Trojan.GenericKD.2530717 (B) (Emsisoft), Trojan.GenericKD.2530717 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 16168f1679741afd6d1619a67528b022
SHA1: cfdb1d824a06f86f432890984e9d3e72cab369e3
SHA256: 60209a7a5453de89fd1bd1703cee6187f55565f206271ddf9966e5f1f4da4a77
SSDeep: 12288:tj7NKpBcIOSwULWiJcZiGwKP4R ugOJ/Oq999/SMZoS1K1Ssq:tj8OSwUKiaZFw2W/O49oMBz
Size: 954368 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: no certificate found
Created at: 2010-11-30 10:24:03
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):
%original file name%.exe:1956
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1956 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\cpro_media_small[1].png (645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\20200293.jpg.small[1].jpg (60 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[3].gif (2942 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\s_icons[1].gif (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\27400657.jpg.small[1].jpg (443 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\8888.89919[1].htm (1925 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589[1].jpg (1031 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CAUBS9CP.htm (2074 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\sizikqak[1].gif (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd30[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[4].gif (4367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd13[1].jpg (3808 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@release.baidu[1].txt (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[3].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd32[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd11[1].jpg (7108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\sync2r[1].htm (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[1].gif (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CA8LQN4T.htm (2923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\hd10[1].jpg (7590 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].js (1184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\sync[1].htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[2].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync2r[1].htm (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CAKDQRGT (25 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (14744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\CAIZYB2P.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\b[1].php (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\time[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90[1].jpg (1031 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\top_bg[1].gif (322 bytes)
%System%\drivers\kiss.she (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\298857[1].jpg (7 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@release.baidu[2].txt (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\logo-border-light[1].png (473 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CA0T6DJK.htm (3910 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\stat[1].php (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\album_2013_11_7_15_46_53_626[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd31[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[2].gif (2932 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\298879[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[5].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\rqcode[1].gif (2729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\00540197.jpg.small[1].jpg (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[2].js (2428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[3].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\hd22[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CAQJ89MB (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[1].js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].swf (547 bytes)
C:\SkinH_EL.dll (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[2].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\album_2013_11_7_17_13_15_360[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@8888.89919[1].txt (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[2].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd33[1].jpg (6012 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cpro.baidustatic[1].txt (214 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\CPROID[1].xml (310 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\new_logo[1].gif (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\nova_fp[1].htm (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[4].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CA50NMFR.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd12[1].jpg (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B[1].jpg (1055 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[2].js (3326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[5].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd21[1].jpg (6478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\iconjans[1].gif (2053 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\o[1].swf (157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[3].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\core[1].php (762 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[1].txt (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync_pos[1].htm (1596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[4].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562[1].jpg (1030 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pos.baidu[1].txt (1675 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[2].gif (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\jquery[1].js (3382 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\hd23[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[5].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\2014727172939492[1].jpg (1300 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\dldldl[1].gif (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\time[1].js (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\0f000PCl-eM7bK8cufB8p0[1].jpg (3570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\52330314.jpg.small[1].jpg (1938 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[7].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[4].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\tabs9371[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[7].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\code[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\CAMR45E7.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd20[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\pic[1].gif (719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync_pos[2].htm (1596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[8].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[6].gif (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pos.baidu[2].txt (2203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[5].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\album_2013_11_7_20_21_29_235[1].jpg (3 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\oXMLStore[1].xml (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\new_index[1].css (147 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CAQJQRMT (25 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\o[1].htm (1394 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\fp[1].htm (114 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040920140410 (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pos.baidu[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\time[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040920140410\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\sync[1].htm (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@release.baidu[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pos.baidu[2].txt (0 bytes)
Registry activity
The process %original file name%.exe:1956 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CachePrefix" = ":2015082520150826:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012015082520150826\"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Multimedia\DrawDib]
"vga.drv 1916x902x32(BGR 0)" = "31,31,31,31"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CacheLimit" = "8192"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CacheRepair" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1291105443"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E C1 9C 23 F1 AD 3A 4B 95 5F EA 22 11 AC 48 C0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CacheOptions" = "11"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014040920140410]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
MD5 | File path |
---|---|
147127382e001f495d1842ee7a9e7912 | c:\SkinH_EL.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\cpro_media_small[1].png (645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\20200293.jpg.small[1].jpg (60 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[3].gif (2942 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\s_icons[1].gif (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\27400657.jpg.small[1].jpg (443 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\8888.89919[1].htm (1925 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589[1].jpg (1031 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CAUBS9CP.htm (2074 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\sizikqak[1].gif (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd30[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[4].gif (4367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd13[1].jpg (3808 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@release.baidu[1].txt (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[3].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd32[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd11[1].jpg (7108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\sync2r[1].htm (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[1].gif (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CA8LQN4T.htm (2923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\hd10[1].jpg (7590 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].js (1184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\sync[1].htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[2].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync2r[1].htm (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CAKDQRGT (25 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (14744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\CAIZYB2P.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\b[1].php (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\time[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90[1].jpg (1031 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\top_bg[1].gif (322 bytes)
%System%\drivers\kiss.she (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\298857[1].jpg (7 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@release.baidu[2].txt (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\logo-border-light[1].png (473 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CA0T6DJK.htm (3910 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\stat[1].php (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\album_2013_11_7_15_46_53_626[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd31[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[2].gif (2932 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\298879[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[5].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\rqcode[1].gif (2729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\00540197.jpg.small[1].jpg (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[2].js (2428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[3].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\hd22[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CAQJ89MB (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[1].js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].swf (547 bytes)
C:\SkinH_EL.dll (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[2].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\album_2013_11_7_17_13_15_360[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@8888.89919[1].txt (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[2].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd33[1].jpg (6012 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cpro.baidustatic[1].txt (214 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\CPROID[1].xml (310 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\new_logo[1].gif (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\nova_fp[1].htm (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[4].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CA50NMFR.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd12[1].jpg (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B[1].jpg (1055 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[2].js (3326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[5].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd21[1].jpg (6478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\iconjans[1].gif (2053 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\o[1].swf (157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[3].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\core[1].php (762 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[1].txt (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync_pos[1].htm (1596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[4].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562[1].jpg (1030 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pos.baidu[1].txt (1675 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[2].gif (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\jquery[1].js (3382 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\hd23[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[5].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\2014727172939492[1].jpg (1300 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\dldldl[1].gif (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\time[1].js (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\0f000PCl-eM7bK8cufB8p0[1].jpg (3570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\52330314.jpg.small[1].jpg (1938 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[7].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[4].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\tabs9371[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[7].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\code[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\CAMR45E7.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd20[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\pic[1].gif (719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync_pos[2].htm (1596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[8].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[6].gif (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pos.baidu[2].txt (2203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[5].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\album_2013_11_7_20_21_29_235[1].jpg (3 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\oXMLStore[1].xml (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\new_index[1].css (147 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CAQJQRMT (25 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\o[1].htm (1394 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\fp[1].htm (114 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: ??Visual Basic
Product Name: ??Visual Basic
Product Version: 1.0.0.0
Legal Copyright: ??Visual Basic ????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: ??Visual Basic
Comments: ??Visual Basic
Language: Language Neutral
Company Name: ??Visual BasicProduct Name: ??Visual BasicProduct Version: 1.0.0.0Legal Copyright: ??Visual Basic ????Legal Trademarks: Original Filename: Internal Name: File Version: 1.0.0.0File Description: ??Visual BasicComments: ??Visual BasicLanguage: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 516507 | 520192 | 4.51771 | 556e657c3cb37147a22a1770dd836481 |
.rdata | 524288 | 319460 | 319488 | 4.59382 | 4e0271bc2fb250b5c011d3c26656ca6e |
.data | 843776 | 243018 | 65536 | 3.54227 | 12fdfe04d3c8a407a7362763ffc33348 |
.rsrc | 1089536 | 43912 | 45056 | 3.86002 | 05af6986ca0dfbb5498b3b4776f0ecd7 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://8888.33591.com/ | 218.255.247.52 |
hxxp://8888.89919.com/ | 218.255.247.53 |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/js/jquery.js | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/style/new_index.css | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/js/tabs9371.js | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/top_bg.gif | |
hxxp://8888.89919.com/code.aspx | 218.255.247.53 |
hxxp://8888.89919.com/img/dldldl.gif | 218.255.247.53 |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/iconjans.gif | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd10.jpg | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/9/18/7/713022/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/11/11/15/734682/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpm/userdata/2015/08/19/00/00540197.jpg.small.jpg | |
hxxp://wmjs.wshifen.com/cpro/ui/c.js | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/11/6/10/442141/image/head.gif.small.gif | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd11.jpg | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/28/16/2712/image/head.gif.small.gif | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd12.jpg | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd13.jpg | |
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpm/userdata/2015/08/16/18/20200293.jpg.small.jpg | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/new_logo.gif | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/sizikqak.gif | |
hxxp://cb.e.shifen.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1440397437<u=http://8888.89919.com/&liu=<r=&lcr=&ps=1522x8&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=578&tlm=1440500346&tcn=1440500347&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1 | |
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpm/userdata/2015/08/19/00/52330314.jpg.small.jpg | |
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpm/userdata/2015/08/14/04/27400657.jpg.small.jpg | |
hxxp://cb.e.shifen.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=1&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1522x8&psr=1916x902&pss=995x1784&qn=6017087a97ff6662&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.656.3125.3125 | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/album_pic/album_2013_11_7_20_21_29_235.jpg | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/album_pic/album_2013_11_7_17_13_15_360.jpg | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/album_pic/album_2013_11_7_15_46_53_626.jpg | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/note_pic/298879.jpg | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/note_pic/298857.jpg | |
hxxp://cb.e.shifen.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=1&dis=0&dai=2&dds=&drs=3&dvi=1440397437<u=http://8888.89919.com/&liu=<r=&lcr=&ps=878x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=4015&tlm=1440500350&tcn=1440500350&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1 | |
hxxp://wn.pos.e.shifen.com/adx.php?c=d25pZD1hN2FmY2I5MGZkZDE1YzdiAHM9YTdhZmNiOTBmZGQxNWM3YgB0PTE0NDA1MDAzMzkAc2U9MQBidT00AHByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAGNoYXJnZV9wcmljZT1WZHhLY3dBSlN5bDdqRXBnVzVJQThoNEdRdHp5MDM3OFBKV3dmZwBzaGFyaW5nX3ByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9NDJmY2Q2OTE | |
hxxp://wmjs.wshifen.com/cpro/ui/noexpire/img/2.0.1/logo-border-light.png | |
hxxp://cb.e.shifen.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=2&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=878x293&psr=1916x902&pss=995x1784&qn=1c53e6c91e61ea50&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.4078.6141.6141 | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd20.jpg | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd21.jpg | |
hxxp://8888.89919.com/videopic/2014/7/27/2014727172939492.jpg | 218.255.247.53 |
hxxp://cb.e.shifen.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=2&dis=0&dai=3&dds=&drs=3&dvi=1440397437<u=http://8888.89919.com/&liu=<r=&lcr=&ps=1427x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=6984&tlm=1440500353&tcn=1440500353&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1 | |
hxxp://mfs.ykimg.com/1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589 | |
hxxp://mfs.ykimg.com/ | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd22.jpg | |
hxxp://wn.pos.e.shifen.com/adx.php?c=d25pZD01NzEwYTU2ZTc4YjA2MmY3AHM9NTcxMGE1NmU3OGIwNjJmNwB0PTE0NDA1MDAzNDIAc2U9MQBidT00AHByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAGNoYXJnZV9wcmljZT1WZHhLZGdBSllmSjdqRXBnVzVJQThoVVdnYmcxTVo4N3NxSjc4UQBzaGFyaW5nX3ByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9N2MzNDY3MjI | |
hxxp://mfs.ykimg.com/1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562 | |
hxxp://mfs.ykimg.com/1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90 | |
hxxp://mfs.ykimg.com/1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B | |
hxxp://cb.e.shifen.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.7063.7469.7469 | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd23.jpg | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/11/26/5/741147/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/8/26/15/944406/image/head.gif.small.gif | |
hxxp://8888.89919.com/newskin9371/images/rqcode.gif | 218.255.247.53 |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd30.jpg | |
hxxp://all.cnzz.com.danuoyi.tbcache.com/stat.php?id=5862873&show=pic | |
hxxp://wn.pos.e.shifen.com/adx.php?c=d25pZD02NDdmM2I0ZjA1OTZiZWIxAHM9NjQ3ZjNiNGYwNTk2YmViMQB0PTE0NDA1MDAzNDMAc2U9MQBidT0xAHByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAGNoYXJnZV9wcmljZT1WZHhLZHdBUE4wOTdqRXBnVzVJQThnLWkwMEhqbDQ2bXJMaDFJUQBzaGFyaW5nX3ByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAHdpbl9kc3A9MQBjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9OTdjYWJmMGM | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/4/9/23/313985/image/head.gif.small.gif | |
hxxp://temp.p23.tc.cdntip.com/data1/p12/ku6video/2014/1/22/2/1395667510432_95415401_95415401/1.jpg | |
hxxp://wmjs.wshifen.com/cpro/expire/time.js | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd31.jpg | |
hxxp://cpro.e.shifen.com/img/cpro_media_small.png | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/3/10/13/906768/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/4/9/16/313604/image/head.gif.small.gif | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd32.jpg | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd33.jpg | |
hxxp://wmpic.wshifen.com/media/v1/0f000PCl-eM7bK8cufB8p0.jpg | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/4/23/8/918845/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/6/3/18/928824/image/head.gif.small.gif | |
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/s_icons.gif | |
hxxp://oz.cnzz.com/stat.htm?id=5862873&r=&lg=en-us&ntime=none&cnzz_eid=501615567-1440500344-&showp=1916x902&t=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&h=1&rnd=1192507884 | 198.11.132.200 |
hxxp://all.cnzz.com.danuoyi.tbcache.com/core.php?web_id=5862873&show=pic&t=z | |
hxxp://wmjs.wshifen.com/sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2013/10/29/21/870006/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/4/6/17/566949/image/head.gif.small.gif | |
hxxp://cb.e.shifen.com/sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2015/8/18/4/991533/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/3/12/3/295026/image/head.gif.small.gif | |
hxxp://www.gslb.yytcdn.com/video/mv/141204/2195219/-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135.jpg?t=20141204180518 | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2013/6/1/3/818513/image/head.gif.small.gif | |
hxxp://icon.cnzz.com.danuoyi.tbcache.com/img/pic.gif | 213.244.178.249 |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/8/31/14/945045/image/head.gif.small.gif | |
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1882719831 | 42.120.219.171 |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/5/17/19/587037/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2015/7/25/16/988694/image/head.gif.small.gif | |
hxxp://cnzz.mmstat.com/app.gif?&cna=ezhjDrYCjAACAcLyYOLflqIz | 42.120.219.171 |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/2/17/21/901570/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/6/14/2/356144/image/head.gif.small.gif | |
hxxp://cb.e.shifen.com/sync2r.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/26/21/1705/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/25/1/1066/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/29/3/2838/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/5/10/23/12850/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/27/2/1863/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/5/12/13/14411/image/head.gif.small.gif | |
hxxp://cb.e.shifen.com/wh/o.htm?ltr=&cf=u | |
hxxp://ecomcbjs.wshifen.com/tpl/wh.js | |
hxxp://cb.e.shifen.com/wh/c.swf?v=3 | |
hxxp://cb.e.shifen.com/wh/o.swf?v=1 | |
hxxp://ecomcbjs.wshifen.com/tpl/ac.js | |
hxxp://e.pos.e.shifen.com/b.php | |
hxxp://eclick.e.shifen.com/nova_fp.htm?br=6&fp=2AB125E7677A63A92889485C5D413F38&fp2=2AB125E7677A63A92889485C5D413F38&ci=8138C33758309AE6FF4C222F3076C661:FG=1&bi=8138C33758309AE6FF4C222F3076C661:FG=1&im=0&wf=1&ct=984&m=&t=0&ft=&_=1440500365699 | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/11/26/5/741147/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/5/10/23/12850/image/head.gif.small.gif | |
hxxp://pos.baidu.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=2&dis=0&dai=3&dds=&drs=3&dvi=1440397437<u=http://8888.89919.com/&liu=<r=&lcr=&ps=1427x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=6984&tlm=1440500353&tcn=1440500353&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1 | 115.239.210.141 |
hxxp://wn.pos.baidu.com/adx.php?c=d25pZD01NzEwYTU2ZTc4YjA2MmY3AHM9NTcxMGE1NmU3OGIwNjJmNwB0PTE0NDA1MDAzNDIAc2U9MQBidT00AHByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAGNoYXJnZV9wcmljZT1WZHhLZGdBSllmSjdqRXBnVzVJQThoVVdnYmcxTVo4N3NxSjc4UQBzaGFyaW5nX3ByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9N2MzNDY3MjI | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2013/6/1/3/818513/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/4/9/16/313604/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmiko2.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/js/jquery.js | |
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/08/19/00/52330314.jpg.small.jpg | |
hxxp://wn.pos.baidu.com/adx.php?c=d25pZD1hN2FmY2I5MGZkZDE1YzdiAHM9YTdhZmNiOTBmZGQxNWM3YgB0PTE0NDA1MDAzMzkAc2U9MQBidT00AHByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAGNoYXJnZV9wcmljZT1WZHhLY3dBSlN5bDdqRXBnVzVJQThoNEdRdHp5MDM3OFBKV3dmZwBzaGFyaW5nX3ByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9NDJmY2Q2OTE | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/2/17/21/901570/image/head.gif.small.gif | |
hxxp://cpro.baidustatic.com/cpro/ui/c.js | |
hxxp://cpro.baidu.com/img/cpro_media_small.png | 58.217.200.77 |
hxxp://pos.baidu.com/sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 | 115.239.210.141 |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/7/25/16/988694/image/head.gif.small.gif | |
hxxp://g2.ykimg.com/1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90 | |
hxxp://wn.pos.baidu.com/adx.php?c=d25pZD02NDdmM2I0ZjA1OTZiZWIxAHM9NjQ3ZjNiNGYwNTk2YmViMQB0PTE0NDA1MDAzNDMAc2U9MQBidT0xAHByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAGNoYXJnZV9wcmljZT1WZHhLZHdBUE4wOTdqRXBnVzVJQThnLWkwMEhqbDQ2bXJMaDFJUQBzaGFyaW5nX3ByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAHdpbl9kc3A9MQBjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9OTdjYWJmMGM | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/6/3/18/928824/image/head.gif.small.gif | |
hxxp://g1.ykimg.com/1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589 | |
hxxp://eclick.baidu.com/nova_fp.htm?br=6&fp=2AB125E7677A63A92889485C5D413F38&fp2=2AB125E7677A63A92889485C5D413F38&ci=8138C33758309AE6FF4C222F3076C661:FG=1&bi=8138C33758309AE6FF4C222F3076C661:FG=1&im=0&wf=1&ct=984&m=&t=0&ft=&_=1440500365699 | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/5/17/19/587037/image/head.gif.small.gif | |
hxxp://pos.baidu.com/wh/o.htm?ltr=&cf=u | 115.239.210.141 |
hxxp://cpro2.baidustatic.com/cpro/ui/noexpire/img/2.0.1/logo-border-light.png | |
hxxp://g2.ykimg.com/1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562 | |
hxxp://pos.baidu.com/wh/o.swf?v=1 | 115.239.210.141 |
hxxp://pos.baidu.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=1&dis=0&dai=2&dds=&drs=3&dvi=1440397437<u=http://8888.89919.com/&liu=<r=&lcr=&ps=878x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=4015&tlm=1440500350&tcn=1440500350&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1 | 115.239.210.141 |
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/08/19/00/00540197.jpg.small.jpg | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/11/11/15/734682/image/head.gif.small.gif | |
hxxp://vi1.ku6img.com/data1/p12/ku6video/2014/1/22/2/1395667510432_95415401_95415401/1.jpg | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/4/23/8/918845/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/11/6/10/442141/image/head.gif.small.gif | |
hxxp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.7063.7469.7469 | 115.239.210.141 |
hxxp://s22.cnzz.com/stat.php?id=5862873&show=pic | 1.99.192.16 |
hxxp://cpro.baidustatic.com/cpro/expire/time.js | |
hxxp://img4.yytcdn.com/video/mv/141204/2195219/-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135.jpg?t=20141204180518 | 125.89.72.211 |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/8/18/4/991533/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/6/14/2/356144/image/head.gif.small.gif | |
hxxp://g1.ykimg.com/1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/29/3/2838/image/head.gif.small.gif | |
hxxp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=2&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=878x293&psr=1916x902&pss=995x1784&qn=1c53e6c91e61ea50&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.4078.6141.6141 | 115.239.210.141 |
hxxp://cpro.baidustatic.com/sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/8/26/15/944406/image/head.gif.small.gif | |
hxxp://pos.baidu.com/wh/c.swf?v=3 | 115.239.210.141 |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/26/21/1705/image/head.gif.small.gif | |
hxxp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=1&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1522x8&psr=1916x902&pss=995x1784&qn=6017087a97ff6662&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.656.3125.3125 | 115.239.210.141 |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/4/6/17/566949/image/head.gif.small.gif | |
hxxp://g1.ykimg.com/ | |
hxxp://c.cnzz.com/core.php?web_id=5862873&show=pic&t=z | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/4/9/23/313985/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2013/10/29/21/870006/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/3/10/13/906768/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/9/18/7/713022/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/28/16/2712/image/head.gif.small.gif | |
hxxp://dup.baidustatic.com/tpl/wh.js | |
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/08/14/04/27400657.jpg.small.jpg | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/25/1/1066/image/head.gif.small.gif | |
hxxp://ec.pos.baidu.com/b.php | |
hxxp://dup.baidustatic.com/tpl/ac.js | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/27/2/1863/image/head.gif.small.gif | |
hxxp://pos.baidu.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1440397437<u=http://8888.89919.com/&liu=<r=&lcr=&ps=1522x8&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=578&tlm=1440500346&tcn=1440500347&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1 | 115.239.210.141 |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/3/12/3/295026/image/head.gif.small.gif | |
hxxp://icon.cnzz.com/img/pic.gif | 213.244.178.249 |
hxxp://pcookie.cnzz.com/app.gif?&cna=ezhjDrYCjAACAcLyYOLflqIz | 42.120.219.171 |
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/08/16/18/20200293.jpg.small.jpg | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/8/31/14/945045/image/head.gif.small.gif | |
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/5/12/13/14411/image/head.gif.small.gif | |
hxxp://ubmcmm.baidustatic.com/media/v1/0f000PCl-eM7bK8cufB8p0.jpg | |
hxxp://release.baidu.com/sync2r.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=1&dis=0&dai=2&dds=&drs=3&dvi=1440397437<u=http://8888.89919.com/&liu=<r=&lcr=&ps=878x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=4015&tlm=1440500350&tcn=1440500350&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1 HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 1148
Content-Type: text/javascript;charset=UTF-8
Date: Tue, 25 Aug 2015 10:59:00 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue Aug 25 18:59:00 2015
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Pragma: no-cache
Server: nginx
BAIDU_DUP2_define('request!u1548235_1',[],{deps:['nova/painter/inlayFixed1392089005'],data:{"id" : "u1548235","_isMlt" : 4,"sw" : 250,"sh" : 250,"_html" : {"adn":"3", "at":"6", "aurl":"", "cad":"1", "ccd":"32", "cec":"utf-8", "cfv":"11", "ch":"0", "col":"en-us", "conOP":"0", "cpa":"1", "dai":"2", "dis":"0", "ltr":"", "ltu":"hXXp://8888.89919.com/", "lunum":"6", "n":"46055029_cpr", "pcs":"628x452", "pis":"10000x10000", "ps":"878x293", "psr":"1916x902", "pss":"995x1784", "qn":"1c53e6c91e61ea50", "rad":"", "rsi0":"250", "rsi1":"250", "rsi5":"4", "rss0":"#FFFFFF", "rss1":"#FFFFFF", "rss2":"#F781F7", "rss3":"#525052", "rss4":"#008000", "rss5":"", "rss6":"#F781F7", "rss7":"", "scale":"", "skin":"", "td_id":"1548235", "tn":"text_default_250_250", "tpr":"1440500346621", "ts":"1", "version":"2.0", "xuanting":"0"},"_html_old" : "cpro_template=text_default_250_250|cpro_161=3|cpro_flush=4|cpro_cbd=#FFFFFF|cpro_cbg=#FFFFFF|cpro_ctitle=#F781F7|cpro_cdesc=#525052|cpro_curl=#008000|cpro_cflush=#F781F7|cpro_client=46055029_cpr|cpro_at=image|cpro_cad=1|cpro_w=250|cpro_h=250|cpro_version=2.0","qn" : "1c53e6c91e61ea50","_qid" : "1c53e6c91e61ea50"}});....
