Gen.Variant.Strictor.74096_2945c7495f – Adaware

Gen:Variant.Strictor.74096 (BitDefender), HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Siggen6.47921 (DrWeb), Gen:Variant.Strictor.74096 (B) (Emsisoft), SAPE.Heur.82F31 (Symantec), Backdoor.Win32.BlackHole (Ikarus), Gen:Variant.Strictor.74096 (FSecure), Generic_s.EWG (AVG), Win32:Malware-gen (Avast), Gen:Variant.Strictor.74096 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Backdoor, Malware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 2945c7495fe862de5b3639fcdf405959

SHA1: 75adbf61cfcc209dd34b3cf0f5c8a32e07967069

SHA256: 548b6a5c4348309809e1abbfa52556bfa9030281a759707f865d93cc494dbc3e

SSDeep: 24576:pRzDf9OG2qL/J4TQSmj/ue8L4mBF39tO94VO/08Z6J1qtmZi3sJbT bO0/DuUDbD:pRuTEmzsmBDW3s5ItnD

Size: 2314240 bytes

File type: EXE

Platform: WIN32

Entropy: Not Packed

PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171

Company: no certificate found

Created at: 2015-10-21 18:30:48

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan-PSW. Trojan program intended for stealing users passwords.

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

%original file name%.exe:872

The Trojan injects its code into the following process(es):No processes have been created.

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process %original file name%.exe:872 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1OITCXMZ\35887743[1].htm (421 bytes)
C:\svchost.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\35887743[1].htm (16232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4N740QDH\35887743[1].htm (17422 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\35887743[1].htm (0 bytes)

Registry activity

The process %original file name%.exe:872 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 7F D7 4F 69 C2 F8 BE 13 D9 3C D5 FB 7C 81 61"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Play_Background_Sounds" = "no"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"%original file name%.exe" = "c:\%original file name%.exe"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
0fa14e09d6f8af8b0430417f3d465cd9	c:\svchost.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:872
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1OITCXMZ\35887743[1].htm (421 bytes)
C:\svchost.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\35887743[1].htm (16232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4N740QDH\35887743[1].htm (17422 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"%original file name%.exe" = "c:\%original file name%.exe"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name:
Product Name: Window ?????
Product Version: 1.0.0.0
Legal Copyright: Window ?????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: Window ?????
Comments: Window ?????
Language: Language Neutral

Company Name: Product Name: Window ?????Product Version: 1.0.0.0Legal Copyright: Window ?????Legal Trademarks: Original Filename: Internal Name: File Version: 1.0.0.0File Description: Window ?????Comments: Window ?????Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	946151	946176	4.41475	f0e48a43de943b3edb0557da536d5428
.rdata	950272	1272742	1273856	4.30656	c790a82c20739957103422acf73fb915
.data	2224128	192618	65536	3.48946	2b1ca8a23cfeadbd1e6786a3db51d210
.rsrc	2420736	23784	24576	3.55038	0dcea93969f8acb0cc78e39d70e12db6

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://duowan.xdwscache.ourglb0.com/
hxxp://www.yy.com/9050	113.107.236.195
hxxp://duowan.xdwscache.ourglb0.com/pc/js/lib/jQuery/jquery-1.11.1.min.js
hxxp://duowan.xdwscache.ourglb0.com/pc/css/studio.css?20160602135939
hxxp://duowan.xdwscache.ourglb0.com/pc/css/headfoot.mix.css?20160602135939
hxxp://duowan.xdwscache.ourglb0.com/duowan.js
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy\|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849065284&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849065284	14.17.119.59
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy\|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849065831&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849065831	14.17.119.59
hxxp://duowan.xdwscache.ourglb0.com/hiido_internal.js?siteid=www@yy
hxxp://res.udb.duowan.com/lgn/js/oauth/udbsdk/pcweb/udb.sdk.pcweb.embed.min.js	222.73.61.81
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy\|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849066144&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849066144	14.17.119.59
hxxp://duowan.xdwscache.ourglb0.com/pc/js/headfoot.mix.js?20160602135939
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&isnew=1&io=1&ut=1464849067566&rnd=0.79673912970488821464849067566	14.17.119.59
hxxp://duowan.xdwscache.ourglb0.com/pc/images/default_portrait.jpg
hxxp://res.udb.duowan.com/lgn/js/oauth/udbsdk/udb.sdk.getmm.min.js	222.73.61.81
hxxp://duowan.xdwscache.ourglb0.com/pc/images/2wm.png
hxxp://duowan.xdwscache.ourglb0.com/pc/js/liveplayerInline.js?20160602135939
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-head/images/w-head-sprite.png?$cssjsdate
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-leftMenu/images/icons-menuclose.png
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-leftMenu/images/icons-leftMenu2.png
hxxp://cm.hiido.cn/cm/user?time=1464849065&domain=yy.com&zds=www@yy\|&hiido_ui=0.572767224148353	103.30.231.70
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-thirdpartyLogin/images/login-close.png
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-liveplayerToolBar/images/w-liveplayerToolBar-sprite.png?201605261526
hxxp://duowan.xdwscache.ourglb0.com/pc/images/default_load.png
hxxp://duowan.xdwscache.ourglb0.com/pc/js/lib/requirejs/require.js?20160602135939
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-chatroom/images/alpha-bg.png
hxxp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&	103.30.231.70
hxxp://duowan.xdwscache.ourglb0.com/pc/images/icons-index.png?20160505002
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-liveplayer/images/w-liveplayer-sprite-p24.png?201605261526
hxxp://weblbs.yystatic.com/s/36588833/2488366466/yycomscene.swf	115.238.59.218
hxxp://cm.hiido.cn/cm/user?time=1464849066&domain=yy.com&zds=www@yy\|&hiido_ui=0.572767224148353	103.30.231.70
hxxp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&	103.30.231.70
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-thirdpartyLogin/images/login_btn.png
hxxp://res.udb.duowan.com/lgn/css/oauth/udbsdk/xelogin.sdk.css	222.73.61.81
hxxp://duowan.xdwscache.ourglb0.com/pc/js/studio.js?20160602135939
hxxp://hm.e.shifen.com/hm.js?c493393610cdccbddc1f124d567e36ab
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=807722698&si=c493393610cdccbddc1f124d567e36ab&st=1&v=1.1.26&lv=1&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=1000,1000&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=607327760&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=1
hxxp://cm.hiido.cn/cm/user?time=1464849073&domain=yy.com&zds=www@yy\|&hiido_ui=0.572767224148353	103.30.231.70
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=5984&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&isnew=1&io=0&ut=1464849073691&rnd=0.79673912970488821464849073691	14.17.119.59
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=498269031&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™
hxxp://dw.dlmix.ourdvs.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://www.yy.com/9050
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=1&ut=1464849074691&rnd=0.79673912970488821464849074691	14.17.119.59
hxxp://www.yy.com/	113.107.236.195
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526
hxxp://log.gds.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6
hxxp://log.gds.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6
hxxp://duowan.xdwscache.ourglb0.com/MGFhN2YyZTEtZWM1YS00MWJiLWFkZjAtNWYyYTExZDQzNTg0.jpg
hxxp://duowan.xdwscache.ourglb0.com/ZTE4NDIzY2MtZDA5OS00YjQzLWI2NGUtMzBmODc3M2ZmMzQz.jpg
hxxp://duowan.xdwscache.ourglb0.com/ODQzOGMzMTYtYWMyMi00MzBjLTg1MjEtYTA1ZTlmMjhkZWQx.jpg
hxxp://duowan.xdwscache.ourglb0.com/MTFhOWY1ODAtYTc2Zi00OGI2LThlNGUtMDE2YmFkZWY4OTIw.jpg
hxxp://duowan.xdwscache.ourglb0.com/pc/images/loading-white-mini.gif?201605261526
hxxp://duowan.xdwscache.ourglb0.com/ZDJlZDFmYWEtMjgxOS00NmU3LWE1NzQtMjYzYWM4NDkwMWVj.jpg
hxxp://duowan.xdwscache.ourglb0.com/NDQ1NzI4OTctZjBkMi00NzRkLTk4OGItYWRkN2NjZWU4ZjY4.jpg
hxxp://duowan.xdwscache.ourglb0.com/ZGZhMGQ3YjgtNzViYS00ZThiLTlkYjktZTY0M2RlZWE0OTI2.jpg
hxxp://duowan.xdwscache.ourglb0.com/MjJlMDk2YjEtODlkMS00OGVkLWIzNmItMGFhOGZiMzUyOGQy.jpg
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849075&username=	14.17.119.59
hxxp://duowan.xdwscache.ourglb0.com/OWE1YWJkNTEtMTgyNy00MGQzLTg2YzMtN2RiZjYxNTdmNmJi.jpg
hxxp://log.gds.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/DF/D3/tz0M9VdIH4YAAAAAAABCXwapNGU050.jpg
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/DB/E1/tz0M9Vc1T9UAAAAAAAA9GCmL_PA833.jpg
hxxp://duowan.xdwscache.ourglb0.com/1354080893_1464664091.891954.jpg?ips_thumbnail/4/0/w/363/h/330/format=jpeg
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/2F/B8/tz0M9VVAXDEAAAAAAAApeRzzhWQ610.jpg
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/A8/67/d7wtWVZMVGYAAAAAAAAsUBB5Ylo338.jpg
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/AB/24/tz0M9VZb9NQAAAAAAAAquzvx9eg282.jpg
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/BA/4B/d7wtWVbNX2QAAAAAAABV3x-aSpw439.jpg
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&cna=rMDWDx5FnCUCASU5EL04/DMR
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&act_type=200&source=0_0&time=1464849075&username=	14.17.119.59
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy\|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849073831&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849073831	14.17.119.59
hxxp://weblbs.yystatic.com/crossdomain.xml	115.238.59.218
hxxp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&tanx_tid=rzQriA3wFNQ=	103.30.231.70
hxxp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=9Cingj_B4CY=	103.30.231.70
hxxp://weblbs.yystatic.com//get-data/36588833?subSid=2488366466&type=yycomscene&referer=hxxp://www.yy.com/9050&_=38874345	115.238.59.218
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY
hxxp://log.gds.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6
hxxp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY=	103.30.231.70
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY
hxxp://dw.dlmix.ourdvs.com/r/rc/yycomscene/core/1/14/core.bmp
hxxp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY=	103.30.231.70
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=6188,6188&et=3&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=1454432038&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2
hxxp://cm.hiido.cn/cm/user?time=1464849080&domain=yy.com&zds=www@yy\|&hiido_ui=0.572767224148353	103.30.231.70
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=5468&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=0&ut=1464849080175&rnd=0.79673912970488821464849080175	14.17.119.59
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy\|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849080378&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849080378	14.17.119.59
hxxp://duowan.xdwscache.ourglb0.com/huya/main/pkg/auto_combine_334bb_d5d43b2.css
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=490742383&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=1&ut=1464849081066&rnd=0.79673912970488821464849081066	14.17.119.59
hxxp://weblbs.yystatic.com//get-data/36588833?subSid=2488366466&type=yycomscene&referer=hxxp://www.yy.com/9050&_=39600410	115.238.59.218
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849082&username=	14.17.119.59
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&act_type=200&source=0_0&time=1464849082&username=	14.17.119.59
hxxp://dw.dlmix.ourdvs.com/r/sc/yycomscene/defaultScene/1/72/defaultScene.swf
hxxp://m.yy.com/statistics/StatisticsAction.json?uri=studio_ie6_windows xp&value=1	115.238.189.225
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=7594,7594&et=3&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=1123212515&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2
hxxp://cm.hiido.cn/cm/user?time=1464849088&domain=yy.com&zds=www@yy\|&hiido_ui=0.572767224148353	103.30.231.70
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=7687&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=0&ut=1464849088784&rnd=0.79673912970488821464849088784	14.17.119.59
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy\|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849088972&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849088972	14.17.119.59
hxxp://m.yy.com/statistics/YycomPageLoadTimeStatisticsAction.json?uri=head-headfoot.mix.css&time=78	115.238.189.225
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=1&ut=1464849089894&rnd=0.79673912970488821464849089894	14.17.119.59
hxxp://weblbs.yystatic.com//get-data/36588833?subSid=2488366466&type=yycomscene&referer=hxxp://www.yy.com/9050&_=19542649	115.238.59.218
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849091&username=	14.17.119.59
hxxp://dw.dlmix.ourdvs.com/r/sc/yycomscene/defaultScene/1/72/liveBaseSceneConfig.xml
hxxp://dw.dlmix.ourdvs.com/r/sc/yycomscene/defaultScene/1/72/danmaku.swf
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=807722698&si=c493393610cdccbddc1f124d567e36ab&st=1&v=1.1.26&lv=1&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™	220.181.7.190
hxxp://a.dwstatic.com/huya/main/pkg/auto_combine_334bb_d5d43b2.css	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&	140.205.34.97
hxxp://yyweb.yystatic.com/pc/images/2wm.png	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/default_load.png	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&	140.205.34.97
hxxp://yyweb.yystatic.com/pc/images/components/w-thirdpartyLogin/images/login-close.png	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY	140.205.34.97
hxxp://res.m.yystatic.com/group16/M00/A8/67/d7wtWVZMVGYAAAAAAAAsUBB5Ylo338.jpg	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/components/w-leftMenu/images/icons-menuclose.png	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/default_portrait.jpg	87.245.198.83
hxxp://m.yy.com/zone/1151027897/	115.238.189.225
hxxp://yyweb.yystatic.com/pc/images/loading-white-mini.gif?201605261526	87.245.198.83
hxxp://www.huya.com/	87.245.198.83
hxxp://c2.web.yystatic.com/r/sc/yycomscene/defaultScene/1/72/defaultScene.swf	87.245.198.84
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=1000,1000&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=607327760&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=1	220.181.7.190
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=498269031&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™	220.181.7.190
hxxp://yyweb.yystatic.com/pc/images/components/w-liveplayerToolBar/images/w-liveplayerToolBar-sprite.png?201605261526	87.245.198.83
hxxp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://www.yy.com/9050	87.245.198.84
hxxp://yyweb.yystatic.com/pc/css/studio.css?20160602135939	87.245.198.83
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=7594,7594&et=3&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=1123212515&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2	220.181.7.190
hxxp://c2.web.yystatic.com/r/rc/yycomscene/core/1/14/core.bmp	87.245.198.84
hxxp://yyweb.yystatic.com/pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526	87.245.198.83
hxxp://emyfs.bs2cdn.yy.com/MjJlMDk2YjEtODlkMS00OGVkLWIzNmItMGFhOGZiMzUyOGQy.jpg	87.245.198.83
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=6188,6188&et=3&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=1454432038&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2	220.181.7.190
hxxp://statistics.yy.com/statistics/StatisticsAction.json?uri=studio_ie6_windows xp&value=1	115.238.189.225
hxxp://m.yy.com/zone/35887743/	115.238.189.225
hxxp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6	140.205.174.1
hxxp://mobilelivephoto.bs2dl.yy.com/1354080893_1464664091.891954.jpg?ips_thumbnail/4/0/w/363/h/330/format=jpeg	87.245.198.83
hxxp://res.m.yystatic.com/group16/M00/DB/E1/tz0M9Vc1T9UAAAAAAAA9GCmL_PA833.jpg	87.245.198.83
hxxp://yyweb.yystatic.com/pc/css/headfoot.mix.css?20160602135939	87.245.198.83
hxxp://emyfs.bs2cdn.yy.com/MTFhOWY1ODAtYTc2Zi00OGI2LThlNGUtMDE2YmFkZWY4OTIw.jpg	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/icons-index.png?20160505002	87.245.198.83
hxxp://emyfs.bs2cdn.yy.com/ZGZhMGQ3YjgtNzViYS00ZThiLTlkYjktZTY0M2RlZWE0OTI2.jpg	87.245.198.83
hxxp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6	140.205.174.1
hxxp://emyfs.bs2cdn.yy.com/NDQ1NzI4OTctZjBkMi00NzRkLTk4OGItYWRkN2NjZWU4ZjY4.jpg	87.245.198.83
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=490742383&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™	220.181.7.190
hxxp://emyfs.bs2dl.yy.com/MGFhN2YyZTEtZWM1YS00MWJiLWFkZjAtNWYyYTExZDQzNTg0.jpg	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/components/w-chatroom/images/alpha-bg.png	87.245.198.83
hxxp://yyweb.yystatic.com/pc/js/headfoot.mix.js?20160602135939	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/components/w-liveplayer/images/w-liveplayer-sprite-p24.png?201605261526	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/components/w-leftMenu/images/icons-leftMenu2.png	87.245.198.83
hxxp://emyfs.bs2cdn.yy.com/ODQzOGMzMTYtYWMyMi00MzBjLTg1MjEtYTA1ZTlmMjhkZWQx.jpg	87.245.198.83
hxxp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6	140.205.174.1
hxxp://m.yy.com/zone/35887743	115.238.189.225
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&	140.205.34.97
hxxp://www.duowan.com/duowan.js	87.245.198.83
hxxp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6	140.205.174.1
hxxp://res.m.yystatic.com/group16/M00/DF/D3/tz0M9VdIH4YAAAAAAABCXwapNGU050.jpg	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/components/w-thirdpartyLogin/images/login_btn.png	87.245.198.83
hxxp://yyweb.yystatic.com/pc/js/lib/requirejs/require.js?20160602135939	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H	140.205.34.97
hxxp://emyfs.bs2cdn.yy.com/OWE1YWJkNTEtMTgyNy00MGQzLTg2YzMtN2RiZjYxNTdmNmJi.jpg	87.245.198.83
hxxp://res.m.yystatic.com/group16/M00/2F/B8/tz0M9VVAXDEAAAAAAAApeRzzhWQ610.jpg	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY	140.205.34.97
hxxp://hm.baidu.com/hm.js?c493393610cdccbddc1f124d567e36ab	220.181.7.190
hxxp://res.m.yystatic.com/group16/M00/AB/24/tz0M9VZb9NQAAAAAAAAquzvx9eg282.jpg	87.245.198.83
hxxp://c2.web.yystatic.com/r/sc/yycomscene/defaultScene/1/72/liveBaseSceneConfig.xml	87.245.198.84
hxxp://yyweb.yystatic.com/pc/js/liveplayerInline.js?20160602135939	87.245.198.83
hxxp://emyfs.bs2dl.yy.com/ZTE4NDIzY2MtZDA5OS00YjQzLWI2NGUtMzBmODc3M2ZmMzQz.jpg	87.245.198.83
hxxp://yyweb.yystatic.com/pc/js/studio.js?20160602135939	87.245.198.83
hxxp://m.yy.com/zone/1151027897	115.238.189.225
hxxp://yyweb.yystatic.com/pc/js/lib/jQuery/jquery-1.11.1.min.js	87.245.198.83
hxxp://emyfs.bs2dl.yy.com/ZDJlZDFmYWEtMjgxOS00NmU3LWE1NzQtMjYzYWM4NDkwMWVj.jpg	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&cna=rMDWDx5FnCUCASU5EL04/DMR	140.205.34.97
hxxp://yyweb.yystatic.com/pc/images/components/w-head/images/w-head-sprite.png?$cssjsdate	87.245.198.83
hxxp://hdjs.hiido.com/hiido_internal.js?siteid=www@yy	87.245.198.83
hxxp://res.m.yystatic.com/group16/M00/BA/4B/d7wtWVbNX2QAAAAAAABV3x-aSpw439.jpg	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&	140.205.34.97
lgn.yy.com	111.206.234.57
dataaq.yy.com

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /ODQzOGMzMTYtYWMyMi00MzBjLTg1MjEtYTA1ZTlmMjhkZWQx.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2cdn.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 05:31:17 GMT

Date: Thu, 02 Jun 2016 05:31:17 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 58508

Accept-Ranges: bytes

Last-Modified: Mon, 16 May 2016 07:35:00 GMT

ETag: "4ac5610c6e90504634bca718aaa21645b428adcd"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 fuzhou189:88 (Cdn Cache Server V2.0), 1.1 db78:2 (Cdn Cache Server V2.0)

Connection: keep-alive

......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....>1......S.h.2..[.Y,.v....F..!f.....$...^.....'.....-.....q... ......Kx.3.......5..}.SY!;...i...........A|Q..>$....]......Z.._.?|O....!f........*......P:....x~..:..@.4.Q../.7.?R .:.3...|l..e.^......]..ml...n$PG...~..}.......e..kkk...Qnu\&.r....= ..u..<ia.......l.\..@....}....B.My=.f;d...x...}.....j..qTmT..?..8..U..N.y.=jI..2[...,...;N..8.b.c..i..q.cK....&.........@X.NO..j..O....;...D..D}.?.x.]..?!^K..[..Rp..W......W...t.e.....tz..k..Z..nd....&.M.-5...9."#.....\.....?.4=a.O.^-..........A.8..=E||....w..<W...._.@......d}........k.kK.....>)......X."..$'./\.......~._.b......A#..\......Y...f..0<.8.....7...I....2M\.S.....P...Mzc..;R....Wd..'..x...]...X.9......:N..08.s...u..X.....o.} 5...J....f.........u)....s.{..*....C(..)....U.Z..#.$Y..O....k.TL.n0x..}.{.....^2.V;..k...]..g..z....._....e.?.FA............_..G...p..T....qJ7D.vr|z...?.<P=1.......W..~&.......XQ.......Xv.....2X\FFB..R...)

