartyLogin/images/login-close.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Thu, 09 Jun 2016 01:15:21 GMT
Date: Thu, 02 Jun 2016 01:15:21 GMT
Server: nginx
Content-Type: image/png
Content-Length: 1093
Last-Modified: Tue, 31 May 2016 07:31:37 GMT
ETag: "574d3dd9-445"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 fuzhou190:88 (Cdn Cache Server V2.0), 1.1 db78:8 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR.............r..|....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:ECE434E8F27011E58FDE90351826CD97" xmpMM:DocumentID="xmp.did:ECE434E9F27011E58FDE90351826CD97"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ECE434E6F27011E58FDE90351826CD97" stRef:documentID="xmp.did:ECE434E7F27011E58FDE90351826CD97"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.b<s..3.......M.......@.%..p...@.3.....1 .e..........4B5...)@.kA61..3piD....c.Ib..M..0.....).@.......]...4.c`.6... ..M..M0'..b. v..t.Y...O....&|.. T.......@....#T.@6....|..l,.......v......D....IEND.B`.....
<<< skipped >>>
GET /pc/images/default_portrait.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 15:13:44 GMT
Date: Fri, 27 May 2016 15:13:44 GMT
Server: nginx
Content-Type: image/jpeg
Content-Length: 7872
Last-Modified: Fri, 20 May 2016 09:37:16 GMT
ETag: "573edacc-1ec0"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zhenjiang80:8107 (Cdn Cache Server V2.0), 1.1 db77:0 (Cdn Cache Server V2.0)
Connection: keep-alive
......JFIF.....d.d.....C....................................................................C.......................................................................Z.Z....................................................................................y......g..........z......u....|[@.UC^S^%...a..C....j...a.$#.3}..h}qG.9.g...,%.nS.D.).Y....u.h.#gG.`..AK.K..#.. 33.:@._....(...q.c....{.*.R..L.5n..l.w c.J`M..R.......#8..\..i.I...yU..P.............X..e...i C.0..zT...!?.Z.%7.I......Z.F6..x..^O.a...S)..[.~.R...3uu.n..1..}.`..(.....b...}7.L-..\&.o-.Zm.@Z.....jE .`[...i..]..h...%F.<'<.HQ.v.uz..O..DJj(V..<..om..J@.s..d..4.Y...c......?.l.$R^..6..1jez5o..B.R\...9..Yw.s.....).............................."3. !#45A.............I....."........F.3.....l;9..W.6.\3B.r...!)..!.m.gd..L%......Em..F|..=]a%..............!k....8...B.....c..0X..k...j.......\.3a.....I|e<...p....VE..[.W-u.......#.6.j...............W".uM......,.....l...K.e./.[.2........P...x.>.U\.c. .....X.P..5.....X......x`6..%m[E.....1.h>BWWTG_....H.S."...4. ."d.......f.&.h..| ...._....#..s.b...pO45O@k...Tt~Y.d....D...Kq....%..Il..x...c.H{..%. .'quo..BEu........`.K..g......g...?........................!1....AQ2a...."3q....#BRbr...... 4CS.........?....T.....F....."..v..[..G.~..#..e.>.>..#.....x..&c..N.%w......[..........>..x.P..`.1.4....%i....;$c......m"...i.............. ..W..@....4.5R'.&.......1..W.n.....@4.L...s.....R.4.......OjsPbcS...2......o..G2=..b..-.....<.......M4L.SZ85.......v....s....7?..TZ..}...IW..-.......f.%..U=.f...-..]......O
<<< skipped >>>
GET /pc/js/lib/requirejs/require.js?20160602135939 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Thu, 09 Jun 2016 06:31:03 GMT
Date: Thu, 02 Jun 2016 06:31:03 GMT
Server: nginx
Content-Type: application/x-javascript
Content-Length: 14904
Last-Modified: Thu, 02 Jun 2016 06:06:11 GMT
ETag: "574fccd3-3a38"
Cache-Control: max-age=604800
Accept-Ranges: bytes
X-Via: 1.1 fuzhou191:8111 (Cdn Cache Server V2.0), 1.1 db78:7 (Cdn Cache Server V2.0)
Connection: keep-alive
var requirejs,require,define;!function(ba){function G(e){return"[object Function]"===K.call(e)}function H(e){return"[object Array]"===K.call(e)}function v(e,t){if(e){var i;for(i=0;i<e.length&&(!e[i]||!t(e[i],i,e));i =1);}}function T(e,t){if(e){var i;for(i=e.length-1;i>-1&&(!e[i]||!t(e[i],i,e));i-=1);}}function t(e,t){return fa.call(e,t)}function m(e,i){return t(e,i)&&e[i]}function B(e,i){for(var n in e)if(t(e,n)&&i(e[n],n))break}function U(e,i,n,r){return i&&B(i,function(i,o){!n&&t(e,o)||(!r||"object"!=typeof i||!i||H(i)||G(i)||i instanceof RegExp?e[o]=i:(e[o]||(e[o]={}),U(e[o],i,n,r)))}),e}function u(e,t){return function(){return t.apply(e,arguments)}}function ca(e){throw e}function da(e){if(!e)return e;var t=ba;return v(e.split("."),function(e){t=t[e]}),t}function C(e,t,i,n){return t=Error(t "\nhXXp://requirejs.org/docs/errors.html#" e),t.requireType=e,t.requireModules=n,i&&(t.originalError=i),t}function ga(e){function i(e,t,i){var n,r,o,a,s,u,d,c,t=t&&t.split("/"),f=D.map,p=f&&f["*"];if(e){for(e=e.split("/"),r=e.length-1,D.nodeIdCompat&&Q.test(e[r])&&(e[r]=e[r].replace(Q,"")),"."===e[0].charAt(0)&&t&&(r=t.slice(0,t.length-1),e=r.concat(e)),r=e,o=0;o<r.length;o )a=r[o],"."===a?(r.splice(o,1),o-=1):".."===a&&0!==o&&(1!=o||".."!==r[2])&&".."!==r[o-1]&&o>0&&(r.splice(o-1,2),o-=2);e=e.join("/")}if(i&&f&&(t||p)){r=e.split("/"),o=r.length;e:for(;o>0;o-=1){if(s=r.slice(0,o).join("/"),t)for(a=t.length;a>0;a-=1)if((i=m(f,t.slice(0,a).join("/")))&&(i=m(i,s))){n=i,u=o;break e}!d&&p&&m(p,s)&&(d=m(p,s),
<<< skipped >>>
GET /pc/js/studio.js?20160602135939 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Thu, 09 Jun 2016 06:31:04 GMT
Date: Thu, 02 Jun 2016 06:31:04 GMT
Server: nginx
Content-Type: application/x-javascript
Last-Modified: Thu, 02 Jun 2016 06:06:15 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=604800
Content-Encoding: gzip
X-Via: 1.1 db77:0 (Cdn Cache Server V2.0)
Connection: keep-alive
800a..............k...q ....`aJ.@1.f..F..k...gZS=..U.>(.,...p...K$u$..$....e..e{..]k.c....%kV.1w.g............%y..w.H]`>#3###"##6.3....._..(.`.`8;w.....3v}gd........0...r.......4....B..O...:S..:z...$Z..:.f..^.?6.gL..% 4|..7/c'R....... ..d...........I/.V..jQ.pb....s#.c.....o.....Y..ah_*.....o.....E..... 0.RA..c.....|..,.r.9)..Z..@...O.B.<.e.7.....M=.V!f-....=....k.:.v..}.|...G.0.\....k...G.SY<... .I...>91..d.m4.:,M.........>......4.o:gw.N..ms..\..Me.......u.~........-M.k.[P.u...hU.4..&ap.48H........7.Nh .....W..y5x...!e.<.L-.'N.-u.A..e.;...j|..,.....j..J.."...N.b;.VI...l...R{.B..B..BeP=q....V.Z...@.{.......n.!.5...S..ou".K6.]....s..Mm..S......_^.....sm.u..=;...,.8,...[..s.....~w.h......H..8..$.Oj..G....o..}.</....#f..../.M..&..-{.m......... .7&'4P.Hr...1...x8...z...\8.-;rt........y.K&.NC.~..2|..2"A-....M..6.RPM].T..r..8s}....o....|z.<..d....*@...R._P..L..O M]S/Y_.........>@U.e%iPi.H....&...u|.:G..;....o...W...s..",0...y..w....;..wvo.Z...v.{s...vwv:;]..........[.....{T...4n.......i#........1.O.......o..^y...l(..T...*#;..D9".......$..........k....s1F8...W.....5.(.N.?_..Jk.;.=7.L.O...r....G....7.C'J{....2*.C[D.Dl.bA..JQ.RV. y.p..pN.i..W.w......zm....3"......E..E...2.A>_..P..)....k!VU......H..Rd..!..gA..C.....p.TR...$........O...Z.GjT.&.S.d. r.. |x.A3...]o..~........`H^.NY..85*.s....}.d..#.....S...{..K2..v...G.8..(.l.9..j.'.......5..A.s.|YD..#WBb.(.P..R8.j1.....T.CGe6_..(!~..J0Lv.$ _q...S.*.....%...-).......=.e*3_...:&...-{kK.u...S...f.P...y....;Lz.\..9.y......L.2...H=...`.....l.}...
