Trojan.GenericKD.2530717_16168f1679 – Adaware

Trojan.GenericKD.2530717 (B) (Emsisoft), Trojan.GenericKD.2530717 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 16168f1679741afd6d1619a67528b022

SHA1: cfdb1d824a06f86f432890984e9d3e72cab369e3

SHA256: 60209a7a5453de89fd1bd1703cee6187f55565f206271ddf9966e5f1f4da4a77

SSDeep: 12288:tj7NKpBcIOSwULWiJcZiGwKP4R ugOJ/Oq999/SMZoS1K1Ssq:tj8OSwUKiaZFw2W/O49oMBz

Size: 954368 bytes

File type: EXE

Platform: WIN32

Entropy: Not Packed

PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171

Company: no certificate found

Created at: 2010-11-30 10:24:03

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Trojan creates the following process(es):No processes have been created.The Trojan injects its code into the following process(es):

%original file name%.exe:1956

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process %original file name%.exe:1956 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\cpro_media_small[1].png (645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\20200293.jpg.small[1].jpg (60 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[3].gif (2942 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\s_icons[1].gif (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\27400657.jpg.small[1].jpg (443 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\8888.89919[1].htm (1925 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589[1].jpg (1031 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CAUBS9CP.htm (2074 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\sizikqak[1].gif (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd30[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[4].gif (4367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd13[1].jpg (3808 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@release.baidu[1].txt (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[3].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd32[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd11[1].jpg (7108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\sync2r[1].htm (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[1].gif (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CA8LQN4T.htm (2923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\hd10[1].jpg (7590 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].js (1184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\sync[1].htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[2].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync2r[1].htm (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CAKDQRGT (25 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (14744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\CAIZYB2P.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\b[1].php (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\time[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90[1].jpg (1031 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\top_bg[1].gif (322 bytes)
%System%\drivers\kiss.she (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\298857[1].jpg (7 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@release.baidu[2].txt (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\logo-border-light[1].png (473 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CA0T6DJK.htm (3910 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\stat[1].php (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\album_2013_11_7_15_46_53_626[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd31[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[2].gif (2932 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\298879[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[5].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\rqcode[1].gif (2729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\00540197.jpg.small[1].jpg (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[2].js (2428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[3].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\hd22[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CAQJ89MB (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[1].js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].swf (547 bytes)
C:\SkinH_EL.dll (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[2].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\album_2013_11_7_17_13_15_360[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@8888.89919[1].txt (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[2].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd33[1].jpg (6012 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cpro.baidustatic[1].txt (214 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\CPROID[1].xml (310 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\new_logo[1].gif (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\nova_fp[1].htm (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[4].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CA50NMFR.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd12[1].jpg (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B[1].jpg (1055 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[2].js (3326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[5].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd21[1].jpg (6478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\iconjans[1].gif (2053 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\o[1].swf (157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[3].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\core[1].php (762 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[1].txt (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync_pos[1].htm (1596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[4].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562[1].jpg (1030 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pos.baidu[1].txt (1675 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[2].gif (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\jquery[1].js (3382 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\hd23[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[5].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\2014727172939492[1].jpg (1300 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\dldldl[1].gif (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\time[1].js (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\0f000PCl-eM7bK8cufB8p0[1].jpg (3570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\52330314.jpg.small[1].jpg (1938 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[7].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[4].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\tabs9371[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[7].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\code[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\CAMR45E7.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd20[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\pic[1].gif (719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync_pos[2].htm (1596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[8].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[6].gif (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pos.baidu[2].txt (2203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[5].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\album_2013_11_7_20_21_29_235[1].jpg (3 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\oXMLStore[1].xml (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\new_index[1].css (147 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CAQJQRMT (25 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\o[1].htm (1394 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\fp[1].htm (114 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040920140410 (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pos.baidu[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\time[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040920140410\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\sync[1].htm (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@release.baidu[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pos.baidu[2].txt (0 bytes)

Registry activity

The process %original file name%.exe:1956 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CachePrefix" = ":2015082520150826:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012015082520150826\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Multimedia\DrawDib]
"vga.drv 1916x902x32(BGR 0)" = "31,31,31,31"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CacheLimit" = "8192"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CacheRepair" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1291105443"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E C1 9C 23 F1 AD 3A 4B 95 5F EA 22 11 AC 48 C0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CacheOptions" = "11"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014040920140410]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
147127382e001f495d1842ee7a9e7912	c:\SkinH_EL.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\cpro_media_small[1].png (645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\20200293.jpg.small[1].jpg (60 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[3].gif (2942 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\s_icons[1].gif (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\27400657.jpg.small[1].jpg (443 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\8888.89919[1].htm (1925 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589[1].jpg (1031 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CAUBS9CP.htm (2074 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\sizikqak[1].gif (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd30[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[4].gif (4367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd13[1].jpg (3808 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@release.baidu[1].txt (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[3].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd32[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd11[1].jpg (7108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\sync2r[1].htm (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[1].gif (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CA8LQN4T.htm (2923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\hd10[1].jpg (7590 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].js (1184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\sync[1].htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[2].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync2r[1].htm (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CAKDQRGT (25 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (14744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\CAIZYB2P.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\b[1].php (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\time[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90[1].jpg (1031 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\top_bg[1].gif (322 bytes)
%System%\drivers\kiss.she (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\298857[1].jpg (7 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@release.baidu[2].txt (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\logo-border-light[1].png (473 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CA0T6DJK.htm (3910 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\stat[1].php (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\album_2013_11_7_15_46_53_626[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd31[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[2].gif (2932 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\298879[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[5].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\rqcode[1].gif (2729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\00540197.jpg.small[1].jpg (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[2].js (2428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[3].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\hd22[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CAQJ89MB (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[1].js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].swf (547 bytes)
C:\SkinH_EL.dll (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[2].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\album_2013_11_7_17_13_15_360[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@8888.89919[1].txt (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[2].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd33[1].jpg (6012 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cpro.baidustatic[1].txt (214 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\CPROID[1].xml (310 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\new_logo[1].gif (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\nova_fp[1].htm (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[4].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CA50NMFR.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd12[1].jpg (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B[1].jpg (1055 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[2].js (3326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[5].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd21[1].jpg (6478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\iconjans[1].gif (2053 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\o[1].swf (157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[3].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\core[1].php (762 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[1].txt (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync_pos[1].htm (1596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[4].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562[1].jpg (1030 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pos.baidu[1].txt (1675 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[2].gif (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\jquery[1].js (3382 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\hd23[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[5].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\2014727172939492[1].jpg (1300 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\dldldl[1].gif (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\time[1].js (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\0f000PCl-eM7bK8cufB8p0[1].jpg (3570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\52330314.jpg.small[1].jpg (1938 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[7].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[4].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\tabs9371[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[7].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\code[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\CAMR45E7.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd20[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\pic[1].gif (719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync_pos[2].htm (1596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[8].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[6].gif (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pos.baidu[2].txt (2203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[5].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\album_2013_11_7_20_21_29_235[1].jpg (3 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\oXMLStore[1].xml (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\new_index[1].css (147 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CAQJQRMT (25 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\o[1].htm (1394 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\fp[1].htm (114 bytes)
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: ??Visual Basic
Product Name: ??Visual Basic
Product Version: 1.0.0.0
Legal Copyright: ??Visual Basic ????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: ??Visual Basic
Comments: ??Visual Basic
Language: Language Neutral

Company Name: ??Visual BasicProduct Name: ??Visual BasicProduct Version: 1.0.0.0Legal Copyright: ??Visual Basic ????Legal Trademarks: Original Filename: Internal Name: File Version: 1.0.0.0File Description: ??Visual BasicComments: ??Visual BasicLanguage: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	516507	520192	4.51771	556e657c3cb37147a22a1770dd836481
.rdata	524288	319460	319488	4.59382	4e0271bc2fb250b5c011d3c26656ca6e
.data	843776	243018	65536	3.54227	12fdfe04d3c8a407a7362763ffc33348
.rsrc	1089536	43912	45056	3.86002	05af6986ca0dfbb5498b3b4776f0ecd7

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://8888.33591.com/	218.255.247.52
hxxp://8888.89919.com/	218.255.247.53
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/js/jquery.js
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/style/new_index.css
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/js/tabs9371.js
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/top_bg.gif
hxxp://8888.89919.com/code.aspx	218.255.247.53
hxxp://8888.89919.com/img/dldldl.gif	218.255.247.53
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/iconjans.gif
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd10.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/9/18/7/713022/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/11/11/15/734682/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpm/userdata/2015/08/19/00/00540197.jpg.small.jpg
hxxp://wmjs.wshifen.com/cpro/ui/c.js
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/11/6/10/442141/image/head.gif.small.gif
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd11.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/28/16/2712/image/head.gif.small.gif
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd12.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd13.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpm/userdata/2015/08/16/18/20200293.jpg.small.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/new_logo.gif
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/sizikqak.gif
hxxp://cb.e.shifen.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=1522x8&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=578&tlm=1440500346&tcn=1440500347&tpr=1440500346621&dpt=none&coa=&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpm/userdata/2015/08/19/00/52330314.jpg.small.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpm/userdata/2015/08/14/04/27400657.jpg.small.jpg
hxxp://cb.e.shifen.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=1&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1522x8&psr=1916x902&pss=995x1784&qn=6017087a97ff6662&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.656.3125.3125
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/album_pic/album_2013_11_7_20_21_29_235.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/album_pic/album_2013_11_7_17_13_15_360.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/album_pic/album_2013_11_7_15_46_53_626.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/note_pic/298879.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/note_pic/298857.jpg
hxxp://cb.e.shifen.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=1&dis=0&dai=2&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=878x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=4015&tlm=1440500350&tcn=1440500350&tpr=1440500346621&dpt=none&coa=&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1
hxxp://wn.pos.e.shifen.com/adx.php?c=d25pZD1hN2FmY2I5MGZkZDE1YzdiAHM9YTdhZmNiOTBmZGQxNWM3YgB0PTE0NDA1MDAzMzkAc2U9MQBidT00AHByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAGNoYXJnZV9wcmljZT1WZHhLY3dBSlN5bDdqRXBnVzVJQThoNEdRdHp5MDM3OFBKV3dmZwBzaGFyaW5nX3ByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9NDJmY2Q2OTE
hxxp://wmjs.wshifen.com/cpro/ui/noexpire/img/2.0.1/logo-border-light.png
hxxp://cb.e.shifen.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=2&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=878x293&psr=1916x902&pss=995x1784&qn=1c53e6c91e61ea50&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.4078.6141.6141
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd20.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd21.jpg
hxxp://8888.89919.com/videopic/2014/7/27/2014727172939492.jpg	218.255.247.53
hxxp://cb.e.shifen.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=2&dis=0&dai=3&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=1427x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=6984&tlm=1440500353&tcn=1440500353&tpr=1440500346621&dpt=none&coa=&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1
hxxp://mfs.ykimg.com/1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589
hxxp://mfs.ykimg.com/
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd22.jpg
hxxp://wn.pos.e.shifen.com/adx.php?c=d25pZD01NzEwYTU2ZTc4YjA2MmY3AHM9NTcxMGE1NmU3OGIwNjJmNwB0PTE0NDA1MDAzNDIAc2U9MQBidT00AHByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAGNoYXJnZV9wcmljZT1WZHhLZGdBSllmSjdqRXBnVzVJQThoVVdnYmcxTVo4N3NxSjc4UQBzaGFyaW5nX3ByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9N2MzNDY3MjI
hxxp://mfs.ykimg.com/1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562
hxxp://mfs.ykimg.com/1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90
hxxp://mfs.ykimg.com/1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B
hxxp://cb.e.shifen.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.7063.7469.7469
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd23.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/11/26/5/741147/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/8/26/15/944406/image/head.gif.small.gif
hxxp://8888.89919.com/newskin9371/images/rqcode.gif	218.255.247.53
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd30.jpg
hxxp://all.cnzz.com.danuoyi.tbcache.com/stat.php?id=5862873&show=pic
hxxp://wn.pos.e.shifen.com/adx.php?c=d25pZD02NDdmM2I0ZjA1OTZiZWIxAHM9NjQ3ZjNiNGYwNTk2YmViMQB0PTE0NDA1MDAzNDMAc2U9MQBidT0xAHByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAGNoYXJnZV9wcmljZT1WZHhLZHdBUE4wOTdqRXBnVzVJQThnLWkwMEhqbDQ2bXJMaDFJUQBzaGFyaW5nX3ByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAHdpbl9kc3A9MQBjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9OTdjYWJmMGM
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/4/9/23/313985/image/head.gif.small.gif
hxxp://temp.p23.tc.cdntip.com/data1/p12/ku6video/2014/1/22/2/1395667510432_95415401_95415401/1.jpg
hxxp://wmjs.wshifen.com/cpro/expire/time.js
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd31.jpg
hxxp://cpro.e.shifen.com/img/cpro_media_small.png
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/3/10/13/906768/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/4/9/16/313604/image/head.gif.small.gif
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd32.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd33.jpg
hxxp://wmpic.wshifen.com/media/v1/0f000PCl-eM7bK8cufB8p0.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/4/23/8/918845/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/6/3/18/928824/image/head.gif.small.gif
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/s_icons.gif
hxxp://oz.cnzz.com/stat.htm?id=5862873&r=&lg=en-us&ntime=none&cnzz_eid=501615567-1440500344-&showp=1916x902&t=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&h=1&rnd=1192507884	198.11.132.200
hxxp://all.cnzz.com.danuoyi.tbcache.com/core.php?web_id=5862873&show=pic&t=z
hxxp://wmjs.wshifen.com/sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2013/10/29/21/870006/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/4/6/17/566949/image/head.gif.small.gif
hxxp://cb.e.shifen.com/sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2015/8/18/4/991533/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/3/12/3/295026/image/head.gif.small.gif
hxxp://www.gslb.yytcdn.com/video/mv/141204/2195219/-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135.jpg?t=20141204180518
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2013/6/1/3/818513/image/head.gif.small.gif
hxxp://icon.cnzz.com.danuoyi.tbcache.com/img/pic.gif	213.244.178.249
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/8/31/14/945045/image/head.gif.small.gif
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1882719831	42.120.219.171
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/5/17/19/587037/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2015/7/25/16/988694/image/head.gif.small.gif
hxxp://cnzz.mmstat.com/app.gif?&cna=ezhjDrYCjAACAcLyYOLflqIz	42.120.219.171
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/2/17/21/901570/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/6/14/2/356144/image/head.gif.small.gif
hxxp://cb.e.shifen.com/sync2r.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/26/21/1705/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/25/1/1066/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/29/3/2838/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/5/10/23/12850/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/27/2/1863/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/5/12/13/14411/image/head.gif.small.gif
hxxp://cb.e.shifen.com/wh/o.htm?ltr=&cf=u
hxxp://ecomcbjs.wshifen.com/tpl/wh.js
hxxp://cb.e.shifen.com/wh/c.swf?v=3
hxxp://cb.e.shifen.com/wh/o.swf?v=1
hxxp://ecomcbjs.wshifen.com/tpl/ac.js
hxxp://e.pos.e.shifen.com/b.php
hxxp://eclick.e.shifen.com/nova_fp.htm?br=6&fp=2AB125E7677A63A92889485C5D413F38&fp2=2AB125E7677A63A92889485C5D413F38&ci=8138C33758309AE6FF4C222F3076C661:FG=1&bi=8138C33758309AE6FF4C222F3076C661:FG=1&im=0&wf=1&ct=984&m=&t=0&ft=&_=1440500365699
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/11/26/5/741147/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/5/10/23/12850/image/head.gif.small.gif
hxxp://pos.baidu.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=2&dis=0&dai=3&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=1427x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=6984&tlm=1440500353&tcn=1440500353&tpr=1440500346621&dpt=none&coa=&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1	115.239.210.141
hxxp://wn.pos.baidu.com/adx.php?c=d25pZD01NzEwYTU2ZTc4YjA2MmY3AHM9NTcxMGE1NmU3OGIwNjJmNwB0PTE0NDA1MDAzNDIAc2U9MQBidT00AHByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAGNoYXJnZV9wcmljZT1WZHhLZGdBSllmSjdqRXBnVzVJQThoVVdnYmcxTVo4N3NxSjc4UQBzaGFyaW5nX3ByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9N2MzNDY3MjI
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2013/6/1/3/818513/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/4/9/16/313604/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmiko2.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/js/jquery.js
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/08/19/00/52330314.jpg.small.jpg
hxxp://wn.pos.baidu.com/adx.php?c=d25pZD1hN2FmY2I5MGZkZDE1YzdiAHM9YTdhZmNiOTBmZGQxNWM3YgB0PTE0NDA1MDAzMzkAc2U9MQBidT00AHByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAGNoYXJnZV9wcmljZT1WZHhLY3dBSlN5bDdqRXBnVzVJQThoNEdRdHp5MDM3OFBKV3dmZwBzaGFyaW5nX3ByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9NDJmY2Q2OTE
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/2/17/21/901570/image/head.gif.small.gif
hxxp://cpro.baidustatic.com/cpro/ui/c.js
hxxp://cpro.baidu.com/img/cpro_media_small.png	58.217.200.77
hxxp://pos.baidu.com/sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1	115.239.210.141
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/7/25/16/988694/image/head.gif.small.gif
hxxp://g2.ykimg.com/1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90
hxxp://wn.pos.baidu.com/adx.php?c=d25pZD02NDdmM2I0ZjA1OTZiZWIxAHM9NjQ3ZjNiNGYwNTk2YmViMQB0PTE0NDA1MDAzNDMAc2U9MQBidT0xAHByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAGNoYXJnZV9wcmljZT1WZHhLZHdBUE4wOTdqRXBnVzVJQThnLWkwMEhqbDQ2bXJMaDFJUQBzaGFyaW5nX3ByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAHdpbl9kc3A9MQBjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9OTdjYWJmMGM
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/6/3/18/928824/image/head.gif.small.gif
hxxp://g1.ykimg.com/1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589
hxxp://eclick.baidu.com/nova_fp.htm?br=6&fp=2AB125E7677A63A92889485C5D413F38&fp2=2AB125E7677A63A92889485C5D413F38&ci=8138C33758309AE6FF4C222F3076C661:FG=1&bi=8138C33758309AE6FF4C222F3076C661:FG=1&im=0&wf=1&ct=984&m=&t=0&ft=&_=1440500365699
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/5/17/19/587037/image/head.gif.small.gif
hxxp://pos.baidu.com/wh/o.htm?ltr=&cf=u	115.239.210.141
hxxp://cpro2.baidustatic.com/cpro/ui/noexpire/img/2.0.1/logo-border-light.png
hxxp://g2.ykimg.com/1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562
hxxp://pos.baidu.com/wh/o.swf?v=1	115.239.210.141
hxxp://pos.baidu.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=1&dis=0&dai=2&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=878x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=4015&tlm=1440500350&tcn=1440500350&tpr=1440500346621&dpt=none&coa=&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1	115.239.210.141
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/08/19/00/00540197.jpg.small.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/11/11/15/734682/image/head.gif.small.gif
hxxp://vi1.ku6img.com/data1/p12/ku6video/2014/1/22/2/1395667510432_95415401_95415401/1.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/4/23/8/918845/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/11/6/10/442141/image/head.gif.small.gif
hxxp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.7063.7469.7469	115.239.210.141
hxxp://s22.cnzz.com/stat.php?id=5862873&show=pic	1.99.192.16
hxxp://cpro.baidustatic.com/cpro/expire/time.js
hxxp://img4.yytcdn.com/video/mv/141204/2195219/-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135.jpg?t=20141204180518	125.89.72.211
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/8/18/4/991533/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/6/14/2/356144/image/head.gif.small.gif
hxxp://g1.ykimg.com/1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/29/3/2838/image/head.gif.small.gif
hxxp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=2&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=878x293&psr=1916x902&pss=995x1784&qn=1c53e6c91e61ea50&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.4078.6141.6141	115.239.210.141
hxxp://cpro.baidustatic.com/sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/8/26/15/944406/image/head.gif.small.gif
hxxp://pos.baidu.com/wh/c.swf?v=3	115.239.210.141
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/26/21/1705/image/head.gif.small.gif
hxxp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=1&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1522x8&psr=1916x902&pss=995x1784&qn=6017087a97ff6662&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.656.3125.3125	115.239.210.141
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/4/6/17/566949/image/head.gif.small.gif
hxxp://g1.ykimg.com/
hxxp://c.cnzz.com/core.php?web_id=5862873&show=pic&t=z
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/4/9/23/313985/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2013/10/29/21/870006/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/3/10/13/906768/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/9/18/7/713022/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/28/16/2712/image/head.gif.small.gif
hxxp://dup.baidustatic.com/tpl/wh.js
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/08/14/04/27400657.jpg.small.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/25/1/1066/image/head.gif.small.gif
hxxp://ec.pos.baidu.com/b.php
hxxp://dup.baidustatic.com/tpl/ac.js
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/27/2/1863/image/head.gif.small.gif
hxxp://pos.baidu.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=1522x8&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=578&tlm=1440500346&tcn=1440500347&tpr=1440500346621&dpt=none&coa=&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1	115.239.210.141
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/3/12/3/295026/image/head.gif.small.gif
hxxp://icon.cnzz.com/img/pic.gif	213.244.178.249
hxxp://pcookie.cnzz.com/app.gif?&cna=ezhjDrYCjAACAcLyYOLflqIz	42.120.219.171
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/08/16/18/20200293.jpg.small.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/8/31/14/945045/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/5/12/13/14411/image/head.gif.small.gif
hxxp://ubmcmm.baidustatic.com/media/v1/0f000PCl-eM7bK8cufB8p0.jpg
hxxp://release.baidu.com/sync2r.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=1&dis=0&dai=2&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=878x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=4015&tlm=1440500350&tcn=1440500350&tpr=1440500346621&dpt=none&coa=&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Cache-Control: post-check=0, pre-check=0