GET /acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=2&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=878x293&psr=1916x902&pss=995x1784&qn=1c53e6c91e61ea50&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.4078.6141.6141 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 22285
Content-Type: text/html
Date: Tue, 25 Aug 2015 10:59:02 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue Aug 25 18:59:02 2015
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Pragma: no-cache
Server: nginx
...<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml"> . <head>. <meta charset="UTF-8" />. <title>..................</title>. <!-- 0|0 -->. <style type="text/css">. html{color:#000;background-color:transparent;}body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,code,form,fieldset,legend,input,textarea,p,blockquote,th,td{margin:0;padding:0}table{border-collapse:collapse;border-spacing:0}fieldset,img{border:0}address,caption,cite,code,dfn,em,strong,th,var{font-style:normal;font-weight:normal}ol,ul{list-style:none}caption,th{text-align:left}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal}q:before,q:after{content:''}abbr,acronym{border:0;font-variant:normal}sup{vertical-align:text-top}sub{vertical-align:text-bottom}input,textarea,select{font-family:inherit;font-size:inherit;font-weight:inherit}input,textarea,select{*font-size:100%}legend{color:#000}body{margin:0;padding:0;} . .bd-logo,.bd-logo2,.bd-logo3,.bd-logo4{text-decoration:none;cursor:pointer;display:block;overflow:hidden;position:absolute;bottom:0;right:0;z-index:2147483647}.bd-logo{height:18px;width:18px;background:url(hXXp://cpro2.baidustatic.com/cpro/ui/noexpire/img/2.0.1/bg.png) no-repeat left top;background-position:0 0;_filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enabled=true,src="http://cpro2.baidustatic.com/cpro/ui/noexpire/img/2.0.1/logo-border-light.png",sizingMethod="crop");_background:0}.bd-logo:hover{background-
<<< skipped >>>
GET /acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.7063.7469.7469 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 9458
Content-Type: text/html
Date: Tue, 25 Aug 2015 10:59:04 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue Aug 25 18:59:04 2015
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Pragma: no-cache
Server: nginx
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<!-- 0|1; -->..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<title>..............................</title>..<style>..body{margin:0;background-color:transparent;}...uptown{width:250px;height:250px;position:relative;overflow:hidden;}..a.logo{display:block;height:18px;width:26px;text-align:justify;letter-spacing:20px;text-decoration:none;overflow:hidden;cursor:default;position:absolute;bottom:0px;right:0px;}...cpro a.logo{filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enabled=true,src="hXXp://cpro.baidu.com/img/cpro_media_small.png",sizingMethod="image");background:url(hXXp://cpro.baidu.com/img/cpro_media_small.png) no-repeat left top;_background:none;}...cpro a.logo:hover{width:78px;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enabled=true,src="hXXp://cpro.baidu.com/img/cpro_media_large.png",sizingMethod="image");background:url(hXXp://cpro.baidu.com/img/cpro_media_large.png) no-repeat left top;_background:none;}...gongyi a.logo{width:78px;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enabled=true,src="hXXp://cpro.baidu.com/img/gongyi_media_large.png",sizingMethod="image");background:url(hXXp://cpro.baidu.com/img/gongyi_media_large.png) no-repeat left top;_background:none;}...uptown #dish0 img{width:78px;display:block;width:250px;height
<<< skipped >>>
GET /sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://cpro.baidustatic.com/sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 1596
Content-Type: text/html
Date: Tue, 25 Aug 2015 10:59:06 GMT
Etag: "55dc1feb-63c"
Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: nginx
<!DOCTYPE html>.<html>. . <head></head>. . <body>. <script type="text/javascript"> . var getCookie=function(b,d){var a;d=d||window;var c=RegExp("(^| )" b "=([^;]*)(;|$)").exec(d.document.cookie);c&&(a=c[2]);return a},setCookie=function(b,d,a){a=a||{};var c=a.expires;"number"==typeof a.expires&&(c=new Date,c.setTime(c.getTime() a.expires));document.cookie=b "=" d (a.path?"; path=" a.path:"") (c?"; expires=" c.toGMTString():"") (a.domain?"; domain=" a.domain:"") (a.secure?"; secure":"")},getUrlParam=function(b){b=RegExp("(^|&)" b "=([^&]*)(&|$)","i");b=window.location.search.substr(1).match(b);. return null!=b?decodeURIComponent(b[2]):null},currentDomain=document.domain.toLowerCase(),referDomain=(document.referrer?document.referrer.match(/.*\:\/\/([^\/]*).*/i)[1]:"").toLowerCase(),urlCproId=getUrlParam("CPROID"),cookieCproId=getCookie("CPROID"),targetCproId;!urlCproId||"pos.baidu.com"!==currentDomain||"cpro.baidu.com"!==referDomain&&"cpro.baidustatic.com"!==referDomain||cookieCproId&&cookieCproId===urlCproId||setCookie("CPROID",urlCproId,{path:"/",domain:".pos.baidu.com",expires:(new Date).setFullYear(2042)});. var sendByIframe = function (b) {. var c = document.createElement("iframe");. c.style.display = "none";. c.setAttribute("src", b);. document.body.insertBefore(c, document.body.firstChild). }. sendByIframe("hXXp://release.baidu.c
<<< skipped >>>
GET /wh/c.swf?v=3 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1; CPROID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 547
Content-Type: application/x-shockwave-flash
Date: Tue, 25 Aug 2015 10:59:15 GMT
Etag: "55dc1feb-223"
Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT
Server: nginx
CWS.....x..Q.r.A.};.a'$...D..8y.KrM..*....)..aw...k..*7oz..[..*....g..~...=..RQ.0........Y|....M.w.&..#......}t.D5..D. b.4;...p%.y....P.].4_..........0....D.4.....%gIK.@.... %..1......K.K.o.?...B..!..Q.e2.U........q= .)b.......6$...T.&D...[G.}$.b...|.J..mg...J.....P.D.....y;.S....l..%.....{......^.....-O'X....H.co}d( u.X.n..9v..C...=L..F.NK.s.<Q..b...f..WZ..LK..XU">0.\...........I...sy....xDY..:...j....7.....M...Fu:.MF...Yr.W....?.X.....g..kFs.lk.....<.s...N.....&.r..~o....ZSk[z.....b...6..xi...].f...w~w.../.........s.^.....P.8b:.;..1.?....2HTTP/1.1 200 OK..Accept-Ranges: bytes..Connection: keep-alive..Content-Length: 547..Content-Type: application/x-shockwave-flash..Date: Tue, 25 Aug 2015 10:59:15 GMT..Etag: "55dc1feb-223"..Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT..Server: nginx..CWS.....x..Q.r.A.};.a'$...D..8y.KrM..*....)..aw...k..*7oz..[..*....g..~...=..RQ.0........Y|....M.w.&..#......}t.D5..D. b.4;...p%.y....P.].4_..........0....D.4.....%gIK.@.... %..1......K.K.o.?...B..!..Q.e2.U........q= .)b.......6$...T.&D...[G.}$.b...|.J..mg...J.....P.D.....y;.S....l..%.....{......^.....-O'X....H.co}d( u.X.n..9v..C...=L..F.NK.s.<Q..b...f..WZ..LK..XU">0.\...........I...sy....xDY..:...j....7.....M...Fu:.MF...Yr.W....?.X.....g..kFs.lk.....<.s...N.....&.r..~o....ZSk[z.....b...6..xi...].f...w~w.../.........s.^.....P.8b:.;..1.?....2..
<<< skipped >>>
GET /img/cpro_media_small.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 25 Aug 2015 10:59:05 GMT
Content-Type: image/png
Content-Length: 645
Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT
Connection: keep-alive
ETag: "55dc1feb-285"
Expires: Wed, 26 Aug 2015 10:59:05 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
.PNG........IHDR.............E.......tEXtSoftware.Adobe ImageReadyq.e<...'IDATx..U...P...ZiI....*m..n.$.^ H...p.....[..@........~..... ...h..g....e.I^.2....|...&....{.K\.O5.4...7....#f;..M......rB.\~.......q<.w.l.a .h..t...5......1.l6..$1.v.....\..d2.f.....b..*..Q......".I.2...^....(J.7#~.Q...'...,.^z......=..}.....|N8...P(.. ..N.XmFO6.P..d..F#. ..p8|Q*.......9dF....T*.V.......Z._......0.X,..X.)ptL..4....~$.9..U......GB..0l.N...Z-...b}&.9s...! .~..?..K.Z.U2.<m4..................?.8.*.|>/..........f.@... 4..."yC......q......t.5@/..*._.<....a.d...lF"a.G..p$..W>..#...n..B.M8...b @.f..E..>...[{&..z..O..t..!z.....Zi...~.0..a.....r....IEND.B`.HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Aug 2015 10:59:05 GMT..Content-Type: image/png..Content-Length: 645..Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT..Connection: keep-alive..ETag: "55dc1feb-285"..Expires: Wed, 26 Aug 2015 10:59:05 GMT..Cache-Control: max-age=86400..Accept-Ranges: bytes...PNG........IHDR.............E.......tEXtSoftware.Adobe ImageReadyq.e<...'IDATx..U...P...ZiI....*m..n.$.^ H...p.....[..@........~..... ...h..g....e.I^.2....|...&....{.K\.O5.4...7....#f;..M......rB.\~.......q<.w.l.a .h..t...5......1.l6..$1.v.....\..d2.f.....b..*..Q......".I.2...^....(J.7#~.Q...'...,.^z......=..}.....|N8...P(.. ..N.XmFO6.P..d..F#. ..p8|Q*.......9dF....T*.V.......Z._......0.X,..X.)ptL..4....~$.9..U......GB..0l.N...Z-...b}&.9s...! .~..?..K.Z.U2.<m4..................?.8.*.|>/..........f.@... 4..."yC......q......t.5@/..*._.<....a.d...lF"a.
<<< skipped >>>
GET /cpro/expire/time.js HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.7063.7469.7469
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidustatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 25 Aug 2015 10:59:04 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: close
Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT
Expires: Tue, 25 Aug 2015 11:25:02 GMT
Age: 2042
Cache-Control: max-age=3600
Ohc-Content-Crc: 3776131546
Server: hkg01-sys-jorcol02.hkg01.baidu.com
Content-Encoding: gzip
2b8............}.mO.0.....Pe.....".&.A..{..C.r....vp\JI..wv[.B..4?.}w...B...P:K.k..?.@;)..|.e.2.Z..{]WBj:......a<......h4eyi..B.........j........U.Y....x. .4.&....gI?&.u^.......m....\.z.......V/.......D...U..#.."L....4..V.9eG'..Og...g..._......,7`.k..[=..K.l.....{......^........j.0.L..c7^..........|.3.U...j..}.....Go.H....h.iG.. 'E...^.....7uUb.{d..g..'.@H.....0..<.S.07...?.z.........j.?...}.u.4...x.....8ff.H...Ci.b....G4Z...G.%z@:....5.iT.m..KEz=.V.v. ....U..V .^.......6)....58h...w9...q.....w...x../t.....4.M.g.<d..L..$.....{.....P_..ZV....(..K7.....u.....@..>.5#.i...".)..p..#|D....N.=...X..7.`..f...G....G0.|{.....6...1...YS.......Y.s.j....b:....*.t.....U.j...'<~...H...M...`..K.vK....1........0..
GET /nova_fp.htm?br=6&fp=2AB125E7677A63A92889485C5D413F38&fp2=2AB125E7677A63A92889485C5D413F38&ci=8138C33758309AE6FF4C222F3076C661:FG=1&bi=8138C33758309AE6FF4C222F3076C661:FG=1&im=0&wf=1&ct=984&m=&t=0&ft=&_=1440500365699 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: eclick.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 25 Aug 2015 10:59:17 GMT
Content-Type: text/html
Content-Length: 114
Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT
Connection: keep-alive
ETag: "55dc1feb-72"
Expires: Tue, 25 Aug 2015 10:59:17 GMT
Cache-Control: max-age=0
Accept-Ranges: bytes
<!DOCTYPE html>.<html>. <head>. <meta charset="UTF-8" /> . </head>. <body>. </body>.</html>.HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Aug 2015 10:59:17 GMT..Content-Type: text/html..Content-Length: 114..Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT..Connection: keep-alive..ETag: "55dc1feb-72"..Expires: Tue, 25 Aug 2015 10:59:17 GMT..Cache-Control: max-age=0..Accept-Ranges: bytes..<!DOCTYPE html>.<html>. <head>. <meta charset="UTF-8" /> . </head>. <body>. </body>.</html>...
GET /1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90 HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: g2.ykimg.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: YK
Date: Tue, 25 Aug 2015 10:59:03 GMT
Content-Type: image/jpeg
Content-Length: 19212
Connection: keep-alive
Accept-Ranges: bytes
ETag: "2517345573"
Last-Modified: Fri, 21 Mar 2014 17:42:14 GMT
Expires: Mon, 20 Aug 2018 15:05:39 GMT
Cache-Control: max-age=94608000
Server-Name: b01.tracker.b28
Age: 330805
......JFIF.....H.H.....C..............................................!........."$".$.......C............................................................................".........................................M..........................!.1.AQ.."aq.#2..BR...3....$'br..CESceu.....GUs.................................-........................!.1."A.2Q.#3aq..$4.............?..*(...(...(...(...(.P....O.=XE..S.4..,.V...I... ..]...s..i.........%n..c..I.8..f..!L>..?.On<.~....\...g............P?....e...c....Z5b...L.R..6.9..i.z4..m....{..M.%........Q.:...0....)..*.b...&K{.qcrH...y.[...TC...").f.i...E.9&..C...I=.7.\.....q'.I=....]..%i....%g5....<Wc..M&.S..8.@......./Zl..wM^[..kn....`v z.............%N9...y....b{P.(..........#..:#...i........q...O.i.....i..j.#8.5...\...IK.QJ.. A...L.0$5......Y..;..Us.b..H...&..K.e.g.JV.............B.5.M.A*qK.Nx...l....m:.P..!_..J.....>......JY@.p.O.....i.m.NZ...~.r.... 2.7e..m ..".....S....i}.j.4B..C.,.....Y...UV.~f......F;r=.c.!.8?.t]..c.v....[-.T8.AK`c.Y.9W>U....I.8.m..d..(].....z..8.M....D.....4/$c.............m.......c....yTe.KD../h.-VTG.....c....H4.h..6.i.,..w......d*lT.K........U..........JY...vs.O. kh...a..*..m...'..EDzi0......-=....w..V.[..B...M.......&...A\.....o.Gq{.f........Q.:qf.i..k.7.W.-.y.7........C....'=...B....VN....X..@h..#>_/...o.X...C[..A..c....-W..x..Jv...k QR.=.x=.Q....jM....v......=.!...3...Fhi.H.....m.J).... g....<b.-6.25.cC........j..........E..8C........8FT...).c.^U..j'm..5.sh...y....i.. .1*.(.oiG.A.3m2[......g...L.8...<....js.t...O.0...
<<< skipped >>>
GET /cpro/ui/c.js HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidustatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 25 Aug 2015 10:58:55 GMT
Content-Type: application/x-javascript
Content-Length: 27979
Connection: close
ETag: "55dc1feb-6d4b"
Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT
Expires: Tue, 25 Aug 2015 11:04:04 GMT
Age: 3291
Cache-Control: max-age=3600
Content-Encoding: gzip
Ohc-Content-Crc: 4204715424
Server: hkg01-sys-jorcol04.hkg01.baidu.com
...........Zkw....._!.d.d.Sr....F..4m.6..GsZY..I..B.*I9q%.... .......e......'0.}<x.o..4YT.;..o..D.m....;..e........,.d..n.};...*........=...h0a ~<a...f. ...o....tv....z........y.w..7Z....E%Yu....k...M..1.Y..E.8..L..5[.n=....7.......Bn2...\W.[....6.x.m7n@. Q......F..J.c.=.Q.n.#....X.8.!.){...g..9......vA....../.."..&s.......i....... .....).a'.~.9....bn[.\..p.....}.... ;.Y......,......P..U...pDL...H.Q......mZ....V..E..5..zq^.D#.5.....I7...Z..h.D.x.X.h8...k....l.K[..........6....oH..=../..v|..r`......?=.(L......n..A#..w...5.f%..!.......R.I.`9....0..{6.f.f[..w 6...)&.^.....C...w.p.v.4..g.O4NNb..v..3..6.3...u^.D..%.W.4.....p.....m.........`sZ.L1.-. .8S..P.O.......i.HX.T5......U..Y..{.= <.......H..g ..*.>.q .X6.......)........Z.......b. >K..D*I...'?>.m.....j..^.gj...#....;.....&.$....D..L...*.".T.....DQ..[.*>..B.(/.!..b..'P.'n"......k.<........D..O. ..Y..aV...@.$.7N..z.H..q.'..".....fape..Mi}5R..........{_.}...C..8].`..k.|8.Bm.J.C.........Z.Im.E.7.[.EJ...EX..%..y..0|.g.S....:wv..d%.....}...;=."...3l.[.....;.....%.f.=.N....a.v.?7.....W......o.m`..7.$!C...D........$.E.q....#...#.X.......L0...O.w...CkJ_..t..a..z.......Ix9..Z...r.....W./.........V*...c...a.r...P....'.g.SJs.,..=...@.1..2.(,L.;K.....m9.fy..a5..~9....U..).*..7...WU...7.YFV..7...f.L.....j&.;.g.d.bn./.q9x....k............*........@.l..&Ka.....O,.q...B....Y.5.a.G...sja....d.P.@.................l...[...k.,D....E.o`b..yv../a.../...h..J..D.d .....v......,T.XL..;...Za...i.s~01....v.Q.........`Y...N*...).......s..n!.Y...u.G.......&_...tpR..
<<< skipped >>>
GET /1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562 HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: g2.ykimg.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: YK
Date: Tue, 25 Aug 2015 10:59:03 GMT
Content-Type: image/jpeg
Content-Length: 19942
Connection: keep-alive
Accept-Ranges: bytes
ETag: "1667177441"
Last-Modified: Wed, 19 Mar 2014 03:30:40 GMT
Expires: Sat, 28 Jul 2018 13:18:05 GMT
Cache-Control: max-age=94608000
Server-Name: b01.tracker.b28
Age: 2324458
......JFIF.....G.H.....C..............................................!........."$".$.......C............................................................................"........................................Q.........................!1..AQ"aq.....#2....Br.$3R......Cb..EScdE...st.....................................*......................!.1.A"..2Q..3Ba.#.............?...eu9V#.DI....|....{4(u!..$ ..o6.:f.....}.u;.|(...V.m.....IPO.T{......V...D...#..*`D#.29nM.&....C)....4.*=..1..\.0)..#.s........0.b. ..`....5..............A.I....L.M..gI.j..h..{g4..B...m4m.$@OJ...i.K.*....].&d.<<..([...{)....rzS.&..*p....i..[H.......'...hBY.4,MR............bDcj.U.I5hbKl...2o'.....5..........P..p..EG....2...5.....\.8...$.)...9..j]..&..nI....E....T.M0.......S.2`l'.BW... ..h.9. ..][xr:Q5.....*./.-.....$.Q.6.....4@.......@N=*.Q...st..D.r.<sR...:r0h..t..qY.L\g.o....P...89"...u.H'.....PO....f..!..R.WAJ....H.N.....i[eQ.O\U..D.]..\~..."...eO..lYE..B.`..E.s....2....c.p....*... ..T.x. U..##...v.f..E4..V...n....1..2F..h..l.E../....8Q...[mK..m.....w..p.*..s..SsV..Z*.W. ..C...-.'..SWI.<..bCf..=..X.H....|I.S:".sHw.J.."..dK..%.\.*..{...Ma...gw..3..4...`....)N......,....;.^.xG.I.{..G.Q.........gO.....1n:Q.]B..R1..k....*.._5_...$$...Ok:....usa..-).$h.q.........$q.3X....z..d..b./e.4i...?..W..&..B..............8..tR/ce.x.....\....Z.{.^h...Lu.t`."....X..R.&..&.......3kr./4..>.O.T..'.........z.b3......s.X?g0[..X.3.h.3Q....:.l.%.....Q.u.7d,#.......[.k.............c|cW' c....G .m.H..O........{....A.*..Yo.....:..I.B.&.#..w".[..@....a.
<<< skipped >>>
GET /stat.htm?id=5862873&r=&lg=en-us&ntime=none&cnzz_eid=501615567-1440500344-&showp=1916x902&t=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&h=1&rnd=1192507884 HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: oz.cnzz.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine/1.4.6
Date: Tue, 25 Aug 2015 10:59:05 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 09 Mar 2015 09:01:02 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..
GET /userdata/2015/08/19/00/00540197.jpg.small.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 18 Aug 2015 16:00:59 GMT
Accept-Ranges: bytes
ETag: "1c20d212cfd9d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:43 GMT
Content-Length: 6282
......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...L.h. .....3Fh...f.P(..&ih.-.'..E-..QE..(...(...(...(...(...F!T...MD.(.$7\t.R2.B........nm..g.........|S.P..9...h.(..^.8.$J.\d..h.Q...J).._..#.........E.....s..}.....!V.....PEl...&m.`..`.....;.[.........y.S..vi.P..b...p........4.S..A......e...R..h../...3G**......e...h...#..,.8...._x.Y.../..#...{....?......2..oWR.g..... c...xr...M.s...3uaV........h...?.....g... ;!......L...._...g.....Ar....2....:..2?..P...h.......b...?........4.3O........L...G.....'....`:....T......0?..'...0?..e3`t.n...vk.o........0.....c..}....).......s4k............Tg.....?.?..b..@...".ftk.ue..............^.!......?.H.SX.....S...J)..Z~i.(.v...7P4.8..4..z]...KM.4...<P?..O.....V..?.Ym..\.b...>m.TaO,2 kM...u..s.r.....Rb.G......CO.!...a....j..{=......N...5...vp....w.R..WH..Q..4.5.}.H.%q......d..F....7..J......SQ[Hd,3...>.E..3M;.C.N........~)......4.jB=.1.@.../5..\".e....E....f%...EU...9.A..1Lg.....D..........9t.7..l....dW$&
<<< skipped >>>
GET /userdata/2015/08/16/18/20200293.jpg.small.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sun, 16 Aug 2015 10:20:22 GMT
Accept-Ranges: bytes
ETag: "fdc9829dd8d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:45 GMT
Content-Length: 7464
......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......w.-8..l..{(.w..1...\....3.N.....^9.%...f...5..F.....3.3.....QGdk( AX..>8.......2..'.L...7.]Y4..t,.2}.W...x.f.......L.mR..r}..m..dz...&f...'..Q..O_..H.4.\wY...J...]8.03.1.....Lg..G...Z.Q..o..Kb..wH..Ul~U.m.7..0.{..N..... ..@....;.Q..K;.A2ZL.......?.............Y...I..R ...W . W.~zF.(....#.../...........9....D.i..'...$ey.G...7..m.....E.........B.....O.....a....m# .5.v..........dB...j.....!%...m.e....m.;..B....|....C:..A._.G...F..20..T..:..]....M.....\.i_......{....;.......c.4.z..)...1../.)....I..t.F...Wr;...-q........8......;.u...l..;...'......N.......M ...aV.........=.....Uflt......1.U..q..u...N.\..3....j.)h.z.Q.#"....9.%.2...sE ..T`v.rz.T.w*....Z.&.A.h.......#.;..7.... ..QY..P|..4S.\...c..)..A.c.\..<rp ..<.yy"4.......=. ..eI.s.X._A.&.{8]B...w.94.4IZ....KkP.'#..[....|...k......*...8..3c.9..#....U.4(.Nc.} ../.....E...y^..KiI& .....~.*..eX..j..b..[d6RN.8.8.......Q.....m{....k.0i4y.Eua).
<<< skipped >>>
GET /userdata/2015/08/14/04/27400657.jpg.small.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 13 Aug 2015 20:27:41 GMT
Accept-Ranges: bytes
ETag: "b4ccab806d6d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:46 GMT
Content-Length: 9342
......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.D..l>U...Fw6...T....p....X...~= ...&....9blo.U....5.....|D.........@0.r.....;V|...85....m....W...H...7mdQ.i.9.D...#9>....GM...f.....R..i..Z.6\..x.`....]/c..Xot...L$s.........v.e...<!.....^.|7b.. 0r0H..>.....p.>.!.'..J.S.....<.-6P..6...W......xZ..z....v..O6......zy...J..d_..~j...a.h.i..K . c.U.r..)..VG#{.i...#....p@...n].c......iK...'..Vm.s.J.....p?*....?*.."{Ug.....f.N:...K...3..W5.$-3.hp..oOo.O........Q.....>T...*A.Y[.....t.Y.v..-.X/ U...=..`e...U...\..M.......#E..HG.NJ...q.....>. s.[....&R..q{.[.%.$h.Q.p... .....rXs..UY.nem.\J...&.<.#..Y.MZ.L..1...)....%]...)T...6.4.lYk.l..a.z...F .m..'...5R! *pA.P..RkC..u). ..Q.9...._R....h#.....]^....KO.. ..%.C`Z4.d{. f?.^.......=:1....}f.tl.....(...S....0..$........ ..)...........u.k.q<..-Y.";W.}....Z.kO.v...t...yE...]>.....1...\a.|.>...z........0Fq.....{..l....p.F2.{Vn....1.sO..t.&.,..h.m.R2.....VMz.8:....$.Jj..f.. eq.*.~
<<< skipped >>>
GET /cpro/ui/noexpire/img/2.0.1/logo-border-light.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro2.baidustatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 25 Aug 2015 10:59:02 GMT
Content-Type: image/png
Content-Length: 473
Connection: close
ETag: "554709f0-1d9"
Last-Modified: Mon, 04 May 2015 05:56:00 GMT
Expires: Thu, 01 May 2025 07:58:38 GMT
Age: 9774024
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Ohc-Content-Crc: 1058936823
Server: hkg01-sys-jorcol03.hkg01.baidu.com
.PNG........IHDR...D...........xX....IDATx..W!o.0.....,.;..<.%.$...g..K0....%.92...AM N...p...a}K....hi...... ....{....8.8.Xq\s.s.g..c.q5#...Yr....=B.....6M.|.....eY....M.m..3N.c....=...a.>b2...k...8/..ch1U..Q!..).........$I.R....UU}.z.c....L8.....z...8~..........b. x. O......S.CW!.........R..ej..."S..Bn....C.8T@.P...,1SC.#.F...r .@.J"..'1y.....B....K.K. .R.K..r@..b[%...T;.1!...a.......\..^.-V.-.h]..J2.....)!&.Y.......UJ...!z..m...x.j.L1l6.?rGB..h.....'a.B.....IEND.B`...