<<< skipped >>>

GET /NDQ1NzI4OTctZjBkMi00NzRkLTk4OGItYWRkN2NjZWU4ZjY4.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2cdn.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074

HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 07:39:04 GMT

Date: Wed, 01 Jun 2016 07:39:04 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 49495

Accept-Ranges: bytes

Last-Modified: Wed, 18 May 2016 11:43:51 GMT

ETag: "12a3c1718d7d10cca17468109f57cf1aa949f71a"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 jfzh181:8111 (Cdn Cache Server V2.0), 1.1 db77:8 (Cdn Cache Server V2.0)

Connection: keep-alive

....$.Exif..MM.*...............T.......................................................................................(...........1...........2...........i............. ............'.......'.Adobe Photoshop CS6 (Windows).2016:04:14 15:30:10.............0221...................................................................n...........v.(.....................~..........#........H.......H.........XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.

<<< skipped >>>

GET /MjJlMDk2YjEtODlkMS00OGVkLWIzNmItMGFhOGZiMzUyOGQy.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2cdn.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 05:18:19 GMT

Date: Thu, 02 Jun 2016 05:18:19 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 92356

Accept-Ranges: bytes

Last-Modified: Tue, 19 Apr 2016 09:16:37 GMT

ETag: "a95678e5c13d1ab1ef3ba420c68d4450b5bd0207"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 db78:5 (Cdn Cache Server V2.0)

Connection: keep-alive

......Exif..MM.*...............@...............................................................................................................(...........1...........2.......................i.............H......Apple.iPhone 6s.......'.......'.Adobe Photoshop CC (Windows).2016:04:12 17:01:53..............................."...........'.......}..........0221............................................................................................................................................278.........278.........0100.......................b...........B.........................................................................2...........3...........4.....#...$...........!........2016:03:22 19:30:48.2016:03:22 19:30:48............/.......m...............S...........2...S.......S....................Apple.iPhone 6s back camera 4.15mm f/2.2.........................................(.........................................H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.................?.. ..`.&%p.&..J]:d.)p.2t.......J$.$...N......0>.a8...fX.m.a...

<<< skipped >>>

GET /hm.js?c493393610cdccbddc1f124d567e36ab HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0

HTTP/1.1 200 OK

Cache-Control: max-age=0, must-revalidate

Content-Encoding: gzip

Content-Length: 8796

Content-Type: application/javascript

Date: Thu, 02 Jun 2016 06:31:04 GMT

Etag: a6182c7abd554fdec141e481c8a3b5e5

Server: apache

...............(function(){var h={},mt={},c={id:"c493393610cdccbddc1f124d567e36ab",dm:["yy.com"],js:"tongji.baidu.com/hm-web/js/",etrk:[],icon:'',ctrk:false,align:-1,nv:-1,vdur:1800000,age:31536000000,rec:0,rp:[],trust:0,vcard:0,qiao:0,lxb:0,conv:0,med:0,cvcc:'',cvcf:[],apps:''};.;.{......p..`5........l.]....X..I..l...c..IZ...wF.CN...{.....3....d.<5R.LB.....wi..E...;.9.....[.....,..a.....~H'.s..V.....Ij/2.>..8'j........[..e..../6..k1~z;.......%.4.Oc.F.g5.F..../..D..*..x<^...f.].M.....(...Pv..bvhd.Xa......U......T..^.~>.l..m..........GK&DI.D...kN..`2.UlAQ.Uov&r.,b/.......Y/A.|'..m.,`.X.Ox......3a...h.6L#..dV .m..m.m. ..........eg.4.N..|...)....}....0....v......<...EJ...8-..".&vn..#....:.."..S.e....A.6.l..;..b9.{.$......7B.|x6...GZ......X.j1P.4.......3.eox..d.$..2.6..|..k.... ..[RX.....j.....~{7......9...g.1....S4..#Kb..F.......`.s.g....9H.....T0..D<.'.{%...&...Yd..@.."O..{...8....$.,3.A.R.x.M,....J.....)...Q[. ` .....Z...?]B....[,....UMK.,Y..L.|...u....p_.&.tE.D....9.&r%...t.Kf.H..d.i....&.....b...Xf..I.N.&`...&...-.YC...P.......%0.e..%_.....!..!ShaU..D0.........&...K.pJt.....H..V......)(}.d...Z.d...*.Z~......T;... ......=_d...nAX...._...&@.mo..r}3...50.TG....#..`K.|....~......,..c......E.4.|gp..a!^..w<Z.......Fh....(l*..ge.....i..,Y....I..`."5.3i.....F.........n......:*t.`..QL.<...v....ge..!.9...yt..@....`I......E.k._.'..(A...].0.........n... .......n!k...>...(x..Fnm....n...7.l...e3.f ..6S.LM.8..on...y#;....f.....F..#........".E..p......GM..3W....f..8.!. .b.>.c....J.......7I"..j...

<<< skipped >>>

GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=807722698&si=c493393610cdccbddc1f124d567e36ab&st=1&v=1.1.26&lv=1&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™ HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0

HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 02 Jun 2016 06:31:04 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Control: private, max-age=0, no-cache..Content-Length: 43..Content-Type: image/gif..Date: Thu, 02 Jun 2016 06:31:04 GMT..Pragma: no-cache..Server: apache..X-Content-Type-Options: nosniff..GIF89a.............!.......,...........L..;....

GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=1000,1000&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=607327760&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0

HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 02 Jun 2016 06:31:05 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff

GIF89a.............!.......,...........L..;....

GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=498269031&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™ HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0

HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 02 Jun 2016 06:31:05 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Control: private, max-age=0, no-cache..Content-Length: 43..Content-Type: image/gif..Date: Thu, 02 Jun 2016 06:31:05 GMT..Pragma: no-cache..Server: apache..X-Content-Type-Options: nosniff..GIF89a.............!.......,...........L..;....

GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=6188,6188&et=3&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=1454432038&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0

HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 02 Jun 2016 06:31:12 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff

GIF89a.............!.......,...........L..;....

GET /hm.js?c493393610cdccbddc1f124d567e36ab HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0

HTTP/1.1 200 OK

Cache-Control: max-age=0, must-revalidate

Content-Encoding: gzip

Content-Length: 8796

Content-Type: application/javascript

Date: Thu, 02 Jun 2016 06:31:12 GMT

Etag: a6182c7abd554fdec141e481c8a3b5e5

Server: apache

<<< skipped >>>

GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=490742383&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™ HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0

HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 02 Jun 2016 06:31:13 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Control: private, max-age=0, no-cache..Content-Length: 43..Content-Type: image/gif..Date: Thu, 02 Jun 2016 06:31:13 GMT..Pragma: no-cache..Server: apache..X-Content-Type-Options: nosniff..GIF89a.............!.......,...........L..;....

GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=7594,7594&et=3&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=1123212515&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0

HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 02 Jun 2016 06:31:20 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Control: private, max-age=0, no-cache..Content-Length: 43..Content-Type: image/gif..Date: Thu, 02 Jun 2016 06:31:20 GMT..Pragma: no-cache..Server: apache..X-Content-Type-Options: nosniff..GIF89a.............!.......,...........L..;..

GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849065831&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849065831 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490570624496829100001; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849088972&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849088972 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849065284&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849065284 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490570624496829400246; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:04 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Location: hXXp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /r/rc/yycomscene/core/1/14/core.bmp HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c2.web.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433

HTTP/1.1 200 OK

Content-Length: 312536

Content-Type: text/html;charset=UTF-8

Last-Modified: Wed,02-Dec-15 18:31:11 GMT

Via: 1.1 db80:8032 (Cdn Cache Server V2.0)

Connection: keep-alive

....F.)}!.C"k.......C#.d...._....Rk.S.{S.0:...t.<.....`n.K........p.Z...l.!....".j....$"..!...8.[.B...adp.......U.py..xZ^.1.<.:...2(.!G..-....9m.....B.?.....!C.`.r...w.A..$.........-.X....X`%...tZ..Pp\. B.Y.%...j? .JGvK.\.....iB.x$w.....v.B....d..)s..#..T&..F..:l. .y.H.....0......[..@.. ....,..0..>.....&..*..i.M.On...T.g.&...xuE....c......5..!.)X4..^4....ak..A....l.R)..*B.v-.M....D..8v]../.\M...../x<....-....u.....Z7... ....~.YM.....i.^C.iw.....bv.._$....p}E.............v..P.M..........^.aq....{:.Psh...{.f.G.@...M.l...j..ym..H..@~.S..E.1.V..\..5......$./.b..:..y..W..fR?X.T>..JP.........g.\.....$.._.N.G.l..Us..[..u)........j..X!VYS..hf*re.........D..8..P......W..96!.U..s.........R..oJi.c.....Kb.H.....[n..v......o..`..B|....A...<...2S.. G...u.3...v....V..r.Pyx....d.I..L.t%_.O..z.....NG..m.Ln.F.{E.=....sz.@...7...^R..!..0..b.n.RgW..2.....7..t'}P...r.094._H..._.O.PXk.....c3.....>.....wI.Hx..px..t....g.L..[..;lW...x4.qV....$Z...5.D DLwM...B..S&..................I........v..3G..P@.#.D#..r.e..(.@cV.a'.2...... $...?.m.......St......`..T....H[#N..0^.wd..z.Xml.f.T....).........&.U...6H....,.......V%...<.]./*..C..6../...3..R.Y.v.~<'.m..Sp..g$........Xt.....x..4.^.ZQx...t..W_....&..pV\FV...X..._..x..1(..S p-.....3L`;R..9.aT49..<...}..Eo....z....Z.......x....XMx^G.!\..8........`...].;'k.....G.L.X......f..f...<..?]..MQ.&..k16t8..D.@p^.P...|.......: .w..Vr.E.n.,.2.^v.&y...#..p'.;..xv(..t..t..1...r.|@..Z...p........n...w$.V8.i&.1.F.<...8..QFp.c.u`[....v..T....y.GF(.\.$.......O...|.;Y...Gdh..

<<< skipped >>>

GET /r/sc/yycomscene/defaultScene/1/72/liveBaseSceneConfig.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c2.web.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433

HTTP/1.1 200 OK

Content-Length: 918

Content-Type: text/xml;charset=UTF-8

Last-Modified: Wed,02-Dec-15 18:31:25 GMT

Via: 1.1 db79:90 (Cdn Cache Server V2.0)

Connection: close

...<?xml version="1.0" encoding="utf-8" ?>..<data>......<isStartCache>true</isStartCache>......<scene>....<version>liveBaseScene1.0.0.1</version>....<layers>.....<layer name="layer0" />.....<layer name="layer1" />.....<layer name="layer2" />.....<layer name="layer4" />....</layers>...</scene>......<modules>....<module type="scene" name="liveCard" value="liveCard.swf">.....<addChild>......<module name="liveCard" container="scene" layer="layer0" />.....</addChild>...</module>...<module type="scene" name="danmaku" value="danmaku.swf">....<addChild>.....<module name="danmaku" container="scene" layer="layer1" ></module>....</addChild>...</module>.......<module type="scene" name="controlBar" value="controlBar.swf">.....<addChild>......<module name="controlBar" container="scene" layer="layer4" ></module>.....</addChild>....</module>...</modules>..</data>..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY

Connection: Keep-Alive

Host: cms.tanx.com

HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:10 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Location: hXXp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY=

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:08 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Set-Cookie: cna=rMDWD7pw/UgCASU5EL0I34H ; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=tanx.com

Location: hXXp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=9Cingj_B4CY=

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /r/rc/yycomscene/core/1/14/core.bmp HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c2.web.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433

HTTP/1.1 200 OK

Content-Length: 312536

Content-Type: text/html;charset=UTF-8

Last-Modified: Wed,02-Dec-15 18:31:11 GMT

Age: 2

Via: 1.1 db80:8032 (Cdn Cache Server V2.0)

Connection: keep-alive

<<< skipped >>>

GET /r/sc/yycomscene/defaultScene/1/72/defaultScene.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c2.web.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433

HTTP/1.1 200 OK

Content-Length: 28691

Content-Type: application/x-shockwave-flash;charset=UTF-8

Last-Modified: Wed,02-Dec-15 18:31:18 GMT

Via: 1.1 db79:7002 (Cdn Cache Server V2.0)

Connection: close

CWS.X...x...y|.E.?.....=.;.b..*...t=..n...!.....8I&.h..3. ...,......r.}.... .}.@............LBP....._v......:..z...G .....JQ.../.4EQ...!S. ..U....g.....e.wU..p.!.W.Q.F..uq.@..W. ...WV.^}...D.PS}.;.G}...W....B.A.C....$..<....{w'...h....Z.eeE/_...W......72................/e.kt.PM...Q....U..P...Z.)M....]......e......iI..m...l)..N.....W....)b.(]Ccy.?T..F.S........@c}e..Z.)YE.....4QD...z.......}........5..}W...}i.K{...J!W.j..N.z.j._.G.J%W=~......7.-........mgr\.\.].._..S...6..K........BrUAo......T:)..x".l...x........r..O[..l...<{..H...h#.....@].....|.= .A_O.}....V.B<gH.Q......e......j.MFIC......@..[o.o....q...g.............o.{d]z.{C>.........}.:...h.Z..6.........J_0..*.g..F.f.y.8..E.Y..G........{..>k....o}....>|..*..><.r./..jj.H..>|....F_....I.y..!.>....a.RX...e!_.J).....W. .|.wA07P_...`...Z_._.B..R..B.&t....@.e....!."oc.&....446 ....h...m7Jc._.r......&=..!.F.s.AoSZ.>...^../h.6....I..5I...x.....j...%a..P._.BS...GB....N.........BP..m3.=....,AJ...v$.4%.><._..H..R]..t....w.._]...C....9.U...{u.k....QU;2....!...2.....\......0..^q...%..d...U..c...u&...5.....c.......K.3@..3..F.%..2.K....'.J..W.sd.g#.M.&=...@u ..|e..u.D?.z.6......g.......t.kp......*%.....H....B.F.l.bY....#,npS...(....C[).....b...oS.'..s{.:C%1R.T._?4.g.U..]N......OD~.|.[..[... ..M;..'6q.K.. . ...}..w<}..7.....Q...{w.....y\%.q...`e.M..,..(..W_9...a@..BX....h?.z....[..........b.#=..R..NN.15..5.m....t g..7..}.J..K.7..5t.....Ac...........1Uh.,Fi5....>.\.....n...!..Y.M.....5........\[)/.s....Z].~.....\{..<.@.#...S.=

<<< skipped >>>

GET /j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&act_type=200&source=0_0&time=1464849082&username= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:04 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Location: hXXp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.huya.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 02 Jun 2016 06:30:43 GMT

Server: nginx

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

X-Powered-By: PHP/5.4.42

Cache-Control: no-cache

Content-Encoding: gzip

X-Via: 1.1 shx104:8080 (Cdn Cache Server V2.0), 1.1 fuzhou186:8108 (Cdn Cache Server V2.0), 1.1 db78:10 (Cdn Cache Server V2.0)

Connection: keep-alive

49b.............}yw.W.....B..m..P.`#....{.....y@{.h..*G*.8..L..<%.8d....I.$.@...(/.......95.$.&.`..C.......=..6.SM...."Yk87.....MR........%E..T(jV&Z.......Z.HR{.d.f..L..).....,C.i..b.--..4uH......L...U....).4y.a...5....`..........hI|...y.2.\..H9-C..$K.ZJ..KK.j.C7.h....k.\(..!....H....#Zf.u.#9.a).R.M.h..XN..].uQ.-.h...AT.`.b............5.G...V..3.w.>I.6..@...I..y....$9.g..........R........ DAWyUa...E *.c...sW.T._.\.P..^.............O....>r.r.......w.d.....?$....g...v.>w.|... f......Sw 3...{.<}d.......L...|.r...4......NA..g....cg........<..@.../.........9x...D..y.r.x..{....K.}t.>{.>}.<5.<GU.?...>.2...G..3.jph.V.2'.............pc.kh.s.x.....^'.y....v..........K^..%.QI....-.z... ....&.<....!.dw..........*R.....z#...gz.....ccc.li\J).p.7...T&ji...R.2.b.Ek<...........H)u.h..).$TdzX2....Ci.d...X6.. M3.<..*C.T.......|m..-.[..%.tZ.[...oJ.}j,..BDR9M.....k....`.e....<.G...C...W...4..EJ.\..K...@.Sr.R.|j|... ....dn...A...N.8.J........&.b.q..j....nD.,)...4..W(.d..Ky.U.....S9SRw....^...eK.j..Rj.....u...C....NiI.Q.B..- Tto|"...?.]Fp=.R!.e,....T..~.....1->.'E...f!..[.B&.M(.....w {........-f....U*.#.jf...........-......._(..._.-..(<...Q.{G..bAq.F...8P....BIi79.5....2ym,.E.4.5Z.T.N..N-..2000....x...a.rF1.0...4k.1......Lt.5......nro&..R.L#..F..N...c..S....zz,...... .. .yE3...BA...A.&&&b.x......5.....%G.qw!["......D..7.5......owG.uQ.EE....)B.I.,. .....W.P.z....o..:./.=.....m..............Hv....[_~...r59'.A......:.L0>.$.JAh.;.~....XT............6....]...7.........l..9CN.{w...... .

<<< skipped >>>

GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&io=1&ut=1464849081066&rnd=0.79673912970488821464849081066 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /9050 HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.yy.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:48 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Language: en-US

X-Cache: EXPIRED

Content-Encoding: gzip

4a4.............}ks.G..g.j...6......,qq.\.)lBb..S)j$...G3bfd[..*.1.... ..........cl.z~....<..).....h...d..-.Ra4.}..........%...R."rb........Rd....D.H.H^..}..8.O...,....x..P<...4......R.aZD....&x........S.......x....baw P*..m.. .".nKs....T.4(...p.. <V..d..^....b&..)r.$[.......SEzd...&....YC ......{T.b...K0.........@.....uh...R............".L./."...xz.N.(.............1........FH...B.#&..'..._...`.Q. )R;v...E:O........&................!!......"...C..?.P[.......!....,."CuH......$.u..Q].......o. ...$...c.. S..q._~..47_.....3...3........t....me.Z..[{......Ti..3..l.......>>......3.R..........o.0h......]k2...5i........n....<.G..A.L..v..... ..b7...v...tz....b.,gx.......YSu....c.D"..}.....K<...._....]z....o.....,Y.4...uoy....!.M.YY..aiC...r.|..-E..I......-..-(....,R.BW.H.........l..Dc.3.o.L..!..o@f.|)p@R....j_&..qf... ..J.Q.X_....... .34...?..C.`<..Eb.H...$KI......$..L......!.A...\.s....Q..p.mH,..o..g..../..E!.c.H.@X......]`.1Z.:.sO.1:::.]...!(..k..P...6.H.,.R&....#.b.....a0h`...6....j..)*.,..._{,.!..B.c.!3.n\......f...S....~..%X'....v}?..i...O).>f@..F>...../~... ..D.!........P..E@!BLp@..d...D..d(v....l..7@<..=.."..*g..".....GS.b!.z....0.I....Jqc>D.....8.....yi..i.2X~..g....[...........2b1f...VW...|..f.W..H......0#M...xe......RuaA..Ue.......{........H.)....,@...e..4..Y......z.X...xnT...PO.E...r.....N............q.... .m@..._.*...*...BI....|..)z......o....E ....=.....G..w...O.!c....l./`X.. .>2w..A.R$.`..&.`.iV..P..fEm1TT....\.*CZ......M(..I(.l..O7.......@...f.Z_.)..3...u.r.....h.a..!