Connection: keep-alive

Content-Length: 1148

Content-Type: text/javascript;charset=UTF-8

Date: Tue, 25 Aug 2015 10:59:00 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue Aug 25 18:59:00 2015

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Pragma: no-cache

Server: nginx

BAIDU_DUP2_define('request!u1548235_1',[],{deps:['nova/painter/inlayFixed1392089005'],data:{"id" : "u1548235","_isMlt" : 4,"sw" : 250,"sh" : 250,"_html" : {"adn":"3", "at":"6", "aurl":"", "cad":"1", "ccd":"32", "cec":"utf-8", "cfv":"11", "ch":"0", "col":"en-us", "conOP":"0", "cpa":"1", "dai":"2", "dis":"0", "ltr":"", "ltu":"hXXp://8888.89919.com/", "lunum":"6", "n":"46055029_cpr", "pcs":"628x452", "pis":"10000x10000", "ps":"878x293", "psr":"1916x902", "pss":"995x1784", "qn":"1c53e6c91e61ea50", "rad":"", "rsi0":"250", "rsi1":"250", "rsi5":"4", "rss0":"#FFFFFF", "rss1":"#FFFFFF", "rss2":"#F781F7", "rss3":"#525052", "rss4":"#008000", "rss5":"", "rss6":"#F781F7", "rss7":"", "scale":"", "skin":"", "td_id":"1548235", "tn":"text_default_250_250", "tpr":"1440500346621", "ts":"1", "version":"2.0", "xuanting":"0"},"_html_old" : "cpro_template=text_default_250_250|cpro_161=3|cpro_flush=4|cpro_cbd=#FFFFFF|cpro_cbg=#FFFFFF|cpro_ctitle=#F781F7|cpro_cdesc=#525052|cpro_curl=#008000|cpro_cflush=#F781F7|cpro_client=46055029_cpr|cpro_at=image|cpro_cad=1|cpro_w=250|cpro_h=250|cpro_version=2.0","qn" : "1c53e6c91e61ea50","_qid" : "1c53e6c91e61ea50"}});....

GET /acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=2&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=878x293&psr=1916x902&pss=995x1784&qn=1c53e6c91e61ea50&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.4078.6141.6141 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Cache-Control: post-check=0, pre-check=0

Connection: keep-alive

Content-Length: 22285

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:02 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue Aug 25 18:59:02 2015

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Pragma: no-cache

Server: nginx

...<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml"> . <head>. <meta charset="UTF-8" />. <title>..................</title>. . <style type="text/css">. html{color:#000;background-color:transparent;}body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,code,form,fieldset,legend,input,textarea,p,blockquote,th,td{margin:0;padding:0}table{border-collapse:collapse;border-spacing:0}fieldset,img{border:0}address,caption,cite,code,dfn,em,strong,th,var{font-style:normal;font-weight:normal}ol,ul{list-style:none}caption,th{text-align:left}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal}q:before,q:after{content:''}abbr,acronym{border:0;font-variant:normal}sup{vertical-align:text-top}sub{vertical-align:text-bottom}input,textarea,select{font-family:inherit;font-size:inherit;font-weight:inherit}input,textarea,select{*font-size:100%}legend{color:#000}body{margin:0;padding:0;} . .bd-logo,.bd-logo2,.bd-logo3,.bd-logo4{text-decoration:none;cursor:pointer;display:block;overflow:hidden;position:absolute;bottom:0;right:0;z-index:2147483647}.bd-logo{height:18px;width:18px;background:url(hXXp://cpro2.baidustatic.com/cpro/ui/noexpire/img/2.0.1/bg.png) no-repeat left top;background-position:0 0;_filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enabled=true,src="http://cpro2.baidustatic.com/cpro/ui/noexpire/img/2.0.1/logo-border-light.png",sizingMethod="crop");_background:0}.bd-logo:hover{background-

<<< skipped >>>

GET /acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.7063.7469.7469 HTTP/1.1

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Cache-Control: post-check=0, pre-check=0

Connection: keep-alive

Content-Length: 9458

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:04 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue Aug 25 18:59:04 2015

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Pragma: no-cache

Server: nginx

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>....<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<title>..............................</title>..<style>..body{margin:0;background-color:transparent;}...uptown{width:250px;height:250px;position:relative;overflow:hidden;}..a.logo{display:block;height:18px;width:26px;text-align:justify;letter-spacing:20px;text-decoration:none;overflow:hidden;cursor:default;position:absolute;bottom:0px;right:0px;}...cpro a.logo{filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enabled=true,src="hXXp://cpro.baidu.com/img/cpro_media_small.png",sizingMethod="image");background:url(hXXp://cpro.baidu.com/img/cpro_media_small.png) no-repeat left top;_background:none;}...cpro a.logo:hover{width:78px;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enabled=true,src="hXXp://cpro.baidu.com/img/cpro_media_large.png",sizingMethod="image");background:url(hXXp://cpro.baidu.com/img/cpro_media_large.png) no-repeat left top;_background:none;}...gongyi a.logo{width:78px;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enabled=true,src="hXXp://cpro.baidu.com/img/gongyi_media_large.png",sizingMethod="image");background:url(hXXp://cpro.baidu.com/img/gongyi_media_large.png) no-repeat left top;_background:none;}...uptown #dish0 img{width:78px;display:block;width:250px;height

<<< skipped >>>

GET /sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1

Referer: hXXp://cpro.baidustatic.com/sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 1596

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:06 GMT

Etag: "55dc1feb-63c"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Server: nginx

<!DOCTYPE html>.<html>. . <head></head>. . <body>. <script type="text/javascript"> . var getCookie=function(b,d){var a;d=d||window;var c=RegExp("(^| )" b "=([^;]*)(;|$)").exec(d.document.cookie);c&&(a=c[2]);return a},setCookie=function(b,d,a){a=a||{};var c=a.expires;"number"==typeof a.expires&&(c=new Date,c.setTime(c.getTime() a.expires));document.cookie=b "=" d (a.path?"; path=" a.path:"") (c?"; expires=" c.toGMTString():"") (a.domain?"; domain=" a.domain:"") (a.secure?"; secure":"")},getUrlParam=function(b){b=RegExp("(^|&)" b "=([^&]*)(&|$)","i");b=window.location.search.substr(1).match(b);. return null!=b?decodeURIComponent(b[2]):null},currentDomain=document.domain.toLowerCase(),referDomain=(document.referrer?document.referrer.match(/.*\:\/\/([^\/]*).*/i)[1]:"").toLowerCase(),urlCproId=getUrlParam("CPROID"),cookieCproId=getCookie("CPROID"),targetCproId;!urlCproId||"pos.baidu.com"!==currentDomain||"cpro.baidu.com"!==referDomain&&"cpro.baidustatic.com"!==referDomain||cookieCproId&&cookieCproId===urlCproId||setCookie("CPROID",urlCproId,{path:"/",domain:".pos.baidu.com",expires:(new Date).setFullYear(2042)});. var sendByIframe = function (b) {. var c = document.createElement("iframe");. c.style.display = "none";. c.setAttribute("src", b);. document.body.insertBefore(c, document.body.firstChild). }. sendByIframe("hXXp://release.baidu.c

<<< skipped >>>

GET /wh/c.swf?v=3 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1; CPROID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 547

Content-Type: application/x-shockwave-flash

Date: Tue, 25 Aug 2015 10:59:15 GMT

Etag: "55dc1feb-223"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Server: nginx

CWS.....x..Q.r.A.};.a'$...D..8y.KrM..*....)..aw...k..*7oz..[..*....g..~...=..RQ.0........Y|....M.w.&..#......}t.D5..D. b.4;...p%.y....P.].4_..........0....D.4.....%gIK.@.... %..1......K.K.o.?...B..!..Q.e2.U........q= .)b.......6$...T.&D...[G.}$.b...|.J..mg...J.....P.D.....y;.S....l..%.....{......^.....-O'X....H.co}d( u.X.n..9v..C...=L..F.NK.s.<Q..b...f..WZ..LK..XU">0.\...........I...sy....xDY..:...j....7.....M...Fu:.MF...Yr.W....?.X.....g..kFs.lk.....<.s...N.....&.r..~o....ZSk[z.....b...6..xi...].f...w~w.../.........s.^.....P.8b:.;..1.?....2HTTP/1.1 200 OK..Accept-Ranges: bytes..Connection: keep-alive..Content-Length: 547..Content-Type: application/x-shockwave-flash..Date: Tue, 25 Aug 2015 10:59:15 GMT..Etag: "55dc1feb-223"..Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT..Server: nginx..CWS.....x..Q.r.A.};.a'$...D..8y.KrM..*....)..aw...k..*7oz..[..*....g..~...=..RQ.0........Y|....M.w.&..#......}t.D5..D. b.4;...p%.y....P.].4_..........0....D.4.....%gIK.@.... %..1......K.K.o.?...B..!..Q.e2.U........q= .)b.......6$...T.&D...[G.}$.b...|.J..mg...J.....P.D.....y;.S....l..%.....{......^.....-O'X....H.co}d( u.X.n..9v..C...=L..F.NK.s.<Q..b...f..WZ..LK..XU">0.\...........I...sy....xDY..:...j....7.....M...Fu:.MF...Yr.W....?.X.....g..kFs.lk.....<.s...N.....&.r..~o....ZSk[z.....b...6..xi...].f...w~w.../.........s.^.....P.8b:.;..1.?....2..

<<< skipped >>>

GET /img/cpro_media_small.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cpro.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 25 Aug 2015 10:59:05 GMT

Content-Type: image/png

Content-Length: 645

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Connection: keep-alive

ETag: "55dc1feb-285"

Expires: Wed, 26 Aug 2015 10:59:05 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

.PNG........IHDR.............E.......tEXtSoftware.Adobe ImageReadyq.e<...'IDATx..U...P...ZiI....*m..n.$.^ H...p.....[..@........~..... ...h..g....e.I^.2....|...&....{.K\.O5.4...7....#f;..M......rB.\~.......q<.w.l.a .h..t...5......1.l6..$1.v.....\..d2.f.....b..*..Q......".I.2...^....(J.7#~.Q...'...,.^z......=..}.....|N8...P(.. ..N.XmFO6.P..d..F#. ..p8|Q*.......9dF....T*.V.......Z._......0.X,..X.)ptL..4....~$.9..U......GB..0l.N...Z-...b}&.9s...! .~..?..K.Z.U2.<m4..................?.8.*.|>/..........f.@... 4..."yC......q......t.5@/..*._.<....a.d...lF"a.G..p$..W>..#...n..B.M8...b @.f..E..>...[{&..z..O..t..!z.....Zi...~.0..a.....r....IEND.B`.HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Aug 2015 10:59:05 GMT..Content-Type: image/png..Content-Length: 645..Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT..Connection: keep-alive..ETag: "55dc1feb-285"..Expires: Wed, 26 Aug 2015 10:59:05 GMT..Cache-Control: max-age=86400..Accept-Ranges: bytes...PNG........IHDR.............E.......tEXtSoftware.Adobe ImageReadyq.e<...'IDATx..U...P...ZiI....*m..n.$.^ H...p.....[..@........~..... ...h..g....e.I^.2....|...&....{.K\.O5.4...7....#f;..M......rB.\~.......q<.w.l.a .h..t...5......1.l6..$1.v.....\..d2.f.....b..*..Q......".I.2...^....(J.7#~.Q...'...,.^z......=..}.....|N8...P(.. ..N.XmFO6.P..d..F#. ..p8|Q*.......9dF....T*.V.......Z._......0.X,..X.)ptL..4....~$.9..U......GB..0l.N...Z-...b}&.9s...! .~..?..K.Z.U2.<m4..................?.8.*.|>/..........f.@... 4..."yC......q......t.5@/..*._.<....a.d...lF"a.

<<< skipped >>>

GET /cpro/expire/time.js HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.7063.7469.7469

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cpro.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:59:04 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: close

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Expires: Tue, 25 Aug 2015 11:25:02 GMT

Age: 2042

Cache-Control: max-age=3600

Ohc-Content-Crc: 3776131546

Server: hkg01-sys-jorcol02.hkg01.baidu.com

Content-Encoding: gzip

2b8............}.mO.0.....Pe.....".&.A..{..C.r....vp\JI..wv[.B..4?.}w...B...P:K.k..?.@;)..|.e.2.Z..{]WBj:......a<......h4eyi..B.........j........U.Y....x. .4.&....gI?&.u^.......m....\.z.......V/.......D...U..#.."L....4..V.9eG'..Og...g..._......,7`.k..[=..K.l.....{......^........j.0.L..c7^..........|.3.U...j..}.....Go.H....h.iG.. 'E...^.....7uUb.{d..g..'.@H.....0..<.S.07...?.z.........j.?...}.u.4...x.....8ff.H...Ci.b....G4Z...G.%z@:....5.iT.m..KEz=.V.v. ....U..V .^.......6)....58h...w9...q.....w...x../t.....4.M.g.<d..L..$.....{.....P_..ZV....(..K7.....u.....@..>.5#.i...".)..p..#|D....N.=...X..7.`..f...G....G0.|{.....6...1...YS.......Y.s.j....b:....*.t.....U.j...'<~...H...M...`..K.vK....1........0..

GET /nova_fp.htm?br=6&fp=2AB125E7677A63A92889485C5D413F38&fp2=2AB125E7677A63A92889485C5D413F38&ci=8138C33758309AE6FF4C222F3076C661:FG=1&bi=8138C33758309AE6FF4C222F3076C661:FG=1&im=0&wf=1&ct=984&m=&t=0&ft=&_=1440500365699 HTTP/1.1

Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: eclick.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 25 Aug 2015 10:59:17 GMT

Content-Type: text/html

Content-Length: 114

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Connection: keep-alive

ETag: "55dc1feb-72"

Expires: Tue, 25 Aug 2015 10:59:17 GMT

Cache-Control: max-age=0

Accept-Ranges: bytes

<!DOCTYPE html>.<html>. <head>. <meta charset="UTF-8" /> . </head>. <body>. </body>.</html>.HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Aug 2015 10:59:17 GMT..Content-Type: text/html..Content-Length: 114..Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT..Connection: keep-alive..ETag: "55dc1feb-72"..Expires: Tue, 25 Aug 2015 10:59:17 GMT..Cache-Control: max-age=0..Accept-Ranges: bytes..<!DOCTYPE html>.<html>. <head>. <meta charset="UTF-8" /> . </head>. <body>. </body>.</html>...

GET /1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g2.ykimg.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: YK

Date: Tue, 25 Aug 2015 10:59:03 GMT

Content-Type: image/jpeg

Content-Length: 19212

Connection: keep-alive

Accept-Ranges: bytes

ETag: "2517345573"

Last-Modified: Fri, 21 Mar 2014 17:42:14 GMT

Expires: Mon, 20 Aug 2018 15:05:39 GMT

Cache-Control: max-age=94608000

Server-Name: b01.tracker.b28

Age: 330805

......JFIF.....H.H.....C..............................................!........."$".$.......C............................................................................".........................................M..........................!.1.AQ.."aq.#2..BR...3....$'br..CESceu.....GUs.................................-........................!.1."A.2Q.#3aq..$4.............?..*(...(...(...(...(.P....O.=XE..S.4..,.V...I... ..]...s..i.........%n..c..I.8..f..!L>..?.On<.~....\...g............P?....e...c....Z5b...L.R..6.9..i.z4..m....{..M.%........Q.:...0....)..*.b...&K{.qcrH...y.[...TC...").f.i...E.9&..C...I=.7.\.....q'.I=....]..%i....%g5....<Wc..M&.S..8.@......./Zl..wM^[..kn....`v z.............%N9...y....b{P.(..........#..:#...i........q...O.i.....i..j.#8.5...\...IK.QJ.. A...L.0$5......Y..;..Us.b..H...&..K.e.g.JV.............B.5.M.A*qK.Nx...l....m:.P..!_..J.....>......JY@.p.O.....i.m.NZ...~.r.... 2.7e..m ..".....S....i}.j.4B..C.,.....Y...UV.~f......F;r=.c.!.8?.t]..c.v....[-.T8.AK`c.Y.9W>U....I.8.m..d..(].....z..8.M....D.....4/$c.............m.......c....yTe.KD../h.-VTG.....c....H4.h..6.i.,..w......d*lT.K........U..........JY...vs.O. kh...a..*..m...'..EDzi0......-=....w..V.[..B...M.......&...A\.....o.Gq{.f........Q.:qf.i..k.7.W.-.y.7........C....'=...B....VN....X..@h..#>_/...o.X...C[..A..c....-W..x..Jv...k QR.=.x=.Q....jM....v......=.!...3...Fhi.H.....m.J).... g....<b.-6.25.cC........j..........E..8C........8FT...).c.^U..j'm..5.sh...y....i.. .1*.(.oiG.A.3m2[......g...L.8...<....js.t...O.0...

<<< skipped >>>

GET /cpro/ui/c.js HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cpro.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:58:55 GMT

Content-Type: application/x-javascript

Content-Length: 27979

Connection: close

ETag: "55dc1feb-6d4b"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Expires: Tue, 25 Aug 2015 11:04:04 GMT

Age: 3291

Cache-Control: max-age=3600

Content-Encoding: gzip

Ohc-Content-Crc: 4204715424

Server: hkg01-sys-jorcol04.hkg01.baidu.com

...........Zkw....._!.d.d.Sr....F..4m.6..GsZY..I..B.*I9q%.... .......e......'0.}<x.o..4YT.;..o..D.m....;..e........,.d..n.};...*........=...h0a ~<a...f. ...o....tv....z........y.w..7Z....E%Yu....k...M..1.Y..E.8..L..5[.n=....7.......Bn2...\W.[....6.x.m7n@. Q......F..J.c.=.Q.n.#....X.8.!.){...g..9......vA....../.."..&s.......i....... .....).a'.~.9....bn[.\..p.....}.... ;.Y......,......P..U...pDL...H.Q......mZ....V..E..5..zq^.D#.5.....I7...Z..h.D.x.X.h8...k....l.K[..........6....oH..=../..v|..r`......?=.(L......n..A#..w...5.f%..!.......R.I.`9....0..{6.f.f[..w 6...)&.^.....C...w.p.v.4..g.O4NNb..v..3..6.3...u^.D..%.W.4.....p.....m.........`sZ.L1.-. .8S..P.O.......i.HX.T5......U..Y..{.= <.......H..g ..*.>.q .X6.......)........Z.......b. >K..D*I...'?>.m.....j..^.gj...#....;.....&.$....D..L...*.".T.....DQ..[.*>..B.(/.!..b..'P.'n"......k.<........D..O. ..Y..aV...@.$.7N..z.H..q.'..".....fape..Mi}5R..........{_.}...C..8].`..k.|8.Bm.J.C.........Z.Im.E.7.[.EJ...EX..%..y..0|.g.S....:wv..d%.....}...;=."...3l.[.....;.....%.f.=.N....a.v.?7.....W......o.m`..7.$!C...D........$.E.q....#...#.X.......L0...O.w...CkJ_..t..a..z.......Ix9..Z...r.....W./.........V*...c...a.r...P....'.g.SJs.,..=...@.1..2.(,L.;K.....m9.fy..a5..~9....U..).*..7...WU...7.YFV..7...f.L.....j&.;.g.d.bn./.q9x....k............*........@.l..&Ka.....O,.q...B....Y.5.a.G...sja....d.P.@.................l...[...k.,D....E.o`b..yv../a.../...h..J..D.d .....v......,T.XL..;...Za...i.s~01....v.Q.........`Y...N*...).......s..n!.Y...u.G.......&_...tpR..