<<< skipped >>>
GET /pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 13:46:52 GMT
Date: Fri, 27 May 2016 13:46:52 GMT
Server: nginx
Content-Type: image/png
Content-Length: 4789
Last-Modified: Fri, 27 May 2016 11:23:26 GMT
ETag: "57482e2e-12b5"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 db77:9 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR...............e.....tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:fce01c82-3482-443c-b8b3-396eb82a1c25" xmpMM:DocumentID="xmp.did:E9A322F8231A11E6BED4EFD29F3E9143" xmpMM:InstanceID="xmp.iid:E9A322F7231A11E6BED4EFD29F3E9143" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A8C2D00A6022E611938EA93BE443F9C0" stRef:documentID="xmp.did:fce01c82-3482-443c-b8b3-396eb82a1c25"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>j..v....PLTE.......JJ9.%....ttj..........f..3v.i..........D....-...z..""......VVV.QQD.1...X.G...,..............".......|..L...<..4....Y...........................2............44.......jj...........u...|..K..d...........)..s.......................N.=.......bbK.V...........).....>D.2V.............Q...'..........S...............\....,I.!.xxk.\....--...S..A.2................>>..$-..............x.....\..2....?.................u..AF.*G.$.....C....c-.......**........<..<.....9......@.-d.T......d.~...B......
<<< skipped >>>
GET /pc/images/loading-white-mini.gif?201605261526 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 13:46:55 GMT
Date: Fri, 27 May 2016 13:46:55 GMT
Server: nginx
Content-Type: image/gif
Content-Length: 12694
Last-Modified: Fri, 27 May 2016 11:23:22 GMT
ETag: "57482e2a-3196"
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)
Connection: keep-alive
GIF89a............E..g.....s...........&..............c...........C...........y..S..............Z..... ..[.................<..L.....m.....{..l..K..4....................2.....#..:........z..s...........T............................................,..........................[........................................................:..........................e.............}......N..................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:7B2AD44BD6FD11E5A2F6C23F896E17AB" xmpMM:DocumentID="xmp.did:7B2AD44CD6FD11E5A2F6C23F896E17AB"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7B2AD449D6FD11E5A2F6C23F896E17AB" stRef:documentID="xmp.did:7B2AD44AD6FD11E5A2F6C23F896E17AB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .................................!....
<<< skipped >>>
GET /MGFhN2YyZTEtZWM1YS00MWJiLWFkZjAtNWYyYTExZDQzNTg0.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: emyfs.bs2dl.yy.com
Connection: Keep-Alive
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 06:26:36 GMT
Date: Thu, 02 Jun 2016 06:26:36 GMT
Server: openresty
Content-Type: image/jpeg
Content-Length: 57637
Accept-Ranges: bytes
Last-Modified: Fri, 08 Apr 2016 11:45:17 GMT
ETag: "05103121f4d2ad1e1d0d5fd6247c26df393229fa"
Cache-Control: public,max-age=86400
Age: 1
X-Via: 1.1 zhdx182:8108 (Cdn Cache Server V2.0), 1.1 db78:10 (Cdn Cache Server V2.0)
Connection: keep-alive
......Exif..II*.................Ducky.......b.....*hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:8C674D38FD7411E597FADFC94CEB5A8E" xmpMM:InstanceID="xmp.iid:8C674D37FD7411E597FADFC94CEB5A8E" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F49862DFFCA211E58BAEE6768DC01998" stRef:documentID="xmp.did:F49862E0FCA211E58BAEE6768DC01998"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................B.b.............................................................................................!1.AQ..aq...".....2....B#3...Rbr..C$456.c7...SsDd%Ue.89.....................!.1A..Qa.q."......2...B#..Rb3.r..$..Cs..S5.c...4.............?......@..>.C..r...S..QO...j.,4..B.c?....2..P..>..S=x.A...W..\...........=.%......-Q=.E4.5.....~.&1u.1.E3.A..........0'...F......I.L.M.....4..)(...OJ;P...O.A.0<..0.$t...Hj8..Z:y.|...d....&XT.mU{....-..:=P!..2...$.cX..@.!CNx.r
<<< skipped >>>
GET /ZDJlZDFmYWEtMjgxOS00NmU3LWE1NzQtMjYzYWM4NDkwMWVj.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: emyfs.bs2dl.yy.com
Connection: Keep-Alive
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 04:37:04 GMT
Date: Thu, 02 Jun 2016 04:37:04 GMT
Server: openresty
Content-Type: image/jpeg
Content-Length: 87874
Accept-Ranges: bytes
Last-Modified: Fri, 08 Apr 2016 12:06:09 GMT
ETag: "fc382aa7256ccc1b335b878ec4e32ad2d916a2f1"
Cache-Control: public,max-age=86400
Age: 1
X-Via: 1.1 fuzhou186:8108 (Cdn Cache Server V2.0), 1.1 db78:1 (Cdn Cache Server V2.0)
Connection: keep-alive
......Exif..II*.................Ducky.......b.....*hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:74445BFFFD7411E5BBD599E469D2731B" xmpMM:InstanceID="xmp.iid:74445BFEFD7411E5BBD599E469D2731B" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DB4D34DFFCAA11E580E9BDA302A424FD" stRef:documentID="xmp.did:DB4D34E0FCAA11E580E9BDA302A424FD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................B.b...............................................................................................!.1.A"..Qa2.q.BR#3.....45....brCS$T6..cU7..sdV...DE.8....e.&F'......................!.1A..Qa..q.".....2...B..R#3br.....$5..4..CS.............?....>.Zn.L.>.[Qr.o...D.)Zc...,Tu.s..wV.........^.P...f..W...;.]wvD.Ii.....\.J.R.@F.Gn..di.Qk...95.v.H...y...f........w..[SjPI.TH.w.E ...A..>...0.. .Lc1l...C.o...8....|..A.!.......E....t.x..u|..B.B." .)A...%zD.b.g...n..
<<< skipped >>>
GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&io=1&ut=1464849074691&rnd=0.79673912970488821464849074691 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /1354080893_1464664091.891954.jpg?ips_thumbnail/4/0/w/363/h/330/format=jpeg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: mobilelivephoto.bs2dl.yy.com
Connection: Keep-Alive
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074
HTTP/1.1 200 OK
Expires: Fri, 03 Jun 2016 06:31:10 GMT
Date: Thu, 02 Jun 2016 06:31:10 GMT
Server: openresty
Content-Type: image/jpeg
Content-Length: 14136
Accept-Ranges: bytes
Last-Modified: Tue, 31 May 2016 03:08:12 GMT
ETag: "09b11e27d1efcc3f65282a1f60267dfb631eb5d3"
Cache-Control: public,max-age=86400
X-Via: 1.1 fuzhou188:8106 (Cdn Cache Server V2.0), 1.1 db78:0 (Cdn Cache Server V2.0)
Connection: keep-alive
......................................... $.' ",#..(7),01444.'9=82<.342...........2!.!22222222222222222222222222222222222222222222222222......@.`.."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...L....P.QE......Z.(4R..k}..(c.H.v.....-..v......4..:).{....55C.J...(..C.(...;UY.....Q.8....I...j{u....?1.0.[..>.........J..2i.TFzt...&.n..6......I.h.....V..sP..g....C....<......y..'zx...p.*t.P.Z.h%..2j..Z!.j..Lu.Q@..(...(..4...%..QH:...ZZA....CKI......!.x.J........ka2.1M~....l.p{.Tu......;.#.-<u.....(.0.4..@.c....E\...j..`U!...s...yp .$U"...[.F%.j..G^....JJ2NA.. d..JK..s.k..Pc.........N.V...s......Kc.F..\.....&'..V...UVdP......RG?.....j.r.Fz.......T ............L..Ps.zRQ]OF...<.6.....O..o*.t..Vk. 3..yd....q....9.JI..4.sQ.. ...9nM......T.)....:T..]*\P&-.Q@..(...(.....zS(..u..(<...ZZA....JZm.F.]........&.[...i.............F.S. .S.F.QE.!.......G!.....w..s...\W7..l...V..d...^^,k.....).K.F...../.H....X.p..vF.#.sm........4c9|.N.H...}..}...ibn.....M.........9T..h.R......)#.y.],..^..a`.z....^$$.~W.=..yS..........5.H.t....C....V.q.F..v.r>....... ..Zgd........h.94..fN..r.Si...e....z..:.. sHE........wN).-.Q@..Q@..Q@.FM<
<<< skipped >>>
GET /cm/user?time=1464849065&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.hiido.cn
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 02 Jun 2016 06:31:03 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; Expires=Tue, 29 Nov 2016 06:31:03 GMT; Path=/
HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:03 GMT..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connection: keep-alive..Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; Expires=Tue, 29 Nov 2016 06:31:03 GMT; Path=/......