GET /userdata/2012/11/11/15/734682/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Tue, 11 Aug 2015 22:33:32 GMT
Accept-Ranges: bytes
ETag: "f968bec085d4d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:43 GMT
Content-Length: 3985
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.._.Q....Aup.J..,`.....d.1 (S.G...........T15..8.07.B....U.g$.ns.....Yh.};D.eQ}).c.}.....b.........1!.Dk..@.Y.3......i .b.A%~...E...-l..vF.8"..\A.y..p3.L...>..(...<S.xnY&0..Kn..9^N.x....M`.2Z...m`{.-.}i...b].D..Sz(...v.p...b...jsh?..;.].I`......b..g......F 978...JQh...V.5o..!Q3A%....".... ...C/.....0....n..y..-.iJFX.......8,9'.I. .....x'S.....R..M.......(..... .('.&...,1i.....4.c....L..cW!Kc..0OA...........,..Z....{{..6. p..f....U.|...c....u.....p.g...l....m..8..9=.b3.q.)$.=F.27...1T'..2@...~......M..uW:.....Y.....}..S.....=}k.........)l..ic.N).SJHyP......{......;. B....u....A{...A'.:0..^;....3.V.s...@...w>..G...w....B.y....8R....%t.4&iJ-#.>*^>..6. .(.H....<n9>.....g.4.........2...Z4.*z...~u.f.P.."... a..m.A.'......i........H7.@T3(9.==k....K.X.<S.....o.. ..Y..[...."$K......z}k.....F..F..d..i...L.B..< ..y?^..Z..saa.Ej.r..r.$....).?xl#.#wrx.......Z.Do.,R2!|.N.....r8....c..`..y
<<< skipped >>>
GET /userdata/2010/4/28/16/2712/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 20 Aug 2015 17:46:02 GMT
Accept-Ranges: bytes
ETag: "9021f11470dbd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:44 GMT
Content-Length: 3168
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....@..H]..@O.'W9......#..U%.......................Q. .....!x..cjd......WQ....k....x#;.~...1V`@F..f......"...H.h.H.W.. ..^UO.@....'......m.....4fGL..8...t.56...k....`K[...Ir.....6...9..r1..xs.w...ml>TgP.?0.....?.|'...b.Yf.V....Y1..8.....@...?h..*..#....&D9'.....&1...(..8o.Y~..../.=......i......?....kR.w._4.. .....c.... ..E.W.....2F.*y.k.O...6...f..|..69.........z...r..wb"?OO.\6.u.M....-.>."......'..P..."..u...sR ..)......3....q.m(.t./>.}..\.#.,..7M.2O.a...:...KF...c .q.W...\w..;..xJ.Q.k.1..I........w$..3. .5...s.Nt..lm...^.......#.H.........7Y.=vyf.....!.c....'..u..A@.....E...P.Ef..........p2...t.g.5.\.....N.......fS$`wd.....y...iz...W..p.B.*.........~..-.k.#....D...A.8$t.C....5..ws.E....=..;D..B.7.............8.[........Eaj...6.A...'w....J..:.O.u#.N.u.2G.c......P2T...8.J.....>$_.o...#....1.....zn...x.n..eY.......6.J.@.. .....4..Mqik9....G&v..*...s..e.. .ip.n..$..`...q.....k...TZ..:s.....
<<< skipped >>>
GET /userdata/2014/8/26/15/944406/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 14 Jun 2015 14:42:44 GMT
Accept-Ranges: bytes
ETag: "4d78955fb0a6d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:52 GMT
Content-Length: 20106
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z................................................................................................................$.....,........*..&..!.....d..b..c..e..j.....].....n. r.!Z !"."v.%T.&|&''.'..'..(.#)O.)..)..*.. .. .. . ,,.,..,..//,1J.1.122333346447.6.47E78<78>.8.;<C.<.<=D:=I.>..B..B..G..J..L..N..Q..X..\.#].)^.1b.3d.;f.=g.@h.Di.`i|divfip^j.Hj.jklkklWl.llmQm.[m.mmnSn.oopttuvvwzzz}}}...........................................................................................................................................................................................................................................................................................................................................................................................................`1.....0 ...!..GX4..%..7r....G..)|B..9....X.L....../.&T.0.C..q6......G.`.rQ.F@...bT......F...$..,D.... .."tv........"]j..*U...}...%F..Q.z.K......*P...\.b8r.g.=....F......e...m..{/.<.C.a.0.>L.....z..................U1b.....AY.f.S.j.d.....60...e........w.........CG.Z....q0Re[w....u...{v..mV.Sz]...-...s......\.M4.TXa;.V.........Q..#z.q`..1..W.:..K".......a6.p.......S|...K*..U`..$..n.s...B.......p..4Ec.9.d..)....9..=...f7RN.!w..U.qn..............N..f....f.9R..0..y...t.'..1.gB.`qD4i.9....j...]..y..y..]...B.........i.o...p....i.y.......s...M..zj....)....V.s.:W.M.T...........U./...._%......n........wn.......!.A...t...D3o..vx.o......2........r.............b.-..N..{-........I...X.$.....a(.
<<< skipped >>>
GET /userdata/2011/4/9/23/313985/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Wed, 28 Aug 2013 04:04:01 GMT
Accept-Ranges: bytes
ETag: "808e9da0a3a3ce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:53 GMT
Content-Length: 3494
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(......Z.P.........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.................................................................................?.........n..=%b.\....Ko9.w%........=...k....Z./q..&9O.Q.~5.k.R5....G.9T...._z.....;.r.8$H....O...v.W...O....*c20#..Ls....8.ap.Y.....L...*}WZ.....XoR9.bi..W..H...)5...QYiB.......nr....ZW..........$..........(n..p.c\..[...N1..R}.T..........z....[K....Y.E...r...z..#.ji:]...K..noaQ..V^s..T...q]T................|.$.J~w...(E.#..5..1.s.._.w.'O....m..%`../6.....v. .FJ..z...O.i.m-..[T.VY$.n..xq..l.q......u..-..coum?.,R...|..s.#....3.K..|}....d.Q...-.m...y$.........yg....sJb[........<t.@.W..k.....=N7T,..h.`.....$).....z..-....#......iC.....3...[..x.[X4.UR;..)..E..@,..a....=..........:<^.y.H....pT.`@.f....W..x.Q..$[.J;e............6.'.XrI.:ak........t....Z..W..%.`.5a./..2Y....O....X......\........c...P.._.L..NG9.c.x.K..4...K.[.....y.Up......y=8.qrk6....Y......l.e..k...Xc'.`...|..0.......*.48G.'..8.......a.d......h...._..g..[..K.P..................r..]M..r..Wj......1''...^.~..h...Z]....7..V HV..........{.\..%.4..Y_[\.....wP.]..7...9.x......#...zo.5K.l..F&..ky..m8a..l^....$..\..B.BKy.v.l...[....... .s..2.T....u....};..{...................V.3.m..=..Z....6.bx<c.`g..W;..n5..?....;...yq../C...3.O......Tg..... .< ..-:[....3Q..~.).O-..P...N.ldp3....u.o./-.......Dc....`b@...t.....=>..U.\.^.Tl.1r
<<< skipped >>>
GET /userdata/2011/4/9/16/313604/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 24 Aug 2015 18:00:58 GMT
Accept-Ranges: bytes
ETag: "465d91d496ded01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:53 GMT
Content-Length: 2401
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..5.5....b..}*....;r9.].........7....T.l....H.J...9...L..........@..p}.t..w.95.ybSvF.&..c..q,..R.9Pk.......)..B.V.......' w.s.....>"M<....7.7P.x..).^..Q(f.I>.P.C...w.(...P.y.%.$...r......m.......H..t=).I..\E..........Q.w....d..n.....<.%....d........@bz....;.\...........y....9....=CB.....BLl.....W...F. .0d..^..3O.J.A.....0...8.X....T..s..Q......u<W..G.m..{ S.....[.:q..Z..T.H.nn../...c....}..........\O#K4.Y..5.*....qIhV.B.w..._..s..G..e.2mT....Q..b..4.....bv.....{..B[.......4....W.V(xlv..?...CT.:m...H..|.....m3FY.i. !.$n... .2.......Pnv'. ...*F..c<.Y..I.Fk...=&._.M..........A\....#"..|.2ee...v..J.....!nn$.oM........$..lM..|......]..=.&......`S..^...K..d)...........^.W....l..n2Y.@'....y..K}{W....Z....^YJ..d.1^N..m;U.5.S.M..<.....i.......*|>....R..[...wB.C}.h.o...s_[Y\......a.. zWD.J..w..00>\8....9....d.@..19 ...9?^./qNK....5<..-i.$.w ...!D_.<....#...B4...".2.7........9$.v
<<< skipped >>>
GET /userdata/2014/6/3/18/928824/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Tue, 25 Aug 2015 09:03:35 GMT
Accept-Ranges: bytes
ETag: "9bd4c0ec14dfd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:53 GMT
Content-Length: 2610
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...2x`..[.X/"P..9p.......s..;.*..Y...m......b.c...N...>......8....E.E..d>}.J....<D.m..Q...b{..i...o B5........<...$`...s..=.....l...<...1...G....[.L.(F<.......[|..=..]_..5.&.-....s.V~..]WU........BK}..K......H.A...?....Z.V.c.S.WE.?=-O....\..5....F.=.k.....b.j....&...v....{...iKP.R8.W.~)....n.zp2.^ ..o.4e....)^.'.<5.[............... ..'..[.......I#.y..".zR.vT..e(E....0.F=H.i-$;_...EBH.I.Hn...P..@$..q.~....LN.B.K.....;u..5......M.yJ>\r....5.V.....W....pXD....g4..Q=.k..e._.....3..oAg..ac..:I...u...d.0..........&..DW.W..V.....A..#5...F...-....x.,.......Qz.s...N{.....%S.*..~. V.{iy8..5.G9#5.6M........H......q.Ql.R...........(|.h......Z..y..Wf)C......3..&.t.....#,>n........'..H.J...|.]....b...........E...Q....X......2.:.........I.M.k..'....Wo.-.L=....\. .D..P.I.&,.da.*.....l..c.Z....O-....Z...Yj..c;..>O.\j[M5..GS{.........(...p..........ao%.y-..59....WD.....N..[.....r......~ ^
<<< skipped >>>
GET /userdata/2012/4/6/17/566949/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 13 Aug 2015 16:49:03 GMT
Accept-Ranges: bytes
ETag: "d1efd5f5e7d5d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:54 GMT
Content-Length: 2687
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..n....}...zg..........&.k.GIe8.........x}.'2.]..Y.....u.g.T.....I......t..9.{..#8...."F..1.'......>[..'.Y!......>G...._..4eT.d.TZ....c D./.w...a#2b.3..V''..T........F.A.2.q....x#..c.DV.....%.Kx.r..X.l....m...9..Y.......O,.g.\!.0_.8.........w.z.......O.......q&..X..r8.....9.q. jz.....v1!....h.....O...}.V.T<.Jk..G..z..s.s........ji.6.i|.F...<8%..p2?#[7.:..@..... ..Fq....^.8.'i.*...C...X..p..ed>\..t.....j...V.......re%.@.....5.Pz.;V..0.......L...L.G$s........U5t..s......,.....*[....V|."..$..Xu...p ;Hh.|a~..$[.f.0>b..p.$...I<V....c|U....5..I....v..8..8c...8lb.....h...^.hU.'z..X.:..........=.............:..i.FBg...9....@iI....?..X.......1\..........N..7z........b..-..1......$w.p.\...lTr....$..n.cTb.;.pv....:9..y.SuIKZf2.X.Sk`7........J.q.."i.t.A.q....^.......>...uV...C..|.M. .V....i.u.H....A.y.....k.3U..G9....a...i......n. .*.\(.m(x-...M.'....kQ2.9..&l..........jA..s.....N..93."...
<<< skipped >>>
GET /userdata/2011/3/12/3/295026/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 24 Aug 2015 09:38:13 GMT
Accept-Ranges: bytes
ETag: "c992cd9850ded01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:55 GMT
Content-Length: 15367
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z...........!!!"""###$$$%%%&&&&&&'''(((((((((((())))))))))))************ ,,,,,,,,,,,,,,,------------..................//////000000000111111222222222333333444444444555555555555666777777999:::<<<===>>>??????@@@BBBBBBCCCEEEFFFGGGHHHIIIJJJJJJKKKKKKLLLLLLMMMOOOOOOPPPRRRSSSTTTWWWXXXZZZ\\\^^^___aaacccdddeeefffhhhlllmmmmmmooopppssswwwyyyzzz{{{}}}~~~......................................................................................................................................................................................................................................................................................................................................................................................................................................_?........-X........o..iB..T'Z........z......Y.r....H....6e..Wo..|7g..T.X.~F.q..-Y6q..e.DhQ%O....9l.;.(..k....f.q.\..`>...f.z..B...-.U..7[..q.6.[.M.4......~...t....Y..q.VP-[.i..t[/.4.p..{.k..l...ZVx..l..Uz.............cQ.I.k.3..?Q.;...9n.yRf...7n.....%...d.....W......e......&.;..3..*}..[v.#.?(Ms.3}...4........[9.|c.s(.3O<.|SR<..#"u....Ip..M[..d_q......H3.1.(.. ....d...Lg...O?....;....3K...Z..H`J.0F.A?.S....5.4...L2..S....".8..SO...S.?.......3.'..B.<`...[;..R<..#....S.l....1....1...K..T..T.<.L>...L9...$.4..R.4.dR.[...Y.`9.O...X.D.$..'.4..4...[6f.9.0.TSXiEf.......8..............t...R=.x7.z....-....3.4.Z9"2.c..x.......;.`.)3.$lW?..elX.B..4......x..3..S.'....,...K1..
<<< skipped >>>
GET /userdata/2014/8/31/14/945045/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 14 Aug 2015 19:00:34 GMT
Accept-Ranges: bytes
ETag: "6319a80c3d6d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:55 GMT
Content-Length: 2766
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..... *......*..J.... ..f;K.1....9....2..7.c.....;:.Y....r L...x..m..'7W....wg..Ai ...W!v...=._K...$`... .k.....7.,.|..#.y..\...\.Df.e..Y?..;W@/.....#..j...`B\2}y................Ps.*............!....y2......U)..X~".W..Y..2..H./9_....r..q.].....r..'.8.&...G. ....1B..q..(..I.#..p[...95.j...0.>[J...`..|Gd.kr.z.#'$d....;......yP...p.s.\..k..../T..Xj.....X..B.O_J..;..)...r...?Z......,eh.........8..W.P.&XloV....G#....Z.z..........=..LFG....r>..... ... ....B..q......[..2u...Y.L...~.Y....(.....Y...X............X..$.q...W....z.V.....1.k..M......~\..f..<.....&.q....C...Y.....q....g......t..VG.}.$ 5.....o|R...q..R[`.\c.m....Z....n...q....eKH......f....?N?.....T...1..`.....!..c.z..z..R.....M....h.......\g.f.{..?...u..fxd*..YNW#.5.]...3I..Tga....Y.l....gt<$.S.O...U.k$.;.nuB~.......vZ.............NA..k...E...^.XF.*<..$.... ....jR...C...n......,a......Et..W.S..{..IX.0.nN6..8PG|n...Q...oMI.H..YxsU..K..
<<< skipped >>>
GET /userdata/2012/5/17/19/587037/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Tue, 25 Aug 2015 10:48:36 GMT
Accept-Ranges: bytes
ETag: "8a96749823dfd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:55 GMT
Content-Length: 3287
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......j.......o4..H...O$.....x..!\.o.FTc=pO.s....]f.....N%.Y.....>...v..O.M.i/1....$.?S[.W.[R..eiQ-.'.^Q..8.f .r.~.SLj.o.v.../.\...>.c...bxt.......M).....S....zS...gf61Prh.....ior.A..&93.pH#......C...s&y..5..<.....e...o..Bx ,av.......ZN....N..^Ht.."Y".8.'..y8...o..'.......Z,...@xf..h......c]...ik...~./.5......%..m.Y..NA..:......1f.t.A.i.s..5r..:bXD......[8...?.S..e..Q....WOcl.....r.G\i......sBM..A.Rx..M.._7./!f.....z.HW|...@.f.7.....L.n......al.;.".#..........9t.Nm..f...Uny......K._....$Ky._....?.\} .......p.p.;0.NA?......._.A...d.`./7. ...?.@.8h57t^cR2.I............$q............V..,.n.k{.....&....R.<.....iv ./.... .....?..Q]....v...!...:0O.ay{6G....~&..:z...R./m....Z5Vc..,...T.;m"H.L.{.....g.?..-zA...t.;..E...n....<2....kw.es.1.v.v..........'`l.z.<...>..s...B-..H....n8......k....j..=....t.V.....r...iJ.....d.....lH.$..U....}.^..\.t.T..Iv..FrO@1.U;5.0..z$Ei.c..1......u..s...,2..[.
<<< skipped >>>
GET /userdata/2014/2/17/21/901570/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sat, 22 Aug 2015 16:41:23 GMT
Accept-Ranges: bytes
ETag: "ce99bf61f9dcd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:56 GMT
Content-Length: 2700
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..V.(...(..|./..I..Iu..Z..RNRF....9..I=...=2..s....5...c.n....s..5..............h.#i(.a.......c.c..@.-.........[..ns..~.. .x.=A...g...@s............,JB..jb2(...Q.c...-c...O-.2..B...g?.:....yW._.^....=.L6..5.o>W....3.F?Z..X.Y...!d.G........|.}...i.mf..z.....?...|-IE..QE............M......)W.N..........<..C._.[j3....... 08${....d....2q.i..m.... ...P.~.~.$..d....*....p.Hx..6..ON.hP.{...^7.Dx.]..7.M.*.jvW.#.H.)..w''...k..9%......p...<...=G..j.Q.6KU.(V1...........|..E.P.E.P............g..j.r....(.nR.>...........?...D`^=. ..9'...7.8D?.|'....E....y............h....<.b..z.g.....M.v..~A.... .X]2B.....g....>...Pk........).........CH.d...........`R..FN....8...4......]....G..6w<F..c..p?.Z.....-4..........4........n.:c.1....'.m..J.*=.r?.b..$.*......7}.............l......m....Q..fu......63......<.6.4.m..\.......!.wG6. .M..y.%.lW.Z......G..........FA......|P.....-SR.`...6.....VH..X..].....,20
<<< skipped >>>
GET /userdata/2010/4/26/21/1705/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 23 Aug 2015 16:18:27 GMT
Accept-Ranges: bytes
ETag: "db95a157bfddd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:56 GMT
Content-Length: 2135
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(......Z.P.........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.................................................................................?.......k..........2.....Rp.8.-E0X.r...u.>...q.......w .......J.<....4....;q.....u...Y...8.S..WI..sW..$..K3p.FI>..i..|Csn..m....r..,..t.0.....|U9...y..wk......-..w2..*..IS......x.Z.[t......wv..........S....C.Z........$ne.*....;...k...d.8.......^.....C-.'.....fwi. .|..h~.......B..Y^.@\...B.ppGl..H.>......B..7.C..$.6.n.n...q.....~*..5 .g..q*.fr..;.<.@.O.f..........c.$.$L.3.....m...|E...$.n.l.....33. `X..i m..i/...n%...[.....qm..'....z...8 .zf........qS..q.......j10....R.;0P3.I...]......dKK.e......t.......G.....MF|...?.......X..ND8$).Vh...G~....'......#..."..hY...;......9.......\..|k.......K..l.h..n.....T........W...5sxVgB.....'.t.7..K..#[\....>v...*...T....k..6.ea....NOZ...-..... .=Lf2.s..O.....P....W.=j...t..n....WA....v...z....3.*....en.i%....t...a]...$A..s.....4.-.Ir"i[....O...c.@9..c}...y...>E.d..\..|.........6.[.R.w.......5..E.].h%..B..i=....{....E......1c.`~.U.W.s\...). ..y.....}~.nA...$...[zf..x. ..j7..XA.p9.<}Ew>....=j(....*...~...(.._^..F~...x..P. ...A......pF...........$...<..^[.....u..7.[......a......e...* mN.NX.|...k`..Q......X.G...h.\. q.......P[.@L....s...... ..z..9i.....W..X.sp......3... ...=.k.M.....Kt2..]..di'..6......@.....]..7F..i....[..H...I$
<<< skipped >>>
GET /userdata/2010/4/29/3/2838/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Tue, 16 Jun 2015 10:09:07 GMT
Accept-Ranges: bytes
ETag: "f46d447b1ca8d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:57 GMT
Content-Length: 15342
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z.............................................................................................................. !!!"""#########$$$%%%&&&&&&((()))******,,,...///000000222222333333444555666888:::;;;<<<<<<===>>>>>>>>>@@@AAABBBCCCCCCEEEFFFGGGIIIJJJLLLMMMNNNPPPPPPQQQQQQRRRSSSTTTUUUVVVXXXYYY[[[\\\]]]^^^___```aaaccccccggghhhiiijjjkkklllmmmoooqqqtttuuuvvvvvvxxxxxxzzz{{{|||~~~~~~...................................................................................................................................................................................................................................................................................................................................................................................................................o.....J..&9v...N..t."}z....Nn..1....$F.....L..k........!@x(QHY2A<JP..@.Q..f.X."..[.<.:up.4R.\...C......s.n..`.DQ..f..*].xy.....-.....[;s...(.......%........p.q#....L.zD..US.p..2C..;...K....9.....$I.$H........P.PI..];bVf.X....K...a ..c..<|]a..'R. ...... W.\m.!.S...>..c.O.,R....... ...T...0..3.!.;.$.F.; ...NH..2s.e.........`Z..y.I*.x6.-.......w...L...c....C$...7.p..H.e......./.`J3.....M...3...Yu.....?....9...&.].M8....1..!.?.....?....[T........J..B.HDd.....B.".0.(p.1..Fp.G3....u...#S..!.%in..)..B..{....>.....]..D.M8...2,Z.]9..$.3x.B.#....k..F.S.@...<..u.v(..#..iN7.Q.Z.L3M*n.../....#^@1..^.8D]>.;C.3.`..@.p..>.@C.3.pB.J....?..B.{D.M .r
<<< skipped >>>
GET /userdata/2010/5/12/13/14411/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sat, 15 Aug 2015 12:14:58 GMT
Accept-Ranges: bytes
ETag: "47e5a6054d7d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:58 GMT
Content-Length: 2731
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..^.O.....^..{I..i'.....Q\..,....s.{/...u...b..K..8..W...E.E..e...!......~y...@..o.._i...KT.VE..w9B..H......$....|1.H{iw.s.......c...5.....m5..E..Q....>].:..q]..l..h..<.AH.NH.]...\~&.>T.O......&iV..v.....PZ1..5.M.].....,..d.r3..{{W...Zm.PKq.y..)v.i$n....\.....6...Gm.......w.w$..su....t_.O.ir\J...S.?68n.......cN.J...|y...t...H[ .[..4...c..92...9`[.~.k..6Y...]....W.U.6........0..../.....(_....B>.....d...nC...j...P.y$b.?\w.J..< uy.Y..S..d.......k...|6KMOT....t.....yf@......}(.....oF.....H .F.uU...0x...1]...uo.\"...fi.9. 9....:....m..."i.i..rK.....t..-....R..>....]k..[$...I.M.Z. $..@ m#8 ..:.`...<.,..b.GY..4..O$)..8...W.h^7...qk...(|..re!7.t#q.?...?.......]Y..P.r.7M......W:.....hJ.9..9.3@.Rx...jxj.P..T......%@.N3...^.. T.S..uM........9..I....yu..."KI.%.......}...Z.|../......,........O...>..u....O............3\i.....Q(7W.....F....^.~5..T.-.H.X................*..x.6.....=...|../x..M.
<<< skipped >>>
GET /b.php HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ec.pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1; CPROID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 25 Aug 2015 10:59:16 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.0
ETag: 8138C33758309AE6FF4C222F3076C661
Cache-Control: private, must-revalidate, proxy-revalidate
2c..setEtag('8138C33758309AE6FF4C222F3076C661');..0..HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Aug 2015 10:59:16 GMT..Content-Type: text/javascript;charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.6.0..ETag: 8138C33758309AE6FF4C222F3076C661..Cache-Control: private, must-revalidate, proxy-revalidate..2c..setEtag('8138C33758309AE6FF4C222F3076C661');..0..