<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074; hdjs_ui=0.7967391297048882

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:07 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:31:06 GMT

Content-Encoding: gzip

4c8..............kw.G.?.:g...t<.L.ub...\.e#.1..c"..f...%aI.,....8....;.$.1........ccX.y.<.c....|..U..rKjs.Q.c.....w.....v......8??....\v........X.....I.?.%../....I....~_7......b...]..T"YH..|........&.'..xc6=5. $._t%.......$.Ou.R..EW...?......=..E>...=.|....dn~_.g..%...&.N.b.... $.=3....L~66.=,.......Lz..];%.t...u...s..r.3...o}~.f..=...3.......[..."..H~..).Aw..&......3..4....,..............}s.!nN~../..yP.. .`......D..U.?.M%g}......O.z>.K.?...o....?.M..6..|.B.Q.O....?...gFf..y.....n...?=..TO...C.0......H....7.|....#..feeA.s.z.Hu...|\....rY.Gx.LXz.._zR/....I.u#..7...ia.~..9k..R..}......../j?/.Hy..|.....O........g.,..\>[.|..j.o.^..............3.._........._.....JO..g.. ..- .....j..C..'...}.>(...?g29?./$..o....v.h..9.......g....Gem.r|I..y...R].]^_.$..=~.>.Ka.. E~>.,..I~k..../..i..s=..G.A).B0.'Y...Al.u.\.../C.(.....;?h....}.<...5........=.^...>..=...V.L..S...=...C..n3..~.....U....m.G...z......&..6..w./m..l.4;1.. ...S~p................I.........:S...... ...|...6Q.. e..#.T.....VHj....L!.[...........}..4.U..Y...h.Lc.......kz./....}..D. J....'>."..y0 ...g?....Dr.3_*....o(..?...-........x6V,~..Nv.L'....s..$d=..|.x~N........0.*_..6..N..CU............ .ko..7.....K.k.7.G.....'..S..l......zmuU8s..~Om....~......'VH...1.>.e....1000....'......d>./..w...=../.g.......|~..p1V..b76..M...=yQyt..S..s....hci....H....>.pR..... 0......-a?.T...D..6.{V..._:........n(....`..W@.",..G.........b.b..]...)....t..x.m...?...Od..y=}.8.-.7(.:.8...Q..b..O@....7.V.Y.[...L...X.....\...:a....$...3....v........B

<<< skipped >>>

GET /pc/js/liveplayerInline.js?20160602135939 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 06:31:00 GMT

Date: Thu, 02 Jun 2016 06:31:00 GMT

Server: nginx

Content-Type: application/x-javascript

Last-Modified: Thu, 02 Jun 2016 06:06:11 GMT

Transfer-Encoding: chunked

Cache-Control: max-age=604800

Content-Encoding: gzip

X-Via: 1.1 fuzhou185:8107 (Cdn Cache Server V2.0), 1.1 db78:10 (Cdn Cache Server V2.0)

Connection: keep-alive

610.............Wmo.6.. ...b...['.<!H..K.5E....w.).f*..I.1....(.........E........I...Re.^\3....[..k.(.,...NDf.H.7.p.......2....Nu..c..._..W.[$..Lf..5.mob.h.~.2...6....!...=....c..]...J....x..........n'....R..(b....6....j&..3..G,D(Db2....X...z..d.*I|....j.E.....".'U...........Y..X..#.I.Fa-...;.......'..c*aX.~..*.DF.N.wq.5.{L..p../....jy..5~gV`p..j..<\x.Y*..-..@{.ot...m].....{.m.v..[h.@-...)8.......<.*ip...@.0.y,...]Ob*..{w9Bd. 2...y.CbF...{.../.="..`r.*.^...o.A._...H.h8...^k.z..4O.L......4..9..K.&...bY.Y..KL*.(l.............ey....B..%.Y..{'.=.m.-...p2.DP.e...w.{.>.P..(..."I...)axIfLg...d .u.=..}.;.Bk.y..B.n1I..-&)3..Z,......-....Q....nw?.v.....c.......r;....<.......[.;.2.p2X..u......#.Hys{....a..N.......].1......}..|.K..LP3K...E.....\...(..2.!.h6. ...Z..A}.wb..dl..&Y.(.."c!Gc....v..t.k'g#q.'......i....5.bg.Sn...e.d....o.._ ..g,.9.rT.....QQ..R..0..y..}..DBGq.........6..;.U..bXY,.*.F....EQJ.U....F.[. .b.M..b1.v.....=?...A..[r=4.(.}b"F8dM.W..(G...rE..R)jU.....p.....5...E.U,.|:=Q.\e...L.....T#...#..^..).ec.b...GM.Oe|G.9L1A,.c.O.:hX!.eM, .....*?..2I.`......A.}.........^..?.............9x.....b.l...!8F......$..x...0.D.FL....Ho..y&2.6.V@..Q.....o.....!..D...0S....fc..h..H.....!&S....gh*.S.e'\.m=..,..[&7..E..C.1..{|.X...|..0f....).%.a;ai:d......-T(.r..\....5&....I...>...?%.Ih...\;...;.....cW..evj..#.C.uF.nIr........I%.j..Wog'v........b. o......u.-.VDkd./.......k#.....~....G6.......:f.l.}.*...{....rq$.u..4}.;.I...%d..k>& ...=t_&D..<..Ip..-..xA.=.%...*)...o.c;I..@!P.s.J......W......(8iBNV....d...k!

<<< skipped >>>

GET /pc/images/components/w-liveplayerToolBar/images/w-liveplayerToolBar-sprite.png?201605261526 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 09:29:57 GMT

Date: Fri, 27 May 2016 09:29:57 GMT

Server: nginx

Content-Type: image/png

Content-Length: 17611

Last-Modified: Fri, 27 May 2016 08:54:43 GMT

ETag: "57480b53-44cb"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive

.PNG........IHDR.............5.J.....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:E60E10165BFDE511AA47E9FC9BD5880F" xmpMM:DocumentID="xmp.did:C10D9CCA0C4C11E6A9B9FA7167593658" xmpMM:InstanceID="xmp.iid:C10D9CC90C4C11E6A9B9FA7167593658" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:777E1206C20AE611AB2BC543F5F7AE8B" stRef:documentID="xmp.did:E60E10165BFDE511AA47E9FC9BD5880F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..x...@.IDATx..}.|T.....d...... ...Q.B"...Z...b.......[..U.........b.j.Zw....DvDvY.d.d..?..;a2Lf..L...|..^....{...s.......#..G(.........QV.,Dy.....;....w.}..o.}.......P..4.\.B.~z.v..(.1.........4....n$....{"..q....k...(.!.......QV.......g..i.cL^r..8/...qs?. I.}).O...u..$.5}pc...!.....u..0..#...(.B.... ..Pr..@,.]....6w.-oN.......w..[Q..Y8H.?.,Cy..*..GY."......i.=..j..b8n.G)....([..A(.P......'...!.....=...I/..p.....u.6...?.F.cz.Y...r...(/....KQ=.O...8..y..RH.'(/Q..,\S....[..mK#2...k...h...e.I.T.3..._.........CN.9@..=a../..=....

<<< skipped >>>

GET /pc/images/default_load.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 15:00:52 GMT

Date: Fri, 27 May 2016 15:00:52 GMT

Server: nginx

Content-Type: image/png

Content-Length: 6001

Last-Modified: Tue, 24 May 2016 09:18:47 GMT

ETag: "57441c77-1771"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou186:8108 (Cdn Cache Server V2.0), 1.1 db78:4 (Cdn Cache Server V2.0)

Connection: keep-alive

.PNG........IHDR...<...<.....:..r....gAMA......a....(IDATh..Z]l.Wv>.'G?TL*.Z.q.$..v..].1...R..b.4X.6.-..@.4....>....v.....R B.}.Po.J]$[H....].6..6D'....)..-R.P.Pd....E..Zr.9.g......w.=........-..n..Gro\...........~.....O".#G.#W..4..q.l...G.....)R.."n^N..*.|..j...-...Qu-".1...D.~Wx....v...5. ...5MD..?...z.P~........k.|..1v}..H.G@..!........=.,(....%......=A..-d.aAdI<.kS7W..esr.......qW6".'.K....V..K..b2J..8.;8.,V).|Y./.V..|...:\.#.......w/.w....k ...[.WeYj...z)........X....t'../.v.MB-p(.h...0.......&W>..j.....10....T4.......K....Q6D.od. .j......PeC..*i.....X=.[...-M......&1"p....T../..60...u.... ........2..Mu`.E..L.D%.#.uz...M...,..-V.t?...3..b.(.'R.%....PVF...15..Xh.6hx....z:C...z...V....r....SI..mm.T/G@V...)..&q.\..n........z........`.D . .l.iK.pW...^..."(.u.......M.D..(A..xH...,....#.!..M#.l..a......oV......d..v.\.-.J@........`N.DD..CUcO.D.Y..Y.Z L.M..TL$..e...aWg..N.'.....u.)XmHk.(...{..&>.y...x.Aq..8..yH.D.YC.i].....A.Cc#.....z.a.....;^.1[8w...&@Z....|.....N. ....Z..z...5w7j..FGr.y..VQ.g..[....j..- .........P@f.....M..s....P.fkWw.^..|.G..0.["..FO.@.X/.o........x....v...;K...F.F..5.G....8......S..m...:;5..9..]e....9......|..;....l.ZW.Uc.].V{.0e.\......5ylv...{~..H$DN.d6.....f...,.5..6.....j....N..;.m.k.SC.}/.f..0(W.\...{`.....<..c......Y}.L.......%....;...R(.Ff..c;.#5.A.Qr...|..:...u.A.....g.. 'Nn.....Kejz..L...M.Q.MH.S.H ....28...E0..Dp.I>..>X.Z..5..../P..y.Ft..NYS>!.A/.J..%..\$.%....@!..^.a......\G......;..tt.d.C...p.....LI.....zY...b.}.B.z.g00i.....7..\.j2m...e.D........KY

<<< skipped >>>

GET /pc/images/components/w-chatroom/images/alpha-bg.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 13:23:30 GMT

Date: Thu, 26 May 2016 13:23:30 GMT

Server: nginx

Content-Type: image/png

Content-Length: 1165

Last-Modified: Wed, 25 May 2016 10:22:44 GMT

ETag: "57457cf4-48d"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou186:8108 (Cdn Cache Server V2.0), 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive

.PNG........IHDR.......F.......^'....tEXtSoftware.Adobe ImageReadyq.e<...qiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8ad64beb-0567-7b4c-a3c5-f03681ebd8e9" xmpMM:DocumentID="xmp.did:6CFE6418FC9D11E59BDE8CC47D964442" xmpMM:InstanceID="xmp.iid:6CFE6417FC9D11E59BDE8CC47D964442" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6c08b5c3-eee2-7f43-81b4-21b6d0020688" stRef:documentID="xmp.did:8ad64beb-0567-7b4c-a3c5-f03681ebd8e9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx...K..0.D.....;...$2.\/[vy.;...L.^B......p0h.u..R(zJ.T..(....*..3W..#\s.,....|Q...6.-.,.......t.c..pG=..A.>..T.w.Y.Q...]..^...6.`...*.9.].....A....*...^ Oe..x.e..D{}........}.`..(.=....IEND.B`.....

<<< skipped >>>

GET /pc/images/icons-index.png?20160505002 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 14:14:10 GMT

Date: Thu, 26 May 2016 14:14:10 GMT

Server: nginx

Content-Type: image/png

Content-Length: 5235

Last-Modified: Thu, 26 May 2016 10:13:16 GMT

ETag: "5746cc3c-1473"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhdx182:8109 (Cdn Cache Server V2.0), 1.1 db78:5 (Cdn Cache Server V2.0)

Connection: keep-alive

.PNG........IHDR...g.........e......:IDATx............p.A......`.*Q...$FQL.Jb.E..%X..E#&....\...'.(.U....R.H...Z....^.K.D.N"p...|..7G.0;;;.=...M..vw.gv..mw...c..4...x.d......A=...FO!..N.h..&r.".ipP}A...".ab`8.A.d#E..".'8]A..P...............2.......^]S...j>.-4.wb..g..-4........\h."?p&...kb&.g.....\}..A.g.*.Gn....16.2=.......tqP8.A.......UP8.ElL.z)............s..S.z.........^l... A....u.l).......-.%ll.@.f/...j.....b#0...a8...8m....7o.|..-[F..8.|..?..-.m.......?.............._|.o..mM...Vg.R.....\.`..........c.._~..i..i...l.ps.....y3Bp....L.Y&.s!m.....c...G..^.....0../.Z..S.....CQ....Cf...IP....T.A.U.l..&.A.9.}...PW..R#.~..A....&K/!...cl...|..'.....<.\.@..gb?K..U.V.@....C..n.Z[..9....yu....w.....tx.......K#..~.....ZH..o ......a..Mccc.n.t..b...;A.w.....f.|....... ........."...[w......P.....a....2!o...=.,..pX..e...J...m&.......W.\iK.rAh.a#5.[.m&..pl.aT!'i`.V.....F...........J.....t...*8..a.....Ep.J~.....^....;FX..d....{.... ].....~..;.......:.T$.N9.......\.h..r.8......$s.[(...;w.4w..mB#W.8.A.AU6C?...h....=.../.u.....r......:.?.TQ6.....i.....^.O..........\.".....A....t....a.....9.T..N.d.e..;...b...^2.;(,.B...`..8.Pr..S...;n.\...$..`.e60.p*...d..N..8X....b0../. .A..W.]X....,}.. N... ........E.`e# m.:...l0`p....:.!.9.....P.~....I.3r.9.Z4..8.r..IN0...^..[..P...........&..g.u..H,.<.9.}Y.........Y.p...#..(....E..>.;<....5.;.,8..4/{..4UWj4.A.j...#...A.n..b.c^..".b.g.4D.....*...}...5...*F..[".X.a....#..^"...w.~.......z.....pR.BN.5.t:.3.....=.$8..>*...=.......(*QM....s.=...m..n..$.O.:.....cyC.....T4.N.T.....

<<< skipped >>>

GET /pc/images/components/w-liveplayer/images/w-liveplayer-sprite-p24.png?201605261526 HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 09:29:57 GMT

Date: Fri, 27 May 2016 09:29:57 GMT

Server: nginx

Content-Type: image/png

Content-Length: 2761

Last-Modified: Fri, 27 May 2016 08:54:49 GMT

ETag: "57480b59-ac9"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:7 (Cdn Cache Server V2.0)

Connection: keep-alive

.PNG........IHDR.......K.......~.....tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:b75df607-b6fe-42c1-b920-70eefaf4d55c" xmpMM:DocumentID="xmp.did:41791D48173E11E68975F2632BFDC67F" xmpMM:InstanceID="xmp.iid:41791D47173E11E68975F2632BFDC67F" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D1BEB5342817E6119B3DA3A9C7231D3E" stRef:documentID="xmp.did:b75df607-b6fe-42c1-b920-70eefaf4d55c"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx...Mh.U...{I.&.WI.MC...i..7~A Y.7..P\6...A(......"..(H..H.....S..2.K..b.-..../.M...MgB?...7.......$M;....;...{...$.......;w..w..u....=.T.Pp....566...&.e...k.*.|k....r~.i.5;;.l.$PJ.f.X,^....?d.......}......b.l.......d[.n]6....d#...Q.....w.d.d..gd.d.^.E........hsUP.,...}...F....vH..........Z[[##.mr...}#;'.P.....e/.v..,]xW..#.....w.uZ0}....d.....{J.6m...a.~3............U..\.533...9.bss.o..=..S.gZ...........E..ZZZ6.X_.N.....}........655.J..C....S.X.... Z..!..................wd..t.......v`..........dG'&&..q..o

<<< skipped >>>

GET /pc/images/components/w-thirdpartyLogin/images/login_btn.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 01:15:21 GMT

Date: Thu, 02 Jun 2016 01:15:21 GMT

Server: nginx

Content-Type: image/png

Content-Length: 8363

Last-Modified: Wed, 01 Jun 2016 11:26:51 GMT

ETag: "574ec67b-20ab"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive

.PNG........IHDR.......".............tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:0844673FFD5611E59329C7AD930B1631" xmpMM:InstanceID="xmp.iid:0844673EFD5611E59329C7AD930B1631" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7F002BF2F26911E5B20D9BEF70BA27A9" stRef:documentID="xmp.did:7F002BF3F26911E5B20D9BEF70BA27A9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.....T.....o.o.F.../....ED......&jf...$..|:.._t....q>...2j...E.A..."..BC. ..k.U.9......f.Bo..............}.........B0W.......!g/A.jE[".Z..o.h.).B.R.....m.^.... $.P....*BH,EzZ.B..".o.7.^d.e.306..|..6..MN...z.QU...hG...."..B.?.7.M|..l...9...m.......;...]....a....&...A.X~E.q.!......|,...V..=FR[ ...x..b.J..3..x.."..1.T.H....\\|.7....p..\..IM..91..f.i....9....s$..b.fc....>.].fW..`........i[.03E<BHJ..4...s.....Hj.$.q....^.b.....v.._@.4...@...`Xf..W`7..9..=...)M7cL.5....G.W!D..q...?.,...Y.ER@ .f.<......jG .|...b6.Ty...HF.X`10P'....crP.aN.y..s~ot6{.hW .j.8&y7..B ..%...,.Ifaa.

<<< skipped >>>

GET /pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 13:46:52 GMT

Date: Fri, 27 May 2016 13:46:52 GMT

Server: nginx

Content-Type: image/png

Content-Length: 4789

Last-Modified: Fri, 27 May 2016 11:23:26 GMT

ETag: "57482e2e-12b5"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:9 (Cdn Cache Server V2.0)

Connection: keep-alive

.PNG........IHDR...............e.....tEXtSoftware.Adobe ImageReadyq.e<...niTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:fce01c82-3482-443c-b8b3-396eb82a1c25" xmpMM:DocumentID="xmp.did:E9A322F8231A11E6BED4EFD29F3E9143" xmpMM:InstanceID="xmp.iid:E9A322F7231A11E6BED4EFD29F3E9143" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A8C2D00A6022E611938EA93BE443F9C0" stRef:documentID="xmp.did:fce01c82-3482-443c-b8b3-396eb82a1c25"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>j..v....PLTE.......JJ9.%....ttj..........f..3v.i..........D....-...z..""......VVV.QQD.1...X.G...,..............".......|..L...<..4....Y...........................2............44.......jj...........u...|..K..d...........)..s.......................N.=.......bbK.V...........).....>D.2V.............Q...'..........S...............\....,I.!.xxk.\....--...S..A.2................>>..$-..............x.....\..2....?.................u..AF.*G.$.....C....c-.......**........<..<.....9......@.-d.T......d.~...B......