GET /cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&tanx_tid=rzQriA3wFNQ= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cm.hiido.cn
Connection: Keep-Alive
Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:31:09 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: cm_mapping=tanx|0|1464852669; Expires=Tue, 29 Nov 2016 06:31:09 GMT; Path=/
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:09 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: cm_mapping=tanx|0|1464852669; Expires=Tue, 29 Nov 2016 06:31:09 GMT; Path=/..GIF89a.............!.......,...........L..;..
GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6& HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.tanx.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Thu, 02 Jun 2016 06:31:06 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Server: Tengine
P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Location: hXXp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6
Timing-Allow-Origin: *
GIF89a...................!.......,...........T..;..
GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6& HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.tanx.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Thu, 02 Jun 2016 06:31:09 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Server: Tengine
P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Location: hXXp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6
Timing-Allow-Origin: *
GIF89a...................!.......,...........T..;..
GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=7687&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&io=0&ut=1464849088784&rnd=0.79673912970488821464849088784 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849082&username= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /pc/css/studio.css?20160602135939 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yyweb.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Thu, 09 Jun 2016 06:30:54 GMT
Date: Thu, 02 Jun 2016 06:30:54 GMT
Server: nginx
Content-Type: text/css
Last-Modified: Thu, 02 Jun 2016 06:06:15 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=604800
Content-Encoding: gzip
X-Via: 1.1 db77:0 (Cdn Cache Server V2.0)
Connection: keep-alive
29b8.............}k..F.._.N0Hw...m...E......|......d[>.m.r,.~.8.}.)...d..Af.F::.`.X,..bUm^..9....m.\w..)|-..f.uV>..O...U_.`Wm.k...........9....a7.>g....c5 ...r...*..l.%6....%....... .[...~^.//.........].-.Ay...O.z.;V...t........D....*(w...v.[.c....K.U....n..?.w........k ..\O.C4?..C2?..C6?...c=o....r...n..).U9......T^...S....]}~...A]n..,.{......*.p.[..}=V..... 5v.........X....F...o..}......>w..U#|.V.yM.....t..\1...j........l.c.........ky..o.9...9t.c= %O......O..X_..].>.]...r...p.}......8.Pv..iN3....N....6...0z.a>1SO.......<../Us................'...g?...*?.c..=6.......%k.S.........t_...n/......-....`..?..(....$..J.Y.[}.4..<w.....nk.l.........g.=V.u_........._>r..g..O.ERuwe.W...|f#.g...p..t....r..|...[...0.u...N....U..1..f..{....z.........y.{..i....1....y......E6.G..6m..f..d@.m}j_...J....o..S..... ....O....s......O.9.\....*./_..r......wO..C.3......XN....K.Z...!...bh.b...I..{.C...e..V....T..>.....?......_.^........G.xu...K.iYVW..."0X_.1.q.[.W%[..$AD.50Qa...z|w.....?|.......m.(.ePO?\.?.'..............g.,.|....Z]...0.....X.!R.@.q...!I."..........(.4...`&......ZI...)ZZ4..~.5.Z....)..o.....,..A.B.L...T).._,M..5.}.5R...G..\.....CC..M..9....k......Z.?...-.........z9ws......6..#..T./..]..d&=..t..?.^...k4.'...P......d......E]..Z..x..=.5.M..fK=.6{5.O.%...w.....p...r.m..._x.&.L..=.-.....Sfp..{...[6o.......zeb.k.O-c..].....S...."....%......M..."].,..PU.^....G..5p....:h...I......cn...F..|U.oo6|.Q:.1.....P..:\5.E.W.M....../............ D...y.j1.2-..,h..r..K0......`@N|...brsN..@9..x.p-j1#......#!'Y.
<<< skipped >>>
GET /huya/main/pkg/auto_combine_334bb_d5d43b2.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.huya.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: a.dwstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Sat, 30 May 2026 07:36:17 GMT
Date: Wed, 01 Jun 2016 07:36:17 GMT
Server: nginx
Content-Type: text/css
Last-Modified: Tue, 31 May 2016 08:38:53 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=315360000
Content-Encoding: gzip
Age: 1
X-Via: 1.1 zhj75:8104 (Cdn Cache Server V2.0), 1.1 db77:0 (Cdn Cache Server V2.0)
Connection: keep-alive
2932.............=kS.<...Wd..;..o.|....~..R.....tv..-...4q.....n...c'...m..l.H:...]M/...I.H..x..{...S#...C.2....t...t....Q..Ng=c7..)...O.......c......8I.y.Kf#.o.._..v........6.i2....VVq..z.a.cw...Q..?M..........5o-j..-=.....|.F.i#....c..L'.(....,...sullT.i.....{sR..0...C. ......]."St....bx.7..`...X..p......1I..|.{..u.i.. .y...s/...Zrw0%.2..q....$....t...=.......u>.y......ya.O.=.....<.{........W......t.3Z>z;c/......(.H.vX.....x.[..4...l...O.t:.....&..<.E^.....M=_..>.F..IT....4Y....."...E....|/...."~.z.K....!....p...Z..ta."..`;.X.>....r..H.kd.qX{.v..9o..$hi..$_...A..ip'F...dK.K....D...v..|A.<...O...F..5........I...\.. ..9dr.I.s..a........K&....F:.&.(.Uk:.Z.....GOq4..h.m...t...U7..ow_W..r?\...E.]2.....r....y~...Exw.wF@&...:#at.RK.h./.T.. .".Y....._.q....do..J....&_3.ljl.L...K..5..:0..Yn...mJ.*......R7..a...t..#..F........b........IP..F...i:..e..t........v$...:..E.L.l~.....f.(..b..2......ik.H..[k.d.............3. ....tq...,..y.F^..;.....n]W.o.y..&....A....!p.(..........T..xn.mU.7a..O...o...>:z.kE.!0..R.A........@`!h 'K..l.....r\.$.}...8N...lDHuF.]....8...1.>dL#;.C.e58s.3..nw...@..j...:..y.@.#.~ .JyXWa?....H.9.....T...GkA-(a".......t.1a..g.;.C..40...d*....-.I'-.z.8......w/...5;.A.@7...GZ..xr.igv..IQ..R...a...f........B.q.'?F.....:.E3?^.~O:.d|H{-..4.C...W5..@..d%Q..c.ti.8 ..^k.'b..5.........D.3o...|.$../....G..........y...%3-2....;M..{.....;.a|.(N...H...=......a.<...D.7D._4.../.$.g.x.[.8#Wd....B.*pQ#=...N..[5.|..Z..=....P ..JMz.5..|.*.[..{..ur&..IZ.L....^....7.vf.!y...V=..wv.2..h8....
<<< skipped >>>
GET /j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849075&username= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: weblbs.yystatic.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Length: 0
Content-type: text/html
Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050
HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-type: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050......
GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: weblbs.yystatic.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Length: 0
Content-type: text/html
Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050
HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-type: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050......
GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://VVV.yy.com/9050
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: weblbs.yystatic.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Length: 0
Content-type: text/html
Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050
HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-type: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050......
GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: weblbs.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 260
Content-type: text/html
Last-Modified: Wed,02-Dec-15 18:31:09 GMT
...<?xml version="1.0"?>.<cross-domain-policy>..<site-control permitted-cross-domain-policies="all"/>..<allow-http-request-headers-from domain="*" headers="*" secure="false"/>..<allow-access-from domain="*" secure="false" to-ports="*" />.</cross-domain-policy>....
GET //get-data/36588833?subSid=2488366466&type=yycomscene&referer=hXXp://VVV.yy.com/9050&_=38874345 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: weblbs.yystatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 798
Content-type: text/html
Set-Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6;Path=/;Domain=yystatic.com;Expires=Fri,02-Jun-17 06:31:09 GMT
Set-Cookie: hiido_ui=0.90771560971984433;Path=/;Domain=yystatic.com;Expires=Fri,02-Jun-17 06:31:09 GMT
...........UMk.9....h.O.F.%i.,.e......,!H%)n23..G.C...R{...C..C7......S..&.wyhvbC.......}.k.SL(..1..M.w.T...8...o.3PZ&..V2._.e.......od4|......0L....Y#EE.W).Y.]...wc.@S.....ym7.6.vC&..4....%{...N.....v....p{:Q8b>.m.....K...'..K...mE..n|A..$Z _d..P..>.wm.]. a?fJ.m.>.-........[........e..L...Sn..).c1...A...EL.y.E..x.Y.4V....#.....rr.%... .W1kmR.F.h.).d.P2.k..!.V.}..KUEh_..Z'U.Je0H"...yr^.......d..8..I.x..J.....w!..O?wn."..~...=...s\.....<....!s.M.aP;?a...|Z....md}.q9r..V..r........){Ijk..".EpI...............$..0....;....y.?.C....q...R..M........#f....H.AL...k...].w.....vW3s...g...[....u.5^...6.3].......$r0..3...ub..N.u:...;.z...6.(0.9...9...4......0..p#...n.. ..J.~....K.K.i.v...\.o...[.....gk?J".<k".-....n..../>..<..Q......b.0.P..Y.....IJ.yx7dZO...../......r1........Q."..E'.1@.....b.WFW...HTTP/1.1 200 OK..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Encoding: gzip..Content-Length: 798..Content-type: text/html..Set-Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6;Path=/;Domain=yystatic.com;Expires=Fri,02-Jun-17 06:31:09 GMT..Set-Cookie: hiido_ui=0.90771560971984433;Path=/;Domain=yystatic.com;Expires=Fri,02-Jun-17 06:31:09 GMT.............UMk.9....h.O.F.%i.,.e......,!H%)n23..G.C...R{...C..C7......S..&.wyhvbC.......}.k.SL(..1..M.w.T...8...o.3PZ&..V2._.e.......od4|......0L....Y#EE.W).Y.]...wc.@S.....ym7.6.vC&..4....%{...N.....v....p{:Q8b>.m.....K...'..K...mE..n|A..$Z _d..P..&g
<<< skipped >>>
GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: weblbs.yystatic.com
Connection: Keep-Alive
Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Length: 0
Content-type: text/html
Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050
HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-type: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050......
GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://VVV.yy.com/9050
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: weblbs.yystatic.com
Connection: Keep-Alive
Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Length: 0
Content-type: text/html
Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050
HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-type: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050......
GET //get-data/36588833?subSid=2488366466&type=yycomscene&referer=hXXp://VVV.yy.com/9050&_=39600410 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: weblbs.yystatic.com
Connection: Keep-Alive
Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 794
Content-type: text/html
...........U.j.H.}....OCOw.]`B ....../.1}.EfFB.L....j...........S...OI_ ............Z5]UW....4..u.......Q C...Z..LR..aL.e.HS...H-.HY...ry8.%P..R...3F(@.>..@Z....}.!Q....~U..O.}...^...}..p.F76..v...}X....!...T....9"~.!uL.M... ..n8.[V"..........p...Vuv.!a.ib.05x.%.j...V3k../d...Dj..a...&|...Y.,.r.....*[O..V......(U0,s...%...|..s...J.wx}1..$"C.*....G}d..R..d.....x.VpI.... .>..QI....n...,.:g/..Tr.G.7....S...i]lv....NE.c.....u....J...9xfY..D..O.<N....O......f....e..S\.....G#.0Ds2.....E...R..I..~1......S.>V5.|.a(3R..Q.(..|......q{...xH.d...j.m.>$n.....,..\.<.s..>..........o......5.7.zY...s.!.....3...g@r%/r'.>e.D..Ny3..t..q=..m.o.........5.\)%.....8....>I.).... ..j.6.6b/......w.,_#tV.()o.\..}...y....eW..n.....e..7DZ..L......bf0....$`.O..$&........q.~.....p...w9x..i.....f.)d...NUO...G%..Y...HTTP/1.1 200 OK..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Encoding: gzip..Content-Length: 794..Content-type: text/html.............U.j.H.}....OCOw.]`B ....../.1}.EfFB.L....j...........S...OI_ ............Z5]UW....4..u.......Q C...Z..LR..aL.e.HS...H-.HY...ry8.%P..R...3F(@.>..@Z....}.!Q....~U..O.}...^...}..p.F76..v...}X....!...T....9"~.!uL.M... ..n8.[V"..........p...Vuv.!a.ib.05x.%.j...V3k../d...Dj..a...&|...Y.,.r.....*[O..V......(U0,s...%...|..s...J.wx}1..$"C.*....G}d..R..d.....x.VpI.... .>..QI....n...,.:g/..Tr.G.7....S...i]lv....NE.c.....u....J...9xfY..D..O.<N....O......f.
<<< skipped >>>
GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: weblbs.yystatic.com
Connection: Keep-Alive
Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Length: 0
Content-type: text/html
Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050
HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-type: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050......
GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://VVV.yy.com/9050
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: weblbs.yystatic.com
Connection: Keep-Alive
Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Length: 0
Content-type: text/html
Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050
HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-type: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050......
GET //get-data/36588833?subSid=2488366466&type=yycomscene&referer=hXXp://VVV.yy.com/9050&_=19542649 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: weblbs.yystatic.com
Connection: Keep-Alive
Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 797
Content-type: text/html
...........U]..1.}.g..>.4...XD...AX.....;.v......{3.].u.U.Z..s.=.9.|.\w...f ..U..[.tU]1...F4.e.U...X.A.....}. P.q........c..b.....HE...0f.>...R=.)..i..<.i......@.A.)./...b.1~XU...Bo.......>yr8....@B.]..>.....!...d....yD..C....6.uA..n8.[f"..'.2.3..........6C.@.....`-J,5.)M.a.......... L...c.....g.....fB.....4)..9x...C-W. J.$UA8....{..(...U)C.,8.Q..4$..T...-.5.!.,..AXa.F....2.R!B.....RJc(....I..%....$kY...yn.l.u..}..s;&a.......kv..U2....{...ThN..TD....{w4..v..../.x\....b..........D.sRS.tI.%I.....b.m.}..S.&V5.......r.(H<F....O}.T.-..>....@)....f.C.V.(|0.....A....[.n.O.}}]...7Mx..i...7.z....p.!........./...:.........:..x...O...v.M..Z........K.i-.....8....<J.*.......b.6.6b/........L."tV.H)._.......y....eW..n....'..\K8 .ur.x.T13.e...Q.4W..$.......c.n.f..o..p.Z..>eJ....&...Y.<...;]}...6.jbY...HTTP/1.1 200 OK..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Encoding: gzip..Content-Length: 797..Content-type: text/html.............U]..1.}.g..>.4...XD...AX.....;.v......{3.].u.U.Z..s.=.9.|.\w...f ..U..[.tU]1...F4.e.U...X.A.....}. P.q........c..b.....HE...0f.>...R=.)..i..<.i......@.A.)./...b.1~XU...Bo.......>yr8....@B.]..>.....!...d....yD..C....6.uA..n8.[f"..'.2.3..........6C.@.....`-J,5.)M.a.......... L...c.....g.....fB.....4)..9x...C-W. J.$UA8....{..(...U)C.,8.Q..4$..T...-.5.!.,..AXa.F....2.R!B.....RJc(....I..%....$kY...yn.l.u..}..s;&a.......kv..U2....{...ThN.