<<< skipped >>>

GET /1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g2.ykimg.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: YK

Date: Tue, 25 Aug 2015 10:59:03 GMT

Content-Type: image/jpeg

Content-Length: 19942

Connection: keep-alive

Accept-Ranges: bytes

ETag: "1667177441"

Last-Modified: Wed, 19 Mar 2014 03:30:40 GMT

Expires: Sat, 28 Jul 2018 13:18:05 GMT

Cache-Control: max-age=94608000

Server-Name: b01.tracker.b28

Age: 2324458

......JFIF.....G.H.....C..............................................!........."$".$.......C............................................................................"........................................Q.........................!1..AQ"aq.....#2....Br.$3R......Cb..EScdE...st.....................................*......................!.1.A"..2Q..3Ba.#.............?...eu9V#.DI....|....{4(u!..$ ..o6.:f.....}.u;.|(...V.m.....IPO.T{......V...D...#..*`D#.29nM.&....C)....4.*=..1..\.0)..#.s........0.b. ..`....5..............A.I....L.M..gI.j..h..{g4..B...m4m.$@OJ...i.K.*....].&d.<<..([...{)....rzS.&..*p....i..[H.......'...hBY.4,MR............bDcj.U.I5hbKl...2o'.....5..........P..p..EG....2...5.....\.8...$.)...9..j]..&..nI....E....T.M0.......S.2`l'.BW... ..h.9. ..][xr:Q5.....*./.-.....$.Q.6.....4@.......@N=*.Q...st..D.r.<sR...:r0h..t..qY.L\g.o....P...89"...u.H'.....PO....f..!..R.WAJ....H.N.....i[eQ.O\U..D.]..\~..."...eO..lYE..B.`..E.s....2....c.p....*... ..T.x. U..##...v.f..E4..V...n....1..2F..h..l.E../....8Q...[mK..m.....w..p.*..s..SsV..Z*.W. ..C...-.'..SWI.<..bCf..=..X.H....|I.S:".sHw.J.."..dK..%.\.*..{...Ma...gw..3..4...`....)N......,....;.^.xG.I.{..G.Q.........gO.....1n:Q.]B..R1..k....*.._5_...$$...Ok:....usa..-).$h.q.........$q.3X....z..d..b./e.4i...?..W..&..B..............8..tR/ce.x.....\....Z.{.^h...Lu.t`."....X..R.&..&.......3kr./4..>.O.T..'.........z.b3......s.X?g0[..X.3.h.3Q....:.l.%.....Q.u.7d,#.......[.k.............c|cW' c....G .m.H..O........{....A.*..Yo.....:..I.B.&.#..w".[..@....a.

<<< skipped >>>

GET /stat.htm?id=5862873&r=&lg=en-us&ntime=none&cnzz_eid=501615567-1440500344-&showp=1916x902&t=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&h=1&rnd=1192507884 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: oz.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.6

Date: Tue, 25 Aug 2015 10:59:05 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 09 Mar 2015 09:01:02 GMT

Connection: close

Accept-Ranges: bytes

GIF89a.............!.......,...........D..;..

GET /userdata/2015/08/19/00/00540197.jpg.small.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Tue, 18 Aug 2015 16:00:59 GMT

Accept-Ranges: bytes

ETag: "1c20d212cfd9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:43 GMT

Content-Length: 6282

......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...L.h. .....3Fh...f.P(..&ih.-.'..E-..QE..(...(...(...(...(...F!T...MD.(.$7\t.R2.B........nm..g.........|S.P..9...h.(..^.8.$J.\d..h.Q...J).._..#.........E.....s..}.....!V.....PEl...&m.`..`.....;.[.........y.S..vi.P..b...p........4.S..A......e...R..h../...3G**......e...h...#..,.8...._x.Y.../..#...{....?......2..oWR.g..... c...xr...M.s...3uaV........h...?.....g... ;!......L...._...g.....Ar....2....:..2?..P...h.......b...?........4.3O........L...G.....'....`:....T......0?..'...0?..e3`t.n...vk.o........0.....c..}....).......s4k............Tg.....?.?..b..@...".ftk.ue..............^.!......?.H.SX.....S...J)..Z~i.(.v...7P4.8..4..z]...KM.4...<P?..O.....V..?.Ym..\.b...>m.TaO,2 kM...u..s.r.....Rb.G......CO.!...a....j..{=......N...5...vp....w.R..WH..Q..4.5.}.H.%q......d..F....7..J......SQ[Hd,3...>.E..3M;.C.N........~)......4.jB=.1.@.../5..\".e....E....f%...EU...9.A..1Lg.....D..........9t.7..l....dW$&

<<< skipped >>>

GET /userdata/2015/08/16/18/20200293.jpg.small.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Sun, 16 Aug 2015 10:20:22 GMT

Accept-Ranges: bytes

ETag: "fdc9829dd8d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:45 GMT

Content-Length: 7464

......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......w.-8..l..{(.w..1...\....3.N.....^9.%...f...5..F.....3.3.....QGdk( AX..>8.......2..'.L...7.]Y4..t,.2}.W...x.f.......L.mR..r}..m..dz...&f...'..Q..O_..H.4.\wY...J...]8.03.1.....Lg..G...Z.Q..o..Kb..wH..Ul~U.m.7..0.{..N..... ..@....;.Q..K;.A2ZL.......?.............Y...I..R ...W . W.~zF.(....#.../...........9....D.i..'...$ey.G...7..m.....E.........B.....O.....a....m# .5.v..........dB...j.....!%...m.e....m.;..B....|....C:..A._.G...F..20..T..:..]....M.....\.i_......{....;.......c.4.z..)...1../.)....I..t.F...Wr;...-q........8......;.u...l..;...'......N.......M ...aV.........=.....Uflt......1.U..q..u...N.\..3....j.)h.z.Q.#"....9.%.2...sE ..T`v.rz.T.w*....Z.&.A.h.......#.;..7.... ..QY..P|..4S.\...c..)..A.c.\..<rp ..<.yy"4.......=. ..eI.s.X._A.&.{8]B...w.94.4IZ....KkP.'#..[....|...k......*...8..3c.9..#....U.4(.Nc.} ../.....E...y^..KiI& .....~.*..eX..j..b..[d6RN.8.8.......Q.....m{....k.0i4y.Eua).

<<< skipped >>>

GET /userdata/2015/08/14/04/27400657.jpg.small.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 13 Aug 2015 20:27:41 GMT

Accept-Ranges: bytes

ETag: "b4ccab806d6d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:46 GMT

Content-Length: 9342

......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.D..l>U...Fw6...T....p....X...~= ...&....9blo.U....5.....|D.........@0.r.....;V|...85....m....W...H...7mdQ.i.9.D...#9>....GM...f.....R..i..Z.6\..x.`....]/c..Xot...L$s.........v.e...<!.....^.|7b.. 0r0H..>.....p.>.!.'..J.S.....<.-6P..6...W......xZ..z....v..O6......zy...J..d_..~j...a.h.i..K . c.U.r..)..VG#{.i...#....p@...n].c......iK...'..Vm.s.J.....p?*....?*.."{Ug.....f.N:...K...3..W5.$-3.hp..oOo.O........Q.....>T...*A.Y[.....t.Y.v..-.X/ U...=..`e...U...\..M.......#E..HG.NJ...q.....>. s.[....&R..q{.[.%.$h.Q.p... .....rXs..UY.nem.\J...&.<.#..Y.MZ.L..1...)....%]...)T...6.4.lYk.l..a.z...F .m..'...5R! *pA.P..RkC..u). ..Q.9...._R....h#.....]^....KO.. ..%.C`Z4.d{. f?.^.......=:1....}f.tl.....(...S....0..$........ ..)...........u.k.q<..-Y.";W.}....Z.kO.v...t...yE...]>.....1...\a.|.>...z........0Fq.....{..l....p.F2.{Vn....1.sO..t.&.,..h.m.R2.....VMz.8:....$.Jj..f.. eq.*.~

<<< skipped >>>

GET /cpro/ui/noexpire/img/2.0.1/logo-border-light.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cpro2.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:59:02 GMT

Content-Type: image/png

Content-Length: 473

Connection: close

ETag: "554709f0-1d9"

Last-Modified: Mon, 04 May 2015 05:56:00 GMT

Expires: Thu, 01 May 2025 07:58:38 GMT

Age: 9774024

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Ohc-Content-Crc: 1058936823

Server: hkg01-sys-jorcol03.hkg01.baidu.com

.PNG........IHDR...D...........xX....IDATx..W!o.0.....,.;..<.%.$...g..K0....%.92...AM N...p...a}K....hi...... ....{....8.8.Xq\s.s.g..c.q5#...Yr....=B.....6M.|.....eY....M.m..3N.c....=...a.>b2...k...8/..ch1U..Q!..).........$I.R....UU}.z.c....L8.....z...8~..........b. x. O......S.CW!.........R..ej..."S..Bn....C.8T@.P...,1SC.#.F...r .@.J"..'1y.....B....K.K. .R.K..r@..b[%...T;.1!...a.......\..^.-V.-.h]..J2.....)!&.Y.......UJ...!z..m...x.j.L1l6.?rGB..h.....'a.B.....IEND.B`...

GET /userdata/2012/11/11/15/734682/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 11 Aug 2015 22:33:32 GMT

Accept-Ranges: bytes

ETag: "f968bec085d4d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:43 GMT

Content-Length: 3985

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.._.Q....Aup.J..,`.....d.1 (S.G...........T15..8.07.B....U.g$.ns.....Yh.};D.eQ}).c.}.....b.........1!.Dk..@.Y.3......i .b.A%~...E...-l..vF.8"..\A.y..p3.L...>..(...<S.xnY&0..Kn..9^N.x....M`.2Z...m`{.-.}i...b].D..Sz(...v.p...b...jsh?..;.].I`......b..g......F 978...JQh...V.5o..!Q3A%....".... ...C/.....0....n..y..-.iJFX.......8,9'.I. .....x'S.....R..M.......(..... .('.&...,1i.....4.c....L..cW!Kc..0OA...........,..Z....{{..6. p..f....U.|...c....u.....p.g...l....m..8..9=.b3.q.)$.=F.27...1T'..2@...~......M..uW:.....Y.....}..S.....=}k.........)l..ic.N).SJHyP......{......;. B....u....A{...A'.:0..^;....3.V.s...@...w>..G...w....B.y....8R....%t.4&iJ-#.>*^>..6. .(.H....<n9>.....g.4.........2...Z4.*z...~u.f.P.."... a..m.A.'......i........H7.@T3(9.==k....K.X.<S.....o.. ..Y..[...."$K......z}k.....F..F..d..i...L.B..< ..y?^..Z..saa.Ej.r..r.$....).?xl#.#wrx.......Z.Do.,R2!|.N.....r8....c..`..y

<<< skipped >>>

GET /userdata/2010/4/28/16/2712/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 20 Aug 2015 17:46:02 GMT

Accept-Ranges: bytes

ETag: "9021f11470dbd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:44 GMT

Content-Length: 3168

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....@..H]..@O.'W9......#..U%.......................Q. .....!x..cjd......WQ....k....x#;.~...1V`@F..f......"...H.h.H.W.. ..^UO.@....'......m.....4fGL..8...t.56...k....`K[...Ir.....6...9..r1..xs.w...ml>TgP.?0.....?.|'...b.Yf.V....Y1..8.....@...?h..*..#....&D9'.....&1...(..8o.Y~..../.=......i......?....kR.w._4.. .....c.... ..E.W.....2F.*y.k.O...6...f..|..69.........z...r..wb"?OO.\6.u.M....-.>."......'..P..."..u...sR ..)......3....q.m(.t./>.}..\.#.,..7M.2O.a...:...KF...c .q.W...\w..;..xJ.Q.k.1..I........w$..3. .5...s.Nt..lm...^.......#.H.........7Y.=vyf.....!.c....'..u..A@.....E...P.Ef..........p2...t.g.5.\.....N.......fS$`wd.....y...iz...W..p.B.*.........~..-.k.#....D...A.8$t.C....5..ws.E....=..;D..B.7.............8.[........Eaj...6.A...'w....J..:.O.u#.N.u.2G.c......P2T...8.J.....>$_.o...#....1.....zn...x.n..eY.......6.J.@.. .....4..Mqik9....G&v..*...s..e.. .ip.n..$..`...q.....k...TZ..:s.....

<<< skipped >>>

GET /userdata/2014/8/26/15/944406/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sun, 14 Jun 2015 14:42:44 GMT

Accept-Ranges: bytes

ETag: "4d78955fb0a6d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:52 GMT

Content-Length: 20106

GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z................................................................................................................$.....,........*..&..!.....d..b..c..e..j.....].....n. r.!Z !"."v.%T.&|&''.'..'..(.#)O.)..)..*.. .. .. . ,,.,..,..//,1J.1.122333346447.6.47E78<78>.8.;<C.<.<=D:=I.>..B..B..G..J..L..N..Q..X..\.#].)^.1b.3d.;f.=g.@h.Di.`i|divfip^j.Hj.jklkklWl.llmQm.[m.mmnSn.oopttuvvwzzz}}}...........................................................................................................................................................................................................................................................................................................................................................................................................`1.....0 ...!..GX4..%..7r....G..)|B..9....X.L....../.&T.0.C..q6......G.`.rQ.F@...bT......F...$..,D.... .."tv........"]j..*U...}...%F..Q.z.K......*P...\.b8r.g.=....F......e...m..{/.<.C.a.0.>L.....z..................U1b.....AY.f.S.j.d.....60...e........w.........CG.Z....q0Re[w....u...{v..mV.Sz]...-...s......\.M4.TXa;.V.........Q..#z.q`..1..W.:..K".......a6.p.......S|...K*..U`..$..n.s...B.......p..4Ec.9.d..)....9..=...f7RN.!w..U.qn..............N..f....f.9R..0..y...t.'..1.gB.`qD4i.9....j...]..y..y..]...B.........i.o...p....i.y.......s...M..zj....)....V.s.:W.M.T...........U./...._%......n........wn.......!.A...t...D3o..vx.o......2........r.............b.-..N..{-........I...X.$.....a(.

<<< skipped >>>

GET /userdata/2011/4/9/23/313985/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Wed, 28 Aug 2013 04:04:01 GMT

Accept-Ranges: bytes

ETag: "808e9da0a3a3ce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 3494

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(......Z.P.........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.................................................................................?.........n..=%b.\....Ko9.w%........=...k....Z./q..&9O.Q.~5.k.R5....G.9T...._z.....;.r.8$H....O...v.W...O....*c20#..Ls....8.ap.Y.....L...*}WZ.....XoR9.bi..W..H...)5...QYiB.......nr....ZW..........$..........(n..p.c\..[...N1..R}.T..........z....[K....Y.E...r...z..#.ji:]...K..noaQ..V^s..T...q]T................|.$.J~w...(E.#..5..1.s.._.w.'O....m..%`../6.....v. .FJ..z...O.i.m-..[T.VY$.n..xq..l.q......u..-..coum?.,R...|..s.#....3.K..|}....d.Q...-.m...y$.........yg....sJb[........<t.@.W..k.....=N7T,..h.`.....$).....z..-....#......iC.....3...[..x.[X4.UR;..)..E..@,..a....=..........:<^.y.H....pT.`@.f....W..x.Q..$[.J;e............6.'.XrI.:ak........t....Z..W..%.`.5a./..2Y....O....X......\........c...P.._.L..NG9.c.x.K..4...K.[.....y.Up......y=8.qrk6....Y......l.e..k...Xc'.`...|..0.......*.48G.'..8.......a.d......h...._..g..[..K.P..................r..]M..r..Wj......1''...^.~..h...Z]....7..V HV..........{.\..%.4..Y_[\.....wP.]..7...9.x......#...zo.5K.l..F&..ky..m8a..l^....$..\..B.BKy.v.l...[....... .s..2.T....u....};..{...................V.3.m..=..Z....6.bx<c.`g..W;..n5..?....;...yq../C...3.O......Tg..... .< ..-:[....3Q..~.).O-..P...N.ldp3....u.o./-.......Dc....`b@...t.....=>..U.\.^.Tl.1r

<<< skipped >>>

GET /userdata/2011/4/9/16/313604/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Mon, 24 Aug 2015 18:00:58 GMT

Accept-Ranges: bytes

ETag: "465d91d496ded01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 2401

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..5.5....b..}*....;r9.].........7....T.l....H.J...9...L..........@..p}.t..w.95.ybSvF.&..c..q,..R.9Pk.......)..B.V.......' w.s.....>"M<....7.7P.x..).^..Q(f.I>.P.C...w.(...P.y.%.$...r......m.......H..t=).I..\E..........Q.w....d..n.....<.%....d........@bz....;.\...........y....9....=CB.....BLl.....W...F. .0d..^..3O.J.A.....0...8.X....T..s..Q......u<W..G.m..{ S.....[.:q..Z..T.H.nn../...c....}..........\O#K4.Y..5.*....qIhV.B.w..._..s..G..e.2mT....Q..b..4.....bv.....{..B[.......4....W.V(xlv..?...CT.:m...H..|.....m3FY.i. !.$n... .2.......Pnv'. ...*F..c<.Y..I.Fk...=&._.M..........A\....#"..|.2ee...v..J.....!nn$.oM........$..lM..|......]..=.&......`S..^...K..d)...........^.W....l..n2Y.@'....y..K}{W....Z....^YJ..d.1^N..m;U.5.S.M..<.....i.......*|>....R..[...wB.C}.h.o...s_[Y\......a.. zWD.J..w..00>\8....9....d.@..19 ...9?^./qNK....5<..-i.$.w ...!D_.<....#...B4...".2.7........9$.v

<<< skipped >>>

GET /userdata/2014/6/3/18/928824/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 25 Aug 2015 09:03:35 GMT

Accept-Ranges: bytes

ETag: "9bd4c0ec14dfd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 2610

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...2x`..[.X/"P..9p.......s..;.*..Y...m......b.c...N...>......8....E.E..d>}.J....<D.m..Q...b{..i...o B5........<...$`...s..=.....l...<...1...G....[.L.(F<.......[|..=..]_..5.&.-....s.V~..]WU........BK}..K......H.A...?....Z.V.c.S.WE.?=-O....\..5....F.=.k.....b.j....&...v....{...iKP.R8.W.~)....n.zp2.^ ..o.4e....)^.'.<5.[............... ..'..[.......I#.y..".zR.vT..e(E....0.F=H.i-$;_...EBH.I.Hn...P..@$..q.~....LN.B.K.....;u..5......M.yJ>\r....5.V.....W....pXD....g4..Q=.k..e._.....3..oAg..ac..:I...u...d.0..........&..DW.W..V.....A..#5...F...-....x.,.......Qz.s...N{.....%S.*..~. V.{iy8..5.G9#5.6M........H......q.Ql.R...........(|.h......Z..y..Wf)C......3..&.t.....#,>n........'..H.J...|.]....b...........E...Q....X......2.:.........I.M.k..'....Wo.-.L=....\. .D..P.I.&,.da.*.....l..c.Z....O-....Z...Yj..c;..>O.\j[M5..GS{.........(...p..........ao%.y-..59....WD.....N..[.....r......~ ^

<<< skipped >>>

GET /userdata/2012/4/6/17/566949/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 13 Aug 2015 16:49:03 GMT

Accept-Ranges: bytes

ETag: "d1efd5f5e7d5d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:54 GMT

Content-Length: 2687

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..n....}...zg..........&.k.GIe8.........x}.'2.]..Y.....u.g.T.....I......t..9.{..#8...."F..1.'......>[..'.Y!......>G...._..4eT.d.TZ....c D./.w...a#2b.3..V''..T........F.A.2.q....x#..c.DV.....%.Kx.r..X.l....m...9..Y.......O,.g.\!.0_.8.........w.z.......O.......q&..X..r8.....9.q. jz.....v1!....h.....O...}.V.T<.Jk..G..z..s.s........ji.6.i|.F...<8%..p2?#[7.:..@..... ..Fq....^.8.'i.*...C...X..p..ed>\..t.....j...V.......re%.@.....5.Pz.;V..0.......L...L.G$s........U5t..s......,.....*[....V|."..$..Xu...p ;Hh.|a~..$[.f.0>b..p.$...I<V....c|U....5..I....v..8..8c...8lb.....h...^.hU.'z..X.:..........=.............:..i.FBg...9....@iI....?..X.......1\..........N..7z........b..-..1......$w.p.\...lTr....$..n.cTb.;.pv....:9..y.SuIKZf2.X.Sk`7........J.q.."i.t.A.q....^.......>...uV...C..|.M. .V....i.u.H....A.y.....k.3U..G9....a...i......n. .*.\(.m(x-...M.'....kQ2.9..&l..........jA..s.....N..93."...