GET /js/jquery.js HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmiko2.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Mon, 16 Feb 2015 18:23:43 GMT
Accept-Ranges: bytes
ETag: "80e1b5b1154ad01:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:36 GMT
Content-Length: 33466
.............v.F./.........R..DIN.v7(.....t..cw'i....$$..H.7........ .....P.A.....;.q).u..y................G..{..=:...]/-.G[sS.&.."............o...(.~...........w..(.^..Qt......jq...q:...z9 6.:PN.ip...Q.9..*.....;..w....(J.......7..9..Kcy.e.&>..io./gq../.w....z....}.z..s?.gQ....'...Hn7...}.|C...#j.[......6..wY.f...6........l..s.]..f....n..<z...Y.mo..7~....e.Z...........74...n....z...*.N$;=iY5...3... ?9*.G1OL.N....x. .........<...0..AZ.6..6.H...S./^ .t.u{4...$..;..z.T...StO?...N.!... Z.......[s!...Gq.~..O.Y....w....b.. |.p.%...F..xa`,.......*.._f...Izi<....mK.k.cHIl_..B.I.m......44.E-.T..&Mw$..rG6.f....:.I.~.....gu..m.d..?.r<.....\_W.<....m.@....U.o.gez;.....'.....~.|..a ...f.b......bY....B.............7....W..j..g#@_.\...)5...*./...a.....3i....A..eo.....5.....>V......;;P.{..q......CO1'S..|.o......f........)..4.e...<.........~...K...g.5.*..f.`7a.s|....%......vJ....\..C......v.,.W..........{.|5.....0Ci$.`....^.V)..y...E$4..WR..o...=........]....7..g_?....x.X,...1. uaNu...Wio#.|....b.....M....{...z....v.y:.....x/.W....x..n1..\q.|e....%...$.5.G..zt.....K.-.lhqi.b|.K.SW.....tU,y4=|...............j.|.....t.....4.k.....]P..E.y....{........y.z2.5.h....#.{L.4V...7....;..*\ g..g"...........a...]ZB.N.y..,h.&... .0?9....a>....7.B.$..c@.{1.}...... ......P..=.Y...b.nbA:....88..,......".M......I.L.....p<B.;io..8. .#.7.... g...J.~.....w=..v......Q._.p./?.....JS.. .....VM.E.._.SY.....2`O.......<..:4..7^.|.......B.n.B..n.".0..h..).q.D..?..io....T6<...)QOA....#T..@.....X..H&`.?.xI....u.#%....W!
<<< skipped >>>
GET /sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.7063.7469.7469
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidustatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 25 Aug 2015 10:59:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Fri, 21 Aug 2015 15:41:51 GMT
Age: 97551
Content-Encoding: gzip
Ohc-Content-Crc: 327863765
Server: hkg01-sys-jorcol10.hkg01.baidu.com
37d.............VQo.6.~..`.. 3.Z.=.v.......d.C...E.mn.$.T.....QtmI.\...lQ....w..9z}.qz....,.*{.j...?..h.2}7..GC...:...V.]:..%...... .. .;=..*.......s#W@.d^..."',..[K.i.P5-T....e@:....1.k_....V..u."...........j...9......(.....6".........0.T...kc.t.....z..D.p...Ow0..:......(..H.u....^....aq.P2..<.N./$./.../......o8...@1%v5........I_.....%..29...c{......./=....# 1.R......Z%`(..k....E.....=9G.".<.n..X*...GH.6.G.R.S...5Q.eR..-...!..zg#<#..S0.z.sV...W.......|..lu%.s%u.L.z.t..P..*.A5.i.>...Lv%.s...I...63.......P.7....." ..'b.....Ub.ao.XI..,9L...2...dBRPE.../......#).,G0..1h x......I.P.r}(..L.E..........u-7`|.].&.X...f.,F.g1.(Nb.o...R....d........2:...xyN.1.dnZ.N>d...z.M.........H.N ....;g..t.A....j.9!..........3..^&.....ZoZ.M....G..H...Jv..o..fz.Q7....-...W.....,..y.v. ..../.i....1...s..>....[.&.u.?..6...*....3.q.../.;.I.|.o..>.I..Rv....c.)'.v.2f.Q&.98..L..C.......Uc..kh....ps}.WZ..............0..
GET /userdata/2012/9/18/7/713022/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Tue, 25 Aug 2015 03:24:06 GMT
Accept-Ranges: bytes
ETag: "76a6ce7fe5ded01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:43 GMT
Content-Length: 3285
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...q......X..j:k.*ef`...W...b...9.a.|[........U..{.F.So.......I...mu.KN...n..!vmt<q....i.....b$...i.Nq#...WS.Nr..Uf..b.|u?.<C%....B......u.U....N.s..\g.....j..0.K...?.....#h...a.e=9.....p4.I..|......k......~PF@...9:YF..:J.Z........n......G=k.Y-..eMF.e......N ......5g..GQS\.I...:H.J.....G._,.....G....K...w......#z..l..@.w...:.....:.\].@9......@...|M.k....h..vFT}.F~......&..^.MI.!.E... .>_.?..^......'....;r.....;K.|....<TZ}......~."....*..t.3......xo].....u.....]F....J.*.c9A.`.8...yN.....af.Js.xZ'.o...... ^.I.0D..u...A......9.}3..S.\..n.....Yb<. c.P...}N}.`....>...v...>.ZSl.....f'?x..8.......x.mWRy..D.Z.. .......\u.........f..aI.$.T...:g...^...q...M...a..,....=.....'.^uy.Ul.....I~?...w.xnV.....'|l.oL.S....o.}]v.$r0..W.?..3..l...(..#.....y..#..c.....r..[C..u{y.....d......sU...u4..;.$.z7.4O...m..SM.m.1.V].ao...6....... ....-.E...P.0....t........O...4..N..F.......,c\.....[......>NV0
<<< skipped >>>
GET /userdata/2011/11/6/10/442141/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 20 Aug 2015 17:15:43 GMT
Accept-Ranges: bytes
ETag: "24c1c3d86bdbd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:44 GMT
Content-Length: 3072
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...?.e....~../.[`.9..`....w.O....r.5..y...3.9.......q...1@......J$..L....|......?...H.#.M.,.K.........>...J.7).......Aej..\6.:(^..?Z............|.Y.%`..".....dg..q..&.BK#,.......}2.Q.h/"I.n.....y..~..o.M*...R]..%.:....S...>sa.i..Nk....YD..P.P^W.0..g......8.No....4-.{. .V.|....L..n.P;s...@<....h.Z...h#..y."...`0..g....I[%T..F2...5..........".u$.....U._Ta.P...QE.!....L.C..q...J.p..A....n.....}o.....j...0.K.]...K7..V...9..3F...q.........B.f...Z.....H.$. d... .D.....W.a....c\9@3....~..:}A.....k...*]..... ...t-....^1.:W...U.......R$RI5...$...'M.@k...a.j.. .$u...=. ...R...Q.<..DQ.bN...|7c./.x_M..H..8..&6$;6...GVc..j.....k.6.5p.$dyJ.J...(..I=y...M.9.dR..0J..8.2G.......kvF..H.C8...6..8......9.(.IcY"ux..VS.A.A..].X...."dUb..........P. ..1<.. ...=...zP.Y\......s.i%.b_....6.&&.~$......M..]?.......^g.M....2Z...M..Cin.......zFF=M.x..[....h.d6.iH.%%A?1^y.s..8.k.-m.{..>e..i !VvQ..r....W9..O.E..6qHd
<<< skipped >>>
GET /userdata/2012/11/26/5/741147/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Tue, 25 Aug 2015 10:00:04 GMT
Accept-Ranges: bytes
ETag: "280d8d01cdfd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:52 GMT
Content-Length: 28117
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z.............................................................................................................. ""#$$%''')))))**** ,---...///000111222333444444555666777888999:::;;;<<<<<<===>>>>>>@@@BBBCCCDDDEEEHHHIIIJJJJJJKKKKKKKKKLLLLLLMMMMMMNNNPPPQQQRRRSRRTTTVUUXXX[[[_^^```baacbbeeefefhghhhhiiijjjjjjjjjkkklllmmmmmmnnnooopooqqqrrrrrrssstttttttttuuuvvvwwwyyyyyy{{{|||}|}~~~...............................................................................................................................................................................................................................................................................................................................................................................................................H.......2`.."Gx.8.DM.8s.........;..0A...;.S..h.....n..A...^..i.FM.!| ...r S&8X>.....Fg.n.20........q.OJy ........&...!..8jLW.Z....Y.D.....\.........-=.R]1b.@.a..c....c..`....6...2{....,.r.Jd.U.........b,Y .02.q....MA........{....y..A.WO..y./2[..X.Ex8...<N];s....." L!GV..1EJ.......E(.1F.....Pc.O..#....S.3...O;..R. .t......Wy.........G0....K`q.~@..K&`. ..;.s./:}f`...V.8..........k<.H)|t..-.a4........h..~.i........0P..:....3.`4......6Fdu..,l.L(.8bE(.4....U.%.GD6]?.."..YxQ.1g...3...[..$.',\.p.1.......aQ.....%V.~..J...Y......gt.J..8..5....S....9.,z.....I*g.r........T..G>p)D...S.,R..PV,."...Z.. ....3....5..`.-.........y.ni..,.....}..t...K.$H..1..!.'SxQI ......$.
<<< skipped >>>
GET /userdata/2014/3/10/13/906768/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 15 Mar 2015 08:28:08 GMT
Accept-Ranges: bytes
ETag: "225fbbf7f95ed01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:53 GMT
Content-Length: 2135
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...A..?....y.P.^Gz.h..$S..........#..W.x.O....{)X....pq......i.o..d..:v..^..t.p.......}...5.. Y.4>G9....Y..o..m.`.c,.......{zrk.u.)"V;HP1.c.;..^".....*$F..#.9.1..........j.n.C..I....*.T...&....8R.4t.....n.);.s.?..@.1.?.Z.l....U).........)M.]Ei..!$c.......y...3....a...O;..9....z..y..?!_x|)......`.@l..c.$aNNK...8.'...Y..=*;...[....n...........,/.n.t..I..sR ..B.N....i..v.v.rbRO'.V..$..y.Os...2Z..O.]E....=A5.{.Iq#<..9...7l.4...e.../...Xt........%3............a..1.J.r~O.."..SW...c..W...".o.^.q-.4VV..d..gL.p.bFG..s...8>...._.?.<.L.&,-.G.o..,d.9..^?*U..:i...~xu.SDN.^..{.i....-.M.......;V.x......S.R..k........Vm....K.\v.I)E}....f......=kX.t....r1=wT7...Z!|..SI?..hZ.....~........1..]>...S.d........_....O....g..8.M..P....g?.n..SH......)..PF....Q...{.I....E b.{T@...S..a..J.kB]...N'.E.$...Tn.G..l...U;...R.B.jP..Pie.)C.E=..J.p.. B.XW...u....&.H...;..........?.~|....O...|/..Y.o.....q........TVz"....H
<<< skipped >>>
GET /userdata/2014/4/23/8/918845/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Wed, 13 May 2015 13:25:42 GMT
Accept-Ranges: bytes
ETag: "7f27754f808dd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:53 GMT
Content-Length: 3652
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....\.n.......G.._.....1.[0P.. g8...|A.to.*..C.N.zc.......-....$..P....@..4.1.Q}..'t...j..".C.... ..jk(.I...I...5._..0..ws..f?7VE....Kl..nG.9.zP.O.G..'..HiC..VU.N|......._...I<..K..N@'...[......7I5.....g..=s.....>..V.4...u../..[h.........X.3..j.,...S.H.2....tB.A....#.......q..4{.9fP{.I.....W......4..Z C,.0.%w..6...N...3.n.H.G.........v|.-..77'...O!......{[..%$...=9.].....>..A...G...'.1....1.fu|...8.........:.__.........KJ..)..1......:..>.y}..1q..V<.....h..8..<.Oor.E!`..r.{..=[@.....I.q...|...Y.\.... .!.^.Myy&.. .8y..lp.....OQ....a^..1..u........t...$PVK.........".[.O.(.s}i....k.F....,..*x..r..A.G..|.....0....j%.L...FY.a..>...A.L....w..`.7....iy..$( .s....W..yo./..|?.t..o.d....$....8.921.6Xp...I. W.n.uod..s.mw..hc,.Uay.~..3...t...u.....h.L.C.ZEp.*......w.q..t..J..G.0....*.. ...?J...n...[Q9..TLv........q.....mCJY...t..[>D........g.78.NG8...-....s]n..I.j.ww6 sg..d..f].eN....c.....
<<< skipped >>>
GET /userdata/2013/10/29/21/870006/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Wed, 27 Aug 2014 16:21:32 GMT
Accept-Ranges: bytes
ETag: "85e3aaf612c2cf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:54 GMT
Content-Length: 3009
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..]...<...f..Eyj'..T..K......x...kdp....]..qm.......^Pc.9.v=.zT.wf.... w...rX.y.5.$....[v.....4p......xv}..E..I;........NW....Id..F.v<..}H?..fEx..C ...A......N9...W?k...$.-....t....VU`.$oF....T.....g.....X-.......-..U.x..O...m3. H..J....1...a.9.W.xb...].2..I....@.q^...5[xr....p9..&..M...QN...p....>.....g5Ij..<?....C...J.....5]'jD.z.).@H'.Q.........^o......rl. .<.'#.T..Nq]..t..nE....#..2.......<....-j|..-2.8X@.u.?9.~....x.....k.n..h....A..5.~8........n.J....W...@....8....M...K{.3.H......}.V.V3....S....Y..u..5hn..ki.H.eY{..............i.B.X....E...).!.$...4.Z.33..A'...5.D.sP...j-.....}.d;.q.......<..9`N..s...z{.mGJ.H.......4g .......]*.L.j....I9l......u.an.=D..=k.W.b.O.@..Q'"....G.'#.>..O.p?.?....T`..........TMf)^I.(..."|.......?...Z/.o...!.RX....w..r{.3...2i...2.<....-.0...;...\H...p..s.a^)qksm.oq...0......P{.. ...=..Z.4.H..M....?6.n.'..<.Yqhs..j.N% .c.P........z.q.....m..
<<< skipped >>>
GET /userdata/2015/8/18/4/991533/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 17 Aug 2015 22:18:34 GMT
Accept-Ranges: bytes
ETag: "f73e0a73ad9d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:54 GMT
Content-Length: 2927
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......n.l0...."..2Z7b........p} ...gwi.A......f8..FF[.p>r.....~..4..o...%a.nR.....[.....&.....6...x..'...6.. .......Z3.#Ijy.0..N*x.CE...=O.4.~fV.6O..2....t ....fKt;Z...8....58.u....P1....\V]..E*...n.c ...w..=.Z.k.....Dd..8.8?.(..r.Q..).Ppx...G.V9(....*/.UV-..J.Q.....#u.g.......M...........s.1Ms..&8.'.q.G}.....O.X.u...S.c..S.~.5......m.e.....#........ :..X.z...k.H. . b.....,.e....FA...rH.\.h>T_.Z.aC.<....n....'8...if...H.$B...K..}.3...V.":.....8.t......s..... M...?.-..m%u....x.....g5..?..K.6.l,....-.vm...9.....Dn../..J..x...V7rK.2!\...,..R:.=....>.b...Ic..s..Q).MN....(..._......Gm..;~.......X;...pq.......w.j/...[..%......2g.w.mc.>.#....]&........8n<......N...$........W...\...GQI...t....x...... ....P.P.8..... ..9.<...t......i....2......W.Z-....-..}.Eu4.[....geV......|.....x.O.hZM...k..H.K...a..$.b.H.e..@..5..i.zl>T1.o!.1...ZV...@.N;.53...1iCb...1PY.....&..p$...;rO.]....2..P)..c.
<<< skipped >>>
GET /userdata/2013/6/1/3/818513/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 09 Jul 2015 14:22:11 GMT
Accept-Ranges: bytes
ETag: "6b4378a552bad01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:55 GMT
Content-Length: 44596
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z....................................................................................................................... ..!.."..# !$!"%#&&$'(&)*'* ( -*,. -0-/1/02/020130131253465776988:;9;;:><;?==A??CDDGHHJKKMQQQUVXXX[YZ_[\`\]a^_cb`cdbdfcdgcdidcpeaqeaqgbthbqicnjfmkgnqik|l..u..v..v..un.o..x..u..{..|..vo.o.....z...~.{o.p...p.p...x.~p.q......p.qq.uq.tp.qp.rp.q......t..t..............u.~u.|...t.x...t.w.......................................................................................................................................................................................................................................................................................................................................................................................8....%L..2...O.H}...Y.j..\........y.E..%L.0.\.R..I.$):d.P.Blr....'A...p0..D.!B.|.5...O......#..oryc'..,..0m. v.JJhe..yS'..p...`.(.!T.|.5.........g#..{...W.p.M.#K.....C.i....n...1......2...K-...e.......,l....Flr)..S...H...n...M..B..a.....u{..K.s.K.2}s....KT........."E7.%.............4h.]..v..Q.....L1.y.......y....K/...g;}&..G....^}.......u.a.M5o.AQI.m..,... ....^.j.bSr.}8....r.'{.../..#..)Z..v....j".(X,.X...c.H.z....".......q.Wox..=S^.......,....;.QcM/...h...X.z.b..r:..A.{()..]...n{..../...;...M1.&.j.;B.X!{.Pb\...U..&z..m ViO5z.....xS...@....>.......L.qX....p.1.......R...@.K..RI*6.4....<k....j.....d[l..B...).'.....Z....y.(...\)JJ..7..k.&..4......O..a./...FD..B..].h..R^.*n*.H..@.. ...Yr[@.uE
<<< skipped >>>
GET /userdata/2015/7/25/16/988694/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 27 Jul 2015 10:14:23 GMT
Accept-Ranges: bytes
ETag: "38cd84255c8d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:56 GMT
Content-Length: 3476
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..V..r*.y.JlJ3^w...z..|3e'...uws... ........p.....9.....<..JV`.x._(..'../.....9.$Q ../!..O.....|...y'.<U...Ri..[..]7.i.0:...@......pA. ..._.......`...-%...[k.}....}......z.V.$.K.6C.M7........\...:`.}-....2.Rh.H.20.`x4......j.......)..j.lhGZ.~".[.....n`.............<W.\.M.lnDW.d.....Uee'.....x.R.U.D. X.....O...8o..cW.o..F.j`..c/j.c..O..E.2..8~.<......ur..,.H..j......W.Q.]\X.V.5.........<|.H8?7.Q^ku.-G....-.....F...??.......1.....[|=.%....h.......5....1<.Cqs.(..S.Q....... ........[.......o.........=3.n......l....N.m.e.I.."n....p...Nq@.U...6...5..=...8.....G$......0...e#...%x.....%n..gw.\..v...c.0.b<..}.... d.%.=..I...h....4...\..).H.h.....)V....,_.V...q>"...t..[..P.... .2J../Rrq...u...7......C...3..5...E....B.9.bs..W....W^%.....m....OH........=.s....h...~%....-..<..aM.1. .'.E....5'..auq....C...\].x....`P0Ufbx..d..z.....Ioiqu.}..f...&.-..V8...J..{....&D[av...2_.`. ...u.w3...5_.
<<< skipped >>>
GET /userdata/2011/6/14/2/356144/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Tue, 11 Aug 2015 06:44:23 GMT
Accept-Ranges: bytes
ETag: "7e73af281d4d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:56 GMT
Content-Length: 3617
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....go0..2:.CD?...H8....L...R...M .%...8..M%..IoZIE.b-.!R"$z......z.......e...$HJ;..v..}.r.....P...-.jv.X/.;..m.Q.i.....8...........Z.. vS).Wvh...........7..S......>..e.>.j..Ki..........*..@....c.`.5.~$.nt...%.. ....d...0......\W.JnIjc(.y.....4.{.#T.......L.%...,Tq.9'ql...-...:<..:.. mb...t..=k...s.A.\.Oz.>4B...Y.T/...9.V .89..h..&..G....I5.;..o.A.[$...YP...0....d.9. .U...%..>...._6....).wu..dWx.Bq.A.A......>...oV[.9.v.....J0.?^..W.......i&.N.....f--..nC..a..J..8. y.Kc..u..t.I.k...FGO....M....^Y.F-........,6....&...[3...v....8.W~t...KJ.$..!V..S...I..w.C!..;y8.Y.......... ..9......-....7..?......PA.&....U...........<).m..*........ip..Z4.L...QeF..a..;~.m8-..F...'.-.S].-1../..$........4l.l.-v(......'.}...u&9...X.!rI.....5.=....x...xDrF.9.V!dE..3.....8.>...8....q..c.w.O.#.F.Z...n.p29.._Ej1].p.dd.P'.deT.._o..a.....A...;..3....y..-......*[....c.X>;.c.|..Db..........:..8?7.....w.)
<<< skipped >>>
GET /userdata/2010/4/25/1/1066/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 10 Aug 2015 12:46:48 GMT
Accept-Ranges: bytes
ETag: "6f607f9f6ad3d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:57 GMT
Content-Length: 12060
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z....................................................................!..%..(..*!.,"..#.0$.1$.4&.6(.7(.9).:*.; .<,.?- @/!B0"B1"E2#E2$F3$I5%J6&L7'M8(O:)Q;*R<*S< T= U>,U>-W?-YA/ZB0[C1\D2]D2]F4_H6`J8aK9aK9aK:bL:bL;cM;cM<cM<dM<dN<dN=dN=eN=eO=fO=fO=fO=fO=gO=gP>gP>hP>hP>iQ>jQ>kR>mS>oT?rVBuXCxYCyZCzZD}\D._H~`K.bL.eO.hS.iT.jT.lV.mW.oX.qY.rY.u[.x\.y].z].{^.}_.~`..a..d..f..g..i..m..m..n..p..q..q..t..u..v..u..u..u..u..v..x..y..{..}..~...............................................................................................................................................................................................................................................................................................................................................................HP.....*.....{...K'K...a"....#.. ...Y.!..(I.4i.........&...0nn..%M.H..j..q.A.GM...p...H_..Sf...<........7n.qS(..t..B]...S.0....B... 0t......'J....G.1c...2f...JK..l...q....[B....al.Q....}....f...]..q..!A..K.e./.3!i@t(a.._..K.@}....7..H,....id..m0!w..#...q.F...&`......ao,.A..a.B:o..d..-v...D.Uf wF.c..~.0A...P.i6..B.i..F..f...Bt.C~.l...K.0C.ct..Fm...B.eq..zu...*|...=d...:....]....i....%....K....]....a....3.e.?...Ag..&X.*l...k.1..Kt`.W!.x..].0^.6....:..F&....H..!.p.b..a|. ..Td.......a...C.W....,..C.0P..8--.Z.?5....%....N.....e...<....:.AE.c....,p..r0....a.(.Q..Q......i..1F.i ....*{..,d...~....K..C...........}M8C.]....-RA..y....a....,..B.w.`....`C.b...
<<< skipped >>>
GET /userdata/2010/5/10/23/12850/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sat, 01 Aug 2015 03:18:53 GMT
Accept-Ranges: bytes
ETag: "ebd4ecb8ccd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:57 GMT
Content-Length: 2712
......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....r2l`..w.......OU.....gy....J....I.....>...Xu%.W...R.......=...[.....k.............k.xkV...k...t..%..).F..p.3..=..'..~ .r.....f.f.ky...T.........G..z...O.^......QIaG......<g.{.......u}....w2...`..g.........%...c....>....PYD..daw....`%....y...V.2..S.{C.I c..c..0.r@....%...-..g)^.'S.kF..............,.....R..D.a.L.<.e....L.'<..g.-{J.-o.....F..>.c.....{P..^j..l...X.A#.C_,.o....%......$.`.<....'p..v..2A.._@xz{.}*$.|..<...V$.<t.v....'............}..../.....[u)$...2U.O.A..:g..[q.-....G>.. ........}.?.B/..9.h...o.|I.*....:>....'V......\..!.*.A...........$.D...,...J..@[.=....CUy.V........o.......&T.am[%K........?..U..xGT..l....sR3..sjQ.....<.Y.~^..8..E}?>....;...s..M.@.....T.z...1..<....u.Z .Z!ms..l0.m`1...>...n@..;=...X`.Up..W#.D.Q.t.[......k...x.I.W.N.Y.m..9.9....s.g..{.......V.}.$......@..wg.Q<..Ry......?.s....m^......9..m S.F.........F;{1......S..h..F;....
<<< skipped >>>
GET /userdata/2010/4/27/2/1863/image/head.gif.small.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 16 Jul 2015 18:32:45 GMT
Accept-Ranges: bytes
ETag: "cef513cff5bfd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:57 GMT
Content-Length: 13874
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z..%%%%%%%%%%%%&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&'''''''''''''''''''''(((((((((((((((((((((((())))))*** ,,,,,,,,,,,,,,,------...............//////000111111222222222333333333333444444444444444555666666777777888888888888888888999::::::;;;;;;<<<<<<===============>>>>>>???@@@AAADDDEEEGGGGGGHHHHHHJJJKKKLLLMMMMMMOOOOOOPPPPPPPPPQQQRRRTTTWWWYYY]]]```bbbfffjjjlllppptttvvvyyyyyyzzzzzz{{{{{{{{{|||}}}}}}...........................................................................................................................................................................................................................................................................................................................................................................................eK.,[.hA....N..I....$b...yu'..<[.4.....Fx....D...%j4!..F...JD!t...:q.|9.ea.,Z.....h.(P....g..s.(=.......~.{.,..9.r.[....$Dj.y."F.(b.p..!..;?.Mz.FL.-..F......PE6..Dq.8n45.w...6w~a..F..<..y...^.v.b...$.K.%>...'..1=`. B)..:s....EL.$O.#.;....M..1....H.......c Yw...QBL.8q..ytg..8h.........|PB.9....=D0...p...s.A..hLG.Rp.0..p....].!.$.... oD.H0ut.....PB.Y...JDL.[.2.X.n}........"....."..E. ..C.5..!\O....n...,..cN.l.AH(..q#.0..A.H.A. P..[_.....5...pH..c.^ 2.,..BQ.D.%W.vq.#\H|a.#...K8..2..o<r..H..c.!..&..D...}E....?..R.3..C.v......B....hW].n.(.^l!.....O;...H(.<..K<..f.,...........;`LH..G.....*..A..T..g..Z...9...&....'s.A. oH.nn..{g...y..1..B.Ot...%........%p.