<<< skipped >>>

GET /pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 13:46:52 GMT

Date: Fri, 27 May 2016 13:46:52 GMT

Server: nginx

Content-Type: image/png

Content-Length: 4789

Last-Modified: Fri, 27 May 2016 11:23:26 GMT

ETag: "57482e2e-12b5"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:9 (Cdn Cache Server V2.0)

Connection: keep-alive

<<< skipped >>>

GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=5468&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&io=0&ut=1464849080175&rnd=0.79673912970488821464849080175 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /ZTE4NDIzY2MtZDA5OS00YjQzLWI2NGUtMzBmODc3M2ZmMzQz.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2dl.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 03:43:06 GMT

Date: Thu, 02 Jun 2016 03:43:06 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 90086

Accept-Ranges: bytes

Last-Modified: Fri, 08 Apr 2016 12:06:06 GMT

ETag: "a11ef96c09b67d8f71967939120bef49b82d626b"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 zhenjiang80:8104 (Cdn Cache Server V2.0), 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive

......Exif..II*.................Ducky.......b.....*hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:9F06E0B7FD7411E5BE36C7906B3F28A8" xmpMM:InstanceID="xmp.iid:9F06E0B6FD7411E5BE36C7906B3F28A8" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:33200C90FC9E11E5BDB9F8B305C1B02C" stRef:documentID="xmp.did:33200C91FC9E11E5BDB9F8B305C1B02C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................B.b..............................................................................................!1..A.Q".aq2...B#...R3...b$45.6..rS7...Ccde8...T%....UV..t.u&Fx......................!1..AQa..q.."......2..#..BRb3.4.r..Cc$56Sd.7...s%.t.DTUu.8............?...N.%)&.........y.Zc....F.*......k:M S...s....T%B..I.KZ_.D...C:.jM|s.o.?8%.../y.Z$.......4:....T\.VN9....z..1.............$...N2.B.@!@@Q...ly.@.UU....*h...*.=...%q[w~..c.Xla.k...6....QZ.....=1... ...../1. r.&..Lb.

<<< skipped >>>

GET /MTFhOWY1ODAtYTc2Zi00OGI2LThlNGUtMDE2YmFkZWY4OTIw.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2cdn.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 06:26:37 GMT

Date: Thu, 02 Jun 2016 06:26:37 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 90063

Accept-Ranges: bytes

Last-Modified: Wed, 11 May 2016 09:30:45 GMT

ETag: "f8fcd7d98b256b623af2fce04b860dfe3747f60d"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 db77:10 (Cdn Cache Server V2.0)

Connection: keep-alive

.....0Exif..MM.*.......1..............VVV.meitu.com....C....................................................................C.........................................................................&...............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....R....~.......{.[s.M....}.......4..........@.i..?.....,.<.........]..%._..?.......{N........N..R.#.6O)..~..U..;....."1\...3..UdZwW..2.'....N.a..}.........2.'....E....}.........R.. ........]...bas&.B.......z..e.O..?.........#.c..E......X#."...F?....&R.Z.d..uu..sd|....!...*....nW.9..o... .XY.d.rT.M..)Tp~..m..=.....h.*.....U....U]D.v..(Pq.....Q.F;...G.,.'.....#]..R.L-.3^.m.m.8.UE_....M..j:....Q...(....:..8.>$v....Y..u...C..].eK....X..........d.....Sz...?..%..`7n^{yc.*[&D..P1........k(..3qb\.....x..`..L.. .'.]......K). ......o....Q............QV1.4.T.T..?..\.f.2].o?8...Z.cx.%.R..9.t.....2.~.. .Nc.d...VN:..3N7e{.Jrwo..(.c. ..~.z...v..g=....... ....p....W....Y..A,...B.A.... ...gE..d_....q.........*.3.....EO)..H.w....'9>..(rQ@...Q.........Rsf.\...m.........>.s..=...@.........SV.5n.s_.....]..)7r.S..s{t.........q..Q..........1...A>q..S.4..55;.m.a......,.?.....

<<< skipped >>>

GET /ZGZhMGQ3YjgtNzViYS00ZThiLTlkYjktZTY0M2RlZWE0OTI2.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2cdn.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074

HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 23:34:04 GMT

Date: Wed, 01 Jun 2016 23:34:04 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 34692

Accept-Ranges: bytes

Last-Modified: Mon, 23 May 2016 03:16:48 GMT

ETag: "0a3ccb1c7d41902d280adece9217688d8c11fe14"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 chshx40:8105 (Cdn Cache Server V2.0), 1.1 fuzhou191:88 (Cdn Cache Server V2.0), 1.1 db78:3 (Cdn Cache Server V2.0)

Connection: keep-alive

......Exif..II*.................Ducky.......P.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4D7B5B88AA12E611B5E5A87810B57366" xmpMM:DocumentID="xmp.did:C2B19FA1209411E6B614C6FF3ABB0594" xmpMM:InstanceID="xmp.iid:C2B19FA0209411E6B614C6FF3ABB0594" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:901A9FEFFC1CE611A66DF0953CD9D519" stRef:documentID="xmp.did:4D7B5B88AA12E611B5E5A87810B57366"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................B.b...........................................................................................!1..AQ.aq"2...B....R#3..b...r.C4...S$..cs5...DTU....d%V.W......................!1..AQ"..aq.2.B.....#3..R.............?..=...6.q.../B....&.i......)R[2@H.....L...I..t... i..i .sHC.............y.. .... bQ1...B.?L.....2..1....*.*.*.*.*..k.U..?l&!Z/.p.....l1......G.=&.wm...j.-....R./>..-S..5-...=.........

<<< skipped >>>

GET /OWE1YWJkNTEtMTgyNy00MGQzLTg2YzMtN2RiZjYxNTdmNmJi.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2cdn.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074

HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 13:39:27 GMT

Date: Wed, 01 Jun 2016 13:39:27 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 62074

Accept-Ranges: bytes

Last-Modified: Tue, 31 May 2016 03:27:37 GMT

ETag: "652aa9c85a6b9889cd391adb8a16e2dbb21a805b"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 db77:3 (Cdn Cache Server V2.0)

Connection: keep-alive

......JFIF.....,.,.....XExif..MM.*...................i.........&.................................................C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..a.P:.`=)..M...R.PM.<t4...vs.b..........4......rh.@..Bz.J........;.....m..,J..}.S...>"....m}.F..,R.d....}y$..W.|[...t_..Y...W.9.#......v.9.!9#.v..6.l...8.0..2.....}R..,-...O.Gs.R..l..27.v....dy._v=...Z."[&2.=3..M..p.$..Z...S.Np:...V.'>.d.w.L.~...O4.H....m^9..........ZB....R8...M...o.8..........#>Is.;s.MO..C...8.....!@\e..1..}j./A]..0......>.....8..........bL...E....2@<..A.O.=..kQ!.<v..q........Y...u$zTPF.~.Fgr};..J..AP3..<...T....}x.v.....n......H...\.S.,.q.G..H...F...9 .=..u....G..[r..9.J"..8...#....$........c...?.9U......'x.qT.@....L...W...qVE..#...4.l...P.......B.w..#M.6..v..........#.dT....4.....^A#...6.c.O..[w.....n0.I.v44..az......L.J.....v.E.#".. ...$0<..Q.w=wE. .....q..._,.Z6.k.!..8.q.]....D.....OJ..7...g.=...;.<.I......V#..$..~.ZH.j[y.@....f.M1...D.R...c...A.i.@..m...c}..).

<<< skipped >>>

GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849080378&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849080378 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /lgn/js/oauth/udbsdk/pcweb/udb.sdk.pcweb.embed.min.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.udb.duowan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:59 GMT

Content-Type: application/x-javascript

Last-Modified: Wed, 25 May 2016 06:20:30 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 02 Jun 2016 06:40:59 GMT

Cache-Control: max-age=600

Content-Encoding: gzip

10a5.............:]o.Jv.E............#8.S...S..........E.*I......X`...b........b......9.AR_I....E"..9s....n.../.,.....[....,..C\7.|.0{.ge.g........&..}.E.(.....I.....0.]!...8.e...B...HK..N.[...BX.&../....... ...])..'.......d.....H4`..,b#...q...v..(gy.....o.....s1M./.....X.K..s]......M...%G..P...{....E...`..."Ng..8-.b..P..J>....oo[. ..e.p.=.....4......U........v(.......`a.%,rc..)u...9......^....'O.X\..n_..s.<...pRo.Y.X..l.^.:.H.....>..c.D... .X.6..."7.A(8...{.-...F.....,. .Z.l...T....,ly.........8S....H}.h......%.9l.T..Z.5P...E.e3B.F_..y...j..}8{............N..?^..;. t.z.....T.eg......".......J|.c..N...D<*.....O......h5l?m.?.....?............=..9....^wa.g.{.........V....D4T..r..m.<.y\.?8:?;.yn......q:WV<.Am.0|t.....r.&..........o..8...'x|..'.9s.....L....g.....\...........?<H...8t.U."C6q.....9a)x..eb'"..Q?m.i.Z...2..........>.kg8..$.....?..N....S.^.1_..kv/.`...n...IgI.@.F....d...j.... ..e.p....1.Q N[...>z.........[G............7..tV.,.&.i{.!.-.F...5.....p.......DT.5.b.B5.5...tu..m...`...H....._{..x. ..... ...Q..8. j....{..id...2.6.p.g.8.nh_gqj.>...-..}.n#....W.W..'C...\]=...W...=....T.Q..A.. &..K..aA......5.7....1.;..Y.&.....:........Z..N..8J.....|n.qT........v.}.~.`h.c..$N...V.|.........?>.._>..o?.......@..PQ:.9.Z.......I3`....pK.9../v.d...&vzb.....4..!..|.T....x..p.....V...\PT......<.s.......M.*(..p~|...\P.... 1...o...b.R..b..16/..../$.....a.#..q/.D,..&$.!...&<.G\u..0...f.y.)..........H*...~.UV:...@..Y....W.X.|D........E.!.?2.....X...`b......6.q#s.o..Y..fh..2I.5.....`."

<<< skipped >>>

GET /lgn/js/oauth/udbsdk/udb.sdk.getmm.min.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.udb.duowan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:00 GMT

Content-Type: application/x-javascript

Last-Modified: Wed, 25 May 2016 06:20:30 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 02 Jun 2016 06:41:00 GMT

Cache-Control: max-age=600

Content-Encoding: gzip

571.............V...6..*..%R,|6`0...#.6.I.6...0$#.2...b...A?{..>`z.....K.Z.}.}.}.m.Q.i.9yl.-..2Yl...`.}.)W#.,......S...:......X...5m...8..............D...s,/...g-.n.......3}...f_..h.:.!.=s8.!.<-...5 &.`E.F.9...4f....G V.>.........t.B...h."....6..\Q..>..S1....c%_...%...[|,....~=..T'V._0.{x.}j.....4.P&Z.#ZB.*qN.."H...!............(>MJ..K)....tM.....g....3r..S.......1n..*.....6.S.-..8mw.?Z..Gw<h.....vt...... .....u....,h....*..n...64Ls.1G..hh....W..R...F.hs..3.j.0.L...v.Q.G.....>.W....... n...p&.n.9..G...pj...Lt.^....5..O..\...3w .c...g...7.v.W.-.mC.U...7$.r..9.)..n.o.....v...5....#\.!..P....I...V(.9....$.]L&.K...p..m. ..D...O..u......6i3F..E..#..T.2....".i4...p...NtD....H.E.2H..N.i..,?.[.Y..M.5.:.%..|h...$.R..A,1........M.!.^GAE..KG.R.d......Sm......o.%/.L...~..y..n..V.....(P.....M.H.... ....Kr.....y<.(.-@..m.n4i....B.q[!..........yp.37..X&.*2....dia........7x.2.q..n.m..=....-|h.W}.,..8=.~.0O......$.w...{.L.x@.k...7...L,.h...M..m.ny...6...3..........Y5ML...R.....G...y.8X(.(/.E......:........P.0.R8..]1Aj..4p[...^.,1..y%Q...<.....Y.. ..R.../.W..5R..8 ...h.MA.....!.....Z.a......V.0U8.2^_p...Y.4..8$V)BWF.....j..g..D.....4;?d..L[...=_........W......8..J...u...z.!..`l....F..q.........D........|{....2..#../h.X.....6;w..2.(A.}a......3..C......<..(...:.[..,X....w.`W.}.t...p...m.=..i<a...\..X.r/y&.'..Q..tP.......M.m..6.....=z.1..]mlh.`-A...p...w.=>7..]......[.C..[../.......^....O....G.....0......

<<< skipped >>>

GET /lgn/css/oauth/udbsdk/xelogin.sdk.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.udb.duowan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:04 GMT

Content-Type: text/css

Content-Length: 667

Last-Modified: Wed, 25 May 2016 06:20:30 GMT

Connection: keep-alive

ETag: "5745442e-29b"

Expires: Thu, 02 Jun 2016 06:41:04 GMT

Cache-Control: max-age=600

Accept-Ranges: bytes

/*mark*/@CHARSET "UTF-8";.popup-mask{z-index:30001;position:absolute;top:0;left:0;-moz-opacity:0.5;opacity:0.5;filter:alpha(opacity=50);background-color:#000;width:100%;height:100%;zoom:1;}.popup-mask iframe{position:absolute; z-index: -1;}.udbsdk_login{display:none;}.udbsdk_close{font:13px/1.5 Tahoma,Arial,Verdana;text-align:right;position:relative;top:23px;right:-4px;}.udbsdk_href{TEXT-DECORATION:none;color:#A7CFEC;font-size:14px; font-weight:bold;}.udbsdk_href:hover{text-decoration:none !important;}.udbsdk_frm1{width:524px;*width:526px;_width:526px; height:298px;*height:300px;_height:312px;} .udbsdk_frm{width:320px ; height:273px; vertical-align: middle;}.HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:04 GMT..Content-Type: text/css..Content-Length: 667..Last-Modified: Wed, 25 May 2016 06:20:30 GMT..Connection: keep-alive..ETag: "5745442e-29b"..Expires: Thu, 02 Jun 2016 06:41:04 GMT..Cache-Control: max-age=600..Accept-Ranges: bytes../*mark*/@CHARSET "UTF-8";.popup-mask{z-index:30001;position:absolute;top:0;left:0;-moz-opacity:0.5;opacity:0.5;filter:alpha(opacity=50);background-color:#000;width:100%;height:100%;zoom:1;}.popup-mask iframe{position:absolute; z-index: -1;}.udbsdk_login{display:none;}.udbsdk_close{font:13px/1.5 Tahoma,Arial,Verdana;text-align:right;position:relative;top:23px;right:-4px;}.udbsdk_href{TEXT-DECORATION:none;color:#A7CFEC;font-size:14px; font-weight:bold;}.udbsdk_href:hover{text-decoration:none !important;}.udbsdk_frm1{width:524px;*width:526px;_width:526px; height:298px;*

<<< skipped >>>

GET /hiido_internal.js?siteid=www@yy HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hdjs.hiido.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 02 Jun 2016 06:30:59 GMT

X-Powered-By: Express

Accept-Ranges: bytes

Cache-Control: public, max-age=0

Last-Modified: Thu, 26 May 2016 02:37:10 GMT

ETag: W/"59c1-154eaec37f0"

Content-Type: application/javascript

Content-Length: 22977

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive

/*! hiido.js: v0.7.4 2016-05-26 10:37:00 */.!function(e){function n(r){if(i[r])return i[r].exports;var t=i[r]={exports:{},id:r,loaded:!1};return e[r].call(t.exports,t,t.exports,n),t.loaded=!0,t.exports}var i={};return n.m=e,n.c=i,n.p="",n(0)}([function(e,n,i){"use strict";!function(){var e=i(1),n=navigator.userAgent;try{new e(n,!0)}catch(r){console.dir(r);var t=new Image(1,1),o=encodeURIComponent,a=r.stack?o(r.stack):"";t.src=window.location.protocol "//wbugs.hiido.com/c.gif?e=" o(r) "|" a "|" o(window.location.href) "|" o(n),t.onload=function(){}}}()},function(e,n,i){"use strict";function r(e,n,i,r){e.addEventListener?e.addEventListener(n,i,!!r):e.attachEvent&&(e["e" n i]=i,e[n i]=function(){e["e" n i](window.event)},e.attachEvent("on" n,e[n i]))}function t(e){var n="; " document.cookie,i=n.split("; " e "=");return 1===i.length?"":decodeURIComponent(i[1].split(";")[0])}function o(e,n,i){i=i||{};var r=e "=" encodeURIComponent(n);if(i.expires&&"number"==typeof i.expires){var t=new Date;i.expires=1e3*i.expires*60*60*24,t=new Date(t.getTime() i.expires),r=r "; expires=" t.toUTCString()}i.path?r=r "; path=" i.path:"; path=/",i.domain?r=r "; domain=" i.domain:"",document.cookie=r}function a(){return window.location.hostname}function s(){var e,n=window._hiido_wid,i=Object.prototype.toString;if(n)if("[object Array]"===i.call(n))e=n.join("|");else if("function"==typeof n)try{e=n.call(window),"[object Array]"===i.call(e)&&(e=e.join("|"))}catch(r){window.console.log("_hiido_wid ..................!"),window.console.dir?wi

<<< skipped >>>

GET /hiido_internal.js?siteid=www@yy HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 26 May 2016 02:37:10 GMT

If-None-Match: W/"59c1-154eaec37f0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hdjs.hiido.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Date: Thu, 02 Jun 2016 06:31:05 GMT

X-Powered-By: Express

Accept-Ranges: bytes

Cache-Control: public, max-age=0

Last-Modified: Thu, 26 May 2016 02:37:10 GMT

ETag: W/"59c1-154eaec37f0"

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive

HTTP/1.1 304 Not Modified..Date: Thu, 02 Jun 2016 06:31:05 GMT..X-Powered-By: Express..Accept-Ranges: bytes..Cache-Control: public, max-age=0..Last-Modified: Thu, 26 May 2016 02:37:10 GMT..ETag: W/"59c1-154eaec37f0"..X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)..Connection: keep-alive......

GET /hiido_internal.js?siteid=www@yy HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 26 May 2016 02:37:10 GMT

If-None-Match: W/"59c1-154eaec37f0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hdjs.hiido.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Date: Thu, 02 Jun 2016 06:31:12 GMT

X-Powered-By: Express

Accept-Ranges: bytes

Cache-Control: public, max-age=0

Last-Modified: Thu, 26 May 2016 02:37:10 GMT

ETag: W/"59c1-154eaec37f0"

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive

HTTP/1.1 304 Not Modified..Date: Thu, 02 Jun 2016 06:31:12 GMT..X-Powered-By: Express..Accept-Ranges: bytes..Cache-Control: public, max-age=0..Last-Modified: Thu, 26 May 2016 02:37:10 GMT..ETag: W/"59c1-154eaec37f0"..X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)..Connection: keep-alive......

GET /hiido_internal.js?siteid=www@yy HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 26 May 2016 02:37:10 GMT

If-None-Match: W/"59c1-154eaec37f0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hdjs.hiido.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Date: Thu, 02 Jun 2016 06:31:21 GMT

X-Powered-By: Express

Accept-Ranges: bytes

Cache-Control: public, max-age=0

Last-Modified: Thu, 26 May 2016 02:37:10 GMT

ETag: W/"59c1-154eaec37f0"

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive

HTTP/1.1 304 Not Modified..Date: Thu, 02 Jun 2016 06:31:21 GMT..X-Powered-By: Express..Accept-Ranges: bytes..Cache-Control: public, max-age=0..Last-Modified: Thu, 26 May 2016 02:37:10 GMT..ETag: W/"59c1-154eaec37f0"..X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)..Connection: keep-alive..

GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849073831&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849073831 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849066144&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849066144 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /cm/user?time=1464849065&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:02 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_ui="astyYDKFq0a2WlezmUN12A==|0.6"; Expires=Tue, 29 Nov 2016 06:31:02 GMT; Path=/

....

GET /cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="astyYDKFq0a2WlezmUN12A==|0.6"

HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:02 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&

....

GET /cm/user?time=1464849066&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:03 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_ui="/CQ/vRyNOKd62lCrFSuMgA==|0.6"; Expires=Tue, 29 Nov 2016 06:31:03 GMT; Path=/

HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:03 GMT..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connection: keep-alive..Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: cm_ui="/CQ/vRyNOKd62lCrFSuMgA==|0.6"; Expires=Tue, 29 Nov 2016 06:31:03 GMT; Path=/......

GET /cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="/CQ/vRyNOKd62lCrFSuMgA==|0.6"

HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:04 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&

HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:04 GMT..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connection: keep-alive..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&......

GET /cm/user?time=1464849073&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="/CQ/vRyNOKd62lCrFSuMgA==|0.6"

HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:05 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&

HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:05 GMT..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connection: keep-alive..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&......

GET /cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"

HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:08 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&

HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:08 GMT..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connection: keep-alive..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&......