<<< skipped >>>

GET /userdata/2011/3/12/3/295026/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Mon, 24 Aug 2015 09:38:13 GMT

Accept-Ranges: bytes

ETag: "c992cd9850ded01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:55 GMT

Content-Length: 15367

GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z...........!!!"""###$$$%%%&&&&&&'''(((((((((((())))))))))))************ ,,,,,,,,,,,,,,,------------..................//////000000000111111222222222333333444444444555555555555666777777999:::<<<===>>>??????@@@BBBBBBCCCEEEFFFGGGHHHIIIJJJJJJKKKKKKLLLLLLMMMOOOOOOPPPRRRSSSTTTWWWXXXZZZ\\\^^^___aaacccdddeeefffhhhlllmmmmmmooopppssswwwyyyzzz{{{}}}~~~......................................................................................................................................................................................................................................................................................................................................................................................................................................_?........-X........o..iB..T'Z........z......Y.r....H....6e..Wo..|7g..T.X.~F.q..-Y6q..e.DhQ%O....9l.;.(..k....f.q.\..`>...f.z..B...-.U..7[..q.6.[.M.4......~...t....Y..q.VP-[.i..t[/.4.p..{.k..l...ZVx..l..Uz.............cQ.I.k.3..?Q.;...9n.yRf...7n.....%...d.....W......e......&.;..3..*}..[v.#.?(Ms.3}...4........[9.|c.s(.3O<.|SR<..#"u....Ip..M[..d_q......H3.1.(.. ....d...Lg...O?....;....3K...Z..H`J.0F.A?.S....5.4...L2..S....".8..SO...S.?.......3.'..B.<`...[;..R<..#....S.l....1....1...K..T..T.<.L>...L9...$.4..R.4.dR.[...Y.`9.O...X.D.$..'.4..4...[6f.9.0.TSXiEf.......8..............t...R=.x7.z....-....3.4.Z9"2.c..x.......;.`.)3.$lW?..elX.B..4......x..3..S.'....,...K1..

<<< skipped >>>

GET /userdata/2014/8/31/14/945045/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Fri, 14 Aug 2015 19:00:34 GMT

Accept-Ranges: bytes

ETag: "6319a80c3d6d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:55 GMT

Content-Length: 2766

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..... *......*..J.... ..f;K.1....9....2..7.c.....;:.Y....r L...x..m..'7W....wg..Ai ...W!v...=._K...$`... .k.....7.,.|..#.y..\...\.Df.e..Y?..;W@/.....#..j...`B\2}y................Ps.*............!....y2......U)..X~".W..Y..2..H./9_....r..q.].....r..'.8.&...G. ....1B..q..(..I.#..p[...95.j...0.>[J...`..|Gd.kr.z.#'$d....;......yP...p.s.\..k..../T..Xj.....X..B.O_J..;..)...r...?Z......,eh.........8..W.P.&XloV....G#....Z.z..........=..LFG....r>..... ... ....B..q......[..2u...Y.L...~.Y....(.....Y...X............X..$.q...W....z.V.....1.k..M......~\..f..<.....&.q....C...Y.....q....g......t..VG.}.$ 5.....o|R...q..R[`.\c.m....Z....n...q....eKH......f....?N?.....T...1..`.....!..c.z..z..R.....M....h.......\g.f.{..?...u..fxd*..YNW#.5.]...3I..Tga....Y.l....gt<$.S.O...U.k$.;.nuB~.......vZ.............NA..k...E...^.XF.*<..$.... ....jR...C...n......,a......Et..W.S..{..IX.0.nN6..8PG|n...Q...oMI.H..YxsU..K..

<<< skipped >>>

GET /userdata/2012/5/17/19/587037/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 25 Aug 2015 10:48:36 GMT

Accept-Ranges: bytes

ETag: "8a96749823dfd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:55 GMT

Content-Length: 3287

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......j.......o4..H...O$.....x..!\.o.FTc=pO.s....]f.....N%.Y.....>...v..O.M.i/1....$.?S[.W.[R..eiQ-.'.^Q..8.f .r.~.SLj.o.v.../.\...>.c...bxt.......M).....S....zS...gf61Prh.....ior.A..&93.pH#......C...s&y..5..<.....e...o..Bx ,av.......ZN....N..^Ht.."Y".8.'..y8...o..'.......Z,...@xf..h......c]...ik...~./.5......%..m.Y..NA..:......1f.t.A.i.s..5r..:bXD......[8...?.S..e..Q....WOcl.....r.G\i......sBM..A.Rx..M.._7./!f.....z.HW|...@.f.7.....L.n......al.;.".#..........9t.Nm..f...Uny......K._....$Ky._....?.\} .......p.p.;0.NA?......._.A...d.`./7. ...?.@.8h57t^cR2.I............$q............V..,.n.k{.....&....R.<.....iv ./.... .....?..Q]....v...!...:0O.ay{6G....~&..:z...R./m....Z5Vc..,...T.;m"H.L.{.....g.?..-zA...t.;..E...n....<2....kw.es.1.v.v..........'`l.z.<...>..s...B-..H....n8......k....j..=....t.V.....r...iJ.....d.....lH.$..U....}.^..\.t.T..Iv..FrO@1.U;5.0..z$Ei.c..1......u..s...,2..[.

<<< skipped >>>

GET /userdata/2014/2/17/21/901570/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sat, 22 Aug 2015 16:41:23 GMT

Accept-Ranges: bytes

ETag: "ce99bf61f9dcd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:56 GMT

Content-Length: 2700

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..V.(...(..|./..I..Iu..Z..RNRF....9..I=...=2..s....5...c.n....s..5..............h.#i(.a.......c.c..@.-.........[..ns..~.. .x.=A...g...@s............,JB..jb2(...Q.c...-c...O-.2..B...g?.:....yW._.^....=.L6..5.o>W....3.F?Z..X.Y...!d.G........|.}...i.mf..z.....?...|-IE..QE............M......)W.N..........<..C._.[j3....... 08${....d....2q.i..m.... ...P.~.~.$..d....*....p.Hx..6..ON.hP.{...^7.Dx.]..7.M.*.jvW.#.H.)..w''...k..9%......p...<...=G..j.Q.6KU.(V1...........|..E.P.E.P............g..j.r....(.nR.>...........?...D`^=. ..9'...7.8D?.|'....E....y............h....<.b..z.g.....M.v..~A.... .X]2B.....g....>...Pk........).........CH.d...........`R..FN....8...4......]....G..6w<F..c..p?.Z.....-4..........4........n.:c.1....'.m..J.*=.r?.b..$.*......7}.............l......m....Q..fu......63......<.6.4.m..\.......!.wG6. .M..y.%.lW.Z......G..........FA......|P.....-SR.`...6.....VH..X..].....,20

<<< skipped >>>

GET /userdata/2010/4/26/21/1705/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sun, 23 Aug 2015 16:18:27 GMT

Accept-Ranges: bytes

ETag: "db95a157bfddd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:56 GMT

Content-Length: 2135

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(......Z.P.........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.................................................................................?.......k..........2.....Rp.8.-E0X.r...u.>...q.......w .......J.<....4....;q.....u...Y...8.S..WI..sW..$..K3p.FI>..i..|Csn..m....r..,..t.0.....|U9...y..wk......-..w2..*..IS......x.Z.[t......wv..........S....C.Z........$ne.*....;...k...d.8.......^.....C-.'.....fwi. .|..h~.......B..Y^.@\...B.ppGl..H.>......B..7.C..$.6.n.n...q.....~*..5 .g..q*.fr..;.<.@.O.f..........c.$.$L.3.....m...|E...$.n.l.....33. `X..i m..i/...n%...[.....qm..'....z...8 .zf........qS..q.......j10....R.;0P3.I...]......dKK.e......t.......G.....MF|...?.......X..ND8$).Vh...G~....'......#..."..hY...;......9.......\..|k.......K..l.h..n.....T........W...5sxVgB.....'.t.7..K..#[\....>v...*...T....k..6.ea....NOZ...-..... .=Lf2.s..O.....P....W.=j...t..n....WA....v...z....3.*....en.i%....t...a]...$A..s.....4.-.Ir"i[....O...c.@9..c}...y...>E.d..\..|.........6.[.R.w.......5..E.].h%..B..i=....{....E......1c.`~.U.W.s\...). ..y.....}~.nA...$...[zf..x. ..j7..XA.p9.<}Ew>....=j(....*...~...(.._^..F~...x..P. ...A......pF...........$...<..^[.....u..7.[......a......e...* mN.NX.|...k`..Q......X.G...h.\. q.......P[.@L....s...... ..z..9i.....W..X.sp......3... ...=.k.M.....Kt2..]..di'..6......@.....]..7F..i....[..H...I$

<<< skipped >>>

GET /userdata/2010/4/29/3/2838/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 16 Jun 2015 10:09:07 GMT

Accept-Ranges: bytes

ETag: "f46d447b1ca8d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:57 GMT

Content-Length: 15342

GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z.............................................................................................................. !!!"""#########$$$%%%&&&&&&((()))******,,,...///000000222222333333444555666888:::;;;<<<<<<===>>>>>>>>>@@@AAABBBCCCCCCEEEFFFGGGIIIJJJLLLMMMNNNPPPPPPQQQQQQRRRSSSTTTUUUVVVXXXYYY[[[\\\]]]^^^___```aaaccccccggghhhiiijjjkkklllmmmoooqqqtttuuuvvvvvvxxxxxxzzz{{{|||~~~~~~...................................................................................................................................................................................................................................................................................................................................................................................................................o.....J..&9v...N..t."}z....Nn..1....$F.....L..k........!@x(QHY2A<JP..@.Q..f.X."..[.<.:up.4R.\...C......s.n..`.DQ..f..*].xy.....-.....[;s...(.......%........p.q#....L.zD..US.p..2C..;...K....9.....$I.$H........P.PI..];bVf.X....K...a ..c..<|]a..'R. ...... W.\m.!.S...>..c.O.,R....... ...T...0..3.!.;.$.F.; ...NH..2s.e.........`Z..y.I*.x6.-.......w...L...c....C$...7.p..H.e......./.`J3.....M...3...Yu.....?....9...&.].M8....1..!.?.....?....[T........J..B.HDd.....B.".0.(p.1..Fp.G3....u...#S..!.%in..)..B..{....>.....]..D.M8...2,Z.]9..$.3x.B.#....k..F.S.@...<..u.v(..#..iN7.Q.Z.L3M*n.../....#^@1..^.8D]>.;C.3.`..@.p..>.@C.3.pB.J....?..B.{D.M .r

<<< skipped >>>

GET /userdata/2010/5/12/13/14411/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sat, 15 Aug 2015 12:14:58 GMT

Accept-Ranges: bytes

ETag: "47e5a6054d7d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:58 GMT

Content-Length: 2731

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..^.O.....^..{I..i'.....Q\..,....s.{/...u...b..K..8..W...E.E..e...!......~y...@..o.._i...KT.VE..w9B..H......$....|1.H{iw.s.......c...5.....m5..E..Q....>].:..q]..l..h..<.AH.NH.]...\~&.>T.O......&iV..v.....PZ1..5.M.].....,..d.r3..{{W...Zm.PKq.y..)v.i$n....\.....6...Gm.......w.w$..su....t_.O.ir\J...S.?68n.......cN.J...|y...t...H[ .[..4...c..92...9`[.~.k..6Y...]....W.U.6........0..../.....(_....B>.....d...nC...j...P.y$b.?\w.J..< uy.Y..S..d.......k...|6KMOT....t.....yf@......}(.....oF.....H .F.uU...0x...1]...uo.\"...fi.9. 9....:....m..."i.i..rK.....t..-....R..>....]k..[$...I.M.Z. $..@ m#8 ..:.`...<.,..b.GY..4..O$)..8...W.h^7...qk...(|..re!7.t#q.?...?.......]Y..P.r.7M......W:.....hJ.9..9.3@.Rx...jxj.P..T......%@.N3...^.. T.S..uM........9..I....yu..."KI.%.......}...Z.|../......,........O...>..u....O............3\i.....Q(7W.....F....^.~5..T.-.H.X................*..x.6.....=...|../x..M.

<<< skipped >>>

GET /b.php HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ec.pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1; CPROID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 25 Aug 2015 10:59:16 GMT

Content-Type: text/javascript;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.6.0

ETag: 8138C33758309AE6FF4C222F3076C661

Cache-Control: private, must-revalidate, proxy-revalidate

2c..setEtag('8138C33758309AE6FF4C222F3076C661');..0..HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Aug 2015 10:59:16 GMT..Content-Type: text/javascript;charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.6.0..ETag: 8138C33758309AE6FF4C222F3076C661..Cache-Control: private, must-revalidate, proxy-revalidate..2c..setEtag('8138C33758309AE6FF4C222F3076C661');..0..

GET /js/jquery.js HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmiko2.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Mon, 16 Feb 2015 18:23:43 GMT

Accept-Ranges: bytes

ETag: "80e1b5b1154ad01:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:36 GMT

Content-Length: 33466

.............v.F./.........R..DIN.v7(.....t..cw'i....$$..H.7........ .....P.A.....;.q).u..y................G..{..=:...]/-.G[sS.&.."............o...(.~...........w..(.^..Qt......jq...q:...z9 6.:PN.ip...Q.9..*.....;..w....(J.......7..9..Kcy.e.&>..io./gq../.w....z....}.z..s?.gQ....'...Hn7...}.|C...#j.[......6..wY.f...6........l..s.]..f....n..<z...Y.mo..7~....e.Z...........74...n....z...*.N$;=iY5...3... ?9*.G1OL.N....x. .........<...0..AZ.6..6.H...S./^ .t.u{4...$..;..z.T...StO?...N.!... Z.......[s!...Gq.~..O.Y....w....b.. |.p.%...F..xa`,.......*.._f...Izi<....mK.k.cHIl_..B.I.m......44.E-.T..&Mw$..rG6.f....:.I.~.....gu..m.d..?.r<.....\_W.<....m.@....U.o.gez;.....'.....~.|..a ...f.b......bY....B.............7....W..j..g#@_.\...)5...*./...a.....3i....A..eo.....5.....>V......;;P.{..q......CO1'S..|.o......f........)..4.e...<.........~...K...g.5.*..f.`7a.s|....%......vJ....\..C......v.,.W..........{.|5.....0Ci$.`....^.V)..y...E$4..WR..o...=........]....7..g_?....x.X,...1. uaNu...Wio#.|....b.....M....{...z....v.y:.....x/.W....x..n1..\q.|e....%...$.5.G..zt.....K.-.lhqi.b|.K.SW.....tU,y4=|...............j.|.....t.....4.k.....]P..E.y....{........y.z2.5.h....#.{L.4V...7....;..*\ g..g"...........a...]ZB.N.y..,h.&... .0?9....a>....7.B.$..c@.{1.}...... ......P..=.Y...b.nbA:....88..,......".M......I.L.....p<B.;io..8. .#.7.... g...J.~.....w=..v......Q._.p./?.....JS.. .....VM.E.._.SY.....2`O.......<..:4..7^.|.......B.n.B..n.".0..h..).q.D..?..io....T6<...)QOA....#T..@.....X..H&`.?.xI....u.#%....W!

<<< skipped >>>

GET /sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cpro.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:59:06 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Last-Modified: Fri, 21 Aug 2015 15:41:51 GMT

Age: 97551

Content-Encoding: gzip

Ohc-Content-Crc: 327863765

Server: hkg01-sys-jorcol10.hkg01.baidu.com

37d.............VQo.6.~..`.. 3.Z.=.v.......d.C...E.mn.$.T.....QtmI.\...lQ....w..9z}.qz....,.*{.j...?..h.2}7..GC...:...V.]:..%...... .. .;=..*.......s#W@.d^..."',..[K.i.P5-T....e@:....1.k_....V..u."...........j...9......(.....6".........0.T...kc.t.....z..D.p...Ow0..:......(..H.u....^....aq.P2..<.N./$./.../......o8...@1%v5........I_.....%..29...c{......./=....# 1.R......Z%`(..k....E.....=9G.".<.n..X*...GH.6.G.R.S...5Q.eR..-...!..zg#<#..S0.z.sV...W.......|..lu%.s%u.L.z.t..P..*.A5.i.>...Lv%.s...I...63.......P.7....." ..'b.....Ub.ao.XI..,9L...2...dBRPE.../......#).,G0..1h x......I.P.r}(..L.E..........u-7`|.].&.X...f.,F.g1.(Nb.o...R....d........2:...xyN.1.dnZ.N>d...z.M.........H.N ....;g..t.A....j.9!..........3..^&.....ZoZ.M....G..H...Jv..o..fz.Q7....-...W.....,..y.v. ..../.i....1...s..>....[.&.u.?..6...*....3.q.../.;.I.|.o..>.I..Rv....c.)'.v.2f.Q&.98..L..C.......Uc..kh....ps}.WZ..............0..