<<< skipped >>>
GET /data1/p12/ku6video/2014/1/22/2/1395667510432_95415401_95415401/1.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vi1.ku6img.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: NWS_Appimg_HY
Connection: keep-alive
Date: Tue, 25 Aug 2015 10:58:12 GMT
Cache-Control: max-age=31536000
Expires: Wed, 24 Aug 2016 10:58:12 GMT
Last-Modified: Tue, 21 Jan 2014 18:48:32 GMT
Content-Type: image/jpeg
Content-Length: 8497
X-Cache-Lookup: Hit From Disktank
......JFIF.............C....................................................................C.......................................................................c...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....C._.7.w..(u?.~../....[H....Dfb@B....'..<WK...&?............y...<..:..,.)..H.. ....h..-...O.<5z..-{~.........xp....m.....d..rU*GZ.%....kxWt..w.@.?..&s.....e.6%...?.<......c...YV....`Y...b.......8.o.q...........e.o..[...................sh.-...'x..f..M..'..........5.O.xw.Q.....:.ego.H.M#}.P:..K.=..z..#....CE}:?....V...;...O.......P...3...W..>.U....._.m.. i.g..3*F..f$....}..O. ...[~.....kq...|.....$..zn.$.F.?6EP.rV0]...'.......%?....<5......|P....qo.XxZY"...l0.....5.................O.'/...I...}&..M?..o........9]..\B...mW.\o..A........|S...{k........j.-....".n.Gb.8.F].Q..".|y.7...............Z9.on<;....dh..A........Xs...../....~,.j.........i:....~).[.....Gg..e.V......m.c.....s.w...J..Mx;......P|h.W.............d.?&G.F...r.M*..2l......x.f..m~m-{..{...ku..J....?:...fO......{..!..51....q&n..F..a..'].t.d..4>!|.....K]k......j...a}...Q..0.O.#8...5.......{..M......&>:..Y.....W....4
<<< skipped >>>
GET /tpl/wh.js HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dup.baidustatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 25 Aug 2015 10:59:13 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 08 Jul 2015 05:42:56 GMT
Expires: Tue, 25 Aug 2015 11:01:57 GMT
Age: 136
Cache-Control: max-age=300
Content-Encoding: gzip
Ohc-Content-Crc: 1457426814
Server: hkg01-sys-jorcol07.hkg01.baidu.com
eaa..............i.SI.......y@JKb..Fp.XE..*...{...,...SZ2....~...{.,.gu.}u. ...;.5........d9?;........:.<.....l..}._<j.0.r8[.py..~i.?..-......Iw....-//N..^...H...j^~>...<..F.....`~:.vz......=.{;|..?....pv5.P...x1{4.uOg...<;,....^.~lZ....Z{.....x2.R.......;.N..t...4^|??..B.......7./^..........h2...........h.fy1?=|.;.{>.98..NG....lx<;=\..L..{_.G.....1o.OL........L...'....x.x6...}...~......dv}=.Ng....\......Mk.o......G]a3.....E..h.p.X.......O......C..F..1....y.y.v............l.s....q.3.......Y-.<.3O./..y.g...d..-.......1^_...,..&ewVF..........a.U.......Pr...g-......P..;...Y^|....."i..Z..X...d...u.......W(..tv..<:.z6.......4}.....7.&.....R......3=/..M.rvr>.........L.d:...'....7.....................L.%%.C.PO.T.......6=.J?......x.......f...$c........~8e.5.......X...@.....m.^.(.c..[z..xq.......!..N.k...b...o......N..E..J...*...tw;......S....S.e......{..v....2.^O.....~...k.a..."....jR..6MnOv...S}p.n.[.........i..F...bv...N.-.....FIH..|~]|.]..oO.<...........Wo...........R.X..1;..lY........Z ..d.t...W......t...~qur.....w........!....lry.(.....lqv...<..7Gg.....g..xq4\..._.,[...?....x.......g........|.....3?.:A.}.]..&W.=..W......J.]i...PK..~.{...z_nM.H........7....F..tj.)...3..".........Tz.uo.nG... ..0e..2.|8.=......3z=E........;,........P..g.gZ.m.......P...............}v.Qjy.T'.......S....i.y....,......`|1o..L...........l.L...7.N..T.wg..l.......cN.....L..Q.F..\$......O..l..u[.I..-$.2..5.OE.....]V.1...v:..;.F....M.s...16...X'#%.z_.E..8."*..,J..._..;$........_............Y#....z.......C..
<<< skipped >>>
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 8888.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 10:56:48 GMT
Content-Length: 13171
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"~..7N...O.<y...<M...L_~....I.......wr...7O....o.x...w.7u.l....Yy........m.zt........../..yu..`..e.u.......GG.5.J.-.e.Y.......ui.g3.\.mF..........>....:.>....-&e.Q:..m.l?..............Gi...i...z.........0............G.].i.............?......t;......?.s............./..?.?.............o....?...g.._K......~|W^%...2[..}.4o.u..y<.,........?..........G....?......o........?......w..........?...?..?.O....?.?......o......../...E.....?.?....................?.................=...J......./..........:.(..........._.........#.F......>.(.jy#.......5.0....pw$}......s..../.......G.....!c..(...!=..2..F...P..?.m...._.g.1.o..........HTTP/1.1 200 OK..Cache-Control: private..Content-Type: text/html; charset=utf-8..Content-Encoding: gzip..Vary: Accept-Encoding..Server: Microsoft-IIS/7.5..X-AspNet-Version: 2.0.50727..Set-Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45; path=/; HttpOnly..X-Powered-By: ASP.NET..Date: Tue, 25 Aug 2015 10:56:48 GMT..Content-Length: 13171...............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"~..7N...O.<y...<M...L_~....I.......wr...7O....o.x...w.7u.l....Yy........m.zt........../..yu..`..e.u.......GG.5.J.-.e.Y.......ui.g3.\.mF..........>....:.>....-&e.Q:..m.l?..............Gi...i...z.........0............G.].i.............?......t;......?.s............./..?.?.............o....?...g.._K......~|W^%...2[..}.4o.u..y<
<<< skipped >>>
GET /code.aspx HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 8888.89919.com
Connection: Keep-Alive
Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 1416
Content-Type: image/Gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 10:56:55 GMT
GIF89a<...........3..f.......... .. 3. f. .. .. ..U..U3.Uf.U..U..U......3..f..............3..f..............3..f..............3..f.........3..3.33.f3..3..3..3 .3 33 f3 .3 .3 .3U.3U33Uf3U.3U.3U.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3..3..3..f..f.3f.ff..f..f..f .f 3f ff .f .f .fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff..f..f.......3..f.......... .. 3. f. .. .. ..U..U3.Uf.U..U..U......3..f..............3..f..............3..f..............3..f..............3..f.......... .. 3. f. .. .. ..U..U3.Uf.U..U..U......3..f..............3..f..............3..f..............3..f..............3..f.......... .. 3. f. .. .. ..U..U3.Uf.U..U..U......3..f..............3..f..............3..f..............3..f.....................!.......,....<........L.Hp.....*L.p....n..Hq..../j..qc...'E..FF..&S.\..%..2..h&C...7o.A..d..>.R.8.....E"..3g..N.B..t...F...$i"..`....Q".0..~.x4.-l.j.4...7l.....cK....~uu....}...)...0..-..xiM.`......D..)..(..Z.5k....F..'.....$!o...$d...-Zc.Ll1s^..o.........z3$1rh]w..u.....o.....=..../...hyn.....I8.z.tuJ....]F..u.6...Y-1.G.x..6Qd....s.Mt.$i...]...X|.........6....nY."...t..kF)..$#-.E.*...x$u..a.H.".'z.C3 z..R....Y".8.F....o..U..y.x.L;...v.....[HG]O%......%.E.5..(1. 'u.....8..$pQ~v..E"..j.I....F..[Yq.g.`.E.E....eh.WKV1p.Y[7-v.R".eT.yX.IQ..Y...E..(..2.&U...!p)...~&N..W....j..4.P..tkE..hQ....(.."..$i......X....{.... R....#.\..o.8...;....
<<< skipped >>>
GET /videopic/2014/7/27/2014727172939492.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 8888.89919.com
Connection: Keep-Alive
Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sun, 27 Jul 2014 09:29:35 GMT
Accept-Ranges: bytes
ETag: "b5d676477da9cf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 10:57:05 GMT
Content-Length: 14818
......JFIF.....H.H.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......P....".........................................K........................!..1.."AQ.2aq.#....BR....$34r..CSTUbs....D..].................................%......................!..1AQ.".2.Ba............?..." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""....(.>.. ...kT.._...y}F......q.. -CK..%..u.......%-{?....ZgJ.l....CT. .._P!.......H.9@..-....6...~...`...Xh.8.....lg.V:7<d.....lP.......p...z-e.K.pE.....i.r.|S..n.3...c..l1....-&;..w.....x.#y......~....4)..v....p.!......P.......' .,.......1.m..Y..../.....F..l&.]./...E}.o.Z....6c....D....WV..i8U..d....L....3^#.j.e*..... .8..W5j.tM..mL.>..V/.....l.U...nB....`U\.tRz*.-q.......N.O8......:.2#.].>Q..h]....]...I...V..1gxb.....5..D...N1._6V4..U......_E....O.....z....i...I.sT......6.R=0.."l..,n......U.;......=.)...k.{.....U........{....z..q ...B.X....6Gn...M....S.}k.......;.c`.G.b\..A# .!._9Jl...N........ c...e.7.`$n<.h...#.e.........b..n/...u\.f..*....q.......8.......u...Z..h.....b<5.....4. .%..Ye.,...F..W..A...y.NTW....6 ...6.6.06@......L`l.. k.T.E.(.,...?.Pu*....X>.e^@.r...=.qT....3.q.....p..d...z.J`...(.#k... ..mNZ..=>..m../....8....o.._E.....J....].c......
<<< skipped >>>
GET /core.php?web_id=5862873&show=pic&t=z HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c.cnzz.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 762
Connection: keep-alive
Date: Tue, 25 Aug 2015 10:59:06 GMT
Last-Modified: Tue, 25 Aug 2015 10:59:06 GMT
Expires: Tue, 25 Aug 2015 11:14:06 GMT
Via: cache21.l2de1[719,200-0,M], cache57.l2de1[766,0], cache9.de1[766,200-0,M], cache6.de1[767,0]
X-Cache: MISS TCP_REFRESH_MISS dirn:2:516909018
X-Swift-SaveTime: Tue, 25 Aug 2015 10:59:06 GMT
X-Swift-CacheTime: 900
!function(){var p,q,r,a=encodeURIComponent,b="5862873",c="pic",d="",e="online_v3.php",f="z1.cnzz.com",g="1",h="pic",i="z",j="站长统计",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m="0",n=l "//online.cnzz.com/online/" e,o=[];o.push("id=" b),o.push("h=" f),o.push("on=" a(d)),o.push("s=" a(c)),n ="?" o.join("&"),"0"===m&&k["callRequest"]([l "//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k["createScriptIcon"](n,"utf-8"):(q="z"==i?"hXXp://VVV.cnzz.com/stat/website.php?web_id=" b:"hXXp://quanjing.cnzz.com","pic"===h?(r=l "//icon.cnzz.com/img/" c ".gif",p="<a href='" q "' target=_blank title='" j "'><img border=0 hspace=0 vspace=0 src='" r "'></a>"):p="<a href='" q "' target=_blank title='" j "'>" j "</a>",k["createIcon"]([p])))}();HTTP/1.1 200 OK..Server: Tengine..Content-Type: application/javascript..Content-Length: 762..Connection: keep-alive..Date: Tue, 25 Aug 2015 10:59:06 GMT..Last-Modified: Tue, 25 Aug 2015 10:59:06 GMT..Expires: Tue, 25 Aug 2015 11:14:06 GMT..Via: cache21.l2de1[719,200-0,M], cache57.l2de1[766,0], cache9.de1[766,200-0,M], cache6.de1[767,0]..X-Cache: MISS TCP_REFRESH_MISS dirn:2:516909018..X-Swift-SaveTime: Tue, 25 Aug 2015 10:59:06 GMT..X-Swift-CacheTime: 900..!function(){var p,q,r,a=encodeURIComponent,b="5862873",c="pic",d="",e="online_v3.php",f="z1.cnzz.com",g="1",h="pic",i="z",j="站长统计",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m="0",n=l "//online.cnzz.com/online/" e,o=[];o.push("id=" b),o.push("h=" f)
<<< skipped >>>
GET / HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: g1.ykimg.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Server: YK
Date: Tue, 25 Aug 2015 10:59:03 GMT
Content-Type: text/html
Content-Length: 345
Connection: keep-alive
Expires: Thu, 09 Aug 2018 10:59:02 GMT
Cache-Control: max-age=93312000
Age: 2
<?xml version="1.0" encoding="iso-8859-1"?>.<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">. <head>. <title>404 - Not Found</title>. </head>. <body>. <h1>404 - Not Found</h1>. </body>.</html>.....
GET /1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: g1.ykimg.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: YK
Date: Tue, 25 Aug 2015 10:59:03 GMT
Content-Type: image/jpeg
Content-Length: 21378
Connection: keep-alive
ETag: "4219485523"
Last-Modified: Mon, 17 Sep 2012 20:46:14 GMT
Expires: Fri, 27 Jul 2018 20:54:19 GMT
Cache-Control: max-age=94608000
Server-Name: tracker01.qd
Age: 2383483
......JFIF.....H.H.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......P....".........................................Q..........................!1A.."Q.2aq...#BR..3br....$S...%CTU....5DEds..t....................................,......................!.1.A."2Q.aq...3B...............?......!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@.....s..x.$.i..z......xi......q.......A...XB..>..).1h...Y...Y|4.,qi.s.....E...5!z.....f....!.....O..s.....-.5kwiv..#-...@.$@....^....hqPd.....s..;.?L.A.~.i.j..mdD........2V.... .m.............M...p......i?.....). ..'N9.[.=..?..v.......o:O.#..L!]#D....?...O...?.....6.O....iJ..P........S[......9?.."..@ey..c3....*........T.........\j...-........dY.....4.QS............8.Q...>........[V....&;Gw`.............U.&...q...w'.Q[....g2.v.8.........0..i....V.....s8.R..1......`3...tQ8...O.)P.(V......>2....wy..{.rF..t.4.d.D}....{...Ql.....m.........kG..<.Hq...5.*5.H..O............J4..H2....L...Z....Z..H.)".B....>.j.S...-.....s?..0...Q....F.{.m/.C........xTQ...E.H.((...}1i..3...P........i..!H...80........_...w.H..'.R.......rSR..c...h....S....%O| .6;....E.>E;]..^.....p....`U.W..Diz...............%.....UW.V........j6.y.Y.6n7....._.d.MO...........pb...j.Qh....F}...f.....n......".n>WV.7...'...Z...,..J..i...V.Rq....(t..........5.'...JP.U..vyE....Q
<<< skipped >>>
GET /1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589 HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: g1.ykimg.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: YK
Date: Tue, 25 Aug 2015 10:59:03 GMT
Content-Type: image/jpeg
Content-Length: 22683
Connection: keep-alive
Accept-Ranges: bytes
ETag: "832302386"
Last-Modified: Thu, 26 Dec 2013 14:10:38 GMT
Expires: Thu, 09 Aug 2018 12:21:31 GMT
Cache-Control: max-age=94608000
Server-Name: b01.tracker.b28
Age: 1291052
......JFIF.....H.H.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".........................................H..........................!1A.Qa.."q#2B.....3Rb....$rCSc.M...&6..es................................)........................!1A."2Q..#Baq3.............?..i8....t...'..f.51g \"....k!..W.5.j[...$!.....N...$....U./..X.......%.|2....'zpzp9.RO._...U.l.{..2.[.........~.KK.,).b<..q*;_;V..0.........|4Gq...$mw...K4d4....)..J^.8..p....C>.f....".l............R#JS J.J.i..N.q.._.."T`..\.Ki{....t.........qy)K...x..;...6/CXd..Ir<..8..)?.....U#..A.....9.>F.6.(.5...m.*.I.=...P....y.@J.2S.?1.L.-:eK.$!.\..@`/........J.>..:.ipY..R........=..S..R[l..zl.'`.....W(.p.#%..d........:..=Yg..t.i....q......'.R....1.... .k0.y}..Kp.F..j..B.20f..:..@H....R..C.R.*}C..T"....U....JVN.......,..GL..v......0KU.n.....\..H...T.[QM\ {R...D..3....G.yQ.{O.. ..I..Bz<r...f...%.....hJD#...O....T.*.Y4..s..%J.9'!.......?w>..m.....^..K-..)l....O..^..m.*....r....9,...e..*.=?.n..f..K.F_0....[. $6..Q....#.MI.;P.E..b.D.:K|).. ....%?"s.U.'L......\...%..2W.GNU...m.u5.L.&|..iNS.....D.z..Z.......N5h..s....G.......TY.I...1.9.[.............U.`.=.....i<neAN....~.O.g..\.%.x...>.J.R..... ..JT[c>,..e..8....}p..n......p>......*....-.i...scH...T=.VZ...:...f......s.=j\....'...6.*....=K.$..U\&o..Fh.o..Pi*s*R....'$...dU(u$.4F.X.=<....)9 b``.V0.H.x..#j...@.m.m.Z...(h.M....t.S...V.J9eK.....Ka.f.......2S.....B.p..=@.VvZa....$..?Q......
<<< skipped >>>
GET /img/pic.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: icon.cnzz.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine
Content-Type: image/gif
Content-Length: 719
Connection: keep-alive
Date: Tue, 25 Aug 2015 08:47:49 GMT
Last-Modified: Fri, 16 Jan 2009 08:10:47 GMT
Expires: Wed, 26 Aug 2015 08:47:49 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
Via: cache1.l2de1[0,200-0,H], cache32.l2de1[0,0], cache6.nl1[0,200-0,H], cache1.nl1[0,0]
Age: 7878
X-Cache: HIT TCP_MEM_HIT dirn:5:508901051
X-Swift-SaveTime: Tue, 25 Aug 2015 08:47:50 GMT
X-Swift-CacheTime: 86399
GIF89a2.........f..3...33....................................................................................!..NETSCAPE2.0.....!..Powered by AFEI.!.......,....2...... !.di.hjBl..p,....x......`P.(...GR.D6...CH....,..@8.... -..EQc.8...........`...."....................~"..H........H......"...$....#.........."..........."Z.......*...%!.!.......,....2...... !.di.hjBl..p,....x..|....p r..H.C.\&.H.tJu...#b......7..W.h.......7..l..v..-....."....................~"..I........I......"...$....#.........."..........."\.......*...%!.!.......,....2...... !.di.hjBl..p,....x..|....p r..H.C.\&.H.tJu...#b......7..W.h.......7..l..v..-....."....................~"..I........I......"...$....#.........."..........."\.......*...%!.;HTTP/1.1 200 OK..Server: Tengine..Content-Type: image/gif..Content-Length: 719..Connection: keep-alive..Date: Tue, 25 Aug 2015 08:47:49 GMT..Last-Modified: Fri, 16 Jan 2009 08:10:47 GMT..Expires: Wed, 26 Aug 2015 08:47:49 GMT..Cache-Control: max-age=86400..Accept-Ranges: bytes..Via: cache1.l2de1[0,200-0,H], cache32.l2de1[0,0], cache6.nl1[0,200-0,H], cache1.nl1[0,0]..Age: 7878..X-Cache: HIT TCP_MEM_HIT dirn:5:508901051..X-Swift-SaveTime: Tue, 25 Aug 2015 08:47:50 GMT..X-Swift-CacheTime: 86399..GIF89a2.........f..3...33....................................................................................!..NETSCAPE2.0.....!..Powered by AFEI.!.......,....2...... !.di.hjBl..p,....x......`P.(...GR.D6...CH....,..@8.... -..EQc.8...........`...."....................~"..H........H......"...$....#.........."..........
<<< skipped >>>
GET /acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1440397437<u=http://8888.89919.com/&liu=<r=&lcr=&ps=1522x8&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=578&tlm=1440500346&tcn=1440500347&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1 HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 1147
Content-Type: text/javascript;charset=UTF-8
Date: Tue, 25 Aug 2015 10:58:59 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue Aug 25 18:58:59 2015
P3p: CP=" OTI DSP COR IVA OUR IND COM "
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Pragma: no-cache
Server: nginx
Set-Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; expires=Wed, 24-Aug-46 10:58:59 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
BAIDU_DUP2_define('request!u1548235_0',[],{deps:['nova/painter/inlayFixed1392089005'],data:{"id" : "u1548235","_isMlt" : 4,"sw" : 250,"sh" : 250,"_html" : {"adn":"3", "at":"6", "aurl":"", "cad":"1", "ccd":"32", "cec":"utf-8", "cfv":"11", "ch":"0", "col":"en-us", "conOP":"0", "cpa":"1", "dai":"1", "dis":"0", "ltr":"", "ltu":"hXXp://8888.89919.com/", "lunum":"6", "n":"46055029_cpr", "pcs":"628x452", "pis":"10000x10000", "ps":"1522x8", "psr":"1916x902", "pss":"995x1784", "qn":"6017087a97ff6662", "rad":"", "rsi0":"250", "rsi1":"250", "rsi5":"4", "rss0":"#FFFFFF", "rss1":"#FFFFFF", "rss2":"#F781F7", "rss3":"#525052", "rss4":"#008000", "rss5":"", "rss6":"#F781F7", "rss7":"", "scale":"", "skin":"", "td_id":"1548235", "tn":"text_default_250_250", "tpr":"1440500346621", "ts":"1", "version":"2.0", "xuanting":"0"},"_html_old" : "cpro_template=text_default_250_250|cpro_161=3|cpro_flush=4|cpro_cbd=#FFFFFF|cpro_cbg=#FFFFFF|cpro_ctitle=#F781F7|cpro_cdesc=#525052|cpro_curl=#008000|cpro_cflush=#F781F7|cpro_client=46055029_cpr|cpro_at=image|cpro_cad=1|cpro_w=250|cpro_h=250|cpro_version=2.0","qn" : "6017087a97ff6662","_qid" : "6017087a97ff6662"}});....
<<< skipped >>>
GET /acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=1&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1522x8&psr=1916x902&pss=995x1784&qn=6017087a97ff6662&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.656.3125.3125 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 22250
Content-Type: text/html
Date: Tue, 25 Aug 2015 10:58:59 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue Aug 25 18:58:59 2015
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Pragma: no-cache
Server: nginx
...<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml"> . <head>. <meta charset="UTF-8" />. <title>..................</title>. <!-- 0|0 -->. <style type="text/css">. html{color:#000;background-color:transparent;}body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,code,form,fieldset,legend,input,textarea,p,blockquote,th,td{margin:0;padding:0}table{border-collapse:collapse;border-spacing:0}fieldset,img{border:0}address,caption,cite,code,dfn,em,strong,th,var{font-style:normal;font-weight:normal}ol,ul{list-style:none}caption,th{text-align:left}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal}q:before,q:after{content:''}abbr,acronym{border:0;font-variant:normal}sup{vertical-align:text-top}sub{vertical-align:text-bottom}input,textarea,select{font-family:inherit;font-size:inherit;font-weight:inherit}input,textarea,select{*font-size:100%}legend{color:#000}body{margin:0;padding:0;} . .bd-logo,.bd-logo2,.bd-logo3,.bd-logo4{text-decoration:none;cursor:pointer;display:block;overflow:hidden;position:absolute;bottom:0;right:0;z-index:2147483647}.bd-logo{height:18px;width:18px;background:url(hXXp://cpro2.baidustatic.com/cpro/ui/noexpire/img/2.0.1/bg.png) no-repeat left top;background-position:0 0;_filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enabled=true,src="http://cpro2.baidustatic.com/cpro/ui/noexpire/img/2.0.1/logo-border-light.png",sizingMethod="crop");_background:0}.bd-logo:hover{background-
<<< skipped >>>
GET /acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=2&dis=0&dai=3&dds=&drs=3&dvi=1440397437<u=http://8888.89919.com/&liu=<r=&lcr=&ps=1427x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=6984&tlm=1440500353&tcn=1440500353&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1 HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 1149
Content-Type: text/javascript;charset=UTF-8
Date: Tue, 25 Aug 2015 10:59:03 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue Aug 25 18:59:03 2015
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Pragma: no-cache
Server: nginx
BAIDU_DUP2_define('request!u1548235_2',[],{deps:['nova/painter/inlayFixed1392089005'],data:{"id" : "u1548235","_isMlt" : 4,"sw" : 250,"sh" : 250,"_html" : {"adn":"3", "at":"6", "aurl":"", "cad":"1", "ccd":"32", "cec":"utf-8", "cfv":"11", "ch":"0", "col":"en-us", "conOP":"0", "cpa":"1", "dai":"3", "dis":"0", "ltr":"", "ltu":"hXXp://8888.89919.com/", "lunum":"6", "n":"46055029_cpr", "pcs":"628x452", "pis":"10000x10000", "ps":"1427x293", "psr":"1916x902", "pss":"995x1784", "qn":"397da722a6333ad8", "rad":"", "rsi0":"250", "rsi1":"250", "rsi5":"4", "rss0":"#FFFFFF", "rss1":"#FFFFFF", "rss2":"#F781F7", "rss3":"#525052", "rss4":"#008000", "rss5":"", "rss6":"#F781F7", "rss7":"", "scale":"", "skin":"", "td_id":"1548235", "tn":"text_default_250_250", "tpr":"1440500346621", "ts":"1", "version":"2.0", "xuanting":"0"},"_html_old" : "cpro_template=text_default_250_250|cpro_161=3|cpro_flush=4|cpro_cbd=#FFFFFF|cpro_cbg=#FFFFFF|cpro_ctitle=#F781F7|cpro_cdesc=#525052|cpro_curl=#008000|cpro_cflush=#F781F7|cpro_client=46055029_cpr|cpro_at=image|cpro_cad=1|cpro_w=250|cpro_h=250|cpro_version=2.0","qn" : "397da722a6333ad8","_qid" : "397da722a6333ad8"}});....