GET /cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=9Cingj_B4CY= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:09 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_mapping=tanx|0|1464852669; Expires=Tue, 29 Nov 2016 06:31:09 GMT; Path=/

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:09 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: cm_mapping=tanx|0|1464852669; Expires=Tue, 29 Nov 2016 06:31:09 GMT; Path=/..GIF89a.............!.......,...........L..;....

GET /cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; cm_mapping=tanx|0|1464852669

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:10 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_mapping=tanx|0|1464852670; Expires=Tue, 29 Nov 2016 06:31:10 GMT; Path=/

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:10 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: cm_mapping=tanx|0|1464852670; Expires=Tue, 29 Nov 2016 06:31:10 GMT; Path=/..GIF89a.............!.......,...........L..;....

GET /cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: cm.hiido.cn

Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; cm_mapping=tanx|0|1464852670

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:11 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_mapping=tanx|0|1464852671; Expires=Tue, 29 Nov 2016 06:31:11 GMT; Path=/

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:11 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: cm_mapping=tanx|0|1464852671; Expires=Tue, 29 Nov 2016 06:31:11 GMT; Path=/..GIF89a.............!.......,...........L..;....

GET /cm/user?time=1464849080&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; cm_mapping=tanx|0|1464852671

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:12 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:12 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..GIF89a.............!.......,...........L..;....

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:09 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Set-Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY; expires=Sun, 31-May-26 06:31:09 GMT; path=/; domain=tanx.com

Location: hXXp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY=

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /group16/M00/DF/D3/tz0M9VdIH4YAAAAAAABCXwapNGU050.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.m.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Mon, 25 May 2026 12:17:34 GMT

Date: Fri, 27 May 2016 12:17:34 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 16991

Last-Modified: Fri, 27 May 2016 10:20:54 GMT

ETag: "57481f86-425f"

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou188:8105 (Cdn Cache Server V2.0), 1.1 db77:3 (Cdn Cache Server V2.0)

Connection: keep-alive

......JFIF...................................................%...#... , #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........@...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....2.&.n2......x..Qx.B..|.&..(\&.Sf.._.9..?....F....4a2..-...5......e...^.e...~9...Z...)......I. .;.....U....Dt. .\.....@. .phQ........U.r...t?...\{.)k...m..&.E"..G .G......C P....c@.N.......MNy;." 6.'....*....*!.A.I.hZ..E.*q..w.0...r8".eK.FP....)5....\2...z.t...b\u....R...[.b6....`.s...........N/.1.....|.V.D..)4.q..\z..\.s@...R.a.RB..#.2.....q:..@.$..B=*....8.E.0...S.V....*.h.G.j* ...f.\.M>......;.'..0......&gkJ....&q...^...1.SF......PN:K...Fk6.V. .........Z..I./....|z...\...[.z..d....jv.A*3.$W...A?y\.....Fr..1...".N.IX..&.R$`.K.>..s2Z:..eKe .1.w.L...ev.W..z.I>....3.F.......3w.qZ.l.]X... .....hCdP....Fy.P\.s.Fv.....*..r3b....;BF......X#..ZX.n>.[...6.e........-.F. ........*.c7...XUTw....#.@..\.E.!..>.?.Z..[.......w...8.....\6)Og..Y@...u....1....n..#.R.bkK.BT..U8.C4-&(..H#.VSV)j...A.E..a.....ZE...yY..8...........v..r*X..q.........8.zR.l'aT.6I..,EWA60..JC....;..."n....&.U.T-. .....i|(r..a... fBz...t..T

<<< skipped >>>

GET /group16/M00/2F/B8/tz0M9VVAXDEAAAAAAAApeRzzhWQ610.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.m.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Wed, 18 Feb 2026 06:26:42 GMT

Date: Sun, 21 Feb 2016 06:26:42 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 10617

Last-Modified: Wed, 29 Apr 2015 04:21:23 GMT

ETag: "55405c43-2979"

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhdx182:8111 (Cdn Cache Server V2.0), 1.1 db77:4 (Cdn Cache Server V2.0)

Connection: keep-alive

......JFIF...................................................%...#... , #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........@...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......P.....P.@....P.@......v.P....P ....1@.(.(.........P...C@..!..b..Qp..J`....)....@.@.qY.Z.).P1h........(............(.S.....0..C@..........(.4.J.J.C@.L....%...J`..f..P.H.......(.....P.@....P.@..%.....P.@..A@......P.b..P.P.@.L........h.....BP.P.@.j....(.....P.@....P.@....P.@...P...%.aM.a...`....P.@X(.........J.C@.L....@%.......%.Z.((.P.@....P.@....P.@....P.1..=..`../4........6.y.d..v..J.4j2.?.|.i..k.rK|5....l..P?3N........9.d...ps......AA@.....P.P ..&).C@...J.J.J`...`..b..@.h..Aa@....P.@....P.@....P.@..Eu*A..#.@9&.>b.....Y.w6......cs.[._...a.zs...n.../.|k....&.guc...^...g`.....F...hHj.8...v....]/J...B.r..3FH...23.....K....)...'A.j.0N.$..9v..G=8=..zU$d.g...w......3M.G...E-.*.....s...6\7>.\..I...(......(...!.....%....!..P..@.L..Ch...5.....P.@....P.@..).z".....A...<Rn.....o<S F!T...O@J.....Z.;.....=0..G6.F...y...9.8.....j.5.Ab...79'=.[..n*..x....)zm[.F.O.>...1 ...#..c...X.!.V:%.q......Vi.FTprs.....#..G

<<< skipped >>>

GET /group16/M00/AB/24/tz0M9VZb9NQAAAAAAAAquzvx9eg282.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.m.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Fri, 06 Mar 2026 14:00:47 GMT

Date: Tue, 08 Mar 2016 14:00:47 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 10939

Last-Modified: Mon, 30 Nov 2015 07:04:29 GMT

ETag: "565bf4fd-2abb"

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou188:8108 (Cdn Cache Server V2.0), 1.1 db78:7 (Cdn Cache Server V2.0)

Connection: keep-alive

......JFIF...................................................%...#... , #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........@...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........Lhp........\P..L....P..).\P.@..&..#SB.h...._..5.|-.Iyy"I..8..|.. *.F....>.z.rm.'.j..|U{$.gig..w..d2(.nN.H.......9k.)k)~.0...aq(..Z.K..m........n?:.6W. .?......./x...\.... ."..........\.<".6w......B.#WH....&O,d.p9n...rzt..1:.....M#T..l#.............z...%;.z.(......@.(..4.B(d."..0...F..F.C."qI.....B!"....(!.....KEYW..E......8..(..p...)..h.q@....qH...(.h.(....3@..`gk..v6...B.(26.r@..$..NH.."3. .$....-KP....y. .D.Ua.$..xT..1.$...Sz....aO..e..[.M.1;.$.. ...'....../.$....l.D..........g.NI..4..... ..m...d....;W.C...9....g)....F...?.......:z.4........C.7..........`.t..$0..O8.qM;.R.Z........Z.3a...)..h...F..,.......g'=..7.e ..v....=.)I=..Ns..B....!...A#M .E4!.PH.(..3@....M..E1...K .h!.%^j..i........0...9E .(...P.@....P.P.y.....W...8.<.I..P&.x....H....R......I9.... #.."..q...d..t(.Gy.?..6...<.a.|7(wc...G'.{.....l..i...{.M.,C.2v..:.o...j...&..Hd>F..U.....9..^.8.....z"%...E.$c...xn........V..........g'&lt

<<< skipped >>>

GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&isnew=1&io=1&ut=1464849067566&rnd=0.79673912970488821464849067566 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: log.mmstat.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Server: Tengine

Date: Thu, 02 Jun 2016 06:31:08 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=rMDWD7pw/UgCASU5EL0I34H ; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server: Tengine..Date: Thu, 02 Jun 2016 06:31:08 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=rMDWD7pw/UgCASU5EL0I34H ; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H ..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cache..GIF89a.............!.......,...........L..;t>....

GET /cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: log.mmstat.com

Connection: Keep-Alive

Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY

HTTP/1.1 302 Found

Server: Tengine

Date: Thu, 02 Jun 2016 06:31:09 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server: Tengine..Date: Thu, 02 Jun 2016 06:31:09 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cache..GIF89a.............!.......,...........L..;..

GET /cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: log.mmstat.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Server: Tengine

Date: Thu, 02 Jun 2016 06:31:08 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=rMDWDx5FnCUCASU5EL04/DMR; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&cna=rMDWDx5FnCUCASU5EL04/DMR

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;....

GET /cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: log.mmstat.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Server: Tengine

Date: Thu, 02 Jun 2016 06:31:08 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server: Tengine..Date: Thu, 02 Jun 2016 06:31:08 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cache..GIF89a.............!.......,...........L..;..

GET /pc/js/lib/jQuery/jquery-1.11.1.min.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Sat, 04 Jun 2016 15:46:22 GMT

Date: Sat, 28 May 2016 15:46:22 GMT

Server: nginx

Content-Type: application/x-javascript

Content-Length: 96477

Last-Modified: Fri, 20 May 2016 09:37:21 GMT

ETag: "573edad1-178dd"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhenjiang82:8111 (Cdn Cache Server V2.0), 1.1 db77:4 (Cdn Cache Server V2.0)

Connection: keep-alive

<<< skipped >>>

GET /group16/M00/DB/E1/tz0M9Vc1T9UAAAAAAAA9GCmL_PA833.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.m.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Sun, 17 May 2026 03:08:27 GMT

Date: Thu, 19 May 2016 03:08:27 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 15640

Last-Modified: Fri, 13 May 2016 03:54:44 GMT

ETag: "57355004-3d18"

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou185:80 (Cdn Cache Server V2.0), 1.1 db77:3 (Cdn Cache Server V2.0)

Connection: keep-alive

......JFIF...................................................%...#... , #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........@...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..1_.#..U...B...P...V..)..*.)...Z.-0.`-..HB..p...f....b...5,bf...s^.t(.]V.-.C.R.3...d.....0.j..r...2.....?...T..ze..@7M$...r...<d..W.C...j.%........U...=.......l.$....J.0d...z..g....=.. ....m"...kR}8...D.ik7.....|g.%...d......m~.n.v.........?......mk4.\..c....q..$~...^N *.a..%u..I.F.e......).L.<...8.....(.(.E0....(.. .h.2.xh..*...0.h....3E.\P...`&(.qJ.-0.......)..*.u4!A.LLp5W.g..i.e.?..l.5.zN.nu......6.......m...>c..{.^Q,k..4........J..-......"..|K{t.. m.fo5... q.#.H.......$.N6^G.w.....]iv....G...&.7...w.2........JO.)..UK..l..[...R.Kuc...rGL....|.AW.....\........5....|.....pz.........nn...b......N.....vv.8i:....$..^...i.p.......i..~..,..s@.m*J].3q..}p.N...c..L.$.&..~...s....dzh5...x5I...Uq...1..`..P..`..)..@.4.e....(.B.....P).p....1@.).b..P.).b......!i....LB...hLF'.|Ao.....7.,.d1..k).............Z4...%..r.W>i.R...hj..h..B..c...x.......;...i.. ..VK.8.....b_s..NMnA.px#x...;....`..P....._@ph.E;.....R.....Z.-

<<< skipped >>>

GET /group16/M00/A8/67/d7wtWVZMVGYAAAAAAAAsUBB5Ylo338.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.m.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Fri, 24 Apr 2026 02:27:07 GMT

Date: Tue, 26 Apr 2016 02:27:07 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 11344

Last-Modified: Thu, 07 Apr 2016 12:54:11 GMT

ETag: "57065873-2c50"

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:6 (Cdn Cache Server V2.0)

Connection: keep-alive

......JFIF...................................................%...#... , #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........@...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..qY....B..q...@..(.=(..@..8..c....C..I.F.#..i6TV...!.y..G'.l.z.=k4j..n...d..U1...A..\.. ....D1...D..8...?.U.D.B...e..x.M..:.....8.r.K.Z..Pz..P.Z..k.;....8..E(....3 :.....O8...........1K...........1.T.Qk.....@....!S...%2H.L..... </N......\..<.).M..|?..... .-.sQ...0.H.}..V.d.sZ..........:U.........#..j.#7.>{2..;g..22q*:.Q..2.#B.....-..$..~...K.M..qz..[|.V..'.c...zV...w.]..`..P..D.F8..i....i.c.Z#&%h..=w.3A,.T.......L(%....@..B.P............/...-..&M.d.|.......D. |.r|.3.Q...Mu.6P...|.J.i.E.lb8...bnT.l...f..~Q..Z$.{....I...f...3&W$....h.....3..s.5..(......j.>.._..5<.....t..,....l.......(...-..k.v..SBf...P.....X6..?J..fP..}h....J.C%.=...U...8^(..ug.....15.4L.l.q...c.......r...q9.GG..*.t.:V.....]..7!..{r U#)D............-.l...A.8."..............|...~5%.GZ...q .2.../..:..*....1TM.b........(....P........c...*.B.3aT..{...*.z.B.>#[;I.Gj...........%dy...6.;y..2)..5..94....b....D....T$Y.&.A.../Dh.f......[..e).B

<<< skipped >>>

GET /group16/M00/BA/4B/d7wtWVbNX2QAAAAAAABV3x-aSpw439.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.m.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Mon, 02 Mar 2026 14:19:40 GMT

Date: Fri, 04 Mar 2016 14:19:40 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 21983

Last-Modified: Wed, 24 Feb 2016 07:44:43 GMT

ETag: "56cd5f6b-55df"

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:2 (Cdn Cache Server V2.0)

Connection: keep-alive

......JFIF...................................................%...#... , #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........@...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...O...a\vGO3"m5..YO..>V..Ma*...}...U....O.............Xw. ..)..$.N..0.. .w.f.&..F...Rh.......F,i.9."$A.... .r..d...qk"....$}........q7..t.....[G.[.}.!O..?CX.....y3...!.<.......n...jj?v.V....Y...C*........k...FEY...b........).....'.`......<.hd?0..u..1.....n..u.....6..Ud!..`Gpk..{......JV(\T....ZTYb..>W...F.auu.-..Kwn........f....[4....B.CA.C....OUb.........8.....i..6..8.b....Xg...?.w...d..qN...D..hFei..x..x..#..\...4...fu..h(p9..[...T.Sv9..?|.'.1.q.qE.b..l....D.7..$.......0....^.....XN%'?.'.k..-...(........lW...LW.{d...7.,.u.P.R..)..v!... i.:....-....=.E..8...4\....}....E..%.(..(.w${XJ..}.&.*.....a...R..u.Z.a.....XP..p_..a&.iz...(.....6..,}.......U..c.{mkA..>fe.RdUP....w....q...psM.Gr.....q... ..X...~...E.u.i1.)..8..Tr.m..}Mo...iZ.r.S..@Gp.....c..~5..Y..vaET.<wA{k...}..2.v.......F]s....O.:..B..N.3.G.F ..B.....R.1..u....s.....9.g:......0...#.;.OJ.1.S...pQ..'.S..t.......M.T.u.H..x.R...3.....*....74...

<<< skipped >>>

GET /statistics/StatisticsAction.json?uri=studio_ie6_windows xp&value=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: statistics.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849081

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:18 GMT

Content-Type: application/json;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Access-Control-Allow-Credentials: true

Content-Encoding: gzip

3a.............VJI-NV.RR.Q*.I,)-V.2.QJI,IT.....2..@....7.F*.....0..HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:18 GMT..Content-Type: application/json;charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..Access-Control-Allow-Credentials: true..Content-Encoding: gzip..3a.............VJI-NV.RR.Q*.I,)-V.2.QJI,IT.....2..@....7.F*.....0......

GET /pc/css/headfoot.mix.css?20160602135939 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 06:30:53 GMT

Date: Thu, 02 Jun 2016 06:30:53 GMT

Server: nginx

Content-Type: text/css

Last-Modified: Thu, 02 Jun 2016 06:06:15 GMT

Transfer-Encoding: chunked

Cache-Control: max-age=604800

Content-Encoding: gzip

X-Via: 1.1 db77:7 (Cdn Cache Server V2.0)

Connection: keep-alive

1530.............<i..8r.. .;...d.}b..dll..O..6...Zbwk..4..~.....-....H....'..b..V....5.z08/....o..x..CS...2.....!x...s........... ..2..eU...kY..~..SS<:...|..8... @.t.P6..nj.t.n..}..O....}..xY..{?.....?.ro....E...g...bp.%....{n..{..k.^c......n..n..[.nS...v......u s..{..[.]......(......@.....~.0..{"P!..........!..............H.....#........mS............0Bz.e.U^V...p.....t]c.0...S66..*k.....X.}[e.....om..Y=<......d..|..6........1....c.I..........u...r..R......G.E..b....}x.....2...9...f......^.?e.......g......Y..Gy.3.......<.oe.})..z.o...x..O.......9@....s.....i..W8.u..].......b.5./5............`.....bsn.{.... ...[`k......R......J.- k...4. P.=.B...b%.?5.^^....jz ....p.. ........z}.......#.}.... .r?on...]y......j!w.C...d.l.. .....O....?."....n... .8..&C.Ep..L(....N.A~).Ky.g.s.....K....o.......).I*.a 3..g.....Q...OQ.n.8...8ys|.a.t.................;j............j..n.....^.]...?n..\..;.?....)...C..^.=.6.....38~.2R....L.{C.....z......`QG..y.e.....W...8#-....\.}......R...............|d.Z@...a.t..3..D.lf...>46.D{..)..aY.......).....b...Y...L$...[..4a..G.....Q.....:B/.9....v.=....s.._..=..Q..>....)U......V.y...>.f`).j..."..x!3U.8.u:j..-B.}..R.8...D..3.....E.j..|.@.R.Q...G)k..Lj.}.=..Q..iz4#.\.....v:...P.N.m.Y..m.V..X!.HN....m.........A..t.S.:p...o......g..c....N:.r.J...O...N.....6u.......*.*..@.m..........!.....]......H...7..T."".t...Z......Z...E..bAO...TQ.1'.I..e.k..~DZ.\...>.......... 0.'......Fv.=Zh..........X:.1..V5.&...y).cb~.e..o.C....y....h`..F.:........v...........}.|.y..........G...._.-...

<<< skipped >>>

GET /pc/js/headfoot.mix.js?20160602135939 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 06:31:00 GMT

Date: Thu, 02 Jun 2016 06:31:00 GMT

Server: nginx

Content-Type: application/x-javascript

Last-Modified: Thu, 02 Jun 2016 06:06:15 GMT

Transfer-Encoding: chunked

Cache-Control: max-age=604800

Content-Encoding: gzip

X-Via: 1.1 db77:10 (Cdn Cache Server V2.0)

Connection: keep-alive

3903.............}kw..u.....{d.[h4.R.H.5..c<L.G...'$G.......PwA Mb....v.....>...7{...............f...a..U.]....O...[l..........,.. ..y....=......=..l.Dlh...$...i....L...'^V.:M..%Q....I.4...l.o..g...N.c]9..\j...a-.J.G..>.,.......O........-.'d....x.i..GI......l....X.v...v{.8..7..?.z.....#oI..Y.........AH68...LL.....1K!E...V.H.$~.*...O...u...t..0...Z....a....i.\c..}.....).p#..b.WW..$.X.l7..@..m.J.b........805...........,.<..V..vt.x.\ZsW.v.....PL_M...M.0.... ...a......X.....O.}g..... 1.o.(.p...,.....C.[A..........c.5b>f..0-..OOR.&...~.P.6..6.....:.9..t....tkJ.O.....z.\h....r.:.^.).........C.....pG....H..........\,...B.t.O. r.1.S........3.'...}.i.B?...E.a6.hO..........g......].%...GcN....O]..?.'!}..0.$.EH..G.8...x.C........N.<..x...19...J...4.i:..`l......9K..)3-.t....n".x*.w.0.Y...lked.^.'~.N...F ...T..g..t.\?..=...T_\.....O.,....T..=-...0g.&|zy.9.......O.Y^[..T._^....H.P..a.D.y{.o..i.C.8.....z..h?.P ......w...s...{..{.......u......W.^..~.*Qdc..x...)..z....:.z(...........8.<../X{...m.......Io.`I.....r......>..F.`.z.4...9.."....e..-.6."..*..q....X..v.p6....V[.....~.....u..0..;.$......y.~8.O..:.".$.e..%%hEeJ]a..-....9}..!.F.....".}n.lr..D|..$..4.\4.......5.*E....LI>.rV.tN..Q.B.('v..%:?..`.....<.....K......).?>j..q ..........|C1.>.....Y..q.-.}.8p..A.R.R.@.....5..._.........L...?......&K...q?.......J/uA.....>M.5.J.4..#.z)_L., ~.J(J.e2IWS......ex....R..|._YB.*..Q..,K@.b......d..!A..duU.3.U2..:...P.N.P..cb...F..&.S...w.o{..=...t.\X.YO@..B...O..P@R.k.@n.8.?.........|.n)......(f...^...