GET /userdata/2012/9/18/7/713022/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 25 Aug 2015 03:24:06 GMT

Accept-Ranges: bytes

ETag: "76a6ce7fe5ded01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:43 GMT

Content-Length: 3285

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...q......X..j:k.*ef`...W...b...9.a.|[........U..{.F.So.......I...mu.KN...n..!vmt<q....i.....b$...i.Nq#...WS.Nr..Uf..b.|u?.<C%....B......u.U....N.s..\g.....j..0.K...?.....#h...a.e=9.....p4.I..|......k......~PF@...9:YF..:J.Z........n......G=k.Y-..eMF.e......N ......5g..GQS\.I...:H.J.....G._,.....G....K...w......#z..l..@.w...:.....:.\].@9......@...|M.k....h..vFT}.F~......&..^.MI.!.E... .>_.?..^......'....;r.....;K.|....<TZ}......~."....*..t.3......xo].....u.....]F....J.*.c9A.`.8...yN.....af.Js.xZ'.o...... ^.I.0D..u...A......9.}3..S.\..n.....Yb<. c.P...}N}.`....>...v...>.ZSl.....f'?x..8.......x.mWRy..D.Z.. .......\u.........f..aI.$.T...:g...^...q...M...a..,....=.....'.^uy.Ul.....I~?...w.xnV.....'|l.oL.S....o.}]v.$r0..W.?..3..l...(..#.....y..#..c.....r..[C..u{y.....d......sU...u4..;.$.z7.4O...m..SM.m.1.V].ao...6....... ....-.E...P.0....t........O...4..N..F.......,c\.....[......>NV0

<<< skipped >>>

GET /userdata/2011/11/6/10/442141/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 20 Aug 2015 17:15:43 GMT

Accept-Ranges: bytes

ETag: "24c1c3d86bdbd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:44 GMT

Content-Length: 3072

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...?.e....~../.[`.9..`....w.O....r.5..y...3.9.......q...1@......J$..L....|......?...H.#.M.,.K.........>...J.7).......Aej..\6.:(^..?Z............|.Y.%`..".....dg..q..&.BK#,.......}2.Q.h/"I.n.....y..~..o.M*...R]..%.:....S...>sa.i..Nk....YD..P.P^W.0..g......8.No....4-.{. .V.|....L..n.P;s...@<....h.Z...h#..y."...`0..g....I[%T..F2...5..........".u$.....U._Ta.P...QE.!....L.C..q...J.p..A....n.....}o.....j...0.K.]...K7..V...9..3F...q.........B.f...Z.....H.$. d... .D.....W.a....c\9@3....~..:}A.....k...*]..... ...t-....^1.:W...U.......R$RI5...$...'M.@k...a.j.. .$u...=. ...R...Q.<..DQ.bN...|7c./.x_M..H..8..&6$;6...GVc..j.....k.6.5p.$dyJ.J...(..I=y...M.9.dR..0J..8.2G.......kvF..H.C8...6..8......9.(.IcY"ux..VS.A.A..].X...."dUb..........P. ..1<.. ...=...zP.Y\......s.i%.b_....6.&&.~$......M..]?.......^g.M....2Z...M..Cin.......zFF=M.x..[....h.d6.iH.%%A?1^y.s..8.k.-m.{..>e..i !VvQ..r....W9..O.E..6qHd

<<< skipped >>>

GET /userdata/2012/11/26/5/741147/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 25 Aug 2015 10:00:04 GMT

Accept-Ranges: bytes

ETag: "280d8d01cdfd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:52 GMT

Content-Length: 28117

GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z.............................................................................................................. ""#$$%''')))))**** ,---...///000111222333444444555666777888999:::;;;<<<<<<===>>>>>>@@@BBBCCCDDDEEEHHHIIIJJJJJJKKKKKKKKKLLLLLLMMMMMMNNNPPPQQQRRRSRRTTTVUUXXX[[[_^^```baacbbeeefefhghhhhiiijjjjjjjjjkkklllmmmmmmnnnooopooqqqrrrrrrssstttttttttuuuvvvwwwyyyyyy{{{|||}|}~~~...............................................................................................................................................................................................................................................................................................................................................................................................................H.......2`.."Gx.8.DM.8s.........;..0A...;.S..h.....n..A...^..i.FM.!| ...r S&8X>.....Fg.n.20........q.OJy ........&...!..8jLW.Z....Y.D.....\.........-=.R]1b.@.a..c....c..`....6...2{....,.r.Jd.U.........b,Y .02.q....MA........{....y..A.WO..y./2[..X.Ex8...<N];s....." L!GV..1EJ.......E(.1F.....Pc.O..#....S.3...O;..R. .t......Wy.........G0....K`q.~@..K&`. ..;.s./:}f`...V.8..........k<.H)|t..-.a4........h..~.i........0P..:....3.`4......6Fdu..,l.L(.8bE(.4....U.%.GD6]?.."..YxQ.1g...3...[..$.',\.p.1.......aQ.....%V.~..J...Y......gt.J..8..5....S....9.,z.....I*g.r........T..G>p)D...S.,R..PV,."...Z.. ....3....5..`.-.........y.ni..,.....}..t...K.$H..1..!.'SxQI ......$.

<<< skipped >>>

GET /userdata/2014/3/10/13/906768/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sun, 15 Mar 2015 08:28:08 GMT

Accept-Ranges: bytes

ETag: "225fbbf7f95ed01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 2135

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...A..?....y.P.^Gz.h..$S..........#..W.x.O....{)X....pq......i.o..d..:v..^..t.p.......}...5.. Y.4>G9....Y..o..m.`.c,.......{zrk.u.)"V;HP1.c.;..^".....*$F..#.9.1..........j.n.C..I....*.T...&....8R.4t.....n.);.s.?..@.1.?.Z.l....U).........)M.]Ei..!$c.......y...3....a...O;..9....z..y..?!_x|)......`.@l..c.$aNNK...8.'...Y..=*;...[....n...........,/.n.t..I..sR ..B.N....i..v.v.rbRO'.V..$..y.Os...2Z..O.]E....=A5.{.Iq#<..9...7l.4...e.../...Xt........%3............a..1.J.r~O.."..SW...c..W...".o.^.q-.4VV..d..gL.p.bFG..s...8>...._.?.<.L.&,-.G.o..,d.9..^?*U..:i...~xu.SDN.^..{.i....-.M.......;V.x......S.R..k........Vm....K.\v.I)E}....f......=kX.t....r1=wT7...Z!|..SI?..hZ.....~........1..]>...S.d........_....O....g..8.M..P....g?.n..SH......)..PF....Q...{.I....E b.{T@...S..a..J.kB]...N'.E.$...Tn.G..l...U;...R.B.jP..Pie.)C.E=..J.p.. B.XW...u....&.H...;..........?.~|....O...|/..Y.o.....q........TVz"....H

<<< skipped >>>

GET /userdata/2014/4/23/8/918845/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Wed, 13 May 2015 13:25:42 GMT

Accept-Ranges: bytes

ETag: "7f27754f808dd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 3652

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....\.n.......G.._.....1.[0P.. g8...|A.to.*..C.N.zc.......-....$..P....@..4.1.Q}..'t...j..".C.... ..jk(.I...I...5._..0..ws..f?7VE....Kl..nG.9.zP.O.G..'..HiC..VU.N|......._...I<..K..N@'...[......7I5.....g..=s.....>..V.4...u../..[h.........X.3..j.,...S.H.2....tB.A....#.......q..4{.9fP{.I.....W......4..Z C,.0.%w..6...N...3.n.H.G.........v|.-..77'...O!......{[..%$...=9.].....>..A...G...'.1....1.fu|...8.........:.__.........KJ..)..1......:..>.y}..1q..V<.....h..8..<.Oor.E!`..r.{..=[@.....I.q...|...Y.\.... .!.^.Myy&.. .8y..lp.....OQ....a^..1..u........t...$PVK.........".[.O.(.s}i....k.F....,..*x..r..A.G..|.....0....j%.L...FY.a..>...A.L....w..`.7....iy..$( .s....W..yo./..|?.t..o.d....$....8.921.6Xp...I. W.n.uod..s.mw..hc,.Uay.~..3...t...u.....h.L.C.ZEp.*......w.q..t..J..G.0....*.. ...?J...n...[Q9..TLv........q.....mCJY...t..[>D........g.78.NG8...-....s]n..I.j.ww6 sg..d..f].eN....c.....

<<< skipped >>>

GET /userdata/2013/10/29/21/870006/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Wed, 27 Aug 2014 16:21:32 GMT

Accept-Ranges: bytes

ETag: "85e3aaf612c2cf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:54 GMT

Content-Length: 3009

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..]...<...f..Eyj'..T..K......x...kdp....]..qm.......^Pc.9.v=.zT.wf.... w...rX.y.5.$....[v.....4p......xv}..E..I;........NW....Id..F.v<..}H?..fEx..C ...A......N9...W?k...$.-....t....VU`.$oF....T.....g.....X-.......-..U.x..O...m3. H..J....1...a.9.W.xb...].2..I....@.q^...5[xr....p9..&..M...QN...p....>.....g5Ij..<?....C...J.....5]'jD.z.).@H'.Q.........^o......rl. .<.'#.T..Nq]..t..nE....#..2.......<....-j|..-2.8X@.u.?9.~....x.....k.n..h....A..5.~8........n.J....W...@....8....M...K{.3.H......}.V.V3....S....Y..u..5hn..ki.H.eY{..............i.B.X....E...).!.$...4.Z.33..A'...5.D.sP...j-.....}.d;.q.......<..9`N..s...z{.mGJ.H.......4g .......]*.L.j....I9l......u.an.=D..=k.W.b.O.@..Q'"....G.'#.>..O.p?.?....T`..........TMf)^I.(..."|.......?...Z/.o...!.RX....w..r{.3...2i...2.<....-.0...;...\H...p..s.a^)qksm.oq...0......P{.. ...=..Z.4.H..M....?6.n.'..<.Yqhs..j.N% .c.P........z.q.....m..

<<< skipped >>>

GET /userdata/2015/8/18/4/991533/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Mon, 17 Aug 2015 22:18:34 GMT

Accept-Ranges: bytes

ETag: "f73e0a73ad9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:54 GMT

Content-Length: 2927

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......n.l0...."..2Z7b........p} ...gwi.A......f8..FF[.p>r.....~..4..o...%a.nR.....[.....&.....6...x..'...6.. .......Z3.#Ijy.0..N*x.CE...=O.4.~fV.6O..2....t ....fKt;Z...8....58.u....P1....\V]..E*...n.c ...w..=.Z.k.....Dd..8.8?.(..r.Q..).Ppx...G.V9(....*/.UV-..J.Q.....#u.g.......M...........s.1Ms..&8.'.q.G}.....O.X.u...S.c..S.~.5......m.e.....#........ :..X.z...k.H. . b.....,.e....FA...rH.\.h>T_.Z.aC.<....n....'8...if...H.$B...K..}.3...V.":.....8.t......s..... M...?.-..m%u....x.....g5..?..K.6.l,....-.vm...9.....Dn../..J..x...V7rK.2!\...,..R:.=....>.b...Ic..s..Q).MN....(..._......Gm..;~.......X;...pq.......w.j/...[..%......2g.w.mc.>.#....]&........8n<......N...$........W...\...GQI...t....x...... ....P.P.8..... ..9.<...t......i....2......W.Z-....-..}.Eu4.[....geV......|.....x.O.hZM...k..H.K...a..$.b.H.e..@..5..i.zl>T1.o!.1...ZV...@.N;.53...1iCb...1PY.....&..p$...;rO.]....2..P)..c.

<<< skipped >>>

GET /userdata/2013/6/1/3/818513/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 09 Jul 2015 14:22:11 GMT

Accept-Ranges: bytes

ETag: "6b4378a552bad01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:55 GMT

Content-Length: 44596

GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z....................................................................................................................... ..!.."..# !$!"%#&&$'(&)*'* ( -*,. -0-/1/02/020130131253465776988:;9;;:><;?==A??CDDGHHJKKMQQQUVXXX[YZ_[\`\]a^_cb`cdbdfcdgcdidcpeaqeaqgbthbqicnjfmkgnqik|l..u..v..v..un.o..x..u..{..|..vo.o.....z...~.{o.p...p.p...x.~p.q......p.qq.uq.tp.qp.rp.q......t..t..............u.~u.|...t.x...t.w.......................................................................................................................................................................................................................................................................................................................................................................................8....%L..2...O.H}...Y.j..\........y.E..%L.0.\.R..I.$):d.P.Blr....'A...p0..D.!B.|.5...O......#..oryc'..,..0m. v.JJhe..yS'..p...`.(.!T.|.5.........g#..{...W.p.M.#K.....C.i....n...1......2...K-...e.......,l....Flr)..S...H...n...M..B..a.....u{..K.s.K.2}s....KT........."E7.%.............4h.]..v..Q.....L1.y.......y....K/...g;}&..G....^}.......u.a.M5o.AQI.m..,... ....^.j.bSr.}8....r.'{.../..#..)Z..v....j".(X,.X...c.H.z....".......q.Wox..=S^.......,....;.QcM/...h...X.z.b..r:..A.{()..]...n{..../...;...M1.&.j.;B.X!{.Pb\...U..&z..m ViO5z.....xS...@....>.......L.qX....p.1.......R...@.K..RI*6.4....<k....j.....d[l..B...).'.....Z....y.(...\)JJ..7..k.&..4......O..a./...FD..B..].h..R^.*n*.H..@.. ...Yr[@.uE

<<< skipped >>>

GET /userdata/2015/7/25/16/988694/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Mon, 27 Jul 2015 10:14:23 GMT

Accept-Ranges: bytes

ETag: "38cd84255c8d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:56 GMT

Content-Length: 3476

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..V..r*.y.JlJ3^w...z..|3e'...uws... ........p.....9.....<..JV`.x._(..'../.....9.$Q ../!..O.....|...y'.<U...Ri..[..]7.i.0:...@......pA. ..._.......`...-%...[k.}....}......z.V.$.K.6C.M7........\...:`.}-....2.Rh.H.20.`x4......j.......)..j.lhGZ.~".[.....n`.............<W.\.M.lnDW.d.....Uee'.....x.R.U.D. X.....O...8o..cW.o..F.j`..c/j.c..O..E.2..8~.<......ur..,.H..j......W.Q.]\X.V.5.........<|.H8?7.Q^ku.-G....-.....F...??.......1.....[|=.%....h.......5....1<.Cqs.(..S.Q....... ........[.......o.........=3.n......l....N.m.e.I.."n....p...Nq@.U...6...5..=...8.....G$......0...e#...%x.....%n..gw.\..v...c.0.b<..}.... d.%.=..I...h....4...\..).H.h.....)V....,_.V...q>"...t..[..P.... .2J../Rrq...u...7......C...3..5...E....B.9.bs..W....W^%.....m....OH........=.s....h...~%....-..<..aM.1. .'.E....5'..auq....C...\].x....`P0Ufbx..d..z.....Ioiqu.}..f...&.-..V8...J..{....&D[av...2_.`. ...u.w3...5_.

<<< skipped >>>

GET /userdata/2011/6/14/2/356144/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 11 Aug 2015 06:44:23 GMT

Accept-Ranges: bytes

ETag: "7e73af281d4d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:56 GMT

Content-Length: 3617

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....go0..2:.CD?...H8....L...R...M .%...8..M%..IoZIE.b-.!R"$z......z.......e...$HJ;..v..}.r.....P...-.jv.X/.;..m.Q.i.....8...........Z.. vS).Wvh...........7..S......>..e.>.j..Ki..........*..@....c.`.5.~$.nt...%.. ....d...0......\W.JnIjc(.y.....4.{.#T.......L.%...,Tq.9'ql...-...:<..:.. mb...t..=k...s.A.\.Oz.>4B...Y.T/...9.V .89..h..&..G....I5.;..o.A.[$...YP...0....d.9. .U...%..>...._6....).wu..dWx.Bq.A.A......>...oV[.9.v.....J0.?^..W.......i&.N.....f--..nC..a..J..8. y.Kc..u..t.I.k...FGO....M....^Y.F-........,6....&...[3...v....8.W~t...KJ.$..!V..S...I..w.C!..;y8.Y.......... ..9......-....7..?......PA.&....U...........<).m..*........ip..Z4.L...QeF..a..;~.m8-..F...'.-.S].-1../..$........4l.l.-v(......'.}...u&9...X.!rI.....5.=....x...xDrF.9.V!dE..3.....8.>...8....q..c.w.O.#.F.Z...n.p29.._Ej1].p.dd.P'.deT.._o..a.....A...;..3....y..-......*[....c.X>;.c.|..Db..........:..8?7.....w.)

<<< skipped >>>

GET /userdata/2010/4/25/1/1066/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Mon, 10 Aug 2015 12:46:48 GMT

Accept-Ranges: bytes

ETag: "6f607f9f6ad3d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:57 GMT

Content-Length: 12060

GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z....................................................................!..%..(..*!.,"..#.0$.1$.4&.6(.7(.9).:*.; .<,.?- @/!B0"B1"E2#E2$F3$I5%J6&L7'M8(O:)Q;*R<*S< T= U>,U>-W?-YA/ZB0[C1\D2]D2]F4_H6`J8aK9aK9aK:bL:bL;cM;cM<cM<dM<dN<dN=dN=eN=eO=fO=fO=fO=fO=gO=gP>gP>hP>hP>iQ>jQ>kR>mS>oT?rVBuXCxYCyZCzZD}\D._H~`K.bL.eO.hS.iT.jT.lV.mW.oX.qY.rY.u[.x\.y].z].{^.}_.~`..a..d..f..g..i..m..m..n..p..q..q..t..u..v..u..u..u..u..v..x..y..{..}..~...............................................................................................................................................................................................................................................................................................................................................................HP.....*.....{...K'K...a"....#.. ...Y.!..(I.4i.........&...0nn..%M.H..j..q.A.GM...p...H_..Sf...<........7n.qS(..t..B]...S.0....B... 0t......'J....G.1c...2f...JK..l...q....[B....al.Q....}....f...]..q..!A..K.e./.3!i@t(a.._..K.@}....7..H,....id..m0!w..#...q.F...&`......ao,.A..a.B:o..d..-v...D.Uf wF.c..~.0A...P.i6..B.i..F..f...Bt.C~.l...K.0C.ct..Fm...B.eq..zu...*|...=d...:....]....i....%....K....]....a....3.e.?...Ag..&X.*l...k.1..Kt`.W!.x..].0^.6....:..F&....H..!.p.b..a|. ..Td.......a...C.W....,..C.0P..8--.Z.?5....%....N.....e...<....:.AE.c....,p..r0....a.(.Q..Q......i..1F.i ....*{..,d...~....K..C...........}M8C.]....-RA..y....a....,..B.w.`....`C.b...

<<< skipped >>>

GET /userdata/2010/5/10/23/12850/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sat, 01 Aug 2015 03:18:53 GMT

Accept-Ranges: bytes

ETag: "ebd4ecb8ccd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:57 GMT

Content-Length: 2712

......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......Z.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....r2l`..w.......OU.....gy....J....I.....>...Xu%.W...R.......=...[.....k.............k.xkV...k...t..%..).F..p.3..=..'..~ .r.....f.f.ky...T.........G..z...O.^......QIaG......<g.{.......u}....w2...`..g.........%...c....>....PYD..daw....`%....y...V.2..S.{C.I c..c..0.r@....%...-..g)^.'S.kF..............,.....R..D.a.L.<.e....L.'<..g.-{J.-o.....F..>.c.....{P..^j..l...X.A#.C_,.o....%......$.`.<....'p..v..2A.._@xz{.}*$.|..<...V$.<t.v....'............}..../.....[u)$...2U.O.A..:g..[q.-....G>.. ........}.?.B/..9.h...o.|I.*....:>....'V......\..!.*.A...........$.D...,...J..@[.=....CUy.V........o.......&T.am[%K........?..U..xGT..l....sR3..sjQ.....<.Y.~^..8..E}?>....;...s..M.@.....T.z...1..<....u.Z .Z!ms..l0.m`1...>...n@..;=...X`.Up..W#.D.Q.t.[......k...x.I.W.N.Y.m..9.9....s.g..{.......V.}.$......@..wg.Q<..Ry......?.s....m^......9..m S.F.........F;{1......S..h..F;....

<<< skipped >>>

GET /userdata/2010/4/27/2/1863/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 16 Jul 2015 18:32:45 GMT

Accept-Ranges: bytes

ETag: "cef513cff5bfd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:57 GMT

Content-Length: 13874

GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z..%%%%%%%%%%%%&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&'''''''''''''''''''''(((((((((((((((((((((((())))))*** ,,,,,,,,,,,,,,,------...............//////000111111222222222333333333333444444444444444555666666777777888888888888888888999::::::;;;;;;<<<<<<===============>>>>>>???@@@AAADDDEEEGGGGGGHHHHHHJJJKKKLLLMMMMMMOOOOOOPPPPPPPPPQQQRRRTTTWWWYYY]]]```bbbfffjjjlllppptttvvvyyyyyyzzzzzz{{{{{{{{{|||}}}}}}...........................................................................................................................................................................................................................................................................................................................................................................................eK.,[.hA....N..I....$b...yu'..<[.4.....Fx....D...%j4!..F...JD!t...:q.|9.ea.,Z.....h.(P....g..s.(=.......~.{.,..9.r.[....$Dj.y."F.(b.p..!..;?.Mz.FL.-..F......PE6..Dq.8n45.w...6w~a..F..<..y...^.v.b...$.K.%>...'..1=`. B)..:s....EL.$O.#.;....M..1....H.......c Yw...QBL.8q..ytg..8h.........|PB.9....=D0...p...s.A..hLG.Rp.0..p....].!.$.... oD.H0ut.....PB.Y...JDL.[.2.X.n}........"....."..E. ..C.5..!\O....n...,..cN.l.AH(..q#.0..A.H.A. P..[_.....5...pH..c.^ 2.,..BQ.D.%W.vq.#\H|a.#...K8..2..o<r..H..c.!..&..D...}E....?..R.3..C.v......B....hW].n.(.^l!.....O;...H(.<..K<..f.,...........;`LH..G.....*..A..T..g..Z...9...&....'s.A. oH.nn..{g...y..1..B.Ot...%........%p.