<<< skipped >>>
GET /r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: c2.web.yystatic.com
HTTP/1.1 200 OK
Content-Length: 21750
Content-Type: application/x-shockwave-flash;charset=UTF-8
Last-Modified: Wed,02-Dec-15 18:31:07 GMT
Via: 1.1 db80:8500 (Cdn Cache Server V2.0)
Connection: close
CWS.ip..x....<.....<.=3c.-....."K.....`..eF3C.H......B..EE..d.h.=-.$.........~.....s....{.9......p. H...d`.F..A... ..d....^E.............1.X.7.n...L.4M|..A0D......'........h'xL.@....'.p8.A@.L ..E...#,((.(.....<."7GP.,@...#....AQ..K.....#.(E......IA!1......,...L7@bD...... ......oB.....0........8,..............Q...,./....9....$<.*.....n....Z'g..V3....._..e.X.?.!0...m ..8...c.3C0.D..l...Z;g..5d....F..y.r.?M?....C. .YB>Q.;..Z...E5[s......\..K...ERu.....=..dm.5..T5.TT)Y..u...$..7.].M..g.>4..U....%..X...%........ .*.B.4.S.n....GS..).SOc.... ..v..ovM....I......4.|n,.....n]^.Zw......}Zl.s.9e....S....#>...\8u.AD..Q.;{..?2._.iu..90.r..w.....d.Z..D...[^6....3.-.....~7q..a.....og.j.o.B..\...[.Z.]....E.....~....O.%*....h...^..k.:Z0W)....q.D.>.Z..b*.>.....I...n...w81......D..|.Y.^[.......S.c(....t...KSK:...(....a.a......1f......}.<.,-..i.O.k~............h..0}.....fC..X......tN.(...o..-o..-kl..(..?...."zU...Lx.&.O7$..-.rU9..k.].L...fg...<.^:0Z.[2...<.P).O..D...O.u?..... Ka...'=g;[n..E....{_..G.w....#G2........x.=\.......7.#q.....g.-._..4.N.....a....M.....O....nR5.u..wYR....SV...L8/.....r_.S..........b....BD...w.)w....!...._.[.-p!v...`..i....O........M...I..Q;'.......li.l~}.VN.i......>wn......t..?;2..2:.......#..1i....sT..p._%k4...8f..Y]......o..wH%?bU.m...6{h.%.Cz...t.....I.@....J.X.s5....N/..v..Tl[p.!j......irOF....\W..Q...w..M......)...7.&..,.....f^l..x[I.n.....N._..t..S...MI.2................!...n.Mk......*.}>g.Fnj.V.}.....g....#E..G;...bO.....]..WhRs....!j.l...]M^..[./....\.&.....
<<< skipped >>>
GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=5984&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&isnew=1&io=0&ut=1464849073691&rnd=0.79673912970488821464849073691 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /zone/1151027897 HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 02 Jun 2016 06:30:35 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......
GET /zone/1151027897/ HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:30:43 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Jun 2016 06:30:43 GMT
62b8..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -...1...@9050-...-...2...</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messagebox.css"/>..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.blue.monday.css"/>..<link type="text/css" rel="stylesheet" href="htt
<<< skipped >>>
GET /zone/1151027897 HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 02 Jun 2016 06:30:45 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......
GET /zone/1151027897/ HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:30:46 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Jun 2016 06:30:46 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -...1...@9050-...-...2...</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messagebox.css"/>..<link type="text/css" r..1000..el="stylesheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.blue.monday.css"/>..<link type="text/css" rel="stylesheet" hr
<<< skipped >>>
GET /zone/1151027897 HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 02 Jun 2016 06:30:48 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......
GET /zone/1151027897/ HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:30:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Jun 2016 06:30:48 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -...1...@9050-...-...2...</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messagebox.css"/>..<link type="text/css" r..1000..el="stylesheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.blue.monday.css"/>..<link type="text/css" rel="stylesheet" hr
<<< skipped >>>
GET /zone/1151027897 HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 02 Jun 2016 06:30:53 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......
GET /zone/1151027897/ HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:30:54 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Jun 2016 06:30:54 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -...1...@9050-...-...2...</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messagebox.css"/>..<link type="text/css" r..1000..el="stylesheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.blue.monday.css"/>..<link type="text/css" rel="stylesheet" hr
<<< skipped >>>
GET /zone/1151027897 HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
Cookie: hiido_ui=0.572767224148353
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 02 Jun 2016 06:31:02 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......
GET /zone/1151027897/ HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
Cookie: hiido_ui=0.572767224148353
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:31:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Jun 2016 06:31:03 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -...1...@9050-...-...2...</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messagebox.css"/>..<link type="text/css" r..1000..el="stylesheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.blue.monday.css"/>..<link type="text/css" rel="stylesheet" hr
<<< skipped >>>
GET /zone/1151027897 HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 02 Jun 2016 06:31:09 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......
GET /zone/1151027897/ HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:31:10 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Jun 2016 06:31:10 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -...1...@9050-...-...2...</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messagebox.css"/>..<link type="text/css" r..1000..el="stylesheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.blue.monday.css"/>..<link type="text/css" rel="stylesheet" hr
<<< skipped >>>
GET /zone/1151027897 HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849081
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 02 Jun 2016 06:31:18 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......
GET /zone/1151027897/ HTTP/1.1
Referer: hXXp://m.yy.com/zone/1151027897
Accept: */*
Accept-Language: zh-cn
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849081
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:31:18 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Jun 2016 06:31:18 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -...1...@9050-...-...2...</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messagebox.css"/>..<link type="text/css" r..1000..el="stylesheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.blue.monday.css"/>..<link type="text/css" rel="stylesheet" hr
<<< skipped >>>
GET /j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&act_type=200&source=0_0&time=1464849075&username= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ylog.hiido.com
Connection: Keep-Alive
Cookie: hiido_mid=14648490580624496829300100
HTTP/1.1 200 OK
Content-type: image/gif
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR
Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT
GIF89a.............,...........D..;..
GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&cna=rMDWDx5FnCUCASU5EL04/DMR HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.tanx.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Thu, 02 Jun 2016 06:31:08 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Server: Tengine
P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: cna=rMDWDx5FnCUCASU5EL04/DMR; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=tanx.com
Location: hXXp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&tanx_tid=rzQriA3wFNQ=
Timing-Allow-Origin: *
GIF89a...................!.......,...........T..;..