<<< skipped >>>

GET /pc/images/2wm.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 15:00:52 GMT

Date: Fri, 27 May 2016 15:00:52 GMT

Server: nginx

Content-Type: image/png

Content-Length: 14508

Last-Modified: Mon, 23 May 2016 11:22:41 GMT

ETag: "5742e801-38ac"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhdx182:8104 (Cdn Cache Server V2.0), 1.1 db78:10 (Cdn Cache Server V2.0)

Connection: keep-alive

.PNG........IHDR..............X....8sIDATx..}..........HG@.#.."".@......RD..(.{SPQ.JQ..*E.....(.(..... .......u.3.;........f./..99.I2Y.....))))..n....4.t...).9s..Y.f......2_F.y.....Yg...8p./e...?...>....8..m..../m....3.6)Q.Df.'b.H. %.De..g..M........P... y....{.........j.. ....s.5....Q..s.9.6...w.mR.lY..`.OL........$.......@..C.#.......L.... ...t..*.d..\u.U.6..d..}N...M.$..?.4...,.4h.@[o.3..'....$.r.... v............QQ..5.H.R....y..7...*_....C.B.8p ..{..W.aq|..7n..m.....7...2....?......,..es..:..|...w.?.|m.....L...\.e[....m..MP......>}..G..q5,Vz.>'.~.!m".....r_z.%J.S.N%.....O....1#t.c.=.JO=P........Q.<....s^{.....Jy....|..m..{....'...~h....MS...v.;.<m.{...,.............W.hQm>..Q.F.Q....D.g[.n....O..i....c.{...D=.2..u.].mL.Q...r... n...CO..f..w.......X..F.S.&.........9..8.. ;w.t.=.5.y........U.V.y.....^{.....B...~.....z..i.c3.@.L.....v..#..A,@,@,@..aj.......A......I_..u.Z.jT.F.Xh..a....K..U.......&.z....Z.j.>/..2....X`^te,S...........|>@ti....e......^x..0.tr..I..t-w...............k.x.*U......h.~..E...-Z.{h.....g.}Vy...........o.....\r..#...d.....[..{..A._y..i... .n..i...8Hk..Q|>w.....M.<9f....f#.. .. .... .5....k^...9r...y..%......6.....s....*?..(. u..Q..u#.g....{..A2bA...n..Xx.E.P(.$.S,]Z.|.\^cP^.r..... ..aj..)...LW.../.......$#...........y...;..".. ..,p..(......K.... X...If.......W_}.........wh.0q.=.kG.;..)......H. (P,....H....5@...N8-.Z.OuS,....X.\9e.5k...yL.Rb.5....4..tU....z.d...........M`.....u......<Xy.......][Y."E.h.N..........yA...)>..XZ....Ml...r.4m?a........[>..e

<<< skipped >>>

GET /pc/images/components/w-head/images/w-head-sprite.png?$cssjsdate HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 15:03:34 GMT

Date: Fri, 27 May 2016 15:03:34 GMT

Server: nginx

Content-Type: image/png

Content-Length: 6079

Last-Modified: Fri, 27 May 2016 05:46:55 GMT

ETag: "5747df4f-17bf"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhenjiang80:8105 (Cdn Cache Server V2.0), 1.1 db77:9 (Cdn Cache Server V2.0)

Connection: keep-alive

.PNG........IHDR.......}.......w.....tEXtSoftware.Adobe ImageReadyq.e<...giTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:2BB29396CBA7E5119F439F0DA7ACDCF2" xmpMM:DocumentID="xmp.did:25078143CB2911E58A13920359E01A66" xmpMM:InstanceID="xmp.iid:25078142CB2911E58A13920359E01A66" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:285B92DA28CBE511A701DDAE9E0BDC70" stRef:documentID="xmp.did:2BB29396CBA7E5119F439F0DA7ACDCF2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.m......PLTE...........3.U-........N...,,,V........TTT...........{..7.....I.kP..8........6|M&..m,e.....d6...........o..E......aaaQ2"..4.....Q.....<..a..g.........*.......o...Br.uuu...Hh~.....0@??....g .l.......C(..~~...................w*.........1t.........:.Z*..W..A....uG..........r .y0..F.....Q..]....tl'Z....0z......=.......v..............f ..9........H......._5.....[.q.....z1iUK.....7.....j........g.....y.....x1.............>......3Xz.jE.r/|.`k:......./......c/.......................1.........................p-..?..

<<< skipped >>>

GET /pc/images/components/w-leftMenu/images/icons-menuclose.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Sat, 04 Jun 2016 04:36:25 GMT

Date: Sat, 28 May 2016 04:36:25 GMT

Server: nginx

Content-Type: image/png

Content-Length: 1914

Last-Modified: Tue, 24 May 2016 09:18:47 GMT

ETag: "57441c77-77a"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou185:8111 (Cdn Cache Server V2.0), 1.1 db78:4 (Cdn Cache Server V2.0)

Connection: keep-alive

.PNG........IHDR..............]Hr....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:A304DAA9EA8111E5BB679C93BB9C9144" xmpMM:DocumentID="xmp.did:A304DAAAEA8111E5BB679C93BB9C9144"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A304DAA7EA8111E5BB679C93BB9C9144" stRef:documentID="xmp.did:A304DAA8EA8111E5BB679C93BB9C9144"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..&.....IDATx...]HSq......9..S...S/..8D...q}.KH..S.C/.Db.%........C.T.$YT.Z.... .zp.A...t..s..........9p..x..........FGG..`...{...U..n...<..Qm.a8p|....B....U.4F.....>.0..>.=S....<....y...`.W".......L.:f..q:.zE...H)f..I..(**rc5..P.f.....S.9......A..........Ld.f........0....%.r.2.<c"[0.)..T)-..h.....b.....x..F].V.F%.UM3...).v...p...H....^..j.1.:.M......rc.)B'.....)b...bl.`... ..D.A..D.A...7 ===..Dx{:...j.9...`hh.......}U(g......6...zL..2<.....0.4Bu....iPSS.C.K..mj....:.....o........ ..G...........o..r.@ .......R.A..D.A..D.....!......U.....)...H.W.H.)..Fi.m..V".x.. ...:..'.a%2;

<<< skipped >>>

GET /pc/images/components/w-leftMenu/images/icons-leftMenu2.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 13:23:29 GMT

Date: Thu, 26 May 2016 13:23:29 GMT

Server: nginx

Content-Type: image/png

Content-Length: 3501

Last-Modified: Wed, 25 May 2016 10:22:46 GMT

ETag: "57457cf6-dad"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhdx182:8110 (Cdn Cache Server V2.0), 1.1 db78:7 (Cdn Cache Server V2.0)

Connection: keep-alive

.PNG........IHDR...,...........9A....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78147A0941E8E511B4F18C60B26C9B4B" xmpMM:DocumentID="xmp.did:C28CA4F60A8911E6A7BC8ECC5119A4F7" xmpMM:InstanceID="xmp.iid:C28CA4F50A8911E6A7BC8ECC5119A4F7" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DE35EEEE6F08E61188C6FFEC2BF8B5A6" stRef:documentID="xmp.did:78147A0941E8E511B4F18C60B26C9B4B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.'w.....IDATx..\i..E...,...cP\..4....u."..h.?&.F.. ..!v...?....Q.D.}A.VdQ..]c......w..A.....m...f.......YvMW.ez._..MMu.W....<..H.nll....X..........W........e^.Cw=p'p!}9.m..X.Iu.v%.k.C......{.K..@7......\ ^J.A~.........S.^k4t........X..'....6.. .Q,.q\......r.....vi>r'_#.................|.V.a.....4`O.G.a..t.D.0...w.p~q...{G..G...2`...A}..-|.'.=:Bl.......d.x%~.....7..x0i.D.. ?.T.-..e~.K...,..n!.O.3....N.."s<..,../5?.-..8.8.}.......FS.....1.to.5.J.xo....|....~.....2.~.......m....1a*..Y.-.;....?Jp......../.(...:..6._....Y

<<< skipped >>>

GET /pc/images/components/w-thirdpartyLogin/images/login-close.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 01:15:21 GMT

Date: Thu, 02 Jun 2016 01:15:21 GMT

Server: nginx

Content-Type: image/png

Content-Length: 1093

Last-Modified: Tue, 31 May 2016 07:31:37 GMT

ETag: "574d3dd9-445"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou190:88 (Cdn Cache Server V2.0), 1.1 db78:8 (Cdn Cache Server V2.0)

Connection: keep-alive

.PNG........IHDR.............r..|....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:ECE434E8F27011E58FDE90351826CD97" xmpMM:DocumentID="xmp.did:ECE434E9F27011E58FDE90351826CD97"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ECE434E6F27011E58FDE90351826CD97" stRef:documentID="xmp.did:ECE434E7F27011E58FDE90351826CD97"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.b<s..3.......M.......@.%..p...@.3.....1 .e..........4B5...)@.kA61..3piD....c.Ib..M..0.....).@.......]...4.c`.6... ..M..M0'..b. v..t.Y...O....&|.. T.......@....#T.@6....|..l,.......v......D....IEND.B`.....

<<< skipped >>>

GET /pc/images/default_portrait.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 15:13:44 GMT

Date: Fri, 27 May 2016 15:13:44 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 7872

Last-Modified: Fri, 20 May 2016 09:37:16 GMT

ETag: "573edacc-1ec0"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhenjiang80:8107 (Cdn Cache Server V2.0), 1.1 db77:0 (Cdn Cache Server V2.0)

Connection: keep-alive

......JFIF.....d.d.....C....................................................................C.......................................................................Z.Z....................................................................................y......g..........z......u....|[@.UC^S^%...a..C....j...a.$#.3}..h}qG.9.g...,%.nS.D.).Y....u.h.#gG.`..AK.K..#.. 33.:@._....(...q.c....{.*.R..L.5n..l.w c.J`M..R.......#8..\..i.I...yU..P.............X..e...i C.0..zT...!?.Z.%7.I......Z.F6..x..^O.a...S)..[.~.R...3uu.n..1..}.`..(.....b...}7.L-..\&.o-.Zm.@Z.....jE .`[...i..]..h...%F.<'<.HQ.v.uz..O..DJj(V..<..om..J@.s..d..4.Y...c......?.l.$R^..6..1jez5o..B.R\...9..Yw.s.....).............................."3. !#45A.............I....."........F.3.....l;9..W.6.\3B.r...!)..!.m.gd..L%......Em..F|..=]a%..............!k....8...B.....c..0X..k...j.......\.3a.....I|e<...p....VE..[.W-u.......#.6.j...............W".uM......,.....l...K.e./.[.2........P...x.>.U\.c. .....X.P..5.....X......x`6..%m[E.....1.h>BWWTG_....H.S."...4. ."d.......f.&.h..| ...._....#..s.b...pO45O@k...Tt~Y.d....D...Kq....%..Il..x...c.H{..%. .'quo..BEu........`.K..g......g...?........................!1....AQ2a...."3q....#BRbr...... 4CS.........?....T.....F....."..v..[..G.~..#..e.>.>..#.....x..&c..N.%w......[..........>..x.P..`.1.4....%i....;$c......m"...i.............. ..W..@....4.5R'.&.......1..W.n.....@4.L...s.....R.4.......OjsPbcS...2......o..G2=..b..-.....<.......M4L.SZ85.......v....s....7?..TZ..}...IW..-.......f.%..U=.f...-..]......O

<<< skipped >>>

GET /pc/js/lib/requirejs/require.js?20160602135939 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 06:31:03 GMT

Date: Thu, 02 Jun 2016 06:31:03 GMT

Server: nginx

Content-Type: application/x-javascript

Content-Length: 14904

Last-Modified: Thu, 02 Jun 2016 06:06:11 GMT

ETag: "574fccd3-3a38"

Cache-Control: max-age=604800

Accept-Ranges: bytes

X-Via: 1.1 fuzhou191:8111 (Cdn Cache Server V2.0), 1.1 db78:7 (Cdn Cache Server V2.0)

Connection: keep-alive

var requirejs,require,define;!function(ba){function G(e){return"[object Function]"===K.call(e)}function H(e){return"[object Array]"===K.call(e)}function v(e,t){if(e){var i;for(i=0;i<e.length&&(!e[i]||!t(e[i],i,e));i =1);}}function T(e,t){if(e){var i;for(i=e.length-1;i>-1&&(!e[i]||!t(e[i],i,e));i-=1);}}function t(e,t){return fa.call(e,t)}function m(e,i){return t(e,i)&&e[i]}function B(e,i){for(var n in e)if(t(e,n)&&i(e[n],n))break}function U(e,i,n,r){return i&&B(i,function(i,o){!n&&t(e,o)||(!r||"object"!=typeof i||!i||H(i)||G(i)||i instanceof RegExp?e[o]=i:(e[o]||(e[o]={}),U(e[o],i,n,r)))}),e}function u(e,t){return function(){return t.apply(e,arguments)}}function ca(e){throw e}function da(e){if(!e)return e;var t=ba;return v(e.split("."),function(e){t=t[e]}),t}function C(e,t,i,n){return t=Error(t "\nhXXp://requirejs.org/docs/errors.html#" e),t.requireType=e,t.requireModules=n,i&&(t.originalError=i),t}function ga(e){function i(e,t,i){var n,r,o,a,s,u,d,c,t=t&&t.split("/"),f=D.map,p=f&&f["*"];if(e){for(e=e.split("/"),r=e.length-1,D.nodeIdCompat&&Q.test(e[r])&&(e[r]=e[r].replace(Q,"")),"."===e[0].charAt(0)&&t&&(r=t.slice(0,t.length-1),e=r.concat(e)),r=e,o=0;o<r.length;o )a=r[o],"."===a?(r.splice(o,1),o-=1):".."===a&&0!==o&&(1!=o||".."!==r[2])&&".."!==r[o-1]&&o>0&&(r.splice(o-1,2),o-=2);e=e.join("/")}if(i&&f&&(t||p)){r=e.split("/"),o=r.length;e:for(;o>0;o-=1){if(s=r.slice(0,o).join("/"),t)for(a=t.length;a>0;a-=1)if((i=m(f,t.slice(0,a).join("/")))&&(i=m(i,s))){n=i,u=o;break e}!d&&p&&m(p,s)&&(d=m(p,s),

<<< skipped >>>

GET /pc/js/studio.js?20160602135939 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 06:31:04 GMT

Date: Thu, 02 Jun 2016 06:31:04 GMT

Server: nginx

Content-Type: application/x-javascript

Last-Modified: Thu, 02 Jun 2016 06:06:15 GMT

Transfer-Encoding: chunked

Cache-Control: max-age=604800

Content-Encoding: gzip

X-Via: 1.1 db77:0 (Cdn Cache Server V2.0)

Connection: keep-alive

800a..............k...q ....`aJ.@1.f..F..k...gZS=..U.>(.,...p...K$u$..$....e..e{..]k.c....%kV.1w.g............%y..w.H]`>#3###"##6.3....._..(.`.`8;w.....3v}gd........0...r.......4....B..O...:S..:z...$Z..:.f..^.?6.gL..% 4|..7/c'R....... ..d...........I/.V..jQ.pb....s#.c.....o.....Y..ah_*.....o.....E..... 0.RA..c.....|..,.r.9)..Z..@...O.B.<.e.7.....M=.V!f-....=....k.:.v..}.|...G.0.\....k...G.SY<... .I...>91..d.m4.:,M.........>......4.o:gw.N..ms..\..Me.......u.~........-M.k.[P.u...hU.4..&ap.48H........7.Nh .....W..y5x...!e.<.L-.'N.-u.A..e.;...j|..,.....j..J.."...N.b;.VI...l...R{.B..B..BeP=q....V.Z...@.{.......n.!.5...S..ou".K6.]....s..Mm..S......_^.....sm.u..=;...,.8,...[..s.....~w.h......H..8..$.Oj..G....o..}.</....#f..../.M..&..-{.m......... .7&'4P.Hr...1...x8...z...\8.-;rt........y.K&.NC.~..2|..2"A-....M..6.RPM].T..r..8s}....o....|z.<..d....*@...R._P..L..O M]S/Y_.........>@U.e%iPi.H....&...u|.:G..;....o...W...s..",0...y..w....;..wvo.Z...v.{s...vwv:;]..........[.....{T...4n.......i#........1.O.......o..^y...l(..T...*#;..D9".......$..........k....s1F8...W.....5.(.N.?_..Jk.;.=7.L.O...r....G....7.C'J{....2*.C[D.Dl.bA..JQ.RV. y.p..pN.i..W.w......zm....3"......E..E...2.A>_..P..)....k!VU......H..Rd..!..gA..C.....p.TR...$........O...Z.GjT.&.S.d. r.. |x.A3...]o..~........`H^.NY..85*.s....}.d..#.....S...{..K2..v...G.8..(.l.9..j.'.......5..A.s.|YD..#WBb.(.P..R8.j1.....T.CGe6_..(!~..J0Lv.$ _q...S.*.....%...-).......=.e*3_...:&...-{kK.u...S...f.P...y....;Lz.\..9.y......L.2...H=...`.....l.}...

<<< skipped >>>

GET /pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 13:46:52 GMT

Date: Fri, 27 May 2016 13:46:52 GMT

Server: nginx

Content-Type: image/png

Content-Length: 4789

Last-Modified: Fri, 27 May 2016 11:23:26 GMT

ETag: "57482e2e-12b5"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:9 (Cdn Cache Server V2.0)

Connection: keep-alive

<<< skipped >>>

GET /pc/images/loading-white-mini.gif?201605261526 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 13:46:55 GMT

Date: Fri, 27 May 2016 13:46:55 GMT

Server: nginx

Content-Type: image/gif

Content-Length: 12694

Last-Modified: Fri, 27 May 2016 11:23:22 GMT

ETag: "57482e2a-3196"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive

GIF89a............E..g.....s...........&..............c...........C...........y..S..............Z..... ..[.................<..L.....m.....{..l..K..4....................2.....#..:........z..s...........T............................................,..........................[........................................................:..........................e.............}......N..................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:7B2AD44BD6FD11E5A2F6C23F896E17AB" xmpMM:DocumentID="xmp.did:7B2AD44CD6FD11E5A2F6C23F896E17AB"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7B2AD449D6FD11E5A2F6C23F896E17AB" stRef:documentID="xmp.did:7B2AD44AD6FD11E5A2F6C23F896E17AB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .................................!....