<<< skipped >>>

GET /data1/p12/ku6video/2014/1/22/2/1395667510432_95415401_95415401/1.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vi1.ku6img.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: NWS_Appimg_HY

Connection: keep-alive

Date: Tue, 25 Aug 2015 10:58:12 GMT

Cache-Control: max-age=31536000

Expires: Wed, 24 Aug 2016 10:58:12 GMT

Last-Modified: Tue, 21 Jan 2014 18:48:32 GMT

Content-Type: image/jpeg

Content-Length: 8497

X-Cache-Lookup: Hit From Disktank

......JFIF.............C....................................................................C.......................................................................c...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....C._.7.w..(u?.~../....[H....Dfb@B....'..<WK...&?............y...<..:..,.)..H.. ....h..-...O.<5z..-{~.........xp....m.....d..rU*GZ.%....kxWt..w.@.?..&s.....e.6%...?.<......c...YV....`Y...b.......8.o.q...........e.o..[...................sh.-...'x..f..M..'..........5.O.xw.Q.....:.ego.H.M#}.P:..K.=..z..#....CE}:?....V...;...O.......P...3...W..>.U....._.m.. i.g..3*F..f$....}..O. ...[~.....kq...|.....$..zn.$.F.?6EP.rV0]...'.......%?....<5......|P....qo.XxZY"...l0.....5.................O.'/...I...}&..M?..o........9]..\B...mW.\o..A........|S...{k........j.-....".n.Gb.8.F].Q..".|y.7...............Z9.on<;....dh..A........Xs...../....~,.j.........i:....~).[.....Gg..e.V......m.c.....s.w...J..Mx;......P|h.W.............d.?&G.F...r.M*..2l......x.f..m~m-{..{...ku..J....?:...fO......{..!..51....q&n..F..a..'].t.d..4>!|.....K]k......j...a}...Q..0.O.#8...5.......{..M......&>:..Y.....W....4

<<< skipped >>>

GET /tpl/wh.js HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dup.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:59:13 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: close

Last-Modified: Wed, 08 Jul 2015 05:42:56 GMT

Expires: Tue, 25 Aug 2015 11:01:57 GMT

Age: 136

Cache-Control: max-age=300

Content-Encoding: gzip

Ohc-Content-Crc: 1457426814

Server: hkg01-sys-jorcol07.hkg01.baidu.com

eaa..............i.SI.......y@JKb..Fp.XE..*...{...,...SZ2....~...{.,.gu.}u. ...;.5........d9?;........:.<.....l..}._<j.0.r8[.py..~i.?..-......Iw....-//N..^...H...j^~>...<..F.....`~:.vz......=.{;|..?....pv5.P...x1{4.uOg...<;,....^.~lZ....Z{.....x2.R.......;.N..t...4^|??..B.......7./^..........h2...........h.fy1?=|.;.{>.98..NG....lx<;=\..L..{_.G.....1o.OL........L...'....x.x6...}...~......dv}=.Ng....\......Mk.o......G]a3.....E..h.p.X.......O......C..F..1....y.y.v............l.s....q.3.......Y-.<.3O./..y.g...d..-.......1^_...,..&ewVF..........a.U.......Pr...g-......P..;...Y^|....."i..Z..X...d...u.......W(..tv..<:.z6.......4}.....7.&.....R......3=/..M.rvr>.........L.d:...'....7.....................L.%%.C.PO.T.......6=.J?......x.......f...$c........~8e.5.......X...@.....m.^.(.c..[z..xq.......!..N.k...b...o......N..E..J...*...tw;......S....S.e......{..v....2.^O.....~...k.a..."....jR..6MnOv...S}p.n.[.........i..F...bv...N.-.....FIH..|~]|.]..oO.<...........Wo...........R.X..1;..lY........Z ..d.t...W......t...~qur.....w........!....lry.(.....lqv...<..7Gg.....g..xq4\..._.,[...?....x.......g........|.....3?.:A.}.]..&W.=..W......J.]i...PK..~.{...z_nM.H........7....F..tj.)...3..".........Tz.uo.nG... ..0e..2.|8.=......3z=E........;,........P..g.gZ.m.......P...............}v.Qjy.T'.......S....i.y....,......`|1o..L...........l.L...7.N..T.wg..l.......cN.....L..Q.F..\$......O..l..u[.I..-$.2..5.OE.....]V.1...v:..;.F....M.s...16...X'#%.z_.E..8."*..,J..._..;$........_............Y#....z.......C..

<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8888.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: text/html; charset=utf-8

Content-Encoding: gzip

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-AspNet-Version: 2.0.50727

Set-Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45; path=/; HttpOnly

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 10:56:48 GMT

Content-Length: 13171

.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"~..7N...O.<y...<M...L_~....I.......wr...7O....o.x...w.7u.l....Yy........m.zt........../..yu..`..e.u.......GG.5.J.-.e.Y.......ui.g3.\.mF..........>....:.>....-&e.Q:..m.l?..............Gi...i...z.........0............G.].i.............?......t;......?.s............./..?.?.............o....?...g.._K......~|W^%...2[..}.4o.u..y<.,........?..........G....?......o........?......w..........?...?..?.O....?.?......o......../...E.....?.?....................?.................=...J......./..........:.(..........._.........#.F......>.(.jy#.......5.0....pw$}......s..../.......G.....!c..(...!=..2..F...P..?.m...._.g.1.o..........HTTP/1.1 200 OK..Cache-Control: private..Content-Type: text/html; charset=utf-8..Content-Encoding: gzip..Vary: Accept-Encoding..Server: Microsoft-IIS/7.5..X-AspNet-Version: 2.0.50727..Set-Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45; path=/; HttpOnly..X-Powered-By: ASP.NET..Date: Tue, 25 Aug 2015 10:56:48 GMT..Content-Length: 13171...............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"~..7N...O.<y...<M...L_~....I.......wr...7O....o.x...w.7u.l....Yy........m.zt........../..yu..`..e.u.......GG.5.J.-.e.Y.......ui.g3.\.mF..........>....:.>....-&e.Q:..m.l?..............Gi...i...z.........0............G.].i.............?......t;......?.s............./..?.?.............o....?...g.._K......~|W^%...2[..}.4o.u..y&lt

<<< skipped >>>

GET /code.aspx HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8888.89919.com

Connection: Keep-Alive

Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45

HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 1416

Content-Type: image/Gif

Server: Microsoft-IIS/7.5

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 10:56:55 GMT

GIF89a<...........3..f.......... .. 3. f. .. .. ..U..U3.Uf.U..U..U......3..f..............3..f..............3..f..............3..f.........3..3.33.f3..3..3..3 .3 33 f3 .3 .3 .3U.3U33Uf3U.3U.3U.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3..3..3..f..f.3f.ff..f..f..f .f 3f ff .f .f .fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff..f..f.......3..f.......... .. 3. f. .. .. ..U..U3.Uf.U..U..U......3..f..............3..f..............3..f..............3..f..............3..f.......... .. 3. f. .. .. ..U..U3.Uf.U..U..U......3..f..............3..f..............3..f..............3..f..............3..f.......... .. 3. f. .. .. ..U..U3.Uf.U..U..U......3..f..............3..f..............3..f..............3..f.....................!.......,....<........L.Hp.....*L.p....n..Hq..../j..qc...'E..FF..&S.\..%..2..h&C...7o.A..d..>.R.8.....E"..3g..N.B..t...F...$i"..`....Q".0..~.x4.-l.j.4...7l.....cK....~uu....}...)...0..-..xiM.`......D..)..(..Z.5k....F..'.....$!o...$d...-Zc.Ll1s^..o.........z3$1rh]w..u.....o.....=..../...hyn.....I8.z.tuJ....]F..u.6...Y-1.G.x..6Qd....s.Mt.$i...]...X|.........6....nY."...t..kF)..$#-.E.*...x$u..a.H.".'z.C3 z..R....Y".8.F....o..U..y.x.L;...v.....[HG]O%......%.E.5..(1. 'u.....8..$pQ~v..E"..j.I....F..[Yq.g.`.E.E....eh.WKV1p.Y[7-v.R".eT.yX.IQ..Y...E..(..2.&U...!p)...~&N..W....j..4.P..tkE..hQ....(.."..$i......X....{.... R....#.\..o.8...;....

<<< skipped >>>

GET /videopic/2014/7/27/2014727172939492.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8888.89919.com

Connection: Keep-Alive

Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Sun, 27 Jul 2014 09:29:35 GMT

Accept-Ranges: bytes

ETag: "b5d676477da9cf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 10:57:05 GMT

Content-Length: 14818

......JFIF.....H.H.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......P....".........................................K........................!..1.."AQ.2aq.#....BR....$34r..CSTUbs....D..].................................%......................!..1AQ.".2.Ba............?..." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""....(.>.. ...kT.._...y}F......q.. -CK..%..u.......%-{?....ZgJ.l....CT. .._P!.......H.9@..-....6...~...`...Xh.8.....lg.V:7<d.....lP.......p...z-e.K.pE.....i.r.|S..n.3...c..l1....-&;..w.....x.#y......~....4)..v....p.!......P.......' .,.......1.m..Y..../.....F..l&.]./...E}.o.Z....6c....D....WV..i8U..d....L....3^#.j.e*..... .8..W5j.tM..mL.>..V/.....l.U...nB....`U\.tRz*.-q.......N.O8......:.2#.].>Q..h]....]...I...V..1gxb.....5..D...N1._6V4..U......_E....O.....z....i...I.sT......6.R=0.."l..,n......U.;......=.)...k.{.....U........{....z..q ...B.X....6Gn...M....S.}k.......;.c`.G.b\..A# .!._9Jl...N........ c...e.7.`$n<.h...#.e.........b..n/...u\.f..*....q.......8.......u...Z..h.....b<5.....4. .%..Ye.,...F..W..A...y.NTW....6 ...6.6.06@......L`l.. k.T.E.(.,...?.Pu*....X>.e^@.r...=.qT....3.q.....p..d...z.J`...(.#k... ..mNZ..=>..m../....8....o.._E.....J....].c......

<<< skipped >>>

GET /core.php?web_id=5862873&show=pic&t=z HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Content-Length: 762

Connection: keep-alive

Date: Tue, 25 Aug 2015 10:59:06 GMT

Last-Modified: Tue, 25 Aug 2015 10:59:06 GMT

Expires: Tue, 25 Aug 2015 11:14:06 GMT

Via: cache21.l2de1[719,200-0,M], cache57.l2de1[766,0], cache9.de1[766,200-0,M], cache6.de1[767,0]

X-Cache: MISS TCP_REFRESH_MISS dirn:2:516909018

X-Swift-SaveTime: Tue, 25 Aug 2015 10:59:06 GMT

X-Swift-CacheTime: 900

<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g1.ykimg.com

Connection: Keep-Alive

HTTP/1.1 404 Not Found

Server: YK

Date: Tue, 25 Aug 2015 10:59:03 GMT

Content-Type: text/html

Content-Length: 345

Connection: keep-alive

Expires: Thu, 09 Aug 2018 10:59:02 GMT

Cache-Control: max-age=93312000

Age: 2

<?xml version="1.0" encoding="iso-8859-1"?>.<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">. <head>. <title>404 - Not Found</title>. </head>. <body>. <h1>404 - Not Found</h1>. </body>.</html>.....

GET /1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g1.ykimg.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: YK

Date: Tue, 25 Aug 2015 10:59:03 GMT

Content-Type: image/jpeg

Content-Length: 21378

Connection: keep-alive

ETag: "4219485523"

Last-Modified: Mon, 17 Sep 2012 20:46:14 GMT

Expires: Fri, 27 Jul 2018 20:54:19 GMT

Cache-Control: max-age=94608000

Server-Name: tracker01.qd

Age: 2383483

......JFIF.....H.H.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......P....".........................................Q..........................!1A.."Q.2aq...#BR..3br....$S...%CTU....5DEds..t....................................,......................!.1.A."2Q.aq...3B...............?......!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@.....s..x.$.i..z......xi......q.......A...XB..>..).1h...Y...Y|4.,qi.s.....E...5!z.....f....!.....O..s.....-.5kwiv..#-...@.$@....^....hqPd.....s..;.?L.A.~.i.j..mdD........2V.... .m.............M...p......i?.....). ..'N9.[.=..?..v.......o:O.#..L!]#D....?...O...?.....6.O....iJ..P........S[......9?.."..@ey..c3....*........T.........\j...-........dY.....4.QS............8.Q...>........[V....&;Gw`.............U.&...q...w'.Q[....g2.v.8.........0..i....V.....s8.R..1......`3...tQ8...O.)P.(V......>2....wy..{.rF..t.4.d.D}....{...Ql.....m.........kG..<.Hq...5.*5.H..O............J4..H2....L...Z....Z..H.)".B....>.j.S...-.....s?..0...Q....F.{.m/.C........xTQ...E.H.((...}1i..3...P........i..!H...80........_...w.H..'.R.......rSR..c...h....S....%O| .6;....E.>E;]..^.....p....`U.W..Diz...............%.....UW.V........j6.y.Y.6n7....._.d.MO...........pb...j.Qh....F}...f.....n......".n>WV.7...'...Z...,..J..i...V.Rq....(t..........5.'...JP.U..vyE....Q

<<< skipped >>>

GET /1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g1.ykimg.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: YK

Date: Tue, 25 Aug 2015 10:59:03 GMT

Content-Type: image/jpeg

Content-Length: 22683

Connection: keep-alive

Accept-Ranges: bytes

ETag: "832302386"

Last-Modified: Thu, 26 Dec 2013 14:10:38 GMT

Expires: Thu, 09 Aug 2018 12:21:31 GMT

Cache-Control: max-age=94608000

Server-Name: b01.tracker.b28

Age: 1291052

......JFIF.....H.H.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".........................................H..........................!1A.Qa.."q#2B.....3Rb....$rCSc.M...&6..es................................)........................!1A."2Q..#Baq3.............?..i8....t...'..f.51g \"....k!..W.5.j[...$!.....N...$....U./..X.......%.|2....'zpzp9.RO._...U.l.{..2.[.........~.KK.,).b<..q*;_;V..0.........|4Gq...$mw...K4d4....)..J^.8..p....C>.f....".l............R#JS J.J.i..N.q.._.."T`..\.Ki{....t.........qy)K...x..;...6/CXd..Ir<..8..)?.....U#..A.....9.>F.6.(.5...m.*.I.=...P....y.@J.2S.?1.L.-:eK.$!.\..@`/........J.>..:.ipY..R........=..S..R[l..zl.'`.....W(.p.#%..d........:..=Yg..t.i....q......'.R....1.... .k0.y}..Kp.F..j..B.20f..:..@H....R..C.R.*}C..T"....U....JVN.......,..GL..v......0KU.n.....\..H...T.[QM\ {R...D..3....G.yQ.{O.. ..I..Bz<r...f...%.....hJD#...O....T.*.Y4..s..%J.9'!.......?w>..m.....^..K-..)l....O..^..m.*....r....9,...e..*.=?.n..f..K.F_0....[. $6..Q....#.MI.;P.E..b.D.:K|).. ....%?"s.U.'L......\...%..2W.GNU...m.u5.L.&|..iNS.....D.z..Z.......N5h..s....G.......TY.I...1.9.[.............U.`.=.....i<neAN....~.O.g..\.%.x...>.J.R..... ..JT[c>,..e..8....}p..n......p>......*....-.i...scH...T=.VZ...:...f......s.=j\....'...6.*....=K.$..U\&o..Fh.o..Pi*s*R....'$...dU(u$.4F.X.=<....)9 b``.V0.H.x..#j...@.m.m.Z...(h.M....t.S...V.J9eK.....Ka.f.......2S.....B.p..=@.VvZa....$..?Q......

<<< skipped >>>

GET /img/pic.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: icon.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/gif

Content-Length: 719

Connection: keep-alive

Date: Tue, 25 Aug 2015 08:47:49 GMT

Last-Modified: Fri, 16 Jan 2009 08:10:47 GMT

Expires: Wed, 26 Aug 2015 08:47:49 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

Via: cache1.l2de1[0,200-0,H], cache32.l2de1[0,0], cache6.nl1[0,200-0,H], cache1.nl1[0,0]

Age: 7878

X-Cache: HIT TCP_MEM_HIT dirn:5:508901051

X-Swift-SaveTime: Tue, 25 Aug 2015 08:47:50 GMT

X-Swift-CacheTime: 86399

GIF89a2.........f..3...33....................................................................................!..NETSCAPE2.0.....!..Powered by AFEI.!.......,....2...... !.di.hjBl..p,....x......`P.(...GR.D6...CH....,..@8.... -..EQc.8...........`...."....................~"..H........H......"...$....#.........."..........."Z.......*...%!.!.......,....2...... !.di.hjBl..p,....x..|....p r..H.C.\&.H.tJu...#b......7..W.h.......7..l..v..-....."....................~"..I........I......"...$....#.........."..........."\.......*...%!.!.......,....2...... !.di.hjBl..p,....x..|....p r..H.C.\&.H.tJu...#b......7..W.h.......7..l..v..-....."....................~"..I........I......"...$....#.........."..........."\.......*...%!.;HTTP/1.1 200 OK..Server: Tengine..Content-Type: image/gif..Content-Length: 719..Connection: keep-alive..Date: Tue, 25 Aug 2015 08:47:49 GMT..Last-Modified: Fri, 16 Jan 2009 08:10:47 GMT..Expires: Wed, 26 Aug 2015 08:47:49 GMT..Cache-Control: max-age=86400..Accept-Ranges: bytes..Via: cache1.l2de1[0,200-0,H], cache32.l2de1[0,0], cache6.nl1[0,200-0,H], cache1.nl1[0,0]..Age: 7878..X-Cache: HIT TCP_MEM_HIT dirn:5:508901051..X-Swift-SaveTime: Tue, 25 Aug 2015 08:47:50 GMT..X-Swift-CacheTime: 86399..GIF89a2.........f..3...33....................................................................................!..NETSCAPE2.0.....!..Powered by AFEI.!.......,....2...... !.di.hjBl..p,....x......`P.(...GR.D6...CH....,..@8.... -..EQc.8...........`...."....................~"..H........H......"...$....#.........."..........

<<< skipped >>>

GET /acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=1522x8&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=578&tlm=1440500346&tcn=1440500347&tpr=1440500346621&dpt=none&coa=&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: post-check=0, pre-check=0

Connection: keep-alive

Content-Length: 1147

Content-Type: text/javascript;charset=UTF-8

Date: Tue, 25 Aug 2015 10:58:59 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue Aug 25 18:58:59 2015

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Pragma: no-cache

Server: nginx

Set-Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; expires=Wed, 24-Aug-46 10:58:59 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1

BAIDU_DUP2_define('request!u1548235_0',[],{deps:['nova/painter/inlayFixed1392089005'],data:{"id" : "u1548235","_isMlt" : 4,"sw" : 250,"sh" : 250,"_html" : {"adn":"3", "at":"6", "aurl":"", "cad":"1", "ccd":"32", "cec":"utf-8", "cfv":"11", "ch":"0", "col":"en-us", "conOP":"0", "cpa":"1", "dai":"1", "dis":"0", "ltr":"", "ltu":"hXXp://8888.89919.com/", "lunum":"6", "n":"46055029_cpr", "pcs":"628x452", "pis":"10000x10000", "ps":"1522x8", "psr":"1916x902", "pss":"995x1784", "qn":"6017087a97ff6662", "rad":"", "rsi0":"250", "rsi1":"250", "rsi5":"4", "rss0":"#FFFFFF", "rss1":"#FFFFFF", "rss2":"#F781F7", "rss3":"#525052", "rss4":"#008000", "rss5":"", "rss6":"#F781F7", "rss7":"", "scale":"", "skin":"", "td_id":"1548235", "tn":"text_default_250_250", "tpr":"1440500346621", "ts":"1", "version":"2.0", "xuanting":"0"},"_html_old" : "cpro_template=text_default_250_250|cpro_161=3|cpro_flush=4|cpro_cbd=#FFFFFF|cpro_cbg=#FFFFFF|cpro_ctitle=#F781F7|cpro_cdesc=#525052|cpro_curl=#008000|cpro_cflush=#F781F7|cpro_client=46055029_cpr|cpro_at=image|cpro_cad=1|cpro_w=250|cpro_h=250|cpro_version=2.0","qn" : "6017087a97ff6662","_qid" : "6017087a97ff6662"}});....