GET /sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://cpro.baidustatic.com/sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 1596
Content-Type: text/html
Date: Tue, 25 Aug 2015 10:59:06 GMT
Etag: "55dc1feb-63c"
Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: nginx
<!DOCTYPE html>.<html>. . <head></head>. . <body>. <script type="text/javascript"> . var getCookie=function(b,d){var a;d=d||window;var c=RegExp("(^| )" b "=([^;]*)(;|$)").exec(d.document.cookie);c&&(a=c[2]);return a},setCookie=function(b,d,a){a=a||{};var c=a.expires;"number"==typeof a.expires&&(c=new Date,c.setTime(c.getTime() a.expires));document.cookie=b "=" d (a.path?"; path=" a.path:"") (c?"; expires=" c.toGMTString():"") (a.domain?"; domain=" a.domain:"") (a.secure?"; secure":"")},getUrlParam=function(b){b=RegExp("(^|&)" b "=([^&]*)(&|$)","i");b=window.location.search.substr(1).match(b);. return null!=b?decodeURIComponent(b[2]):null},currentDomain=document.domain.toLowerCase(),referDomain=(document.referrer?document.referrer.match(/.*\:\/\/([^\/]*).*/i)[1]:"").toLowerCase(),urlCproId=getUrlParam("CPROID"),cookieCproId=getCookie("CPROID"),targetCproId;!urlCproId||"pos.baidu.com"!==currentDomain||"cpro.baidu.com"!==referDomain&&"cpro.baidustatic.com"!==referDomain||cookieCproId&&cookieCproId===urlCproId||setCookie("CPROID",urlCproId,{path:"/",domain:".pos.baidu.com",expires:(new Date).setFullYear(2042)});. var sendByIframe = function (b) {. var c = document.createElement("iframe");. c.style.display = "none";. c.setAttribute("src", b);. document.body.insertBefore(c, document.body.firstChild). }. sendByIframe("hXXp://release.baidu.c
<<< skipped >>>
GET /wh/o.htm?ltr=&cf=u HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1; CPROID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 1394
Content-Type: text/html
Date: Tue, 25 Aug 2015 10:59:12 GMT
Etag: "55dc1feb-572"
Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: nginx
<!DOCTYPE html>.<html>. <head>. </head>. <body>. <style>. .userData {behavior:url(#default#userdata);}. .client {behavior:url(#default#clientCaps);}. </style>. <div id="oPersistDiv" class="userData"></div>. <div id="clientDiv" class="client"></div>. <div id="oFlashDiv"></div>. <script src="hXXp://dup.baidustatic.com/tpl/wh.js"></script>. <div id="cFlashDiv">. <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="hXXp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="1" height="1" id="BAIDU_CLB_ac_o_flash" title="BAIDU_CLB_ac_o_flash" align="middle">. <param name="allowScriptAccess" value="samedomain" />. <param name="movie" value="c.swf?v=3">. <param name="quality" value="high">. <param name="wmode" value="transparent" />. <embed wmode="transparent" name="BAIDU_CLB_ac_o_flash_embed" id="BAIDU_CLB_ac_o_flash" src="c.swf?v=3" swliveconnect="true" quality="high" width="1" height="1" align="middle" allowscriptaccess="samedomain" type="application/x-shockwave-flash" pluginspage="hXXp://VVV.macromedia.com/go/getflashplayer">. </object> . </div>. <script src="hXXp://dup.baidustatic.com/tpl/ac.js"></script>. &l
<<< skipped >>>
GET /wh/o.swf?v=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1; CPROID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 157
Content-Type: application/x-shockwave-flash
Date: Tue, 25 Aug 2015 10:59:15 GMT
Etag: "55dc1feb-9d"
Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT
Server: nginx
CWS.....x.3.bX..........{.^....?............b..............7..Ofq.Cq~Q.CVbYbqrQfA.U.TBC.!.89. .AI.!.85'.a./.@6.(.`.......d3......Af.;.;#H....$..&.g......?.' HTTP/1.1 200 OK..Accept-Ranges: bytes..Connection: keep-alive..Content-Length: 157..Content-Type: application/x-shockwave-flash..Date: Tue, 25 Aug 2015 10:59:15 GMT..Etag: "55dc1feb-9d"..Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT..Server: nginx..CWS.....x.3.bX..........{.^....?............b..............7..Ofq.Cq~Q.CVbYbqrQfA.U.TBC.!.89. .AI.!.85'.a./.@6.(.`.......d3......Af.;.;#H....$..&.g......?.' ..
GET /img/iconjans.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 10 Nov 2013 14:48:44 GMT
Accept-Ranges: bytes
ETag: "06ecf423dece1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:42 GMT
Content-Length: 12263
GIF89aG.......................M..M..M..L.........................................................................l...................................................................................~......................................Qy.a..k..........................z......................................................................................................................................................................................................W..p....................I..I..K..J..J..L..M..M..L..K..N..N..N..N..U..a..a........M.......................................................................................................................................................................................................................................!.......,....G..........H......*\..............q,R..'...q8Z.X..Gv.G.aW.bI..;..X.`........gHv,].dg..:u...K.GiR.ptVd..(..X.....`T.!.b..r.Ev|...Z....j..K.."..,.V]9.l..b.|.)s.....&^.U..t|...,....M.C-..jF.|G.......(.Zf<.n.t.a...t.l8..&.......m.Z....v...N...l>..I/..]....MO..).bo...$.2...d..-~.t.E.,..J..tu...?gLS1.....dHq.TO....M.eDPU:}..y..4.[..3......&....1[...:.p(.lsA..r9...1..G.{.}.....Q.R.........9(....&.I.9..G.\.)UT.~,.#.4.q#r;.7.$.i..}.....".....h.....q......t....z....A[.E.r....tyna....#.0{.3.9..3L...x..).y.s.......Q\FH.'.......9on..9..C)...S...&.Il..d.y;>..N....u..Sb.o......S...D3L...#L4.d.-.[(.........-..@..dV.s..]ui.....n ..............s..qz.N1..E.M8~..Gd..[.q....^.l.0....9)w{p&.V:..LbF.[:.G...........c...i.^.Sr..O3M5...u&Q...5nD...s
<<< skipped >>>
GET /huandeng_pic/hd11.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 07 Nov 2013 13:14:04 GMT
Accept-Ranges: bytes
ETag: "0f6433bbbdbce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:44 GMT
Content-Length: 69261
GIF89a.............E"#?12...:6">:&B>*NJ8>: B>/JF82."62&..v:6*..z:2.>6"B:&F>*NF2KB.rfJvjN~rW...:2">6&B:*F>.JB2nbKrfN..vvjRNF6.........vfJzjN.tZ..~..l..u..|............J>*RF2VJ6ZN:.qV..m.~c..g.w^..r..{e[K...1.)2*.6."l\ErbJ:2&vfN|lT>6*^R@..p.z`..v62,>2"F:*r_FJ>..vYNB2RF6VJ:ZN>eXFB:/..yWF2ZJ6.&.^N:vbJzfMdUBrbNl]JvfR~n[:61Q>)bQ>..|...;).J:*B4&N>.:."RB2>2&VF6ZJ:^N>F:.J>22*"6.&:2*>6.......C6*NB7xaN....t_E=6< .J:.......ygYJA:LD>PHB^VP?."XB22&....6*"lUE:.&>2*XI?F?:...O5%[?.Q9*.^I.dN..q..l.jU..i..{..t.........d\WtlgzrmD .H2%eH8yXE.x`.nX.s].|f..zRA7... ..ULGZQL...............-..U;-!.._C4lM=.|c:*"...>.&XB7:2.@84.zv............;&.4".'..L5*.fQtQA.cU(..md`...O90...1*'.........?*"nULD.'.[N;.*6-*RFB.....oW<4eJB..w_C<:*&...{XQ3%"...6)&...<&".c\A1.@!.j>8 $#...@)&.gaS/,M1/JAA...............!.......,.............4.B... \...2.Q....D..Qb.;B.<."dc. .;>....G.(S......".Z..S..M8xp"....$... ...NP.Hi..$IR.7E.D...*.$X. ....O.X.8!.....Z..t.2R$.B.lx.Rj..^.8U.....Q....g....X......;.N.4y......V$(m.B...0l4.aB..C?v..........r...B.....n.;.m.LZ..W.M..1Z....M...R..o8...m..'r.........y6..o`y...;r...p..]..e...>..H.,..I"......t.e.5.Qh...PA..F...e..f.Y$.I"i$...2(.J...Vqt= .S0..@U2...QFI..T..Q.........ad{....`.y..VN........z..........b.A.sx..Sq9..b.R.FX.....J...^J"r..c.r.ae.A4Pg..$...I.ZA.U..c....G#JJ.ct..bK-.WSS/.u.q....s....Uxx.@....".5..".,....#wH.......yS.W.......np.%._.V.Q..w....9.Ra:......X$..Ig[......j....Mh.h.6DOA....H...al"^.'K.^...)......t.V..$.PM...V7.
<<< skipped >>>
GET /huandeng_pic/hd13.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sun, 24 Nov 2013 11:06:54 GMT
Accept-Ranges: bytes
ETag: "01b74485e9ce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:45 GMT
Content-Length: 53989
......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2013:11:24 19:06:22.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................l.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.................?.f...z..B....Y........5......t...3.F............u.~.. .........._..8.5..F...7l....1..........R.....U.Vnh.w..?I....ap..[:..2}.......3.o.}..g^.O.z.C...$.g.}..r=..../.7&.R[eu......u.I...e@t....m-....Z....i.7.Uy.~.gYc]s.Ac..6.w.>....7...qnC......wo@.C.i...U.Whq.......2..{.....}5...S.]...Z~ ...<.......'..w...S...d.2...W..e..v.-.LY.4^kjA....#.5..%.J/M-...N()Z..5-....^..F.............q....X{5........o..f.m.z....:.p>.o3...Y../z....Y..@$6.L5.....h..Y...2..u.s....q..c...W...|..%.wU....a.sd....-..GkUSas..I... ....MV.h...e.N..1..........2k.0~h...?!..O..l..a..Xw..Sg....wz'\...`.Kx0u...^..:.=....[..k....j..............Hq......Ul.....m.:..f.p .?.Y&d....7d.wV.
<<< skipped >>>
GET /img/new_logo.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 29 May 2014 17:03:17 GMT
Accept-Ranges: bytes
ETag: "80788ce25f7bcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:45 GMT
Content-Length: 7778
GIF89a..R...........X.......................!:y.......'...../..5..?.1L.Lh.#G.)N.0V.f...........-T.3[.:d.Z{.Bn........................................Fs.Hv.K{.P~.]..i..w..u.................................................................S..b..c..]..m..o..o..y........................................................V..W..Z..]..]..a..........................c..f..h..l..m..{..........................i..l..n..o..p..p..r..v..|........................................................s..r..v..z........................................................................................................................................................................................................................................................................................xxxooofff...!.......,......R........H......*\......#J.H.....3j...... C..I....(S.\.....0c.T!....c.....'AV:.p.I.& -1l.u.sa......:..AV.YY....@V(ZH!.....[.z..s.....f.J....Q.R....\..X.: .k._p.....K....s%.....^..4.W.....O....[.J...iw3f..M. ...g..5....pS...B.......y...m..._U/....R..X..j..`..p......\.M....}`j...C.....bm.b^Ml...|aF.tP...fX.v.t.@......ZU.d../..F...1..k.U8.zQ...4....TR..V..@3X};m.`.;.'.a.i..4.5.....6.u..b...rE@.*6.. ...../...`K.V.~;....Z`..W*...jQ-....MG..T.8.gub.#......:.ueU...fdo...a.U(.l.FG......~..j)..5...n&IepQ.9..&N:.V....}.H....0. .2s..#..V.....@%mK...u.>..@."h_..5..Zdu7.-Z.h.......Z.H.t.."..J.in....jsG.._.......a.$1?.0&...9....i.....$..N*...t.f.......b.im..%,.(6.....G1.JY...0v.jv......r...W.g..K..sk..........0...t.^. ..jG.`...$...)2.....}..
<<< skipped >>>
GET /album_pic/album_2013_11_7_20_21_29_235.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 07 Nov 2013 12:21:29 GMT
Accept-Ranges: bytes
ETag: "802abde2b3dbce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:47 GMT
Content-Length: 3548
......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......X.Z.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...Onq......PoHW..F-=b@......!:f....O.EJ.OCZ_./.S.W~%..-I....6...!,.3vE$..'..............$....dk2.j.wa.~..c.*...^.B.....>.{;.q...|2.2.N..I..H..k.............iO.aqq%.....DbuU..r.. d.v.9......f..y'.!:..jF.N.....$.iQq... ..9.jh...u{..Lj..]..o....70]..P.. ...v...N.........3..j........'. .....8..V..c...x.F..c....X...IX7FS.`..F.............Dp.>..5....K.".6.!Sk..:.B.1p....;........o....>..I$;.a.....x.r.!....y...]..P..e.a....-r.....k.../...{g.n......<...Z.......%X..r2...vc.>..4......c...}...na..d[.....!..w.....Y.p.]A.J...A. .Z.O...G.f&m:..P...Ib..w......p.l.@.....cIy6.4..Y-.GoV........}....F E..T.F>.....w..}..:.-os.....Gf..R.[.0.O\..E6..O...Vd.....`....-R'.a..x.S....x....Y4..|.'$..2.}..........~...O.............2^.Q.Y...61..........#.go.V..\.Z]HJ.F0............s/.S.|.>.l.V..-.r........lC........>./....~.E.....a.........`.{....?....*..qV:...}......g.m.;..DB..*.{......R..4m .FC._...o.
<<< skipped >>>
GET /album_pic/album_2013_11_7_15_46_53_626.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 07 Nov 2013 07:46:53 GMT
Accept-Ranges: bytes
ETag: "801447868ddbce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:48 GMT
Content-Length: 2811
......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......X.Z.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..-.........o..@..#...q....3D...m...02q....ko..a....[...{.. .B^F.L}..\..5.w=l..<.U6.....1.<)k...c...r.NN}98. .....u..@m..........%....,1..........tFO.w..x..s.).Y.6...I....X../....na!V...c..k..!f..2.S...j...=........{......\...}.m.....B..:...-V.x.c.vkR.. ........c.H&u..qR...;@..yk...<..2vW!o1N.p>..H&..7OSV.G..A,p..8...T.ep..'.....i......V,..B_.AU.U..GQV....(.6w~....k...1DS.z..o..PK[.ZE..o.....?*..L.o.$ .VW..\...^...A......b.y......... W'.q..-.R.*5h{:{.:.e....o.dG...Ty..X^x..GYwc8V#....[..1_x..."..J......Z....O./r....].3....Um>....T.k.X.....Q..4..FK:..@..)....k.<g.../.;..c*...>...|]y....^.(qh.<g..u..z..........k.0.t...Y.V#.>......w/.R5&.......?6`.J..;.......v....j..| ...H.6.eix..).....].....x2..>...K..{..L..............<"..j......ll... .e..{{.Uv.>c...5..h..;,......a..F.;.W..3..3..=..4..G.....;....`OA.zU......@>..6.u,...~\m'L...b.....T..w.. .rZ.:...G....sJKD.I.
<<< skipped >>>
GET /note_pic/298857.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 30 Nov 2013 10:44:54 GMT
Accept-Ranges: bytes
ETag: "0972634b9edce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:48 GMT
Content-Length: 7346
......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......J..K ...........$..;......X{05..p...q..W.....Y.......=)...*...vv.Xo...U....[....c....H..~.. .3.jC.L"..pG....3.......$V..'$........)..w*...$*.nr...J...UO..jxmNIH..p...%;..DK...)..V..!R.g....;....F....H.1....&..._.&..W...E.#.Ss..&4...j.....2k....@.5.^x...c..,..Ye..W.is.....k..,I..Z.$.$.Gu.d ....\.x.%sc..2..f..&...'.#...%..."..>O.........-..]...."..3.....`W:...<xi:.......<...x.[?.:....;....Rs.V...Hm.&.e.;...g5.p.w..t....K/@=i..` HX...R1.9..nk...UH..'......9......Q.>.t......,.L.....Gp........._L....:..?.... Y..o3H....2......B*...<.....[).O......Y.[Bw0bX.W.x{...c...."....p......N.........H.w.F.4.........c"..M6K.2A'..k)..U..1......U............=.SRE..#o...h.8x..*.>..b.2......m2]...El..:.4P.!.u.s.4...j...6...E2..3.....).`..r.C.C....P...q..Y.......*..tY_.j.b....e .t.)n.C..H....U...[.Z.........-8~...Zzlr.=.0.!C.^.1....R..k>..X\.!...s.#......lAh.."..J........]gmb.W....ea..i......G...
<<< skipped >>>
GET /huandeng_pic/hd21.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 07 Nov 2013 13:30:45 GMT
Accept-Ranges: bytes
ETag: "8070e88fbddbce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:51 GMT
Content-Length: 50203
......JFIF.....H.H.....GExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2013:11:07 21:28:10.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................H...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.................?..@ShL......S.0.` ..S. ...R.)...`$.....'........l......Py.k4..^.M..W@\.XA.mgG:I...<..Yg.7..Y..ht.}.6......X..........Yx.c..[.ZN....Q.........@s)..$.n.s.......~........v.4/.l.[.:..H.>....h.s...[.v..u.g.,...z._../..Sv......q...a....y... .o.....?...2N..]..mop.sTS... ...g..y;.Xt......I...(...{.sa.....T..]..ok.. .....MV@.*H.&;0.r....:].S...t...d..~..m.H.....u.}6-..k..~=...&.w$i.>.....N.n...y.]....E.^.\.....x..7...z...V7....hDhQj.BzY....B#BH\.0.....\.0.Z..J\. ..H.....!.].u..ix...R..?....f..-....@..........j...)......~y.1....U.dl...3._.sq)..6;.X..........E`7c6._r...?.........Z...Ux.8..)..$.$........=_.*.[..X.!..\l... L............W.jW..!...........%.n
<<< skipped >>>
GET /huandeng_pic/hd33.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 07 Nov 2013 13:42:32 GMT
Accept-Ranges: bytes
ETag: "0145035bfdbce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:54 GMT
Content-Length: 53270
GIF89a..............r....,$%D.$4..VEIE,4,..<$,;57...$..*.$4$-...7,6......pYsA9F,'4........$..................x.....,444?7...,4(.....H................................8.....z........d........"..............,.....-,$...U...$..4,...l<4...V......... $........./$....w4,........u..g....J4...F......B ...N..},.....sK.8&.<,.;4*...X6..T.bA.....Q..t2..\...e8.G*.D-..Z,K4...p $..t.w?.$.....,....>4$....S<$<,.$..4,$....a...;....w,.Z(V5..ud.....$L,._=#Q=-..z...,...f"<$.D,...~..h:...m..L..Z&..U..h.m!.q,g6...?.sJ..YrH1.jKJ4'._.Y%....._ 5..$..L,.T4$,..a?..\G4$..w`<,$wdZ...D#..E).wL.X:eL@.N.w ..J.h&.y9.L$..Y8.N7pUJ./..9..;..D$V)..h>.b?o:&^4$X@7....<..6..H(.Y4,...K24..<$.N...>.x-..I'g)..S5.K5<..D$.f..G,&&..V,$^4-T4.=..L$.5..H87.........4.....,..<..4..$..=$$...,..4$$...<,,$..3,,...............!.......,...............G.N={...s..a....5h0.A.x...s..V.R.B..%J.HR(...&L..f.......<k.r.|@....@...*..A{.~.u..^F..J...k..t......_..=}........"X `.....".u..n..j.V...o...:t.........X...c.."G. Y.........C...Bo.........X......[..M.....s...[. ./..F.z.....p.$.K%N.8q....(\..)..M.vi..q...>.1..B%.N.:.d....&_>|\..'...?...."J.... ..x..6.@.LI..D@ ........HD.FDQ..0U.,. .....C.J..d.H...R. .2.K..TN8;...5..".V=q..A...O.P...EL.3KG.43.,X.2..[VuU). ...<-..Y@e.&.....Z.T`A.m.I.].X..^rV ..}QPXb.q..#.u....].Yd.\v.h...A...VXd.i.C..n Y....Zl0h..i....m....[k...[l......).."/(.......r.U....]W.|.(.]w.(.M.....~.I.-v.%c.~...n...g`....L*......&..3.Dw]2.......3.....!C...N:..RN9....(...R...(R(l...0..2. ...L...R..1U..-..S.C\.#
<<< skipped >>>
GET /img/iconjans.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Sun, 10 Nov 2013 14:48:44 GMT
If-None-Match: "06ecf423dece1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Date: Tue, 25 Aug 2015 11:16:27 GMT
Etag: "06ecf423dece1:0"
....
GET /adx.php?c=d25pZD1hN2FmY2I5MGZkZDE1YzdiAHM9YTdhZmNiOTBmZGQxNWM3YgB0PTE0NDA1MDAzMzkAc2U9MQBidT00AHByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAGNoYXJnZV9wcmljZT1WZHhLY3dBSlN5bDdqRXBnVzVJQThoNEdRdHp5MDM3OFBKV3dmZwBzaGFyaW5nX3ByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9NDJmY2Q2OTE HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=1&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1522x8&psr=1916x902&pss=995x1784&qn=6017087a97ff6662&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.656.3125.3125
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: wn.pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 25 Aug 2015 10:59:01 GMT
Content-Type: image/gif
Content-Length: 49
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Aug 2015 10:59:01 GMT..Content-Type: image/gif..Content-Length: 49..Connection: keep-alive..Expires: Mon, 26 Jul 1997 05:00:00 GMT..GIF89a...................!.......,...........T..;nt>....
GET /adx.php?c=d25pZD01NzEwYTU2ZTc4YjA2MmY3AHM9NTcxMGE1NmU3OGIwNjJmNwB0PTE0NDA1MDAzNDIAc2U9MQBidT00AHByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAGNoYXJnZV9wcmljZT1WZHhLZGdBSllmSjdqRXBnVzVJQThoVVdnYmcxTVo4N3NxSjc4UQBzaGFyaW5nX3ByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9N2MzNDY3MjI HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=2&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=878x293&psr=1916x902&pss=995x1784&qn=1c53e6c91e61ea50&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.4078.6141.6141
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: wn.pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 25 Aug 2015 10:59:03 GMT
Content-Type: image/gif
Content-Length: 49
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Aug 2015 10:59:03 GMT..Content-Type: image/gif..Content-Length: 49..Connection: keep-alive..Expires: Mon, 26 Jul 1997 05:00:00 GMT..GIF89a...................!.......,...........T..;nt>....
GET /adx.php?c=d25pZD02NDdmM2I0ZjA1OTZiZWIxAHM9NjQ3ZjNiNGYwNTk2YmViMQB0PTE0NDA1MDAzNDMAc2U9MQBidT0xAHByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAGNoYXJnZV9wcmljZT1WZHhLZHdBUE4wOTdqRXBnVzVJQThnLWkwMEhqbDQ2bXJMaDFJUQBzaGFyaW5nX3ByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAHdpbl9kc3A9MQBjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9OTdjYWJmMGM HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.7063.7469.7469
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: wn.pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 25 Aug 2015 10:59:04 GMT
Content-Type: image/gif
Content-Length: 49
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Aug 2015 10:59:04 GMT..Content-Type: image/gif..Content-Length: 49..Connection: keep-alive..Expires: Mon, 26 Jul 1997 05:00:00 GMT..GIF89a...................!.......,...........T..;..
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 8888.33591.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 139
Content-Type: text/html; charset=utf-8
Location: hXXp://8888.89919.com/
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=lbhl0v45vziwtibuf4axnk55; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 10:56:47 GMT
<html><head><title>Object moved</title></head><body>..<h2>Object moved to <a href="hXXp://8888.89919.com/">here</a>.</h2>..</body></html>..HTTP/1.1 302 Found..Cache-Control: private..Content-Length: 139..Content-Type: text/html; charset=utf-8..Location: hXXp://8888.89919.com/..Server: Microsoft-IIS/7.5..X-AspNet-Version: 2.0.50727..Set-Cookie: ASP.NET_SessionId=lbhl0v45vziwtibuf4axnk55; path=/; HttpOnly..X-Powered-By: ASP.NET..Date: Tue, 25 Aug 2015 10:56:47 GMT..<html><head><title>Object moved</title></head><body>..<h2>Object moved to <a href="hXXp://8888.89919.com/">here</a>.</h2>..</body></html>....