<<< skipped >>>

GET /MGFhN2YyZTEtZWM1YS00MWJiLWFkZjAtNWYyYTExZDQzNTg0.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2dl.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 06:26:36 GMT

Date: Thu, 02 Jun 2016 06:26:36 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 57637

Accept-Ranges: bytes

Last-Modified: Fri, 08 Apr 2016 11:45:17 GMT

ETag: "05103121f4d2ad1e1d0d5fd6247c26df393229fa"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 zhdx182:8108 (Cdn Cache Server V2.0), 1.1 db78:10 (Cdn Cache Server V2.0)

Connection: keep-alive

......Exif..II*.................Ducky.......b.....*hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:8C674D38FD7411E597FADFC94CEB5A8E" xmpMM:InstanceID="xmp.iid:8C674D37FD7411E597FADFC94CEB5A8E" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F49862DFFCA211E58BAEE6768DC01998" stRef:documentID="xmp.did:F49862E0FCA211E58BAEE6768DC01998"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................B.b.............................................................................................!1.AQ..aq...".....2....B#3...Rbr..C$456.c7...SsDd%Ue.89.....................!.1A..Qa.q."......2...B#..Rb3.r..$..Cs..S5.c...4.............?......@..>.C..r...S..QO...j.,4..B.c?....2..P..>..S=x.A...W..\...........=.%......-Q=.E4.5.....~.&1u.1.E3.A..........0'...F......I.L.M.....4..)(...OJ;P...O.A.0<..0.$t...Hj8..Z:y.|...d....&XT.mU{....-..:=P!..2...$.cX..@.!CNx.r

<<< skipped >>>

GET /ZDJlZDFmYWEtMjgxOS00NmU3LWE1NzQtMjYzYWM4NDkwMWVj.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2dl.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 04:37:04 GMT

Date: Thu, 02 Jun 2016 04:37:04 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 87874

Accept-Ranges: bytes

Last-Modified: Fri, 08 Apr 2016 12:06:09 GMT

ETag: "fc382aa7256ccc1b335b878ec4e32ad2d916a2f1"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 fuzhou186:8108 (Cdn Cache Server V2.0), 1.1 db78:1 (Cdn Cache Server V2.0)

Connection: keep-alive

......Exif..II*.................Ducky.......b.....*hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:74445BFFFD7411E5BBD599E469D2731B" xmpMM:InstanceID="xmp.iid:74445BFEFD7411E5BBD599E469D2731B" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DB4D34DFFCAA11E580E9BDA302A424FD" stRef:documentID="xmp.did:DB4D34E0FCAA11E580E9BDA302A424FD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................B.b...............................................................................................!.1.A"..Qa2.q.BR#3.....45....brCS$T6..cU7..sdV...DE.8....e.&F'......................!.1A..Qa..q.".....2...B..R#3br.....$5..4..CS.............?....>.Zn.L.>.[Qr.o...D.)Zc...,Tu.s..wV.........^.P...f..W...;.]wvD.Ii.....\.J.R.@F.Gn..di.Qk...95.v.H...y...f........w..[SjPI.TH.w.E ...A..>...0.. .Lc1l...C.o...8....|..A.!.......E....t.x..u|..B.B." .)A...%zD.b.g...n..

<<< skipped >>>

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /1354080893_1464664091.891954.jpg?ips_thumbnail/4/0/w/363/h/330/format=jpeg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: mobilelivephoto.bs2dl.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074

HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 06:31:10 GMT

Date: Thu, 02 Jun 2016 06:31:10 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 14136

Accept-Ranges: bytes

Last-Modified: Tue, 31 May 2016 03:08:12 GMT

ETag: "09b11e27d1efcc3f65282a1f60267dfb631eb5d3"

Cache-Control: public,max-age=86400

X-Via: 1.1 fuzhou188:8106 (Cdn Cache Server V2.0), 1.1 db78:0 (Cdn Cache Server V2.0)

Connection: keep-alive

......................................... $.' ",#..(7),01444.'9=82<.342...........2!.!22222222222222222222222222222222222222222222222222......@.`.."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...L....P.QE......Z.(4R..k}..(c.H.v.....-..v......4..:).{....55C.J...(..C.(...;UY.....Q.8....I...j{u....?1.0.[..>.........J..2i.TFzt...&.n..6......I.h.....V..sP..g....C....<......y..'zx...p.*t.P.Z.h%..2j..Z!.j..Lu.Q@..(...(..4...%..QH:...ZZA....CKI......!.x.J........ka2.1M~....l.p{.Tu......;.#.-<u.....(.0.4..@.c....E\...j..`U!...s...yp .$U"...[.F%.j..G^....JJ2NA.. d..JK..s.k..Pc.........N.V...s......Kc.F..\.....&'..V...UVdP......RG?.....j.r.Fz.......T ............L..Ps.zRQ]OF...<.6.....O..o*.t..Vk. 3..yd....q....9.JI..4.sQ.. ...9nM......T.)....:T..]*\P&-.Q@..(...(.....zS(..u..(<...ZZA....JZm.F.]........&.[...i.............F.S. .S.F.QE.!.......G!.....w..s...\W7..l...V..d...^^,k.....).K.F...../.H....X.p..vF.#.sm........4c9|.N.H...}..}...ibn.....M.........9T..h.R......)#.y.],..^..a`.z....^$$.~W.=..yS..........5.H.t....C....V.q.F..v.r>....... ..Zgd........h.94..fN..r.Si...e....z..:.. sHE........wN).-.Q@..Q@..Q@.FM<

<<< skipped >>>

GET /cm/user?time=1464849065&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:03 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; Expires=Tue, 29 Nov 2016 06:31:03 GMT; Path=/

HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:03 GMT..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connection: keep-alive..Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; Expires=Tue, 29 Nov 2016 06:31:03 GMT; Path=/......

GET /cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&tanx_tid=rzQriA3wFNQ= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:09 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_mapping=tanx|0|1464852669; Expires=Tue, 29 Nov 2016 06:31:09 GMT; Path=/

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:06 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Location: hXXp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:09 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=7687&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&io=0&ut=1464849088784&rnd=0.79673912970488821464849088784 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849082&username= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /pc/css/studio.css?20160602135939 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 06:30:54 GMT

Date: Thu, 02 Jun 2016 06:30:54 GMT

Server: nginx

Content-Type: text/css

Last-Modified: Thu, 02 Jun 2016 06:06:15 GMT

Transfer-Encoding: chunked

Cache-Control: max-age=604800

Content-Encoding: gzip

X-Via: 1.1 db77:0 (Cdn Cache Server V2.0)

Connection: keep-alive

29b8.............}k..F.._.N0Hw...m...E......|......d[>.m.r,.~.8.}.)...d..Af.F::.`.X,..bUm^..9....m.\w..)|-..f.uV>..O...U_.`Wm.k...........9....a7.>g....c5 ...r...*..l.%6....%....... .[...~^.//.........].-.Ay...O.z.;V...t........D....*(w...v.[.c....K.U....n..?.w........k ..\O.C4?..C2?..C6?...c=o....r...n..).U9......T^...S....]}~...A]n..,.{......*.p.[..}=V..... 5v.........X....F...o..}......>w..U#|.V.yM.....t..\1...j........l.c.........ky..o.9...9t.c= %O......O..X_..].>.]...r...p.}......8.Pv..iN3....N....6...0z.a>1SO.......<../Us................'...g?...*?.c..=6.......%k.S.........t_...n/......-....`..?..(....$..J.Y.[}.4..<w.....nk.l.........g.=V.u_........._>r..g..O.ERuwe.W...|f#.g...p..t....r..|...[...0.u...N....U..1..f..{....z.........y.{..i....1....y......E6.G..6m..f..d@.m}j_...J....o..S..... ....O....s......O.9.\....*./_..r......wO..C.3......XN....K.Z...!...bh.b...I..{.C...e..V....T..>.....?......_.^........G.xu...K.iYVW..."0X_.1.q.[.W%[..$AD.50Qa...z|w.....?|.......m.(.ePO?\.?.'..............g.,.|....Z]...0.....X.!R.@.q...!I."..........(.4...`&......ZI...)ZZ4..~.5.Z....)..o.....,..A.B.L...T).._,M..5.}.5R...G..\.....CC..M..9....k......Z.?...-.........z9ws......6..#..T./..]..d&=..t..?.^...k4.'...P......d......E]..Z..x..=.5.M..fK=.6{5.O.%...w.....p...r.m..._x.&.L..=.-.....Sfp..{...[6o.......zeb.k.O-c..].....S...."....%......M..."].,..PU.^....G..5p....:h...I......cn...F..|U.oo6|.Q:.1.....P..:\5.E.W.M....../............ D...y.j1.2-..,h..r..K0......`@N|...brsN..@9..x.p-j1#......#!'Y.

<<< skipped >>>

GET /huya/main/pkg/auto_combine_334bb_d5d43b2.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.huya.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.dwstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Sat, 30 May 2026 07:36:17 GMT

Date: Wed, 01 Jun 2016 07:36:17 GMT

Server: nginx

Content-Type: text/css

Last-Modified: Tue, 31 May 2016 08:38:53 GMT

Transfer-Encoding: chunked

Cache-Control: max-age=315360000

Content-Encoding: gzip

Age: 1

X-Via: 1.1 zhj75:8104 (Cdn Cache Server V2.0), 1.1 db77:0 (Cdn Cache Server V2.0)

Connection: keep-alive

2932.............=kS.<...Wd..;..o.|....~..R.....tv..-...4q.....n...c'...m..l.H:...]M/...I.H..x..{...S#...C.2....t...t....Q..Ng=c7..)...O.......c......8I.y.Kf#.o.._..v........6.i2....VVq..z.a.cw...Q..?M..........5o-j..-=.....|.F.i#....c..L'.(....,...sullT.i.....{sR..0...C. ......]."St....bx.7..`...X..p......1I..|.{..u.i.. .y...s/...Zrw0%.2..q....$....t...=.......u>.y......ya.O.=.....<.{........W......t.3Z>z;c/......(.H.vX.....x.[..4...l...O.t:.....&..<.E^.....M=_..>.F..IT....4Y....."...E....|/...."~.z.K....!....p...Z..ta."..`;.X.>....r..H.kd.qX{.v..9o..$hi..$_...A..ip'F...dK.K....D...v..|A.<...O...F..5........I...\.. ..9dr.I.s..a........K&....F:.&.(.Uk:.Z.....GOq4..h.m...t...U7..ow_W..r?\...E.]2.....r....y~...Exw.wF@&...:#at.RK.h./.T.. .".Y....._.q....do..J....&_3.ljl.L...K..5..:0..Yn...mJ.*......R7..a...t..#..F........b........IP..F...i:..e..t........v$...:..E.L.l~.....f.(..b..2......ik.H..[k.d.............3. ....tq...,..y.F^..;.....n]W.o.y..&....A....!p.(..........T..xn.mU.7a..O...o...>:z.kE.!0..R.A........@`!h 'K..l.....r\.$.}...8N...lDHuF.]....8...1.>dL#;.C.e58s.3..nw...@..j...:..y.@.#.~ .JyXWa?....H.9.....T...GkA-(a".......t.1a..g.;.C..40...d*....-.I'-.z.8......w/...5;.A.@7...GZ..xr.igv..IQ..R...a...f........B.q.'?F.....:.E3?^.~O:.d|H{-..4.C...W5..@..d%Q..c.ti.8 ..^k.'b..5.........D.3o...|.$../....G..........y...%3-2....;M..{.....;.a|.(N...H...=......a.<...D.7D._4.../.$.g.x.[.8#Wd....B.*pQ#=...N..[5.|..Z..=....P ..JMz.5..|.*.[..{..ur&..IZ.L....^....7.vf.!y...V=..wv.2..h8....

<<< skipped >>>

GET /j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849075&username= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-type: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050......

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.yy.com/9050

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Connection: keep-alive

Content-Length: 260

Content-type: text/html

Last-Modified: Wed,02-Dec-15 18:31:09 GMT

...<?xml version="1.0"?>.<cross-domain-policy>..<site-control permitted-cross-domain-policies="all"/>..<allow-http-request-headers-from domain="*" headers="*" secure="false"/>..<allow-access-from domain="*" secure="false" to-ports="*" />.</cross-domain-policy>....

GET //get-data/36588833?subSid=2488366466&type=yycomscene&referer=hXXp://VVV.yy.com/9050&_=38874345 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Encoding: gzip

Content-Length: 798

Content-type: text/html

Set-Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6;Path=/;Domain=yystatic.com;Expires=Fri,02-Jun-17 06:31:09 GMT

Set-Cookie: hiido_ui=0.90771560971984433;Path=/;Domain=yystatic.com;Expires=Fri,02-Jun-17 06:31:09 GMT

...........UMk.9....h.O.F.%i.,.e......,!H%)n23..G.C...R{...C..C7......S..&.wyhvbC.......}.k.SL(..1..M.w.T...8...o.3PZ&..V2._.e.......od4|......0L....Y#EE.W).Y.]...wc.@S.....ym7.6.vC&..4....%{...N.....v....p{:Q8b>.m.....K...'..K...mE..n|A..$Z _d..P..>.wm.]. a?fJ.m.>.-........[........e..L...Sn..).c1...A...EL.y.E..x.Y.4V....#.....rr.%... .W1kmR.F.h.).d.P2.k..!.V.}..KUEh_..Z'U.Je0H"...yr^.......d..8..I.x..J.....w!..O?wn."..~...=...s\.....<....!s.M.aP;?a...|Z....md}.q9r..V..r........){Ijk..".EpI...............$..0....;....y.?.C....q...R..M........#f....H.AL...k...].w.....vW3s...g...[....u.5^...6.3].......$r0..3...ub..N.u:...;.z...6.(0.9...9...4......0..p#...n.. ..J.~....K.K.i.v...\.o...[.....gk?J".<k".-....n..../>..<..Q......b.0.P..Y.....IJ.yx7dZO...../......r1........Q."..E'.1@.....b.WFW...HTTP/1.1 200 OK..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Encoding: gzip..Content-Length: 798..Content-type: text/html..Set-Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6;Path=/;Domain=yystatic.com;Expires=Fri,02-Jun-17 06:31:09 GMT..Set-Cookie: hiido_ui=0.90771560971984433;Path=/;Domain=yystatic.com;Expires=Fri,02-Jun-17 06:31:09 GMT.............UMk.9....h.O.F.%i.,.e......,!H%)n23..G.C...R{...C..C7......S..&.wyhvbC.......}.k.SL(..1..M.w.T...8...o.3PZ&..V2._.e.......od4|......0L....Y#EE.W).Y.]...wc.@S.....ym7.6.vC&..4....%{...N.....v....p{:Q8b>.m.....K...'..K...mE..n|A..$Z _d..P..&g

<<< skipped >>>

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433

HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.yy.com/9050

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433

HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

GET //get-data/36588833?subSid=2488366466&type=yycomscene&referer=hXXp://VVV.yy.com/9050&_=39600410 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Encoding: gzip

Content-Length: 794

Content-type: text/html

...........U.j.H.}....OCOw.]`B ....../.1}.EfFB.L....j...........S...OI_ ............Z5]UW....4..u.......Q C...Z..LR..aL.e.HS...H-.HY...ry8.%P..R...3F(@.>..@Z....}.!Q....~U..O.}...^...}..p.F76..v...}X....!...T....9"~.!uL.M... ..n8.[V"..........p...Vuv.!a.ib.05x.%.j...V3k../d...Dj..a...&|...Y.,.r.....*[O..V......(U0,s...%...|..s...J.wx}1..$"C.*....G}d..R..d.....x.VpI.... .>..QI....n...,.:g/..Tr.G.7....S...i]lv....NE.c.....u....J...9xfY..D..O.<N....O......f....e..S\.....G#.0Ds2.....E...R..I..~1......S.>V5.|.a(3R..Q.(..|......q{...xH.d...j.m.>$n.....,..\.<.s..>..........o......5.7.zY...s.!.....3...g@r%/r'.>e.D..Ny3..t..q=..m.o.........5.\)%.....8....>I.).... ..j.6.6b/......w.,_#tV.()o.\..}...y....eW..n.....e..7DZ..L......bf0....$`.O..$&........q.~.....p...w9x..i.....f.)d...NUO...G%..Y...HTTP/1.1 200 OK..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Encoding: gzip..Content-Length: 794..Content-type: text/html.............U.j.H.}....OCOw.]`B ....../.1}.EfFB.L....j...........S...OI_ ............Z5]UW....4..u.......Q C...Z..LR..aL.e.HS...H-.HY...ry8.%P..R...3F(@.>..@Z....}.!Q....~U..O.}...^...}..p.F76..v...}X....!...T....9"~.!uL.M... ..n8.[V"..........p...Vuv.!a.ib.05x.%.j...V3k../d...Dj..a...&|...Y.,.r.....*[O..V......(U0,s...%...|..s...J.wx}1..$"C.*....G}d..R..d.....x.VpI.... .>..QI....n...,.:g/..Tr.G.7....S...i]lv....NE.c.....u....J...9xfY..D..O.<N....O......f.

<<< skipped >>>

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433

HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.yy.com/9050

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433

HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

GET //get-data/36588833?subSid=2488366466&type=yycomscene&referer=hXXp://VVV.yy.com/9050&_=19542649 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433

HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Encoding: gzip

Content-Length: 797

Content-type: text/html

...........U]..1.}.g..>.4...XD...AX.....;.v......{3.].u.U.Z..s.=.9.|.\w...f ..U..[.tU]1...F4.e.U...X.A.....}. P.q........c..b.....HE...0f.>...R=.)..i..<.i......@.A.)./...b.1~XU...Bo.......>yr8....@B.]..>.....!...d....yD..C....6.uA..n8.[f"..'.2.3..........6C.@.....`-J,5.)M.a.......... L...c.....g.....fB.....4)..9x...C-W. J.$UA8....{..(...U)C.,8.Q..4$..T...-.5.!.,..AXa.F....2.R!B.....RJc(....I..%....$kY...yn.l.u..}..s;&a.......kv..U2....{...ThN..TD....{w4..v..../.x\....b..........D.sRS.tI.%I.....b.m.}..S.&V5.......r.(H<F....O}.T.-..>....@)....f.C.V.(|0.....A....[.n.O.}}]...7Mx..i...7.z....p.!........./...:.........:..x...O...v.M..Z........K.i-.....8....<J.*.......b.6.6b/........L."tV.H)._.......y....eW..n....'..\K8 .ur.x.T13.e...Q.4W..$.......c.n.f..o..p.Z..>eJ....&...Y.<...;]}...6.jbY...HTTP/1.1 200 OK..Access-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connection: keep-alive..Content-Encoding: gzip..Content-Length: 797..Content-type: text/html.............U]..1.}.g..>.4...XD...AX.....;.v......{3.].u.U.Z..s.=.9.|.\w...f ..U..[.tU]1...F4.e.U...X.A.....}. P.q........c..b.....HE...0f.>...R=.)..i..<.i......@.A.)./...b.1~XU...Bo.......>yr8....@B.]..>.....!...d....yD..C....6.uA..n8.[f"..'.2.3..........6C.@.....`-J,5.)M.a.......... L...c.....g.....fB.....4)..9x...C-W. J.$UA8....{..(...U)C.,8.Q..4$..T...-.5.!.,..AXa.F....2.R!B.....RJc(....I..%....$kY...yn.l.u..}..s;&a.......kv..U2....{...ThN.

<<< skipped >>>

GET /r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: c2.web.yystatic.com

HTTP/1.1 200 OK

Content-Length: 21750

Content-Type: application/x-shockwave-flash;charset=UTF-8

Last-Modified: Wed,02-Dec-15 18:31:07 GMT

Via: 1.1 db80:8500 (Cdn Cache Server V2.0)

Connection: close

CWS.ip..x....<.....<.=3c.-....."K.....`..eF3C.H......B..EE..d.h.=-.$.........~.....s....{.9......p. H...d`.F..A... ..d....^E.............1.X.7.n...L.4M|..A0D......'........h'xL.@....'.p8.A@.L ..E...#,((.(.....<."7GP.,@...#....AQ..K.....#.(E......IA!1......,...L7@bD...... ......oB.....0........8,..............Q...,./....9....$<.*.....n....Z'g..V3....._..e.X.?.!0...m ..8...c.3C0.D..l...Z;g..5d....F..y.r.?M?....C. .YB>Q.;..Z...E5[s......\..K...ERu.....=..dm.5..T5.TT)Y..u...$..7.].M..g.>4..U....%..X...%........ .*.B.4.S.n....GS..).SOc.... ..v..ovM....I......4.|n,.....n]^.Zw......}Zl.s.9e....S....#>...\8u.AD..Q.;{..?2._.iu..90.r..w.....d.Z..D...[^6....3.-.....~7q..a.....og.j.o.B..\...[.Z.]....E.....~....O.%*....h...^..k.:Z0W)....q.D.>.Z..b*.>.....I...n...w81......D..|.Y.^[.......S.c(....t...KSK:...(....a.a......1f......}.<.,-..i.O.k~............h..0}.....fC..X......tN.(...o..-o..-kl..(..?...."zU...Lx.&.O7$..-.rU9..k.].L...fg...<.^:0Z.[2...<.P).O..D...O.u?..... Ka...'=g;[n..E....{_..G.w....#G2........x.=\.......7.#q.....g.-._..4.N.....a....M.....O....nR5.u..wYR....SV...L8/.....r_.S..........b....BD...w.)w....!...._.[.-p!v...`..i....O........M...I..Q;'.......li.l~}.VN.i......>wn......t..?;2..2:.......#..1i....sT..p._%k4...8f..Y]......o..wH%?bU.m...6{h.%.Cz...t.....I.@....J.X.s5....N/..v..Tl[p.!j......irOF....\W..Q...w..M......)...7.&..,.....f^l..x[I.n.....N._..t..S...MI.2................!...n.Mk......*.}>g.Fnj.V.}.....g....#E..G;...bO.....]..WhRs....!j.l...]M^..[./....\.&.....