<<< skipped >>>

GET /acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=1&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1522x8&psr=1916x902&pss=995x1784&qn=6017087a97ff6662&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.656.3125.3125 HTTP/1.1

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Cache-Control: post-check=0, pre-check=0

Connection: keep-alive

Content-Length: 22250

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:58:59 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue Aug 25 18:58:59 2015

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Pragma: no-cache

Server: nginx

<<< skipped >>>

GET /acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=2&dis=0&dai=3&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=1427x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=6984&tlm=1440500353&tcn=1440500353&tpr=1440500346621&dpt=none&coa=&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&baidu_id=&dpr=1 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Cache-Control: post-check=0, pre-check=0

Connection: keep-alive

Content-Length: 1149

Content-Type: text/javascript;charset=UTF-8

Date: Tue, 25 Aug 2015 10:59:03 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue Aug 25 18:59:03 2015

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Pragma: no-cache

Server: nginx

BAIDU_DUP2_define('request!u1548235_2',[],{deps:['nova/painter/inlayFixed1392089005'],data:{"id" : "u1548235","_isMlt" : 4,"sw" : 250,"sh" : 250,"_html" : {"adn":"3", "at":"6", "aurl":"", "cad":"1", "ccd":"32", "cec":"utf-8", "cfv":"11", "ch":"0", "col":"en-us", "conOP":"0", "cpa":"1", "dai":"3", "dis":"0", "ltr":"", "ltu":"hXXp://8888.89919.com/", "lunum":"6", "n":"46055029_cpr", "pcs":"628x452", "pis":"10000x10000", "ps":"1427x293", "psr":"1916x902", "pss":"995x1784", "qn":"397da722a6333ad8", "rad":"", "rsi0":"250", "rsi1":"250", "rsi5":"4", "rss0":"#FFFFFF", "rss1":"#FFFFFF", "rss2":"#F781F7", "rss3":"#525052", "rss4":"#008000", "rss5":"", "rss6":"#F781F7", "rss7":"", "scale":"", "skin":"", "td_id":"1548235", "tn":"text_default_250_250", "tpr":"1440500346621", "ts":"1", "version":"2.0", "xuanting":"0"},"_html_old" : "cpro_template=text_default_250_250|cpro_161=3|cpro_flush=4|cpro_cbd=#FFFFFF|cpro_cbg=#FFFFFF|cpro_ctitle=#F781F7|cpro_cdesc=#525052|cpro_curl=#008000|cpro_cflush=#F781F7|cpro_client=46055029_cpr|cpro_at=image|cpro_cad=1|cpro_w=250|cpro_h=250|cpro_version=2.0","qn" : "397da722a6333ad8","_qid" : "397da722a6333ad8"}});....

GET /sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1

Referer: hXXp://cpro.baidustatic.com/sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 1596

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:06 GMT

Etag: "55dc1feb-63c"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Server: nginx

<<< skipped >>>

GET /wh/o.htm?ltr=&cf=u HTTP/1.1

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1; CPROID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 1394

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:12 GMT

Etag: "55dc1feb-572"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Server: nginx

<!DOCTYPE html>.<html>. <head>. </head>. <body>. <style>. .userData {behavior:url(#default#userdata);}. .client {behavior:url(#default#clientCaps);}. </style>. <div id="oPersistDiv" class="userData"></div>. <div id="clientDiv" class="client"></div>. <div id="oFlashDiv"></div>. <script src="hXXp://dup.baidustatic.com/tpl/wh.js"></script>. <div id="cFlashDiv">. <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="hXXp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="1" height="1" id="BAIDU_CLB_ac_o_flash" title="BAIDU_CLB_ac_o_flash" align="middle">. <param name="allowScriptAccess" value="samedomain" />. <param name="movie" value="c.swf?v=3">. <param name="quality" value="high">. <param name="wmode" value="transparent" />. <embed wmode="transparent" name="BAIDU_CLB_ac_o_flash_embed" id="BAIDU_CLB_ac_o_flash" src="c.swf?v=3" swliveconnect="true" quality="high" width="1" height="1" align="middle" allowscriptaccess="samedomain" type="application/x-shockwave-flash" pluginspage="hXXp://VVV.macromedia.com/go/getflashplayer">. </object> . </div>. <script src="hXXp://dup.baidustatic.com/tpl/ac.js"></script>. &l

<<< skipped >>>

GET /wh/o.swf?v=1 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1; CPROID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 157

Content-Type: application/x-shockwave-flash

Date: Tue, 25 Aug 2015 10:59:15 GMT

Etag: "55dc1feb-9d"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Server: nginx

CWS.....x.3.bX..........{.^....?............b..............7..Ofq.Cq~Q.CVbYbqrQfA.U.TBC.!.89. .AI.!.85'.a./.@6.(.`.......d3......Af.;.;#H....$..&.g......?.' HTTP/1.1 200 OK..Accept-Ranges: bytes..Connection: keep-alive..Content-Length: 157..Content-Type: application/x-shockwave-flash..Date: Tue, 25 Aug 2015 10:59:15 GMT..Etag: "55dc1feb-9d"..Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT..Server: nginx..CWS.....x.3.bX..........{.^....?............b..............7..Ofq.Cq~Q.CVbYbqrQfA.U.TBC.!.89. .AI.!.85'.a./.@6.(.`.......d3......Af.;.;#H....$..&.g......?.' ..

GET /img/iconjans.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sun, 10 Nov 2013 14:48:44 GMT

Accept-Ranges: bytes

ETag: "06ecf423dece1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:42 GMT

Content-Length: 12263

GIF89aG.......................M..M..M..L.........................................................................l...................................................................................~......................................Qy.a..k..........................z......................................................................................................................................................................................................W..p....................I..I..K..J..J..L..M..M..L..K..N..N..N..N..U..a..a........M.......................................................................................................................................................................................................................................!.......,....G..........H......*\..............q,R..'...q8Z.X..Gv.G.aW.bI..;..X.`........gHv,].dg..:u...K.GiR.ptVd..(..X.....`T.!.b..r.Ev|...Z....j..K.."..,.V]9.l..b.|.)s.....&^.U..t|...,....M.C-..jF.|G.......(.Zf<.n.t.a...t.l8..&.......m.Z....v...N...l>..I/..]....MO..).bo...$.2...d..-~.t.E.,..J..tu...?gLS1.....dHq.TO....M.eDPU:}..y..4.[..3......&....1[...:.p(.lsA..r9...1..G.{.}.....Q.R.........9(....&.I.9..G.\.)UT.~,.#.4.q#r;.7.$.i..}.....".....h.....q......t....z....A[.E.r....tyna....#.0{.3.9..3L...x..).y.s.......Q\FH.'.......9on..9..C)...S...&.Il..d.y;>..N....u..Sb.o......S...D3L...#L4.d.-.[(.........-..@..dV.s..]ui.....n ..............s..qz.N1..E.M8~..Gd..[.q....^.l.0....9)w{p&.V:..LbF.[:.G...........c...i.^.Sr..O3M5...u&Q...5nD...s

<<< skipped >>>

GET /huandeng_pic/hd11.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 13:14:04 GMT

Accept-Ranges: bytes

ETag: "0f6433bbbdbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:44 GMT

Content-Length: 69261

GIF89a.............E"#?12...:6">:&B>*NJ8>: B>/JF82."62&..v:6*..z:2.>6"B:&F>*NF2KB.rfJvjN~rW...:2">6&B:*F>.JB2nbKrfN..vvjRNF6.........vfJzjN.tZ..~..l..u..|............J>*RF2VJ6ZN:.qV..m.~c..g.w^..r..{e[K...1.)2*.6."l\ErbJ:2&vfN|lT>6*^R@..p.z`..v62,>2"F:*r_FJ>..vYNB2RF6VJ:ZN>eXFB:/..yWF2ZJ6.&.^N:vbJzfMdUBrbNl]JvfR~n[:61Q>)bQ>..|...;).J:*B4&N>.:."RB2>2&VF6ZJ:^N>F:.J>22*"6.&:2*>6.......C6*NB7xaN....t_E=6< .J:.......ygYJA:LD>PHB^VP?."XB22&....6*"lUE:.&>2*XI?F?:...O5%[?.Q9*.^I.dN..q..l.jU..i..{..t.........d\WtlgzrmD .H2%eH8yXE.x`.nX.s].|f..zRA7... ..ULGZQL...............-..U;-!.._C4lM=.|c:*"...>.&XB7:2.@84.zv............;&.4".'..L5*.fQtQA.cU(..md`...O90...1*'.........?*"nULD.'.[N;.*6-*RFB.....oW<4eJB..w_C<:*&...{XQ3%"...6)&...<&".c\A1.@!.j>8 $#...@)&.gaS/,M1/JAA...............!.......,.............4.B... \...2.Q....D..Qb.;B.<."dc. .;>....G.(S......".Z..S..M8xp"....$... ...NP.Hi..$IR.7E.D...*.$X. ....O.X.8!.....Z..t.2R$.B.lx.Rj..^.8U.....Q....g....X......;.N.4y......V$(m.B...0l4.aB..C?v..........r...B.....n.;.m.LZ..W.M..1Z....M...R..o8...m..'r.........y6..o`y...;r...p..]..e...>..H.,..I"......t.e.5.Qh...PA..F...e..f.Y$.I"i$...2(.J...Vqt= .S0..@U2...QFI..T..Q.........ad{....`.y..VN........z..........b.A.sx..Sq9..b.R.FX.....J...^J"r..c.r.ae.A4Pg..$...I.ZA.U..c....G#JJ.ct..bK-.WSS/.u.q....s....Uxx.@....".5..".,....#wH.......yS.W.......np.%._.V.Q..w....9.Ra:......X$..Ig[......j....Mh.h.6DOA....H...al"^.'K.^...)......t.V..$.PM...V7.

<<< skipped >>>

GET /huandeng_pic/hd13.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Sun, 24 Nov 2013 11:06:54 GMT

Accept-Ranges: bytes

ETag: "01b74485e9ce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:45 GMT

Content-Length: 53989

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2013:11:24 19:06:22.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................l.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.................?.f...z..B....Y........5......t...3.F............u.~.. .........._..8.5..F...7l....1..........R.....U.Vnh.w..?I....ap..[:..2}.......3.o.}..g^.O.z.C...$.g.}..r=..../.7&.R[eu......u.I...e@t....m-....Z....i.7.Uy.~.gYc]s.Ac..6.w.>....7...qnC......wo@.C.i...U.Whq.......2..{.....}5...S.]...Z~ ...<.......'..w...S...d.2...W..e..v.-.LY.4^kjA....#.5..%.J/M-...N()Z..5-....^..F.............q....X{5........o..f.m.z....:.p>.o3...Y../z....Y..@$6.L5.....h..Y...2..u.s....q..c...W...|..%.wU....a.sd....-..GkUSas..I... ....MV.h...e.N..1..........2k.0~h...?!..O..l..a..Xw..Sg....wz'\...`.Kx0u...^..:.=....[..k....j..............Hq......Ul.....m.:..f.p .?.Y&d....7d.wV.

<<< skipped >>>

GET /img/new_logo.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 29 May 2014 17:03:17 GMT

Accept-Ranges: bytes

ETag: "80788ce25f7bcf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:45 GMT

Content-Length: 7778

GIF89a..R...........X.......................!:y.......'...../..5..?.1L.Lh.#G.)N.0V.f...........-T.3[.:d.Z{.Bn........................................Fs.Hv.K{.P~.]..i..w..u.................................................................S..b..c..]..m..o..o..y........................................................V..W..Z..]..]..a..........................c..f..h..l..m..{..........................i..l..n..o..p..p..r..v..|........................................................s..r..v..z........................................................................................................................................................................................................................................................................................xxxooofff...!.......,......R........H......*\......#J.H.....3j...... C..I....(S.\.....0c.T!....c.....'AV:.p.I.& -1l.u.sa......:..AV.YY....@V(ZH!.....[.z..s.....f.J....Q.R....\..X.: .k._p.....K....s%.....^..4.W.....O....[.J...iw3f..M. ...g..5....pS...B.......y...m..._U/....R..X..j..`..p......\.M....}`j...C.....bm.b^Ml...|aF.tP...fX.v.t.@......ZU.d../..F...1..k.U8.zQ...4....TR..V..@3X};m.`.;.'.a.i..4.5.....6.u..b...rE@.*6.. ...../...`K.V.~;....Z`..W*...jQ-....MG..T.8.gub.#......:.ueU...fdo...a.U(.l.FG......~..j)..5...n&IepQ.9..&N:.V....}.H....0. .2s..#..V.....@%mK...u.>..@."h_..5..Zdu7.-Z.h.......Z.H.t.."..J.in....jsG.._.......a.$1?.0&...9....i.....$..N*...t.f.......b.im..%,.(6.....G1.JY...0v.jv......r...W.g..K..sk..........0...t.^. ..jG.`...$...)2.....}..

<<< skipped >>>

GET /album_pic/album_2013_11_7_20_21_29_235.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 12:21:29 GMT

Accept-Ranges: bytes

ETag: "802abde2b3dbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:47 GMT

Content-Length: 3548

......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......X.Z.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...Onq......PoHW..F-=b@......!:f....O.EJ.OCZ_./.S.W~%..-I....6...!,.3vE$..'..............$....dk2.j.wa.~..c.*...^.B.....>.{;.q...|2.2.N..I..H..k.............iO.aqq%.....DbuU..r.. d.v.9......f..y'.!:..jF.N.....$.iQq... ..9.jh...u{..Lj..]..o....70]..P.. ...v...N.........3..j........'. .....8..V..c...x.F..c....X...IX7FS.`..F.............Dp.>..5....K.".6.!Sk..:.B.1p....;........o....>..I$;.a.....x.r.!....y...]..P..e.a....-r.....k.../...{g.n......<...Z.......%X..r2...vc.>..4......c...}...na..d[.....!..w.....Y.p.]A.J...A. .Z.O...G.f&m:..P...Ib..w......p.l.@.....cIy6.4..Y-.GoV........}....F E..T.F>.....w..}..:.-os.....Gf..R.[.0.O\..E6..O...Vd.....`....-R'.a..x.S....x....Y4..|.'$..2.}..........~...O.............2^.Q.Y...61..........#.go.V..\.Z]HJ.F0............s/.S.|.>.l.V..-.r........lC........>./....~.E.....a.........`.{....?....*..qV:...}......g.m.;..DB..*.{......R..4m .FC._...o.

<<< skipped >>>

GET /album_pic/album_2013_11_7_15_46_53_626.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 07:46:53 GMT

Accept-Ranges: bytes

ETag: "801447868ddbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:48 GMT

Content-Length: 2811

......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......X.Z.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..-.........o..@..#...q....3D...m...02q....ko..a....[...{.. .B^F.L}..\..5.w=l..<.U6.....1.<)k...c...r.NN}98. .....u..@m..........%....,1..........tFO.w..x..s.).Y.6...I....X../....na!V...c..k..!f..2.S...j...=........{......\...}.m.....B..:...-V.x.c.vkR.. ........c.H&u..qR...;@..yk...<..2vW!o1N.p>..H&..7OSV.G..A,p..8...T.ep..'.....i......V,..B_.AU.U..GQV....(.6w~....k...1DS.z..o..PK[.ZE..o.....?*..L.o.$ .VW..\...^...A......b.y......... W'.q..-.R.*5h{:{.:.e....o.dG...Ty..X^x..GYwc8V#....[..1_x..."..J......Z....O./r....].3....Um>....T.k.X.....Q..4..FK:..@..)....k.<g.../.;..c*...>...|]y....^.(qh.<g..u..z..........k.0.t...Y.V#.>......w/.R5&.......?6`.J..;.......v....j..| ...H.6.eix..).....].....x2..>...K..{..L..............<"..j......ll... .e..{{.Uv.>c...5..h..;,......a..F.;.W..3..3..=..4..G.....;....`OA.zU......@>..6.u,...~\m'L...b.....T..w.. .rZ.:...G....sJKD.I.

<<< skipped >>>

GET /note_pic/298857.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Sat, 30 Nov 2013 10:44:54 GMT

Accept-Ranges: bytes

ETag: "0972634b9edce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:48 GMT

Content-Length: 7346

......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......J..K ...........$..;......X{05..p...q..W.....Y.......=)...*...vv.Xo...U....[....c....H..~.. .3.jC.L"..pG....3.......$V..'$........)..w*...$*.nr...J...UO..jxmNIH..p...%;..DK...)..V..!R.g....;....F....H.1....&..._.&..W...E.#.Ss..&4...j.....2k....@.5.^x...c..,..Ye..W.is.....k..,I..Z.$.$.Gu.d ....\.x.%sc..2..f..&...'.#...%..."..>O.........-..]...."..3.....`W:...<xi:.......<...x.[?.:....;....Rs.V...Hm.&.e.;...g5.p.w..t....K/@=i..` HX...R1.9..nk...UH..'......9......Q.>.t......,.L.....Gp........._L....:..?.... Y..o3H....2......B*...<.....[).O......Y.[Bw0bX.W.x{...c...."....p......N.........H.w.F.4.........c"..M6K.2A'..k)..U..1......U............=.SRE..#o...h.8x..*.>..b.2......m2]...El..:.4P.!.u.s.4...j...6...E2..3.....).`..r.C.C....P...q..Y.......*..tY_.j.b....e .t.)n.C..H....U...[.Z.........-8~...Zzlr.=.0.!C.^.1....R..k>..X\.!...s.#......lAh.."..J........]gmb.W....ea..i......G...

<<< skipped >>>

GET /huandeng_pic/hd21.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 13:30:45 GMT

Accept-Ranges: bytes

ETag: "8070e88fbddbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:51 GMT

Content-Length: 50203

......JFIF.....H.H.....GExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2013:11:07 21:28:10.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................H...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.................?..@ShL......S.0.` ..S. ...R.)...`$.....'........l......Py.k4..^.M..W@\.XA.mgG:I...<..Yg.7..Y..ht.}.6......X..........Yx.c..[.ZN....Q.........@s)..$.n.s.......~........v.4/.l.[.:..H.>....h.s...[.v..u.g.,...z._../..Sv......q...a....y... .o.....?...2N..]..mop.sTS... ...g..y;.Xt......I...(...{.sa.....T..]..ok.. .....MV@.*H.&;0.r....:].S...t...d..~..m.H.....u.}6-..k..~=...&.w$i.>.....N.n...y.]....E.^.\.....x..7...z...V7....hDhQj.BzY....B#BH\.0.....\.0.Z..J\. ..H.....!.].u..ix...R..?....f..-....@..........j...)......~y.1....U.dl...3._.sq)..6;.X..........E`7c6._r...?.........Z...Ux.8..)..$.$........=_.*.[..X.!..\l... L............W.jW..!...........%.n

<<< skipped >>>

GET /huandeng_pic/hd33.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 13:42:32 GMT

Accept-Ranges: bytes

ETag: "0145035bfdbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:54 GMT

Content-Length: 53270

GIF89a..............r....,$%D.$4..VEIE,4,..<$,;57...$..*.$4$-...7,6......pYsA9F,'4........$..................x.....,444?7...,4(.....H................................8.....z........d........"..............,.....-,$...U...$..4,...l<4...V......... $........./$....w4,........u..g....J4...F......B ...N..},.....sK.8&.<,.;4*...X6..T.bA.....Q..t2..\...e8.G*.D-..Z,K4...p $..t.w?.$.....,....>4$....S<$<,.$..4,$....a...;....w,.Z(V5..ud.....$L,._=#Q=-..z...,...f"<$.D,...~..h:...m..L..Z&..U..h.m!.q,g6...?.sJ..YrH1.jKJ4'._.Y%....._ 5..$..L,.T4$,..a?..\G4$..w`<,$wdZ...D#..E).wL.X:eL@.N.w ..J.h&.y9.L$..Y8.N7pUJ./..9..;..D$V)..h>.b?o:&^4$X@7....<..6..H(.Y4,...K24..<$.N...>.x-..I'g)..S5.K5<..D$.f..G,&&..V,$^4-T4.=..L$.5..H87.........4.....,..<..4..$..=$$...,..4$$...<,,$..3,,...............!.......,...............G.N={...s..a....5h0.A.x...s..V.R.B..%J.HR(...&L..f.......<k.r.|@....@...*..A{.~.u..^F..J...k..t......_..=}........"X `.....".u..n..j.V...o...:t.........X...c.."G. Y.........C...Bo.........X......[..M.....s...[. ./..F.z.....p.$.K%N.8q....(\..)..M.vi..q...>.1..B%.N.:.d....&_>|\..'...?...."J.... ..x..6.@.LI..D@ ........HD.FDQ..0U.,. .....C.J..d.H...R. .2.K..TN8;...5..".V=q..A...O.P...EL.3KG.43.,X.2..[VuU). ...<-..Y@e.&.....Z.T`A.m.I.].X..^rV ..}QPXb.q..#.u....].Yd.\v.h...A...VXd.i.C..n Y....Zl0h..i....m....[k...[l......).."/(.......r.U....]W.|.(.]w.(.M.....~.I.-v.%c.~...n...g`....L*......&..3.Dw]2.......3.....!C...N:..RN9....(...R...(R(l...0..2. ...L...R..1U..-..S.C\.#

<<< skipped >>>

GET /img/iconjans.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Sun, 10 Nov 2013 14:48:44 GMT

If-None-Match: "06ecf423dece1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Date: Tue, 25 Aug 2015 11:16:27 GMT

Etag: "06ecf423dece1:0"

....