GET /duowan.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.yy.com/9050
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.duowan.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Thu, 02 Jun 2016 06:32:54 GMT
Date: Thu, 02 Jun 2016 06:27:54 GMT
Server: nginx
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 11794
Last-Modified: Fri, 27 May 2016 09:51:47 GMT
ETag: "574818b3-2e12"
Cache-Control: max-age=300
X-UA-Compatible: IE=EmulateIE7
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 fuzhou186:8104 (Cdn Cache Server V2.0), 1.1 db78:2 (Cdn Cache Server V2.0)
Connection: keep-alive
/* Hiido v20160527.01*/.eval(function(E,I,A,D,J,K,L,H){function C(A){return A<62?String.fromCharCode(A =A<26?65:A<52?71:-4):A<63?'_':A<64?'$':C(A>>6) C(A&63)}while(A>0)K[C(D--)]=I[--A];function N(A){return K[A]==L[A]?A:K[A]}if(''.replace(/^/,String)){var M=E.match(J),B=M[0],F=E.split(J),G=0;if(E.indexOf(F[0]))F=[''].concat(F);do{H[A ]=F[G ];H[A ]=N(B)}while(B=M[G]);H[A ]=F[G]||'';return H.join('')}return E.replace(J,N)}('j BY="CA",Dg="ylog.u.k";7 Di(){j BH=8.Dq,BM=CT(BH),d=BM?BM.B1:O,BO=BM?Ck(BM.CI):O;Y(BO=="Cc")BO=O;j BZ=DE(0.Bd.CR),CV=CT(BZ),BS=CV?CV.B1:".";Y(0.Bd.protocol=="Dz:")BY="Dz";Y(BS=="."||DQ(BS))y v;j _=C0(BS);Y(!_.BD)y v;j BK=P;Y(!BH)BK=O;p Y(BS==d){BK=Q;BO=O}j ap=$.appName,av=$.DT,Z=$.Dd.B3();7 Ci(X){Y(X==By.Bg)X=P;p Y(X==Cu.T)X=Q;p Y(X==BU.By)X=R;p Y(X==1440.V)X=B4;p Y(X==Co.864)X=S;p Y(X==BU.U)X=T;p Y(X==BU.Bg)X=BI;p Y(X==B_.Bq)X=U;p Y(X==1680.Cm)X=BE;p Y(X==B_.By)X=Bp;p Y(X==Cn.Bq)X=Bq;p Y(X==BU.EP)X=Dw;p Y(X==BU.D8)X=14;p Y(X==1360.Bg)X=15;p Y(X==DJ.T)X=Dv;p Y(X==1400.Cm)X=Dt;p Y(X==B_.V)X=Du;p Y(X==DW.h)X=19;p Y(X==Co.D8)X=Dy;p Y(X==1088.612)X=Br;p Y(X==Cn.Cl)X=Bl;p Y(X==Cn.DM)X=Bm;p Y(X==BN.Co)X=f;p Y(X==BN.1536)X=CS;p Y(X==Cb.Dv)X=Dl;p Y(X==Cb.BN)X=Dn;p Y(X==Cu.h)X=Do;p Y(X==DW.e)X=Dp;p Y(X==320.f)X=Dr;p Y(X==1366.Bg)X=Bn;p Y(X==480.BP)X=BP;p Y(X==1080.By)X=Bi;p Y(X==DJ.D_)X=Bj;p Y(X==1136.D_)X=e;p Y(X==Cb.DM)X=Bh;p Y(X==BN.Cl)X=CL;p Y(X==B$.Q)X=CM;p Y(X==B$.BN)X=CK;p Y(X==B$.f)X=CQ;p Y(X==2880.Du)X=CP;p Y(X==Dx.C3)X=CO;p Y(X==Dx.f)X=CN;p Y(X==Bs.C3)X=Ce;p Y(X==B
<<< skipped >>>
GET /zone/35887743 HTTP/1.1
Referer: hXXp://m.yy.com/zone/35887743
Accept: */*
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 02 Jun 2016 06:30:32 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXp://m.yy.com/zone/35887743/
<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......
GET /zone/35887743/ HTTP/1.1
Referer: hXXp://m.yy.com/zone/35887743
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:30:36 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Jun 2016 06:30:36 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -........................</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messagebox.css"/>..<link type="text/css" r..HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:30:36 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..Last-Modified: Thu, 02 Jun 2016 06:30:36 GMT..4c5..<!DOCT
<<< skipped >>>
GET /zone/35887743 HTTP/1.1
Referer: hXXp://m.yy.com/zone/35887743
Accept: */*
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 02 Jun 2016 06:30:42 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXp://m.yy.com/zone/35887743/
<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......
GET /zone/35887743/ HTTP/1.1
Referer: hXXp://m.yy.com/zone/35887743
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: m.yy.com
Cache-Control: no-cache
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Jun 2016 06:30:42 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Jun 2016 06:30:42 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -........................</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messageHTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:30:42 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..Last-Modified: Thu, 02 Jun 2016 06:30:42 GMT..4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tran
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_872:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
t%SVh
t%SVh
t$(SSh
t$(SSh
|$D.tm
|$D.tm
~%UVW
~%UVW
u$SShe
u$SShe
kernel32.dll
kernel32.dll
wininet.dll
wininet.dll
ole32.dll
ole32.dll
winmm.dll
winmm.dll
ws2_32.dll
ws2_32.dll
WinINet.dll
WinINet.dll
shlwapi.dll
shlwapi.dll
User32.dll
User32.dll
user32.dll
user32.dll
gdiplus.dll
gdiplus.dll
advapi32.dll
advapi32.dll
rasapi32.dll
rasapi32.dll
Wininet.dll
Wininet.dll
urlmon.dll
urlmon.dll
shell32.dll
shell32.dll
OLEACC.DLL
OLEACC.DLL
gdi32.dll
gdi32.dll
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
HttpQueryInfoA
HttpQueryInfoA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
GetWindowsDirectoryA
GetWindowsDirectoryA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
GdiplusShutdown
GdiplusShutdown
keybd_event
keybd_event
RegCloseKey
RegCloseKey
RegCreateKeyA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyA
UrlMkSetSessionOption
UrlMkSetSessionOption
GetProcessHeap
GetProcessHeap
ShellExecuteA
ShellExecuteA
WinExec
WinExec
RegEnumKeyA
RegEnumKeyA
RegFlushKey
RegFlushKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyA
%System%\ntdll.dll
%System%\ntdll.dll
%System%\kernel32.dll
%System%\kernel32.dll
%System%\USER32.dll
%System%\USER32.dll
%System%\GDI32.dll
%System%\GDI32.dll
%System%\ADVAPI32.dll
%System%\ADVAPI32.dll
%System%\RPCRT4.dll
%System%\RPCRT4.dll
%System%\Secur32.dll
%System%\Secur32.dll
%System%\IMM32.DLL
%System%\IMM32.DLL
%System%\LPK.DLL
%System%\LPK.DLL
%System%\USP10.dll
%System%\USP10.dll
%System%\WINMM.dll
%System%\WINMM.dll
%System%\comdlg32.dll
%System%\comdlg32.dll
%System%\msvcrt.dll
%System%\msvcrt.dll
%System%\SHLWAPI.dll
%System%\SHLWAPI.dll
%System%\SHELL32.dll
%System%\SHELL32.dll
%System%\WINSPOOL.DRV
%System%\WINSPOOL.DRV
%System%\ole32.dll
%System%\ole32.dll
%System%\OLEPRO32.DLL
%System%\OLEPRO32.DLL
%System%\OLEAUT32.dll
%System%\OLEAUT32.dll
%System%\WS2_32.dll
%System%\WS2_32.dll
%System%\WS2HELP.dll
%System%\WS2HELP.dll
%System%\uxtheme.dll
%System%\uxtheme.dll
%System%\MSIMG32.dll
%System%\MSIMG32.dll
%System%\MSVCP60.dll
%System%\MSVCP60.dll
%System%\WININET.dll
%System%\WININET.dll
%System%\CRYPT32.dll
%System%\CRYPT32.dll
%System%\MSASN1.dll
%System%\MSASN1.dll
%System%\PSAPI.DLL
%System%\PSAPI.DLL
%System%\VERSION.dll
%System%\VERSION.dll
%System%\urlmon.dll
%System%\urlmon.dll
Web.dll
Web.dll
software\microsoft\windows\CurrentVersion\Run\
software\microsoft\windows\CurrentVersion\Run\
VVV.huya.com
VVV.huya.com
hXXp://VVV.huya.com/
hXXp://VVV.huya.com/
hXXp://m.yy.com/zone/1151027897
hXXp://m.yy.com/zone/1151027897
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
http=
http=
https
https
HTTP/1.1
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
HTTP/1.1
hXXps://
hXXps://
hXXp://
hXXp://
hXXp://VVV.yy.com/
hXXp://VVV.yy.com/
VVV.yy.com
VVV.yy.com
hXXps://aq.yy.com/loginOut.do
hXXps://aq.yy.com/loginOut.do
hXXps://aq.yy.com/p/wklogin.do
hXXps://aq.yy.com/p/wklogin.do
&denyCallbackURL=hXXps://aq.yy.com/p/logincbk.do?cancel=1®CallbackURL=hXXps://aq.yy.com/welcome.do&UIStyle=xelogin&rdm=0.26365254551226436
&denyCallbackURL=hXXps://aq.yy.com/p/logincbk.do?cancel=1®CallbackURL=hXXps://aq.yy.com/welcome.do&UIStyle=xelogin&rdm=0.26365254551226436
hXXps://lgn.yy.com/lgn/oauth/authorize.do?oauth_token=
hXXps://lgn.yy.com/lgn/oauth/authorize.do?oauth_token=
hXXps://lgn.yy.com/lgn/oauth/x/s/login_asyn.do
hXXps://lgn.yy.com/lgn/oauth/x/s/login_asyn.do
&denyCallbackURL=https://aq.yy.com/p/logincbk.do?cancel=1&UIStyle=xelogin&appid=1
&denyCallbackURL=https://aq.yy.com/p/logincbk.do?cancel=1&UIStyle=xelogin&appid=1