<<< skipped >>>

GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=5984&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&isnew=1&io=0&ut=1464849073691&rnd=0.79673912970488821464849073691 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:30:35 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/

<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......

GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:43 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:30:43 GMT

62b8..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -...1...@9050-...-...2...</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messagebox.css"/>..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.blue.monday.css"/>..<link type="text/css" rel="stylesheet" href="htt

<<< skipped >>>

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:30:45 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/

<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......

GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:46 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:30:46 GMT

4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -...1...@9050-...-...2...</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messagebox.css"/>..<link type="text/css" r..1000..el="stylesheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.blue.monday.css"/>..<link type="text/css" rel="stylesheet" hr

<<< skipped >>>

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:30:48 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/

<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......

GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:48 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:30:48 GMT

<<< skipped >>>

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:30:53 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/

<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......

GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:54 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:30:54 GMT

<<< skipped >>>

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Cookie: hiido_ui=0.572767224148353

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:31:02 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/

<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......

GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Connection: Keep-Alive

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Cookie: hiido_ui=0.572767224148353

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:03 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:31:03 GMT

<<< skipped >>>

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:31:09 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/

<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......

GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Connection: Keep-Alive

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:10 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:31:10 GMT

<<< skipped >>>

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849081

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:31:18 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/

<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......

GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Connection: Keep-Alive

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849081

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:18 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:31:18 GMT

<<< skipped >>>

GET /j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&act_type=200&source=0_0&time=1464849075&username= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100

HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT

GIF89a.............,...........D..;..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&cna=rMDWDx5FnCUCASU5EL04/DMR HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:08 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Set-Cookie: cna=rMDWDx5FnCUCASU5EL04/DMR; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=tanx.com

Location: hXXp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&tanx_tid=rzQriA3wFNQ=

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /duowan.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.duowan.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 06:32:54 GMT

Date: Thu, 02 Jun 2016 06:27:54 GMT

Server: nginx

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 11794

Last-Modified: Fri, 27 May 2016 09:51:47 GMT

ETag: "574818b3-2e12"

Cache-Control: max-age=300

X-UA-Compatible: IE=EmulateIE7

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou186:8104 (Cdn Cache Server V2.0), 1.1 db78:2 (Cdn Cache Server V2.0)

Connection: keep-alive

/* Hiido v20160527.01*/.eval(function(E,I,A,D,J,K,L,H){function C(A){return A<62?String.fromCharCode(A =A<26?65:A<52?71:-4):A<63?'_':A<64?'$':C(A>>6) C(A&63)}while(A>0)K[C(D--)]=I[--A];function N(A){return K[A]==L[A]?A:K[A]}if(''.replace(/^/,String)){var M=E.match(J),B=M[0],F=E.split(J),G=0;if(E.indexOf(F[0]))F=[''].concat(F);do{H[A ]=F[G ];H[A ]=N(B)}while(B=M[G]);H[A ]=F[G]||'';return H.join('')}return E.replace(J,N)}('j BY="CA",Dg="ylog.u.k";7 Di(){j BH=8.Dq,BM=CT(BH),d=BM?BM.B1:O,BO=BM?Ck(BM.CI):O;Y(BO=="Cc")BO=O;j BZ=DE(0.Bd.CR),CV=CT(BZ),BS=CV?CV.B1:".";Y(0.Bd.protocol=="Dz:")BY="Dz";Y(BS=="."||DQ(BS))y v;j _=C0(BS);Y(!_.BD)y v;j BK=P;Y(!BH)BK=O;p Y(BS==d){BK=Q;BO=O}j ap=$.appName,av=$.DT,Z=$.Dd.B3();7 Ci(X){Y(X==By.Bg)X=P;p Y(X==Cu.T)X=Q;p Y(X==BU.By)X=R;p Y(X==1440.V)X=B4;p Y(X==Co.864)X=S;p Y(X==BU.U)X=T;p Y(X==BU.Bg)X=BI;p Y(X==B_.Bq)X=U;p Y(X==1680.Cm)X=BE;p Y(X==B_.By)X=Bp;p Y(X==Cn.Bq)X=Bq;p Y(X==BU.EP)X=Dw;p Y(X==BU.D8)X=14;p Y(X==1360.Bg)X=15;p Y(X==DJ.T)X=Dv;p Y(X==1400.Cm)X=Dt;p Y(X==B_.V)X=Du;p Y(X==DW.h)X=19;p Y(X==Co.D8)X=Dy;p Y(X==1088.612)X=Br;p Y(X==Cn.Cl)X=Bl;p Y(X==Cn.DM)X=Bm;p Y(X==BN.Co)X=f;p Y(X==BN.1536)X=CS;p Y(X==Cb.Dv)X=Dl;p Y(X==Cb.BN)X=Dn;p Y(X==Cu.h)X=Do;p Y(X==DW.e)X=Dp;p Y(X==320.f)X=Dr;p Y(X==1366.Bg)X=Bn;p Y(X==480.BP)X=BP;p Y(X==1080.By)X=Bi;p Y(X==DJ.D_)X=Bj;p Y(X==1136.D_)X=e;p Y(X==Cb.DM)X=Bh;p Y(X==BN.Cl)X=CL;p Y(X==B$.Q)X=CM;p Y(X==B$.BN)X=CK;p Y(X==B$.f)X=CQ;p Y(X==2880.Du)X=CP;p Y(X==Dx.C3)X=CO;p Y(X==Dx.f)X=CN;p Y(X==Bs.C3)X=Ce;p Y(X==B

<<< skipped >>>

GET /zone/35887743 HTTP/1.1

Referer: hXXp://m.yy.com/zone/35887743

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:30:32 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/35887743/

<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......

GET /zone/35887743/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/35887743

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:36 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:30:36 GMT

4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -........................</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messagebox.css"/>..<link type="text/css" r..HTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:30:36 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..Last-Modified: Thu, 02 Jun 2016 06:30:36 GMT..4c5..<!DOCT

<<< skipped >>>

GET /zone/35887743 HTTP/1.1

Referer: hXXp://m.yy.com/zone/35887743

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:30:42 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/35887743/

<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>......

GET /zone/35887743/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/35887743

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:42 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:30:42 GMT

4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>YY............ -........................</title>..<meta name="keywords" content="......................................................YY............"/>..<meta name="description" content="YY...............YY...........................K................................................YY...YY........................................................................................................................K......m.yy.com" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/album.css" />..<link type="text/css" rel="stylesheet" href="http://m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwidget-messageHTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:30:42 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-alive..Last-Modified: Thu, 02 Jun 2016 06:30:42 GMT..4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tran

<<< skipped >>>

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_872:

.text

`.rdata

@.data

.rsrc

t%SVh

t$(SSh

|$D.tm

~%UVW

u$SShe

kernel32.dll

wininet.dll

ole32.dll

winmm.dll

ws2_32.dll

WinINet.dll

shlwapi.dll

User32.dll

user32.dll

gdiplus.dll

advapi32.dll

rasapi32.dll

Wininet.dll

urlmon.dll

shell32.dll

OLEACC.DLL

gdi32.dll

HttpOpenRequestA

HttpSendRequestA

HttpQueryInfoA

MsgWaitForMultipleObjects

GetWindowsDirectoryA

HttpAddRequestHeadersA

GdiplusShutdown

keybd_event

RegCloseKey

RegCreateKeyA

RegOpenKeyA

UrlMkSetSessionOption

GetProcessHeap

ShellExecuteA

WinExec

RegEnumKeyA

RegFlushKey

RegOpenKeyExA

RegCreateKeyExA

RegDeleteKeyA

%System%\ntdll.dll

%System%\kernel32.dll

%System%\USER32.dll

%System%\GDI32.dll

%System%\ADVAPI32.dll

%System%\RPCRT4.dll

%System%\Secur32.dll

%System%\IMM32.DLL

%System%\LPK.DLL

%System%\USP10.dll

%System%\WINMM.dll

%System%\comdlg32.dll

%System%\msvcrt.dll

%System%\SHLWAPI.dll

%System%\SHELL32.dll

%System%\WINSPOOL.DRV

%System%\ole32.dll

%System%\OLEPRO32.DLL

%System%\OLEAUT32.dll

%System%\WS2_32.dll

%System%\WS2HELP.dll

%System%\uxtheme.dll

%System%\MSIMG32.dll

%System%\MSVCP60.dll

%System%\WININET.dll

%System%\CRYPT32.dll

%System%\MSASN1.dll

%System%\PSAPI.DLL

%System%\VERSION.dll

%System%\urlmon.dll

Web.dll

software\microsoft\windows\CurrentVersion\Run\

VVV.huya.com

hXXp://VVV.huya.com/

hXXp://m.yy.com/zone/1151027897

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

http=

https

HTTP/1.1

Content-Type: application/x-www-form-urlencoded

HTTP/1.1

hXXps://

hXXp://

hXXp://VVV.yy.com/

VVV.yy.com

hXXps://aq.yy.com/loginOut.do

hXXps://aq.yy.com/p/wklogin.do

&denyCallbackURL=hXXps://aq.yy.com/p/logincbk.do?cancel=1&regCallbackURL=hXXps://aq.yy.com/welcome.do&UIStyle=xelogin&rdm=0.26365254551226436

hXXps://lgn.yy.com/lgn/oauth/authorize.do?oauth_token=

hXXps://lgn.yy.com/lgn/oauth/x/s/login_asyn.do

&denyCallbackURL=https://aq.yy.com/p/logincbk.do?cancel=1&UIStyle=xelogin&appid=1

&password=

callbackURL

Winmm.dll

dsound.dll

@ping 127.0.0.1 -n

\*.*"

@ping 127.0.0.1 -n 1 >nul

del 123.bat

\123.bat

\TEMP.TMP

{Reg}((?:src=)['"]?).*?\.js['"]

{Reg}((?:hXXp://)['"]?).*?\.swf

{Reg}((?:url\()|(?:src=)['"]?).*?\.[jpg|gif|png]{3}

scripting.FileSystemObject

bbs.125.la_Cookie

Adodb.Stream

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Accept: image/gif, image/bmp, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

del C:\123.bat

\Restart.bat

(*.*)|*.*

(*.txt)|*.txt|

HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyserver

Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyenable

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\

\data\Config.ini

;http=

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT6.1)

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT6.0)

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.2)

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT5.1)

>Mozilla/5.0 (compatible) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.682.0 Safari/534.21

>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2

Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10

Mozilla/5.0 (iPhone; U; CPU OS 4_2_1 like Mac OS X) AppleWebKit/532.9 (KHTML, like Gecko) Version/5.0.3 Mobile/8B5097d Safari/6531.22.7

Mozilla/5.0 (Linux; U; Android 2.3.3; zh-tw; HTC_Pyramid Build/GRI40) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1

Opera/9.80 (compatible; U) Presto/2.7.39 Version/11.00

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12)Gecko/20080219 Firefox/2.0.0.12 Navigator/9.0.0.6

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7) AppleWebKit/534.16 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4

{25336920-03F9-11CF-8FD0-00AA00686F13}

document.all.retjs.innerText=

javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}

javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};

var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');

text|password|file

comdlg32.dll

{557CF400-1A04-11D3-9A73-0000F81EF32E}

{557CF401-1A04-11D3-9A73-0000F81EF32E}

{557CF402-1A04-11D3-9A73-0000F81EF32E}

{557CF405-1A04-11D3-9A73-0000F81EF32E}

{557CF406-1A04-11D3-9A73-0000F81EF32E}

WarnOnHTTPSToHTTPRedirect

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

adodb.stream

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

Microsoft.XMLDOM

VBScript.RegExp

application/x-www-form-urlencoded

WinHttp.WinHttpRequest.5.1

SetClientCertificate

Set fso = CreateObject("Scripting.FileSystemObject")

fso.DeleteFile("

sc.vbs")

\sc.vbs

sc.vbs

sc.bat"

sc.bat

del Restart.bat

%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

__MSVCRT_HEAP_SELECT

KERNEL32.dll

GetKeyState

USER32.dll

GetViewportOrgEx

GDI32.dll

WINMM.dll

WINSPOOL.DRV

ADVAPI32.dll

SHELL32.dll

OLEAUT32.dll

COMCTL32.dll

oledlg.dll

WS2_32.dll

GetCPInfo

CreateDialogIndirectParamA

UnhookWindowsHookEx

SetWindowsHookExA

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.*)|*.*||

Shell32.dll

Mpr.dll

Advapi32.dll

Gdi32.dll

Kernel32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

out.prn

%d.%d

%d / %d

%d/%d

Bogus message code %d

(%d-%d):

%ld%c

(*.htm;*.html)|*.htm;*.html

its:%s::%s

.PAVCOleException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCOleDispatchException@@

.PAVCArchiveException@@

zcÁ

#include "l.chs\afxres.rc" // Standard components

PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXC:\svchost.exe

@hXXp://m.yy.com/zone/35887743

F%*.*f

iphlpapi.dll

SHLWAPI.dll

MPR.dll

VERSION.dll

WININET.dll

.yy.com/zone/35887743

/login_asyn.do

c:\%original file name%.exe

246813579

(*.*)

1.0.0.0

svchost.exe_1604:

.text

`.rdata

@.data

.rsrc

t%SVh

t$(SSh

|$D.tm

~%UVW

u$SShe

kernel32.dll

wininet.dll

ole32.dll

winmm.dll

ws2_32.dll

WinINet.dll

shlwapi.dll

User32.dll

user32.dll

gdiplus.dll

advapi32.dll

rasapi32.dll

Wininet.dll

urlmon.dll

OLEACC.DLL

gdi32.dll

shell32.dll

HttpOpenRequestA

HttpSendRequestA

HttpQueryInfoA

MsgWaitForMultipleObjects

GetWindowsDirectoryA

HttpAddRequestHeadersA

GdiplusShutdown

keybd_event

RegCloseKey

RegCreateKeyA

RegOpenKeyA

UrlMkSetSessionOption

GetProcessHeap

RegEnumKeyA

RegFlushKey

RegOpenKeyExA

RegCreateKeyExA

RegDeleteKeyA

ShellExecuteA

WinExec

%System%\ntdll.dll

%System%\kernel32.dll

%System%\USER32.dll

%System%\GDI32.dll

%System%\ADVAPI32.dll

%System%\RPCRT4.dll

%System%\Secur32.dll

%System%\IMM32.DLL

%System%\LPK.DLL

%System%\USP10.dll

%System%\WINMM.dll

%System%\comdlg32.dll

%System%\msvcrt.dll

%System%\SHLWAPI.dll

%System%\SHELL32.dll

%System%\WINSPOOL.DRV

%System%\ole32.dll

%System%\OLEPRO32.DLL

%System%\OLEAUT32.dll

%System%\WS2_32.dll

%System%\WS2HELP.dll

%System%\uxtheme.dll

%System%\MSIMG32.dll

%System%\MSVCP60.dll

%System%\WININET.dll

%System%\CRYPT32.dll

%System%\MSASN1.dll

%System%\PSAPI.DLL

%System%\VERSION.dll

%System%\urlmon.dll

Web.dll

hXXp://m.yy.com/zone/1151027897

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

http=

https

HTTP/1.1

Content-Type: application/x-www-form-urlencoded

HTTP/1.1

hXXps://

hXXp://

hXXp://VVV.yy.com/

software\microsoft\windows\CurrentVersion\Run\

VVV.yy.com

hXXps://aq.yy.com/loginOut.do

hXXps://aq.yy.com/p/wklogin.do

&denyCallbackURL=hXXps://aq.yy.com/p/logincbk.do?cancel=1&regCallbackURL=hXXps://aq.yy.com/welcome.do&UIStyle=xelogin&rdm=0.26365254551226436

hXXps://lgn.yy.com/lgn/oauth/authorize.do?oauth_token=

hXXps://lgn.yy.com/lgn/oauth/x/s/login_asyn.do

&denyCallbackURL=https://aq.yy.com/p/logincbk.do?cancel=1&UIStyle=xelogin&appid=1

&password=

callbackURL

Winmm.dll

dsound.dll

@ping 127.0.0.1 -n

\*.*"

@ping 127.0.0.1 -n 1 >nul

del 123.bat

\123.bat

\TEMP.TMP

{Reg}((?:src=)['"]?).*?\.js['"]

{Reg}((?:hXXp://)['"]?).*?\.swf

{Reg}((?:url\()|(?:src=)['"]?).*?\.[jpg|gif|png]{3}

scripting.FileSystemObject

bbs.125.la_Cookie

Adodb.Stream

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Accept: image/gif, image/bmp, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

del C:\123.bat

\Restart.bat

(*.*)|*.*

(*.txt)|*.txt|

HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyserver

Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyenable

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\

\data\Config.ini

;http=

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT6.1)

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT6.0)

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.2)

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT5.1)

>Mozilla/5.0 (compatible) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.682.0 Safari/534.21

>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2

Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10

Mozilla/5.0 (iPhone; U; CPU OS 4_2_1 like Mac OS X) AppleWebKit/532.9 (KHTML, like Gecko) Version/5.0.3 Mobile/8B5097d Safari/6531.22.7

Mozilla/5.0 (Linux; U; Android 2.3.3; zh-tw; HTC_Pyramid Build/GRI40) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1

Opera/9.80 (compatible; U) Presto/2.7.39 Version/11.00

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12)Gecko/20080219 Firefox/2.0.0.12 Navigator/9.0.0.6

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7) AppleWebKit/534.16 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4

{25336920-03F9-11CF-8FD0-00AA00686F13}

document.all.retjs.innerText=

javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}

javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};

var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');

text|password|file

comdlg32.dll

{557CF400-1A04-11D3-9A73-0000F81EF32E}

{557CF401-1A04-11D3-9A73-0000F81EF32E}

{557CF402-1A04-11D3-9A73-0000F81EF32E}

{557CF405-1A04-11D3-9A73-0000F81EF32E}

{557CF406-1A04-11D3-9A73-0000F81EF32E}

WarnOnHTTPSToHTTPRedirect

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

adodb.stream

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

Microsoft.XMLDOM

VBScript.RegExp

application/x-www-form-urlencoded

WinHttp.WinHttpRequest.5.1

SetClientCertificate

Set fso = CreateObject("Scripting.FileSystemObject")

fso.DeleteFile("

sc.vbs")

\sc.vbs

sc.vbs

sc.bat"

sc.bat

del Restart.bat

%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

__MSVCRT_HEAP_SELECT

KERNEL32.dll

GetKeyState

USER32.dll

GetViewportOrgEx

GDI32.dll

WINMM.dll

WINSPOOL.DRV

ADVAPI32.dll

SHELL32.dll

OLEAUT32.dll

COMCTL32.dll

oledlg.dll

WS2_32.dll

GetCPInfo

CreateDialogIndirectParamA

UnhookWindowsHookEx

SetWindowsHookExA

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.*)|*.*||

Shell32.dll

Mpr.dll

Advapi32.dll

Gdi32.dll

Kernel32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

out.prn

%d.%d

%d / %d

%d/%d

Bogus message code %d

(%d-%d):

%ld%c

(*.htm;*.html)|*.htm;*.html

its:%s::%s

.PAVCOleException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCOleDispatchException@@

.PAVCArchiveException@@

zcÁ

.yy.com/zone/1151027897

/login_asyn.do

C:\svchost.exe

#include "l.chs\afxres.rc" // Standard components

246813579

(*.*)

1.0.0.0