GET /stat.php?id=5862873&show=pic HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s22.cnzz.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 25 Aug 2015 10:59:04 GMT
Last-Modified: Tue, 25 Aug 2015 10:59:04 GMT
Cache-Control: max-age=5400,s-maxage=5400
Via: cache28.l2de1[670,200-0,M], cache5.l2de1[684,0], cache6.de1[683,200-0,M], cache9.de1[684,0]
X-Cache: MISS TCP_REFRESH_MISS dirn:6:700978635
X-Swift-SaveTime: Tue, 25 Aug 2015 10:59:05 GMT
X-Swift-CacheTime: 5399
298..(function(){function k(){this.c="5862873";this.R="z";this.N="pic";this.K="";this.M="";this.r="1440500344";this.P="oz.cnzz.com";this.L="";this.u="CNZZDATA" this.c;this.t="_CNZZDbridge_" this.c;this.F="_cnzz_CV" this.c;this.G="CZ_UUID" this.c;this.v="0";this.A={};this.a={};this.la()}function g(a,b){try{var c=.[];c.push("siteid=5862873");c.push("name=" f(a.name));c.push("msg=" f(a.message));c.push("r=" f(h.referrer));c.push("page=" f(e.location.href));c.push("agent=" f(e.navigator.userAgent));c.push("ex=" f(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(d){}}var h=document,e=window,f=..1cdf..encodeURIComponent,l=decodeURIComponent,n=unescape;k.prototype={la:function(){try{this.U(),this.J(),this.ia(),this.H(),this.o(),this.ga(),.this.fa(),this.ja(),this.j(),this.ea(),this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.pa(),e[this.t]=e[this.t]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},na:function(){try{var a=this;e._czc={push:function(){return a.B.apply(a,arguments)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b ){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[object String]"==={}.toString.call(c[1])?c[1]:String(c[1]);.break;case "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}catch(d){g(d,"cS failed")}},pa:function(){try{if("undefined"===typeof e._cz_account||e._cz_account===this.c){e._cz_account=this.c;i
<<< skipped >>>
GET /media/v1/0f000PCl-eM7bK8cufB8p0.jpg HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.7063.7469.7469
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 25 Aug 2015 10:59:05 GMT
Content-Type: image/jpeg
Content-Length: 33036
Connection: close
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
Expires: Wed, 04 May 2016 04:39:00 GMT
Age: 9699605
Cache-Control: max-age=31536000
media: media
Ohc-Content-Crc: 934791390
Server: hkg01-sys-jorcol02.hkg01.baidu.com
......Exif..II*.................Ducky.......P.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:05E517B31664E1118CED844A5DA008F8" xmpMM:DocumentID="xmp.did:A90DCD81D00D11E287D4AF7341D5F52F" xmpMM:InstanceID="xmp.iid:A90DCD80D00D11E287D4AF7341D5F52F" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:209A11860DD0E211AFDDC0A5C709F9EB" stRef:documentID="xmp.did:05E517B31664E1118CED844A5DA008F8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d......................................................................................................................................................................................................................................................!.1"..A2#.....WQa.G..qBb3$t.%V.R...FgX.r.H..S4DTd.U.&f.'(.......................!.1AQ.aq.."........2..Sc..BR.T...br...#3$..s4Dd%............?....."h..&.."h..&.."h...v..m.r..&."m..6..m.q.&.."h..&.."h..&.."h..&.."...V-.x..M.5L..t..4.!.s..0...<DDu....5....b....q..$...w>.q.y..k.... "S.n%j.D<
<<< skipped >>>
GET /sync2r.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: release.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 2047
Content-Type: text/html
Date: Tue, 25 Aug 2015 10:59:08 GMT
Etag: "55dc1feb-7ff"
Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT
Server: nginx
<!DOCTYPE html>.<html>. . <head></head>. . <body>. <script type="text/javascript">. var sendByIframe = function (b) {. var c = document.createElement("iframe");. c.style.display = "none";. c.setAttribute("src", b);. document.body.insertBefore(c, document.body.firstChild). },. getCookie = function (b, c) {. var a;. c = c || window;. var d = RegExp("(^| )" b "=([^;]*)(;|$)").exec(c.document.cookie);. d && (a = d[2]);. return a. },. setCookie = function (b, c, a) {. a = a || {};. var d = a.expires;. "number" == typeof a.expires && (d = new Date, d.setTime(d.getTime() a.expires));. document.cookie = b "=" c (a.path ? "; path=" a.path : "") (d ? "; expires=" d.toGMTString() : "") (a.domain ? "; domain=" a.domain : "") (a.secure ? "; secure" : ""). },. getUrlParam = function (b) {. b = RegExp("(^|&)" b "=([^&]*)(&|$)", "i");. b = window.location.search.substr(1).match(b);. return null != b ? decodeURIComponent(b[2]) : null. },. currentDomain = document.domain.toLowerCase(),. referDomain = (docu
<<< skipped >>>
GET /userdata/2015/08/19/00/52330314.jpg.small.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 18 Aug 2015 16:52:33 GMT
Accept-Ranges: bytes
ETag: "f126147d6d9d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:46 GMT
Content-Length: 7970
......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..x.9.......v8O.W......}......;.W..E...E;.>...|........."#./..*..C.;.......&..Z.r..s..>O......9...Ah..'.m..|..~..:..si..$l.c...O..?h.e.2J".\.....A$.TD..[.........SK.Q.[$c....._....3-........'...4K....-#..u{.w..._..o.... ..U.......kCqF....m.|@..J-.O....Y.......> A...d...>.q.&-..L..:.....O.^Ak.i.......@H\...j/.i.#_.......Q...>..qm^Q..#.wk..ksmy.........5l#./.. ..4hb..O.{9$<.r....X..k..'...[.....z^........)v.....*...Q..k..../$...j..s....b.P........B...C...V..,.......N..A#4..C...up..l..Stf....,.....>....!......Q\. ..(..B......>t.9.P...Ey.2..)'...4.q.s.1.V..1.T....c.z...l...........G4.%mJ......f.........U.NO7R.'.z.O.U.m.oQ...../.t 8Y.r.G....yN...W_....f..........U.n8...P.....lT...d.:t.....I.9..dU.`...z.....J......d.;......../.qEE./.9....WPqU.....Wc.$..x..O..^...#.g......H...w.}....v..Uk.<}..|.h..!.Q....-.:0....5....[..n|..J..=9....5..>......T..=>...}........R.....if....5
<<< skipped >>>
GET /img/dldldl.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 8888.89919.com
Connection: Keep-Alive
Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sat, 02 Nov 2013 09:50:33 GMT
Accept-Ranges: bytes
ETag: "dc133bf9b0d7ce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 10:56:56 GMT
Content-Length: 627
GIF89aa.!...........t..t..s..q..}...........n..w..z.............................x............................!.......,....a.!.... .1Ji.h..l..0.qWA.x..|....pH(\...r.l:...sJ.6K..v .r}..X....ht..CT.?He>.L..Jd\..:..........a>....{b}Vxw............>....ii...|R\......a....>.........[.....9......>...._.V.....h...A.....\.....`....h..Z...v.....pt0cG...uN. . .G.K.D-.CqZE:.. d....[..$...B.t9".....Y...Zm9 ...r...C..AD....0P(f=1...@....=-W.]c4.=3k|........ .. A.1].f....WU.7.C.VL.;........d>;..D!.0.."ir..@.U.>.=7u...<.ld..@..'.h....a.c...,.. ...N.K.Q......f..0.V.....'..s....lG...e.ur.........=v..T6...C.....@.q#...E$p.`..........C..;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Sat, 02 Nov 2013 09:50:33 GMT..Accept-Ranges: bytes..ETag: "dc133bf9b0d7ce1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date: Tue, 25 Aug 2015 10:56:56 GMT..Content-Length: 627..GIF89aa.!...........t..t..s..q..}...........n..w..z.............................x............................!.......,....a.!.... .1Ji.h..l..0.qWA.x..|....pH(\...r.l:...sJ.6K..v .r}..X....ht..CT.?He>.L..Jd\..:..........a>....{b}Vxw............>....ii...|R\......a....>.........[.....9......>...._.V.....h...A.....\.....`....h..Z...v.....pt0cG...uN. . .G.K.D-.CqZE:.. d....[..$...B.t9".....Y...Zm9 ...r...C..AD....0P(f=1...@....=-W.]c4.=3k|........ .. A.1].f....WU.7.C.VL.;........d>;..D!.0.."ir..@.U.>.=7u...<.ld..@..'.h....a.c...,.. ...N.K.Q......f..0.V.....'..s....lG...e.ur.........=v..T6...C.....@.q#...E$p.`...
<<< skipped >>>
GET /newskin9371/images/rqcode.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 8888.89919.com
Connection: Keep-Alive
Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Tue, 28 Jan 2014 19:45:07 GMT
Accept-Ranges: bytes
ETag: "a657c372611ccf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 10:57:06 GMT
Content-Length: 6930
GIF89af.f...............................................................................E0..v.iI.D0..S..a..z#fC._?.lG.[=.=*.[?.,.....sH.;%..e.>'.T6.b?..U..p#iC.H...]!mH.X:.G/.@ .gE.H2.!..tH.nE.lE.^<.?(.E-.lH....P/.?&.`<.W7.L0.H-.D .\;.W8.W7.Y9."..6$.D-.1!....E'.S1.A(.$..;%.W7.I..R4.='.#..<(.A&.N0.3 .A).<&....!..@%....&..#...........................................................................................................................................................................................................................................................~~~|||zzzxxxwwwuuusssqqqooommmkkkiiifffeeebbbaaa^^^\\\[[[XXXWWWTTTSSSPPPOOOMMMKKKIIIGGGEEECCC@@@>>><<<:::888666444333111///---***(((&&&%%%###!!!...............................................................!.......,....f.f........H......*\......#J.H.....3j...`,r C..I.......,. ..h.x%..R.AI..}JHK.Hn....F.hH\...........!....2...8K........J(.*........).....;V....w...;...d.o.....Z.....%.."c.(....0.]y....V..v....K...b.....'!....6..:.SK..\...`.......`.fC.?...R.7....M....=....#...........m.........v=..h.N.=Af....x...C....1.].]....]j.P..,.D(!P...G!.dHI".=3N1.H".8..dI..Lr..,z.X.....7..#^9.." h..r........5X.0PEpH..a7.oz..Uk.e.dW....&l..$k.5.VK....ZO5#....4]u.@%.!zx7.#......,..*.de.q.,..$z<b...Z.Y*.0b.".@........O]5d....@.O...T.0..q....5.f....`>"...Z....@.).I.b..r.i..~...y....S..z.....]..@.@*....S...@ .v.&.... .N.jgl...N8..K.%.V.....`I.....8..[N>......p..S..8n.V..*A.......&.[...%.....S...\[O...!......@......q..H....D.
<<< skipped >>>
GET /app.gif?&cna=ezhjDrYCjAACAcLyYOLflqIz HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: pcookie.cnzz.com
HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 25 Aug 2015 10:59:08 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=ezhjDrYCjAACAcLyYOLflqIz; expires=Fri, 22-Aug-25 10:59:08 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: Tengine..Date: Tue, 25 Aug 2015 10:59:08 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=ezhjDrYCjAACAcLyYOLflqIz; expires=Fri, 22-Aug-25 10:59:08 GMT; path=/; domain=.cnzz.com..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cache..GIF89a.............!.......,...........L..;..
GET /video/mv/141204/2195219/-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135.jpg?t=20141204180518 HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img4.yytcdn.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: T1_WEB/
Date: Tue, 25 Aug 2015 10:59:07 GMT
Content-Type: image/jpeg
Content-Length: 10499
Connection: keep-alive
ETag: "0108721418"
Last-Modified: Tue, 25 Aug 2015 09:33:30 GMT
Expires: Sat, 24 Oct 2015 09:33:30 GMT
Age: 4779
Cache-Control: max-age=5184000
Accept-Ranges: bytes
Pic_Server: M_PIC_213
X-Backend: 192.168.1.233:7001, 192.168.1.213:7001 : 192.168.1.12:7500
......JFIF.............C....................................................................C......................................................................................................................F..........................!.1.AQ."aq..#2..$B....Rrs...3b........................................&......................!..1.Q"A.2a.qB............?..._O..W..2..(.*JJ*.?......a...'.Q...q3r].7c.......z..1.?.Y.i1.bu{...I..~..Y.I%.#.:..KxC$q.*.A....2.P....\(o...........M.& .3......N.5S.4~....Ii.....[FqA<..c#.f...G...Yq.$g...psr\.#|1...?`b.i.@N0.|..w..3.v%)F1.PS..K.g..: ...6Lj.i...Q.......1....,.m6.......Ge.sE`.sY...J.CkP..{S!7.....]-.sS....RH..B...upf.H.8'."....n[j*.iVB......mS4...&...a......E....9..I......'Oc{*...B.u$L%X...{*^..m....]......tvN...8.`.F.c<..g.CFL.h..^.I....V.a..........fg..t.....q[.l.RFx......t.a......9...!4..DJ..f.>..a%...%].b.r.Q.d#l.6..)N...?'~.....`.{....Y.'......$.hC.S..,.m@.d.._.v`..G.m..x1..2...!).....G.W.6r3...........>R0..........?.s..T........Dhh.XB..\.......K.Z.P..J<..5K.XKie!.q..j1l..j[~.......[.'..!D.._.${Ci.....[....<......l ..d..W.......F....4_V..W...V...y...*.R!.)......|h} L]k.{..qK..6..G....4.F}.^...^.uH....>9......&.%....c.W.q..x'.w..%...@.*Q.nG...C3...........7..Q...:.......kG..H........r91.-.N>.B;.&..RT.H8 ..i....u.@%T.0d...)J& .6...n.....s...>..m..j^.R......F)..8.J.~=..s.GW...Q..3....n..R. ......)~...v.]U....<j..#O:.)%..>.v^<.......Y..... {...'4..E.=.xv5....ZPA.........Z.....`.0....W........GJF.1.@.L.#VB....=juaSda.m.<HN~U:...|k
<<< skipped >>>
GET /sync2r.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: release.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 2047
Content-Type: text/html
Date: Tue, 25 Aug 2015 10:59:11 GMT
Etag: "55dc1feb-7ff"
Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT
Server: nginx
<!DOCTYPE html>.<html>. . <head></head>. . <body>. <script type="text/javascript">. var sendByIframe = function (b) {. var c = document.createElement("iframe");. c.style.display = "none";. c.setAttribute("src", b);. document.body.insertBefore(c, document.body.firstChild). },. getCookie = function (b, c) {. var a;. c = c || window;. var d = RegExp("(^| )" b "=([^;]*)(;|$)").exec(c.document.cookie);. d && (a = d[2]);. return a. },. setCookie = function (b, c, a) {. a = a || {};. var d = a.expires;. "number" == typeof a.expires && (d = new Date, d.setTime(d.getTime() a.expires));. document.cookie = b "=" c (a.path ? "; path=" a.path : "") (d ? "; expires=" d.toGMTString() : "") (a.domain ? "; domain=" a.domain : "") (a.secure ? "; secure" : ""). },. getUrlParam = function (b) {. b = RegExp("(^|&)" b "=([^&]*)(&|$)", "i");. b = window.location.search.substr(1).match(b);. return null != b ? decodeURIComponent(b[2]) : null. },. currentDomain = document.domain.toLowerCase(),. referDomain = (docu
<<< skipped >>>
GET /tpl/ac.js HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dup.baidustatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 25 Aug 2015 10:59:15 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: close
Last-Modified: Thu, 16 Jul 2015 08:53:20 GMT
Expires: Tue, 25 Aug 2015 11:02:46 GMT
Age: 89
Cache-Control: max-age=300
Content-Encoding: gzip
Ohc-Content-Crc: 1751464740
Server: hkg01-sys-jorcol01.hkg01.baidu.com
63f.............VmS.:....0.;A.hM.v..vU........~.\F..X..\Y&....=r.B.;s..d..t$...<G8o....L.....s*...wQ...i....<.&.."....kg...Z..o.f....r~..^.X....Y\.M...V.o_.'...Q.....C.W$.*.^,."$.........E.. ..!...V.........66............N9...i#.,6.NO....u._^...g.....r.S0.."........".]....%....;|Ws.(P....5..`.s....B..=..9..0......RU..$.....Z2.....S.../.r...6`.?Q.x.3...v.......].....'....`h..B.i.....k.`ho..{(.)/..0$@9D%...j.......`.....6S..EQ. .N*...!.v..7....8g..V......w{.}............G./.qVb.B.x. 0@....8..S........ip.......,|..G.1 .hC.i..6.}.Fi..5..N..Ku..c$r......R0.[.......j.'..g.a.#I7.i.(..l.'..S.u&d.}.....e.l}..I.}QS.0F..ED...1|.[z.W..._."..W......P. .Qv$..zQo...5I.7AhI....:).k......k.T.".V...B..<..n..uHe.(.UW.......}m...f.!..^ t..2.P...G(..?.^-.. .a.7.D2........01Y..bi .M...u...a....r.<..`.Nl......(...2..R..9..`...k..p..g.....................#.;.dK.\R...Psg..F......X6*....X..g'W......m.{dGD.T0...................7.&..D$.s.o. DB......A...m...p....E.W.<.d.V2p.......:.}n...\.............pp.....t.3]j.\Vh).A!........\.5.l..d..{.b.s..D.mi.B.l...2..n..._]...Z..Bm]...*.m.......'(...4:.m..........YPK.%...b.....J._-...h.NC.....s....3....,.; k{.Y..f....b4.......>.t.[.@...S9.L....m..`?...XLS ...};.;(..i7..M.$..x.o7...h...}9.e..M)_,.fN.Bo.g.IA..IP.......`0.......N.......g\..X..........B'..&.IE.H*.dJE..R....y.@.e.t....R%-.....]..&.z..,Sp~. ./....P..@..*....<.*.2`.....d...........v.M.z.(.p.f...g_W.....&....xo .s..{r...2....&.z..m].l..r......q...Z.........8.7. ........~.......>......i..-...*Q..i.ez.U.Q:z.6.........
<<< skipped >>>
GET /sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - ä¸å›½æœ€å¤§çš„在线音ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.7063.7469.7469
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidustatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 25 Aug 2015 10:59:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Fri, 21 Aug 2015 15:41:51 GMT
Age: 97563
Content-Encoding: gzip
Ohc-Content-Crc: 327863765
Server: hkg01-sys-jorcol04.hkg01.baidu.com
37d.............VQo.6.~..`.. 3.Z.=.v.......d.C...E.mn.$.T.....QtmI.\...lQ....w..9z}.qz....,.*{.j...?..h.2}7..GC...:...V.]:..%...... .. .;=..*.......s#W@.d^..."',..[K.i.P5-T....e@:....1.k_....V..u."...........j...9......(.....6".........0.T...kc.t.....z..D.p...Ow0..:......(..H.u....^....aq.P2..<.N./$./.../......o8...@1%v5........I_.....%..29...c{......./=....# 1.R......Z%`(..k....E.....=9G.".<.n..X*...GH.6.G.R.S...5Q.eR..-...!..zg#<#..S0.z.sV...W.......|..lu%.s%u.L.z.t..P..*.A5.i.>...Lv%.s...I...63.......P.7....." ..'b.....Ub.ao.XI..,9L...2...dBRPE.../......#).,G0..1h x......I.P.r}(..L.E..........u-7`|.].&.X...f.,F.g1.(Nb.o...R....d........2:...xyN.1.dnZ.N>d...z.M.........H.N ....;g..t.A....j.9!..........3..^&.....ZoZ.M....G..H...Jv..o..fz.Q7....-...W.....,..y.v. ..../.i....1...s..>....[.&.u.?..6...*....3.q.../.;.I.|.o..>.I..Rv....c.)'.v.2f.Q&.98..L..C.......Uc..kh....ps}.WZ..............0..
GET /9.gif?abc=1&rnd=1882719831 HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: Tengine
Date: Tue, 25 Aug 2015 10:59:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=ezhjDrYCjAACAcLyYOLflqIz; expires=Fri, 22-Aug-25 10:59:07 GMT; path=/; domain=.mmstat.com
Set-Cookie: sca=2cbdf709; path=/; domain=.cnzz.mmstat.com
Set-Cookie: atpsida=409600bb180fa85a41990390_1440500347; expires=Fri, 22-Aug-25 10:59:07 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=ezhjDrYCjAACAcLyYOLflqIz
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server: Tengine..Date: Tue, 25 Aug 2015 10:59:07 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=ezhjDrYCjAACAcLyYOLflqIz; expires=Fri, 22-Aug-25 10:59:07 GMT; path=/; domain=.mmstat.com..Set-Cookie: sca=2cbdf709; path=/; domain=.cnzz.mmstat.com..Set-Cookie: atpsida=409600bb180fa85a41990390_1440500347; expires=Fri, 22-Aug-25 10:59:07 GMT; path=/; domain=.cnzz.mmstat.com..Location: http://pcookie.cnzz.com/app.gif?&cna=ezhjDrYCjAACAcLyYOLflqIz..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cache..GIF89a.............!.......,...........L..;..
GET /style/new_index.css HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Tue, 26 Nov 2013 13:15:54 GMT
Accept-Ranges: bytes
ETag: "0e1ada2a9eace1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:39 GMT
Content-Length: 3571
...........\.r.H.....w`..G.t..v$..,}b....H..... o.?.\.#. L-T.U. .....c...../....?..k.....>_........l..d...K..?.........o..t.........X\......y.;.d.yC...Ej...tYVezc...6/..sx...I..%..0.rOC.[.ds.......~~.......^^...(..:...6}j.m.......kAG.w.CZ[....>.....sZW.6../.M.&....\W..........]...M....7]G..C]9..c=9..w}q..Bno..P$..j.|.MK...........1...2{...nI......7...tz@/.<}\..Arr.....i.QRH{....f_. ....:.e....:=.Ik...).%/%.."..q.}8X...,.......W*f&..$..Ho[.... ..0.I..........X'xq....&J..iy.R.(.RB..6....E}...i.k...g..yX..r...B.1...\dnu1...7U.o..mB/..s......G....e.......d...........}..?.....!).dV...\.7...H......Yv)c..^7.2x..$.L..h]........Q8_.xS....|....Y.J.< ...l.z...}R..=......Vg...eH"...4...D..<..... 2/.f%S..,...zr.RLe......j.|H...w.....4.L..Ln.[..d.......1..N.Mz./|2.Ps.|Bg%...|S.wI...l....y$.k.Z...%z..H.....,.M.>..../..8.........g.........)..L).._~...O{...6?...DD.'6..:......F.......;....sc.tu.>.R...u..C.P59.....;........i.-....6o...).....eruE.....Oh6.}..q.\5@.gJP....vu.cK.,..)........5.s.......L.TLY?P..........Kp2>Ve.g6\[..!i......1'......6.bHm.V......*./...Jm...H..6........J...4:........XR...4.k...[.q#h...!..jD.M.A5b>n....j.].V....*D...Jis.....P..~Y.B&:?x...s.pN.U....Ql.zi..Q*..L.u[N........?....fH....z......9.....E[.1%.F....\!A...J..F..Q..w..d....4....N.......0.....2...,g.|.r........^..9..V..t$ag.,ri..7.B.....Ki%.....Vb..^"!.a....u..9...N`J....D.=%..)....f&&.........I.<U>.@..VbM.T...&...DP..s.B.k.'.....xH.|.\[.....u~.,..lH..!.n&.?K6m..~,6.<.x.....L.X...o...p'. :.z..c...gIW.....r.^...Fg ..\
<<< skipped >>>
GET /js/tabs9371.js HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Fri, 30 May 2014 05:40:44 GMT
Accept-Ranges: bytes
ETag: "05612b3c97bcf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:41 GMT
Content-Length: 860
...........WMo.H.>{%..;T..8!.H.....{.=...&...vb..8)t}..J.J....p.....*...B...x....mZ....43..yf.g.7o..<.n..i..s..=...?{D]b.....v.?.../...4:4`..77.YM...t3.$.3..2[C...jm..N....d.0..-.Q,....D..lT.h^H.YV.g.c.^Q!~ ..!...s...O.~.,........)y..|....R........@.I....]...{.O........]:..c0iJ..W.s.20.q...........|.=...'.4..vqt....../...........*...r......*.w*r............O!....D....L13.kn......c,H...vr....B.,...6$[d...v<.W.j. $r~...O.m.J.x......0=. I.1.RC>.......X.;.~F.E.). ....>f...;}Y"T...q.a>'..i.CN.r.Ro.........(.,D` gD.]."K_[..L.1..MJ?.;.,....\....Y.P..E..........Rn..(.z.....$rS...d..k#.K^^L..,......tI..(...x.\...-"..o.a/......E.r.g.......,..E.p..Z.O...0X...x.R%;*............byX;......4.|...$@.B........0..n.z.IT.i..0...v/.S0... ...K.].L..a..pm.^O.....R...Y..W.oE../.....>w.............bVM.d.....g...vM.5:..Z.:...t.c{.`W....wM.....7/7....xs...~.....8.1.5...........
GET /img/top_bg.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Wed, 30 Oct 2013 05:37:27 GMT
Accept-Ranges: bytes
ETag: "8085131e32d5ce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:42 GMT
Content-Length: 322
GIF89a..R....................................................................................................................................................................................................!.....*.,......R..._@.pH,...IG.q..#.tD.V9.Nc...F.C.A*....``..J%ObR......C.|L&.........&...&'.'.'... .(..((.(.(!!))A.;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Wed, 30 Oct 2013 05:37:27 GMT..Accept-Ranges: bytes..ETag: "8085131e32d5ce1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date: Tue, 25 Aug 2015 11:15:42 GMT..Content-Length: 322..GIF89a..R....................................................................................................................................................................................................!.....*.,......R..._@.pH,...IG.q..#.tD.V9.Nc...F.C.A*....``..J%ObR......C.|L&.........&...&'.'.'... .(..((.(.(!!))A.;....