&password=
&password=
callbackURL
callbackURL
Winmm.dll
Winmm.dll
dsound.dll
dsound.dll
@ping 127.0.0.1 -n
@ping 127.0.0.1 -n
\*.*"
\*.*"
@ping 127.0.0.1 -n 1 >nul
@ping 127.0.0.1 -n 1 >nul
del 123.bat
del 123.bat
\123.bat
\123.bat
\TEMP.TMP
\TEMP.TMP
{Reg}((?:src=)['"]?).*?\.js['"]
{Reg}((?:src=)['"]?).*?\.js['"]
{Reg}((?:hXXp://)['"]?).*?\.swf
{Reg}((?:hXXp://)['"]?).*?\.swf
{Reg}((?:url\()|(?:src=)['"]?).*?\.[jpg|gif|png]{3}
{Reg}((?:url\()|(?:src=)['"]?).*?\.[jpg|gif|png]{3}
scripting.FileSystemObject
scripting.FileSystemObject
bbs.125.la_Cookie
bbs.125.la_Cookie
Adodb.Stream
Adodb.Stream
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: image/gif, image/bmp, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept: image/gif, image/bmp, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
del C:\123.bat
del C:\123.bat
\Restart.bat
\Restart.bat
(*.*)|*.*
(*.*)|*.*
(*.txt)|*.txt|
(*.txt)|*.txt|
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyserver
Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyserver
Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyenable
Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyenable
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\
\data\Config.ini
\data\Config.ini
;http=
;http=
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT6.1)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT6.1)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT6.0)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT6.0)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.2)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.2)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT5.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT5.1)
>Mozilla/5.0 (compatible) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.682.0 Safari/534.21
>Mozilla/5.0 (compatible) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.682.0 Safari/534.21
>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10
Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10
Mozilla/5.0 (iPhone; U; CPU OS 4_2_1 like Mac OS X) AppleWebKit/532.9 (KHTML, like Gecko) Version/5.0.3 Mobile/8B5097d Safari/6531.22.7
Mozilla/5.0 (iPhone; U; CPU OS 4_2_1 like Mac OS X) AppleWebKit/532.9 (KHTML, like Gecko) Version/5.0.3 Mobile/8B5097d Safari/6531.22.7
Mozilla/5.0 (Linux; U; Android 2.3.3; zh-tw; HTC_Pyramid Build/GRI40) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Mozilla/5.0 (Linux; U; Android 2.3.3; zh-tw; HTC_Pyramid Build/GRI40) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Opera/9.80 (compatible; U) Presto/2.7.39 Version/11.00
Opera/9.80 (compatible; U) Presto/2.7.39 Version/11.00
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12)Gecko/20080219 Firefox/2.0.0.12 Navigator/9.0.0.6
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12)Gecko/20080219 Firefox/2.0.0.12 Navigator/9.0.0.6
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7) AppleWebKit/534.16 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7) AppleWebKit/534.16 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4
{25336920-03F9-11CF-8FD0-00AA00686F13}
{25336920-03F9-11CF-8FD0-00AA00686F13}
document.all.retjs.innerText=
document.all.retjs.innerText=
javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}
javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}
javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};
javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
text|password|file
text|password|file
comdlg32.dll
comdlg32.dll
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
WarnOnHTTPSToHTTPRedirect
WarnOnHTTPSToHTTPRedirect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
adodb.stream
adodb.stream
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Microsoft.XMLDOM
Microsoft.XMLDOM
VBScript.RegExp
VBScript.RegExp
application/x-www-form-urlencoded
application/x-www-form-urlencoded
WinHttp.WinHttpRequest.5.1
WinHttp.WinHttpRequest.5.1
SetClientCertificate
SetClientCertificate
Set fso = CreateObject("Scripting.FileSystemObject")
Set fso = CreateObject("Scripting.FileSystemObject")
fso.DeleteFile("
fso.DeleteFile("
sc.vbs")
sc.vbs")
\sc.vbs
\sc.vbs
sc.vbs
sc.vbs
sc.bat"
sc.bat"
sc.bat
sc.bat
del Restart.bat
del Restart.bat
%*.*f
%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
COMCTL32.DLL
COMCTL32.DLL
CCmdTarget
CCmdTarget
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
USER32.dll
USER32.dll
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
WINMM.dll
WINMM.dll
WINSPOOL.DRV
WINSPOOL.DRV
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
OLEAUT32.dll
OLEAUT32.dll
COMCTL32.dll
COMCTL32.dll
oledlg.dll
oledlg.dll
WS2_32.dll
WS2_32.dll
GetCPInfo
GetCPInfo
CreateDialogIndirectParamA
CreateDialogIndirectParamA
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetViewportExtEx
.PAVCException@@
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.prn)|*.prn|
(*.*)|*.*||
(*.*)|*.*||
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
Gdi32.dll
Gdi32.dll
Kernel32.dll
Kernel32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
: %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
out.prn
out.prn
%d.%d
%d.%d
%d / %d
%d / %d
%d/%d
%d/%d
Bogus message code %d
Bogus message code %d
(%d-%d):
(%d-%d):
%ld%c
%ld%c
(*.htm;*.html)|*.htm;*.html
(*.htm;*.html)|*.htm;*.html
its:%s::%s
its:%s::%s
.PAVCOleException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
zcÁ
zcÁ
#include "l.chs\afxres.rc" // Standard components
#include "l.chs\afxres.rc" // Standard components
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXC:\svchost.exe
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXC:\svchost.exe
@hXXp://m.yy.com/zone/35887743
@hXXp://m.yy.com/zone/35887743
F%*.*f
F%*.*f
iphlpapi.dll
iphlpapi.dll
SHLWAPI.dll
SHLWAPI.dll
MPR.dll
MPR.dll
VERSION.dll
VERSION.dll
WININET.dll
WININET.dll
.yy.com/zone/35887743
.yy.com/zone/35887743
/login_asyn.do
/login_asyn.do
c:\%original file name%.exe
c:\%original file name%.exe
246813579
246813579
(*.*)
(*.*)
1.0.0.0
1.0.0.0
svchost.exe_1604:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
t%SVh
t%SVh
t$(SSh
t$(SSh
|$D.tm
|$D.tm
~%UVW
~%UVW
u$SShe
u$SShe
kernel32.dll
kernel32.dll
wininet.dll
wininet.dll
ole32.dll
ole32.dll
winmm.dll
winmm.dll
ws2_32.dll
ws2_32.dll
WinINet.dll
WinINet.dll
shlwapi.dll
shlwapi.dll
User32.dll
User32.dll
user32.dll
user32.dll
gdiplus.dll
gdiplus.dll
advapi32.dll
advapi32.dll
rasapi32.dll
rasapi32.dll
Wininet.dll
Wininet.dll
urlmon.dll
urlmon.dll
OLEACC.DLL
OLEACC.DLL
gdi32.dll
gdi32.dll
shell32.dll
shell32.dll
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
HttpQueryInfoA
HttpQueryInfoA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
GetWindowsDirectoryA
GetWindowsDirectoryA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
GdiplusShutdown
GdiplusShutdown
keybd_event
keybd_event
RegCloseKey
RegCloseKey
RegCreateKeyA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyA
UrlMkSetSessionOption
UrlMkSetSessionOption
GetProcessHeap
GetProcessHeap
RegEnumKeyA
RegEnumKeyA
RegFlushKey
RegFlushKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyA
ShellExecuteA
ShellExecuteA
WinExec
WinExec
%System%\ntdll.dll
%System%\ntdll.dll
%System%\kernel32.dll
%System%\kernel32.dll
%System%\USER32.dll
%System%\USER32.dll
%System%\GDI32.dll
%System%\GDI32.dll
%System%\ADVAPI32.dll
%System%\ADVAPI32.dll
%System%\RPCRT4.dll
%System%\RPCRT4.dll
%System%\Secur32.dll
%System%\Secur32.dll
%System%\IMM32.DLL
%System%\IMM32.DLL
%System%\LPK.DLL
%System%\LPK.DLL
%System%\USP10.dll
%System%\USP10.dll
%System%\WINMM.dll
%System%\WINMM.dll
%System%\comdlg32.dll
%System%\comdlg32.dll
%System%\msvcrt.dll
%System%\msvcrt.dll
%System%\SHLWAPI.dll
%System%\SHLWAPI.dll
%System%\SHELL32.dll
%System%\SHELL32.dll
%System%\WINSPOOL.DRV
%System%\WINSPOOL.DRV
%System%\ole32.dll
%System%\ole32.dll
%System%\OLEPRO32.DLL
%System%\OLEPRO32.DLL
%System%\OLEAUT32.dll
%System%\OLEAUT32.dll
%System%\WS2_32.dll
%System%\WS2_32.dll
%System%\WS2HELP.dll
%System%\WS2HELP.dll
%System%\uxtheme.dll
%System%\uxtheme.dll
%System%\MSIMG32.dll
%System%\MSIMG32.dll
%System%\MSVCP60.dll
%System%\MSVCP60.dll
%System%\WININET.dll
%System%\WININET.dll
%System%\CRYPT32.dll
%System%\CRYPT32.dll
%System%\MSASN1.dll
%System%\MSASN1.dll
%System%\PSAPI.DLL
%System%\PSAPI.DLL
%System%\VERSION.dll
%System%\VERSION.dll
%System%\urlmon.dll
%System%\urlmon.dll
Web.dll
Web.dll
hXXp://m.yy.com/zone/1151027897
hXXp://m.yy.com/zone/1151027897
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
http=
http=
https
https
HTTP/1.1
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
HTTP/1.1
hXXps://
hXXps://
hXXp://
hXXp://
hXXp://VVV.yy.com/
hXXp://VVV.yy.com/
software\microsoft\windows\CurrentVersion\Run\
software\microsoft\windows\CurrentVersion\Run\
VVV.yy.com
VVV.yy.com
hXXps://aq.yy.com/loginOut.do
hXXps://aq.yy.com/loginOut.do
hXXps://aq.yy.com/p/wklogin.do
hXXps://aq.yy.com/p/wklogin.do
&denyCallbackURL=hXXps://aq.yy.com/p/logincbk.do?cancel=1®CallbackURL=hXXps://aq.yy.com/welcome.do&UIStyle=xelogin&rdm=0.26365254551226436
&denyCallbackURL=hXXps://aq.yy.com/p/logincbk.do?cancel=1®CallbackURL=hXXps://aq.yy.com/welcome.do&UIStyle=xelogin&rdm=0.26365254551226436
hXXps://lgn.yy.com/lgn/oauth/authorize.do?oauth_token=
hXXps://lgn.yy.com/lgn/oauth/authorize.do?oauth_token=
hXXps://lgn.yy.com/lgn/oauth/x/s/login_asyn.do
hXXps://lgn.yy.com/lgn/oauth/x/s/login_asyn.do
&denyCallbackURL=https://aq.yy.com/p/logincbk.do?cancel=1&UIStyle=xelogin&appid=1
&denyCallbackURL=https://aq.yy.com/p/logincbk.do?cancel=1&UIStyle=xelogin&appid=1
&password=
&password=
callbackURL
callbackURL
Winmm.dll
Winmm.dll
dsound.dll
dsound.dll
@ping 127.0.0.1 -n
@ping 127.0.0.1 -n
\*.*"
\*.*"
@ping 127.0.0.1 -n 1 >nul
@ping 127.0.0.1 -n 1 >nul
del 123.bat
del 123.bat
\123.bat
\123.bat
\TEMP.TMP
\TEMP.TMP
{Reg}((?:src=)['"]?).*?\.js['"]
{Reg}((?:src=)['"]?).*?\.js['"]
{Reg}((?:hXXp://)['"]?).*?\.swf
{Reg}((?:hXXp://)['"]?).*?\.swf
{Reg}((?:url\()|(?:src=)['"]?).*?\.[jpg|gif|png]{3}
{Reg}((?:url\()|(?:src=)['"]?).*?\.[jpg|gif|png]{3}
scripting.FileSystemObject
scripting.FileSystemObject
bbs.125.la_Cookie
bbs.125.la_Cookie
Adodb.Stream
Adodb.Stream
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: image/gif, image/bmp, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept: image/gif, image/bmp, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
del C:\123.bat
del C:\123.bat
\Restart.bat
\Restart.bat
(*.*)|*.*
(*.*)|*.*
(*.txt)|*.txt|
(*.txt)|*.txt|
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyserver
Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyserver
Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyenable
Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyenable
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\
\data\Config.ini
\data\Config.ini
;http=
;http=
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT6.1)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT6.1)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT6.0)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT6.0)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.2)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.2)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT5.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT5.1)
>Mozilla/5.0 (compatible) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.682.0 Safari/534.21
>Mozilla/5.0 (compatible) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.682.0 Safari/534.21
>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10
Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10
Mozilla/5.0 (iPhone; U; CPU OS 4_2_1 like Mac OS X) AppleWebKit/532.9 (KHTML, like Gecko) Version/5.0.3 Mobile/8B5097d Safari/6531.22.7
Mozilla/5.0 (iPhone; U; CPU OS 4_2_1 like Mac OS X) AppleWebKit/532.9 (KHTML, like Gecko) Version/5.0.3 Mobile/8B5097d Safari/6531.22.7
Mozilla/5.0 (Linux; U; Android 2.3.3; zh-tw; HTC_Pyramid Build/GRI40) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Mozilla/5.0 (Linux; U; Android 2.3.3; zh-tw; HTC_Pyramid Build/GRI40) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Opera/9.80 (compatible; U) Presto/2.7.39 Version/11.00
Opera/9.80 (compatible; U) Presto/2.7.39 Version/11.00
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12)Gecko/20080219 Firefox/2.0.0.12 Navigator/9.0.0.6
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12)Gecko/20080219 Firefox/2.0.0.12 Navigator/9.0.0.6
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7) AppleWebKit/534.16 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7) AppleWebKit/534.16 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4
{25336920-03F9-11CF-8FD0-00AA00686F13}
{25336920-03F9-11CF-8FD0-00AA00686F13}
document.all.retjs.innerText=
document.all.retjs.innerText=
javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}
javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}
javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};
javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
text|password|file
text|password|file
comdlg32.dll
comdlg32.dll
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
WarnOnHTTPSToHTTPRedirect
WarnOnHTTPSToHTTPRedirect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
adodb.stream
adodb.stream
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Microsoft.XMLDOM
Microsoft.XMLDOM
VBScript.RegExp
VBScript.RegExp
application/x-www-form-urlencoded
application/x-www-form-urlencoded
WinHttp.WinHttpRequest.5.1
WinHttp.WinHttpRequest.5.1
SetClientCertificate
SetClientCertificate
Set fso = CreateObject("Scripting.FileSystemObject")
Set fso = CreateObject("Scripting.FileSystemObject")
fso.DeleteFile("
fso.DeleteFile("
sc.vbs")
sc.vbs")
\sc.vbs
\sc.vbs
sc.vbs
sc.vbs
sc.bat"
sc.bat"
sc.bat
sc.bat
del Restart.bat
del Restart.bat
%*.*f
%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
COMCTL32.DLL
COMCTL32.DLL
CCmdTarget
CCmdTarget
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
USER32.dll
USER32.dll
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
WINMM.dll
WINMM.dll
WINSPOOL.DRV
WINSPOOL.DRV
ADVAPI32.dll
ADVAPI32.dll
SHELL32.dll
SHELL32.dll
OLEAUT32.dll
OLEAUT32.dll
COMCTL32.dll
COMCTL32.dll
oledlg.dll
oledlg.dll
WS2_32.dll
WS2_32.dll
GetCPInfo
GetCPInfo
CreateDialogIndirectParamA
CreateDialogIndirectParamA
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetViewportExtEx
.PAVCException@@
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.prn)|*.prn|
(*.*)|*.*||
(*.*)|*.*||
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
Gdi32.dll
Gdi32.dll
Kernel32.dll
Kernel32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
: %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
out.prn
out.prn
%d.%d
%d.%d
%d / %d
%d / %d
%d/%d
%d/%d
Bogus message code %d
Bogus message code %d
(%d-%d):
(%d-%d):
%ld%c
%ld%c
(*.htm;*.html)|*.htm;*.html
(*.htm;*.html)|*.htm;*.html
its:%s::%s
its:%s::%s
.PAVCOleException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
zcÁ
zcÁ
.yy.com/zone/1151027897
.yy.com/zone/1151027897
/login_asyn.do
/login_asyn.do
C:\svchost.exe
C:\svchost.exe
#include "l.chs\afxres.rc" // Standard components
#include "l.chs\afxres.rc" // Standard components
246813579
246813579
(*.*)
(*.*)
1.0.0.0
1.0.0.0