GET /huandeng_pic/hd10.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 07 Nov 2013 13:07:54 GMT
Accept-Ranges: bytes
ETag: "071ba5ebadbce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:42 GMT
Content-Length: 72191
GIF89a.............I')6..H68D..;..T,4E.$<.$9% '..*..G 44.$4..<.$=.,...4.$,.$4.$(..<.,,.$4.,H<D4.,'.$...,.,4.4$.$,.,7)7OHO... $,:4;".#..$........$$.,..,ZU^..$..,'.4..,.....$!.,..$..,73E..,..4..... A>M)&8..4..,..$........4..,..$.....,..4..$..,.$8........................................................................................................................................................................lT<..l...........................................................i..x..l..{........x.....v..................{T:.~\..i.|b..y..........xk............kD,.X;..l.`F.sT.lR..k..t.......gX.......a@...jUJ.........................N..qPyK6.._..zyWHuA,..k..t.........{oj.;"jF9J4,Y5)..u......w]T............g8,...o,.tLDYEA...mdbgKF...gZXO!.W*%[RQ` .4..X96...O.......................!.......,..................A-a.J....C0..X......./V..q... 3f..%...`..Q.$...0_.....C'.Z......,Nl..J4%J._>*...a..V.....bE..)N.:uk.....e(.bV.L .L.E..L.....fa..b.......I..@A.R.C...&...R.-..T.,9.e..?V....M.aZ..IZ_C.5y.\.:.....H......?..v....,R.N..e2.)W..l.....X.O.guqb.Y..}.2lI../j..L)!\,q...Bi.v...Z:.W/^.....^....Ha..d.u4.._........f.5..S8...gfE.PP...Oh...Z.9..F.B...Q.....g}AY>.]$.Sd5T.f.Mg.VV....%.5.iY...|_....E>.F\..E..V...TY...M...Q._...`....w...VG.y...S...e.!X.dKa..H.}..Inj..P=.$......i..f.P...E?..G..0j....}$.IN.F$I.PD..1..&IP...E.M%i$.].........qe..zZr.]_].%.oz..RV.....rN. ..I.`......v..Q.#.J.._...EBJ.E?b..a....SN..X.u..g).].._..v...7>.]...$...~......Q...z...>..\]...z .F&J.z.V..-..%/>4Qb.".....9.R...Y.Iy....y.-
<<< skipped >>>
GET /huandeng_pic/hd12.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sun, 24 Nov 2013 11:12:14 GMT
Accept-Ranges: bytes
ETag: "03b3076e9ce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:45 GMT
Content-Length: 63661
......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2013:11:24 19:11:53.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................l.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.................?......W....f....K{[sI.Sft).......0zR%\....X_h. W..~......n.e..N."..iv.OJ|?....a...!.g.z...b.f.U..?......I.^.$.T....`(.G*U.D...v..(kw..N%.a. ....M..Yr....64.......C...1..v\zQ$.S ..I$.Z.....:..Uv..d.P....z.a &.J.w.:..... ..Y2-f....X..o\......D......W....3*..k`..[g).R......Y4......[.`f.,..`V,.........r.,.........Y...._NwQfE9u...u.......U.w.*.w.......'....N.".....8.5..N.....E...l...-k......p.........Ts:..d.etc.:...\.kw.........H.geF$......,.d.Uw...p...}N.m.}..Yv...X.[f...4....]......g.t,. ..kskah.1....i.D.....t......)...[}.........;....A.|.]Yn.Bf..@M.K....Q..Nn.5..5()Np!..,..w.3...............9i..3....K..........6._.8......F.k..n..Yz'....}e.uuAS._..V..X..k.
<<< skipped >>>
GET /img/sizikqak.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sat, 02 Nov 2013 05:40:47 GMT
Accept-Ranges: bytes
ETag: "805986148ed7ce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:45 GMT
Content-Length: 59
GIF89a...................!.......,........................;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Sat, 02 Nov 2013 05:40:47 GMT..Accept-Ranges: bytes..ETag: "805986148ed7ce1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date: Tue, 25 Aug 2015 11:15:45 GMT..Content-Length: 59..GIF89a...................!.......,........................;....
GET /album_pic/album_2013_11_7_17_13_15_360.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 07 Nov 2013 09:13:15 GMT
Accept-Ranges: bytes
ETag: "8087fd9699dbce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:47 GMT
Content-Length: 2527
......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......X.Z.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..c|..F.....t.^.XI".'.j....F..K..Eu6.. ...^.<...D...X.\(......F.0.k...t.1s{.....g....G&.._..cnZ..S...."?._..!Z..lc>W.=.....4...Z$..bN6........ZO.u...p!..0<....x . ..~...x..[...........w....?*...w$ .io.q.QR!........{..6.....`U...`.IV....7......w#...}O.U....(....(.......jW.......M]f.32..p...x... &..TW;5....6.... .Y ....,I&..#._.....Gp.&..v....R../"2..8,...j.....8.-c.[.Q...b..Ci;...n....A..'.8.Z~.q|......$..w0.cO.49.]Z?....[.....2......z..M^..Sis3..QS.]=....$h.rV$....J..0.(...(..--.a...;Bp..N...}..J..}g:.5..q..h.q].....#.<.. ]K.V.C.B......\...j...;...........4{..$w.E!.e..0>..^a....].n-..X..R6P.O...c.^....o.h.f...!QHbGn{S..aB.-.....=....]......Gf!H.#.s...`.H.{5..i.Kq.eT..%.......%...HV........?.vV...?..b..\ E4a.....sET.`|{E}=._.....M.<.E...|....<~.W..?...-.l..:.{......?Z.8.#...G.o..."o.....[ba....\...}..K...g.D....P"....CE.}..]"......]y.......8...V...t'.......V!.Ux..q^}.z'....Oy...
<<< skipped >>>
GET /note_pic/298879.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 30 Nov 2013 10:50:23 GMT
Accept-Ranges: bytes
ETag: "80140f8b9edce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:48 GMT
Content-Length: 17708
......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..I.e..X....d......3.P...R....N9..<A:}..@`...6.qh...$dc.lR...R.......f...'.m...2.....M}?..././.l.E..$.#c.....d.:..e...{.g......5....Xn$....X._R .....nP>.*.....k> ...Y...by.^....[}~=R%*..k0r:0.Z....Pq)b3.f.....o..8.X...$.B.......y...R....Q..y...0_iVQ.k1..N..o......~.Y..0.M...3...yu$w.@...n..xhYX.Fzc.....I.t...I.g.....H..1T.c...Z..._~:.....L...........?.y...d.....j...3.Q..S...xn..0..s..>.J.5....r.Z.7#K.piq.w...........!B.......$o.S.]W......:..$.{7.-L.....>%...J...qc..n..u..>.k.5..|/......U...[#.Z..*]z...5....;.Yh..z.meaf..`O..'.w.|....[......34.Ry.9..'s..E:|.."Ssk.......Y.|X...6...T.X.........o.Be.KX..........'.....|.....m...s.B.....g...*.....cp.Q]y2.RD......O.R......]._3g............4]...2j%..cn"8.<..~s|d..=*...#....s.]....-f.......y.. ........Y/5]9..?..ea..)..s..TU8.4a.......e...J.q.^.l.y...O....}|...?.....?`.....v.W.B.[.O?.~\~......ZC...s...|. ..rn...9.#.........b...M$..d.E....Q.
<<< skipped >>>
GET /huandeng_pic/hd20.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 07 Nov 2013 13:27:18 GMT
Accept-Ranges: bytes
ETag: "0bf8614bddbce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:51 GMT
Content-Length: 45362
......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2013:11:07 21:26:10.....................................................................................&.(.................................v.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................H...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.................?..r. y...<a.US@d.f..I'.o/$.%..\N......4.J8..G{..g.D..J........!*Q4..............6..-h#......qw;.?.C..S...%.v......dI...t....R...d.Y.-....p..<...G./a$...>H.o.'@.>%I.A...k:#4...J.9.......n...wv..\.......WKg..7....-......h.w...;......Z..J.fE.~C`?..z.k............P....@.l....9...U..0.k.q..I.p...........89.hs.5.k.s............V6....... E....c.w...../.,|..^..2z{.l.....z.........V..:.m.%..?C..0u...kK-h..F....?.e/.u..$..u..r.s.}.y;.4......>CN.5.....%.-imq...=.t ....h...uVY.......;.e.&...@OZV.e......u.O......|.Y..`g..2V.=.`.B......G.......hh..<&q.t...K.v.X...|U....k..f}..t.7..p..y{.gv..E.p...7....1...D..x.E......z..=.'........v..j. g`.....n..\?
<<< skipped >>>
GET /huandeng_pic/hd22.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 07 Nov 2013 13:34:07 GMT
Accept-Ranges: bytes
ETag: "80314f8bedbce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:51 GMT
Content-Length: 39165
GIF89a...................N...........2'(.......yz.........tkl...,$%4,-<45.........LDE......vZ^UAD............eNRv^b......xfj......lce..................lU[............eZ].........SIL.........]SV......}pt..............."..J>B...C:=-* ...FCDVST...ZOS...............bV[......j^drflNJL534=;<...&.#...fce......njm...-&,|t{mcl.........jVj4,4<4<D<DLDLTLT\T\d\dtlt...^Z^B6Creszn{N>Pn^pJ>LRFTZN\j]l...VFY8.:fVibTe.|.... .")" ...]NbF<J>6BVL[f\kNES.'2...]Tc~v....mesvo{rjy......62:FBJVRZfbj............................................"..................."...................................... %mje......^ZV...'"......."..znfe^Yjb]cZUtkfzsoA95SIEH@=............YOM......"..............d..............H.............. ........$.....:00...cUUk]]see{mm..................$##........................!.......,...............8........g..C..#F|(.....2...q......c..X...z!h..Z.c.....m......`....."~.......OTHQ.....6j..A.j..X..... ..88.PQ....2<4p.C..&....Pp.....&. q .~r.9.K.......L<qp....F..7!...3.^....P....C.ti..P.Z...k.....M[......,W."b..Ma....G9.B.". .1c)..{..e..4m:0a.... ....?...'OJH.*....S.Ju_!G..8.z....P.".P...,.C:..S.... ......d.-..a....?ti....9vPf..$.d.IV.d .H.n..2......9...O(.p..i.p..!.5.[l..a.mL6.d#c4.......g...%..9(.F.u.RH;.b.,...K/.9..2.e...9.D.x.....F9.'.LA...%@...R...VY...zc)..R%. ....`....`.=.L..:4tqad.Df.9(.......s..............Ha..RYe.3.z....q.r`..J.B.I.lF.f.jIB....I)...E.a.]..JF..y.G....0$=7...Q..1..$'.:}.'y~..'.f...z8,..SP`%......X.(...H.P.. 8a......6..............-fD....LY.D.f9n.<......|.*.
<<< skipped >>>
GET /huandeng_pic/hd23.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Mon, 23 Dec 2013 04:16:00 GMT
Accept-Ranges: bytes
ETag: "0081af95ffce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:52 GMT
Content-Length: 46817
....'nExif..II*.......................................................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2013:12:23 12:14:43.............0221................................................................n...........v...(...................~............%......H.......H............XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.
<<< skipped >>>
GET /huandeng_pic/hd30.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 07 Nov 2013 13:43:22 GMT
Accept-Ranges: bytes
ETag: "0791d53bfdbce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:52 GMT
Content-Length: 32988
GIF89a.......................tA....-..rs....-1...........(...........(.....,.>er.;....g...........b.7-4............P.]w].4.r..G-..B/}..>KD.......... ).rq...........3.AD.VX..'..&..K.Ln.......l........................x....1.,......!..Z.L*..@.$O.....l.-..j..g..j.....A.....q........X..l..h..x.................T..x.....h..x........h.....].....x.....*.............................s..8..8..H..P..X..V..n..h........'..8}p*.....H..F..X........_.....(..@..N..a..m.....$..8..H........)..7..X..............N..u.~G.m..n4..........X(..x...................K..j6.X'vI&.xH..V....|_.P..x8.X8..w.jQ...p9...[.X(_,..H(.X8.hH..o.......Z#..U.H(.X8.......H..hJ..m.4..b6.G(.rN..........U8.H8r8*.XKS<63...H:.,..5)....SI.f_.tr...N..J#....kPN,................................m...?=.MM........................!.......,............y..A........r.....2l..!... ..Xa...w.......H....\.....0c.{. .M.. T..@......L)..Lw.~. .....P.J.J....X.j......`...*P`...5.aU.....4..a.....zh.`.$.....tGth.... N.x..........>...... A..FC.$..[.;..`r:.....c..M.kY.....B......H..A..~:.q.`...w%...M.ha......9@>..~j.....u...'~.t.......O....e.....XC..e.........x.....vRH...XK.)fa...f......f.........P....J.IF..0..#<.4D.*.....<...~..dP ....p.d@..w!.._~=..I...!.X^.e.....N=.p.M...!...%.H....t.......!.kx6.'.y..g...)....Z...&....6....>*i..Bj...2..mg..@.....p.f......._"E. .,^.y..X...d.|..>.....fj6.=n...`.&..`..SG.>F .....)~.......pd..f...:....~..*...v...ji..8}x.;..T"w.D.....I.=...Z..'...@.....G.........e....x.....;....za........[....4....x......`.>..&L..Z.D.m..H.
<<< skipped >>>
GET /huandeng_pic/hd31.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 07 Nov 2013 13:40:43 GMT
Accept-Ranges: bytes
ETag: "80ff57f4bedbce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:53 GMT
Content-Length: 38181
GIF89a............................4,4...USU..$..,..,..$.....$...GKT..,.4<.....$.$,$,4..........$,$4<........%.,4......&>D....-5.7?....GN.FJ......%T[......HVX...(ahi..=lr^.....R..8[_...Ow|Mdg....46k..l...&(......................$$#<<....,,$44.......$$...% .........144IJJ.-,....../=<.......".osr.C4.6$..../.~...A(.S,...dge..!&_5.d(..."M&.]..7.=o>....u.../...*6*ITI......C.>.~.1u-Q.G...T.K$\.h.WW.8F./g.7..l[.2i.,~.Nw.8F|.x.*m.-t.;..m.....7.....&.....F..(.. ......o..69)........F...;;7............BB@.....f...LE......B.....V.......x%..G..(..6........kn\/ZUI..6.....QxhH......cI.#......}..\... .|..x...Z.{..t..t..l..h...7.l..t..k..t..d....UKA.i..d..d..l...@.\..d..t%.k$.\..i..Y..T..S..\..X..V..K..L..P..E..B..Z.._$.F..T..5..-.K..{'.e!.|2.;...........'"!X".6)'"..............\\\......!.......,...............H......*\......#J......./.......L.0.I....LPV..`e.#..T.I....N.8..3...Nv..9..Q.J,$]z....Cw...S...A....d.W.`c.|...Y.eM2q......9..0wn...):...........!.....N..O...t.Jn.r..}...;.D..&]...I.&..NP.....O%G~JU".5..Jp....w...w u..h..B{.......i ..................l..K.qc...W$0.......4,...$I..G.12..pud.d".u.u)....b.$...Y.Zj?m..Q;.7..L!.TR.}.An#.v.........f..B...M].$.M:...gaU7...i..F..h.G.E..x.90 z...X}.Ui..XB..|yEI.c..'^d....Z!..@J.....,..a.s2'.s.U5\q.....(...p'Ba...&.h. .I\UA...r:mp.....DJ .8]Zmj..eky.......c.=......g....j.B.H........L...Grt...$..`i).4...V0.lD1G..JX.........*.(..^.h...f.n..... >...ecW0...L.j.Rf.nT.Gfn..F.8..E...e..A....WL1b.Fd......cu...x.v'0[...VY..4.J@.f..3.HUT.f...)..[.......\@..D']..J.....
<<< skipped >>>
GET /huandeng_pic/hd32.jpg HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 07 Nov 2013 13:41:55 GMT
Accept-Ranges: bytes
ETag: "8053421fbfdbce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:53 GMT
Content-Length: 48737
GIF89a.............L2../1.VY`JKn25.Mq..-...r.*.8n.'\P./oYe...........//-1...pp.BBK...VYi..S.....3....................................................... /.........................u.......)..*~.U.;...,.....G."U.-..nU..P..u.Lw.1..hr.1S. ..Pm..{....Oe.4..4W|,...{.<..n..OX|...V..R..n..l}.@..v........X..u..............(..8..8..H..H.....X.................p.................(..(..8..3..Y......rh...;..H.|(..Xun0..8..T..(.....(..8..H..J..X...WJ...>.x8........I.._..p.xH..h.....(..1..7.{XH8...8.z(..Q.......l...7E8...H.....2VJ.....w.pR..h(.x8..H..X.....m.....H.....q...X8... .h8.xH..X..h3%...H..X.R...,.g'.w7}eH...qR0..f.r.H(.X8...J.h8.xI..X..h.xX..h.....{...X(..U1..h.gH..yl/.*......N...f...X(..g^.hXH".....M0..z.....z..z..yj..L...jW.hX.pf.tp.MCR1.....sl.NH.sm.((....XX.ML...............!.......,............M.0.B....."4.P.....2....D..!6....F../~...$H.$O.L.r.K..0.....M.8...A...2e......,0?..p.f...M.".Q,..5{.P..#...`..<w...s..YH..D.s.>..)......U.........&..a..-....81c...#...pd.. kn\.....?...Y3....sT.."k..S..M{.l..[....7l..}.... .X(>.P...W.`...S...5m..ac....M.=....[.8`.H[...{i.l..ac......_N.-.p..d......]v}0.\.&.......e..F.b.N..h....A.r.X.,.h..(....*.8.`.E(.d1.8.F2F...:2...<....>.i$.5"yc.J......T..4}..rbE...h.u.Qm..F .P.....!^TIQe.{YQ.......~w.a......W4l.A.*.@.O3...]t]...$..Wc.Y.!..1V...m.Ze.J...-.Z"....j..]DX.Q*...A...P..Vd.....k...*....;,...Z,..1..-6.P.L.}..t?..Gu...TVY...)a..G..h..,aLr.{....v..g....#..u....4XR....S.NU....2.c...fF...aH...^...!........g...j.,...@ ..2`0..2.3.l".7..s.1..s.=.,3.<.M..?'=..>/.
<<< skipped >>>
GET /img/s_icons.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Wed, 27 Nov 2013 14:47:55 GMT
Accept-Ranges: bytes
ETag: "805fdda77febce1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2015 11:15:53 GMT
Content-Length: 6310
GIF89a.......................YZ.pq............................)k.I..Y|.f..o..|..dv........B..X..`."c.#b.!Y.)j./p./o.6t.9w.W..2N.Cf.Mp.g..Vy._..y..Sl.v........q.......zL..X..o........e..~.|d..y................''(...OPR^`c89:DEF...M_kehjloq/PdHi~9JU:]rUx.osu9s.BT\t..bt|T..sxzy~.#..)..0..5..H..Q..Y.....w........&..=..`..[nt......UXY......JZ^...Opwg..Ugk......Uw}P`cHinB`dKlqFej..."##,--.........k.x2fDYrb*^;-a>IuX6R?>YGa.k~.....X.,Q.)...\..l.6h.5...|.A`.6W..f..Tq.f.:Zy3..XO}.Kd(Oj I`'z.Z..................q.!..=...{.&..*.....3..=g|:..Ul.?p.D{.M..R..Z..l.....:..lv.G..g..z..K..R..p..P..X..V..^.....P..Z..Z..c..l..e..x........t..\..U..Z..c..\.._..X.|..x8..:.h..l8....d9..g.O..sP.m6.a9.]8.J..D...e.V8.7..V9................!!.''.--.22.88.33.CC.@@.55.QQ.>>.FF.MM.TT....ff...............!.......,..............#v...e....&.....#J.H.....3j.....a...CF...b.>.4xp.......H....8o..I2.2.&...E..AeH....hf..P.J..rd..X}...h...........F..9....[.".b.5..#G...2..S......L..?.X..]...Q...KnD....Ry&.....a......Te..Sw.j.s.U..I.....F.N...{..h......W1i...N...1........p....C.M.._........t..1S..../f........p.....<y.........8.3....3.5._...(aa.U.^u....~.%... .Ua.......&..4!.(..$...~.J...8..c..U.L3..'$.66...4..............TVi%T.d.%5.\.....#..dF4..hZ..6l..&9[r..7.d..8x.S....y....).........pM..x.M....'... .....M.m..&5....5......h.O..R:...X.S...X.O7.t.....J.?.f..8.h.j.VN3.4..`....#@7.R..5.\.H6......J.,.....5...(.B.z...j['$..9....a..........n.....>y.{.....p...*.6nv.e.u..M../.#. .J...p.e.....7..i..9b..8..:...0..6....$.8.r.0.8.#jv..$|....n&..
<<< skipped >>>
GET /img/iconjans.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Sun, 10 Nov 2013 14:48:44 GMT
If-None-Match: "06ecf423dece1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Date: Tue, 25 Aug 2015 11:16:27 GMT
Etag: "06ecf423dece1:0"
....
GET /img/iconjans.gif HTTP/1.1
Accept: */*
Referer: hXXp://8888.89919.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Sun, 10 Nov 2013 14:48:44 GMT
If-None-Match: "06ecf423dece1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dfgfdherwtewrnvbcxcgdsf.89919.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Date: Tue, 25 Aug 2015 11:16:27 GMT
Etag: "06ecf423dece1:0"
....
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1956:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
t$(SSh
t$(SSh
~%UVW
~%UVW
u$SShe
u$SShe
SkinH_EL.dll
SkinH_EL.dll
hXXp://VVV.33591.com/reguser.aspx
hXXp://VVV.33591.com/reguser.aspx
%System%\drivers\kiss.she
%System%\drivers\kiss.she
\SkinH_EL.dll
\SkinH_EL.dll
C$%cmb
C$%cmb
.ppM|
.ppM|
aZ.mO
aZ.mO
%-^
%-^
.hk;~
.hk;~
KERNEL32.DLL
KERNEL32.DLL
COMCTL32.dll
COMCTL32.dll
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
MSVCRT.dll
MSVCRT.dll
MSVFW32.dll
MSVFW32.dll
USER32.dll
USER32.dll
277681366
277681366
smtp.qq.com
smtp.qq.com
277681366@QQ.com
277681366@QQ.com
18904854@qq.com
18904854@qq.com
\48x48.ico
\48x48.ico
pW`R.ks~
pW`R.ks~
2010-11-29
2010-11-29
hXXp://xxx.33591.com
hXXp://xxx.33591.com
hXXp://8888.33591.com/
hXXp://8888.33591.com/
%*.*f
%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
COMCTL32.DLL
COMCTL32.DLL
CCmdTarget
CCmdTarget
ole32.dll
ole32.dll
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
user32.dll
user32.dll
RASAPI32.dll
RASAPI32.dll
iphlpapi.dll
iphlpapi.dll
SHLWAPI.dll
SHLWAPI.dll
MPR.dll
MPR.dll
WINMM.dll
WINMM.dll
WS2_32.dll
WS2_32.dll
VERSION.dll
VERSION.dll
GetProcessHeap
GetProcessHeap
WinExec
WinExec
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
GetViewportOrgEx
GetViewportOrgEx
WINSPOOL.DRV
WINSPOOL.DRV
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
OLEAUT32.dll
OLEAUT32.dll
oledlg.dll
oledlg.dll
WSOCK32.dll
WSOCK32.dll
WININET.dll
WININET.dll
GetCPInfo
GetCPInfo
CreateDialogIndirectParamA
CreateDialogIndirectParamA
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetViewportExtEx
comdlg32.dll
comdlg32.dll
.PAVCException@@
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.prn)|*.prn|
(*.*)|*.*||
(*.*)|*.*||
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
User32.dll
User32.dll
Gdi32.dll
Gdi32.dll
Kernel32.dll
Kernel32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
: %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
out.prn
out.prn
%d.%d
%d.%d
%d / %d
%d / %d
%d/%d
%d/%d
Bogus message code %d
Bogus message code %d
(%d-%d):
(%d-%d):
%ld%c
%ld%c
%s
%s
Reply-To: %s
Reply-To: %s
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
Cc: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
%a, %d %b %Y %H:%M:%S
HELO %s
HELO %s
SMTP
SMTP
AUTH LOGIN
AUTH LOGIN
LOGIN
LOGIN
AUTH=LOGIN
AUTH=LOGIN
EHLO %s
EHLO %s
Content-Type: application/octet-stream; name=%s
Content-Type: application/octet-stream; name=%s
Content-Disposition: attachment; filename=%s
Content-Disposition: attachment; filename=%s
MAIL FROM:
MAIL FROM:
RCPT TO:
RCPT TO:
VVV.dywt.com.cn
VVV.dywt.com.cn
(*.htm;*.html)|*.htm;*.html
(*.htm;*.html)|*.htm;*.html
.PAVCOleException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
zcÁ
zcÁ
c:\%original file name%.exe
c:\%original file name%.exe
#include "l.chs\afxres.rc" // Standard components
#include "l.chs\afxres.rc" // Standard components
1, 0, 6, 6
1, 0, 6, 6
(*.*)
(*.*)
1.0.0.0
1.0.0.0
%original file name%.exe_1956_rwx_10001000_00039000:
L$(h%f
L$(h%f
SSh0j
SSh0j
msctls_hotkey32
msctls_hotkey32
TVCLHotKey
TVCLHotKey
THotKey
THotKey
\skinh.she
\skinh.she
}uo,x6l5k%x-l h
}uo,x6l5k%x-l h
9p%s m)t4`#b
9p%s m)t4`#b
e"m?c&y1`Ð
e"m?c&y1`Ð
SetViewportOrgEx
SetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
EnumThreadWindows
EnumThreadWindows
EnumChildWindows
EnumChildWindows
`c%US.4/
`c%US.4/
!#$
!#$
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.UPX0
@.UPX0
`.UPX1
`.UPX1
`.reloc
`.reloc