GET /adx.php?c=d25pZD1hN2FmY2I5MGZkZDE1YzdiAHM9YTdhZmNiOTBmZGQxNWM3YgB0PTE0NDA1MDAzMzkAc2U9MQBidT00AHByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAGNoYXJnZV9wcmljZT1WZHhLY3dBSlN5bDdqRXBnVzVJQThoNEdRdHp5MDM3OFBKV3dmZwBzaGFyaW5nX3ByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9NDJmY2Q2OTE HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=1&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1522x8&psr=1916x902&pss=995x1784&qn=6017087a97ff6662&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.656.3125.3125

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: wn.pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 25 Aug 2015 10:59:01 GMT

Content-Type: image/gif

Content-Length: 49

Connection: keep-alive

Expires: Mon, 26 Jul 1997 05:00:00 GMT

GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Aug 2015 10:59:01 GMT..Content-Type: image/gif..Content-Length: 49..Connection: keep-alive..Expires: Mon, 26 Jul 1997 05:00:00 GMT..GIF89a...................!.......,...........T..;nt>....

GET /adx.php?c=d25pZD01NzEwYTU2ZTc4YjA2MmY3AHM9NTcxMGE1NmU3OGIwNjJmNwB0PTE0NDA1MDAzNDIAc2U9MQBidT00AHByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAGNoYXJnZV9wcmljZT1WZHhLZGdBSllmSjdqRXBnVzVJQThoVVdnYmcxTVo4N3NxSjc4UQBzaGFyaW5nX3ByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9N2MzNDY3MjI HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=2&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=878x293&psr=1916x902&pss=995x1784&qn=1c53e6c91e61ea50&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=ç¼˜åˆ†ç½‘ - ä¸å›½æœ€å¤§çš„åœ¨çº¿éŸ³ä¹åˆ†äº«ç½‘ç«™&tt=1440500345980.4078.6141.6141

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: wn.pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 25 Aug 2015 10:59:03 GMT

Content-Type: image/gif

Content-Length: 49

Connection: keep-alive

Expires: Mon, 26 Jul 1997 05:00:00 GMT

GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Aug 2015 10:59:03 GMT..Content-Type: image/gif..Content-Length: 49..Connection: keep-alive..Expires: Mon, 26 Jul 1997 05:00:00 GMT..GIF89a...................!.......,...........T..;nt>....

GET /adx.php?c=d25pZD02NDdmM2I0ZjA1OTZiZWIxAHM9NjQ3ZjNiNGYwNTk2YmViMQB0PTE0NDA1MDAzNDMAc2U9MQBidT0xAHByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAGNoYXJnZV9wcmljZT1WZHhLZHdBUE4wOTdqRXBnVzVJQThnLWkwMEhqbDQ2bXJMaDFJUQBzaGFyaW5nX3ByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAHdpbl9kc3A9MQBjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9OTdjYWJmMGM HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: wn.pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 25 Aug 2015 10:59:04 GMT

Content-Type: image/gif

Content-Length: 49

Connection: keep-alive

Expires: Mon, 26 Jul 1997 05:00:00 GMT

GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Aug 2015 10:59:04 GMT..Content-Type: image/gif..Content-Length: 49..Connection: keep-alive..Expires: Mon, 26 Jul 1997 05:00:00 GMT..GIF89a...................!.......,...........T..;..

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8888.33591.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Cache-Control: private

Content-Length: 139

Content-Type: text/html; charset=utf-8

Location: hXXp://8888.89919.com/

Server: Microsoft-IIS/7.5

X-AspNet-Version: 2.0.50727

Set-Cookie: ASP.NET_SessionId=lbhl0v45vziwtibuf4axnk55; path=/; HttpOnly

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 10:56:47 GMT

<html><head><title>Object moved</title></head><body>..<h2>Object moved to <a href="hXXp://8888.89919.com/">here</a>.</h2>..</body></html>..HTTP/1.1 302 Found..Cache-Control: private..Content-Length: 139..Content-Type: text/html; charset=utf-8..Location: hXXp://8888.89919.com/..Server: Microsoft-IIS/7.5..X-AspNet-Version: 2.0.50727..Set-Cookie: ASP.NET_SessionId=lbhl0v45vziwtibuf4axnk55; path=/; HttpOnly..X-Powered-By: ASP.NET..Date: Tue, 25 Aug 2015 10:56:47 GMT..<html><head><title>Object moved</title></head><body>..<h2>Object moved to <a href="hXXp://8888.89919.com/">here</a>.</h2>..</body></html>....

GET /stat.php?id=5862873&show=pic HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s22.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Date: Tue, 25 Aug 2015 10:59:04 GMT

Last-Modified: Tue, 25 Aug 2015 10:59:04 GMT

Cache-Control: max-age=5400,s-maxage=5400

Via: cache28.l2de1[670,200-0,M], cache5.l2de1[684,0], cache6.de1[683,200-0,M], cache9.de1[684,0]

X-Cache: MISS TCP_REFRESH_MISS dirn:6:700978635

X-Swift-SaveTime: Tue, 25 Aug 2015 10:59:05 GMT

X-Swift-CacheTime: 5399

298..(function(){function k(){this.c="5862873";this.R="z";this.N="pic";this.K="";this.M="";this.r="1440500344";this.P="oz.cnzz.com";this.L="";this.u="CNZZDATA" this.c;this.t="_CNZZDbridge_" this.c;this.F="_cnzz_CV" this.c;this.G="CZ_UUID" this.c;this.v="0";this.A={};this.a={};this.la()}function g(a,b){try{var c=.[];c.push("siteid=5862873");c.push("name=" f(a.name));c.push("msg=" f(a.message));c.push("r=" f(h.referrer));c.push("page=" f(e.location.href));c.push("agent=" f(e.navigator.userAgent));c.push("ex=" f(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(d){}}var h=document,e=window,f=..1cdf..encodeURIComponent,l=decodeURIComponent,n=unescape;k.prototype={la:function(){try{this.U(),this.J(),this.ia(),this.H(),this.o(),this.ga(),.this.fa(),this.ja(),this.j(),this.ea(),this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.pa(),e[this.t]=e[this.t]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},na:function(){try{var a=this;e._czc={push:function(){return a.B.apply(a,arguments)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b ){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[object String]"==={}.toString.call(c[1])?c[1]:String(c[1]);.break;case "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}catch(d){g(d,"cS failed")}},pa:function(){try{if("undefined"===typeof e._cz_account||e._cz_account===this.c){e._cz_account=this.c;i

<<< skipped >>>

GET /media/v1/0f000PCl-eM7bK8cufB8p0.jpg HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ubmcmm.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:59:05 GMT

Content-Type: image/jpeg

Content-Length: 33036

Connection: close

Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT

Expires: Wed, 04 May 2016 04:39:00 GMT

Age: 9699605

Cache-Control: max-age=31536000

media: media

Ohc-Content-Crc: 934791390

Server: hkg01-sys-jorcol02.hkg01.baidu.com

......Exif..II*.................Ducky.......P.....ohXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:05E517B31664E1118CED844A5DA008F8" xmpMM:DocumentID="xmp.did:A90DCD81D00D11E287D4AF7341D5F52F" xmpMM:InstanceID="xmp.iid:A90DCD80D00D11E287D4AF7341D5F52F" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:209A11860DD0E211AFDDC0A5C709F9EB" stRef:documentID="xmp.did:05E517B31664E1118CED844A5DA008F8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d......................................................................................................................................................................................................................................................!.1"..A2#.....WQa.G..qBb3$t.%V.R...FgX.r.H..S4DTd.U.&f.'(.......................!.1AQ.aq.."........2..Sc..BR.T...br...#3$..s4Dd%............?....."h..&.."h..&.."h...v..m.r..&."m..6..m.q.&.."h..&.."h..&.."h..&.."...V-.x..M.5L..t..4.!.s..0...<DDu....5....b....q..$...w>.q.y..k.... "S.n%j.D<

<<< skipped >>>

GET /sync2r.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1

Referer: hXXp://pos.baidu.com/sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: release.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 2047

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:08 GMT

Etag: "55dc1feb-7ff"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Server: nginx

<!DOCTYPE html>.<html>. . <head></head>. . <body>. <script type="text/javascript">. var sendByIframe = function (b) {. var c = document.createElement("iframe");. c.style.display = "none";. c.setAttribute("src", b);. document.body.insertBefore(c, document.body.firstChild). },. getCookie = function (b, c) {. var a;. c = c || window;. var d = RegExp("(^| )" b "=([^;]*)(;|$)").exec(c.document.cookie);. d && (a = d[2]);. return a. },. setCookie = function (b, c, a) {. a = a || {};. var d = a.expires;. "number" == typeof a.expires && (d = new Date, d.setTime(d.getTime() a.expires));. document.cookie = b "=" c (a.path ? "; path=" a.path : "") (d ? "; expires=" d.toGMTString() : "") (a.domain ? "; domain=" a.domain : "") (a.secure ? "; secure" : ""). },. getUrlParam = function (b) {. b = RegExp("(^|&)" b "=([^&]*)(&|$)", "i");. b = window.location.search.substr(1).match(b);. return null != b ? decodeURIComponent(b[2]) : null. },. currentDomain = document.domain.toLowerCase(),. referDomain = (docu

<<< skipped >>>

GET /userdata/2015/08/19/00/52330314.jpg.small.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Tue, 18 Aug 2015 16:52:33 GMT

Accept-Ranges: bytes

ETag: "f126147d6d9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:46 GMT

Content-Length: 7970

......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..x.9.......v8O.W......}......;.W..E...E;.>...|........."#./..*..C.;.......&..Z.r..s..>O......9...Ah..'.m..|..~..:..si..$l.c...O..?h.e.2J".\.....A$.TD..[.........SK.Q.[$c....._....3-........'...4K....-#..u{.w..._..o.... ..U.......kCqF....m.|@..J-.O....Y.......> A...d...>.q.&-..L..:.....O.^Ak.i.......@H\...j/.i.#_.......Q...>..qm^Q..#.wk..ksmy.........5l#./.. ..4hb..O.{9$<.r....X..k..'...[.....z^........)v.....*...Q..k..../$...j..s....b.P........B...C...V..,.......N..A#4..C...up..l..Stf....,.....>....!......Q\. ..(..B......>t.9.P...Ey.2..)'...4.q.s.1.V..1.T....c.z...l...........G4.%mJ......f.........U.NO7R.'.z.O.U.m.oQ...../.t 8Y.r.G....yN...W_....f..........U.n8...P.....lT...d.:t.....I.9..dU.`...z.....J......d.;......../.qEE./.9....WPqU.....Wc.$..x..O..^...#.g......H...w.}....v..Uk.<}..|.h..!.Q....-.:0....5....[..n|..J..=9....5..>......T..=>...}........R.....if....5

<<< skipped >>>

GET /img/dldldl.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8888.89919.com

Connection: Keep-Alive

Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sat, 02 Nov 2013 09:50:33 GMT

Accept-Ranges: bytes

ETag: "dc133bf9b0d7ce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 10:56:56 GMT

Content-Length: 627

GIF89aa.!...........t..t..s..q..}...........n..w..z.............................x............................!.......,....a.!.... .1Ji.h..l..0.qWA.x..|....pH(\...r.l:...sJ.6K..v .r}..X....ht..CT.?He>.L..Jd\..:..........a>....{b}Vxw............>....ii...|R\......a....>.........[.....9......>...._.V.....h...A.....\.....`....h..Z...v.....pt0cG...uN. . .G.K.D-.CqZE:.. d....[..$...B.t9".....Y...Zm9 ...r...C..AD....0P(f=1...@....=-W.]c4.=3k|........ .. A.1].f....WU.7.C.VL.;........d>;..D!.0.."ir..@.U.>.=7u...<.ld..@..'.h....a.c...,.. ...N.K.Q......f..0.V.....'..s....lG...e.ur.........=v..T6...C.....@.q#...E$p.`..........C..;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Sat, 02 Nov 2013 09:50:33 GMT..Accept-Ranges: bytes..ETag: "dc133bf9b0d7ce1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date: Tue, 25 Aug 2015 10:56:56 GMT..Content-Length: 627..GIF89aa.!...........t..t..s..q..}...........n..w..z.............................x............................!.......,....a.!.... .1Ji.h..l..0.qWA.x..|....pH(\...r.l:...sJ.6K..v .r}..X....ht..CT.?He>.L..Jd\..:..........a>....{b}Vxw............>....ii...|R\......a....>.........[.....9......>...._.V.....h...A.....\.....`....h..Z...v.....pt0cG...uN. . .G.K.D-.CqZE:.. d....[..$...B.t9".....Y...Zm9 ...r...C..AD....0P(f=1...@....=-W.]c4.=3k|........ .. A.1].f....WU.7.C.VL.;........d>;..D!.0.."ir..@.U.>.=7u...<.ld..@..'.h....a.c...,.. ...N.K.Q......f..0.V.....'..s....lG...e.ur.........=v..T6...C.....@.q#...E$p.`...

<<< skipped >>>

GET /newskin9371/images/rqcode.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8888.89919.com

Connection: Keep-Alive

Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 28 Jan 2014 19:45:07 GMT

Accept-Ranges: bytes

ETag: "a657c372611ccf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 10:57:06 GMT

Content-Length: 6930

GIF89af.f...............................................................................E0..v.iI.D0..S..a..z#fC._?.lG.[=.=*.[?.,.....sH.;%..e.>'.T6.b?..U..p#iC.H...]!mH.X:.G/.@ .gE.H2.!..tH.nE.lE.^<.?(.E-.lH....P/.?&.`<.W7.L0.H-.D .\;.W8.W7.Y9."..6$.D-.1!....E'.S1.A(.$..;%.W7.I..R4.='.#..<(.A&.N0.3 .A).<&....!..@%....&..#...........................................................................................................................................................................................................................................................~~~|||zzzxxxwwwuuusssqqqooommmkkkiiifffeeebbbaaa^^^\\\[[[XXXWWWTTTSSSPPPOOOMMMKKKIIIGGGEEECCC@@@>>><<<:::888666444333111///---***(((&&&%%%###!!!...............................................................!.......,....f.f........H......*\......#J.H.....3j...`,r C..I.......,. ..h.x%..R.AI..}JHK.Hn....F.hH\...........!....2...8K........J(.*........).....;V....w...;...d.o.....Z.....%.."c.(....0.]y....V..v....K...b.....'!....6..:.SK..\...`.......`.fC.?...R.7....M....=....#...........m.........v=..h.N.=Af....x...C....1.].]....]j.P..,.D(!P...G!.dHI".=3N1.H".8..dI..Lr..,z.X.....7..#^9.." h..r........5X.0PEpH..a7.oz..Uk.e.dW....&l..$k.5.VK....ZO5#....4]u.@%.!zx7.#......,..*.de.q.,..$z<b...Z.Y*.0b.".@........O]5d....@.O...T.0..q....5.f....`>"...Z....@.).I.b..r.i..~...y....S..z.....]..@.@*....S...@ .v.&.... .N.jgl...N8..K.%.V.....`I.....8..[N>......p..S..8n.V..*A.......&.[...%.....S...\[O...!......@......q..H....D.

<<< skipped >>>

GET /app.gif?&cna=ezhjDrYCjAACAcLyYOLflqIz HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: pcookie.cnzz.com

HTTP/1.1 200 OK

Server: Tengine

Date: Tue, 25 Aug 2015 10:59:08 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=ezhjDrYCjAACAcLyYOLflqIz; expires=Fri, 22-Aug-25 10:59:08 GMT; path=/; domain=.cnzz.com

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: Tengine..Date: Tue, 25 Aug 2015 10:59:08 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=ezhjDrYCjAACAcLyYOLflqIz; expires=Fri, 22-Aug-25 10:59:08 GMT; path=/; domain=.cnzz.com..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cache..GIF89a.............!.......,...........L..;..

GET /video/mv/141204/2195219/-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135.jpg?t=20141204180518 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img4.yytcdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: T1_WEB/

Date: Tue, 25 Aug 2015 10:59:07 GMT

Content-Type: image/jpeg

Content-Length: 10499

Connection: keep-alive

ETag: "0108721418"

Last-Modified: Tue, 25 Aug 2015 09:33:30 GMT

Expires: Sat, 24 Oct 2015 09:33:30 GMT

Age: 4779

Cache-Control: max-age=5184000

Accept-Ranges: bytes

Pic_Server: M_PIC_213

X-Backend: 192.168.1.233:7001, 192.168.1.213:7001 : 192.168.1.12:7500

......JFIF.............C....................................................................C......................................................................................................................F..........................!.1.AQ."aq..#2..$B....Rrs...3b........................................&......................!..1.Q"A.2a.qB............?..._O..W..2..(.*JJ*.?......a...'.Q...q3r].7c.......z..1.?.Y.i1.bu{...I..~..Y.I%.#.:..KxC$q.*.A....2.P....\(o...........M.& .3......N.5S.4~....Ii.....[FqA<..c#.f...G...Yq.$g...psr\.#|1...?`b.i.@N0.|..w..3.v%)F1.PS..K.g..: ...6Lj.i...Q.......1....,.m6.......Ge.sE`.sY...J.CkP..{S!7.....]-.sS....RH..B...upf.H.8'."....n[j*.iVB......mS4...&...a......E....9..I......'Oc{*...B.u$L%X...{*^..m....]......tvN...8.`.F.c<..g.CFL.h..^.I....V.a..........fg..t.....q[.l.RFx......t.a......9...!4..DJ..f.>..a%...%].b.r.Q.d#l.6..)N...?'~.....`.{....Y.'......$.hC.S..,.m@.d.._.v`..G.m..x1..2...!).....G.W.6r3...........>R0..........?.s..T........Dhh.XB..\.......K.Z.P..J<..5K.XKie!.q..j1l..j[~.......[.'..!D.._.${Ci.....[....<......l ..d..W.......F....4_V..W...V...y...*.R!.)......|h} L]k.{..qK..6..G....4.F}.^...^.uH....>9......&.%....c.W.q..x'.w..%...@.*Q.nG...C3...........7..Q...:.......kG..H........r91.-.N>.B;.&..RT.H8 ..i....u.@%T.0d...)J& .6...n.....s...>..m..j^.R......F)..8.J.~=..s.GW...Q..3....n..R. ......)~...v.]U....<j..#O:.)%..>.v^<.......Y..... {...'4..E.=.xv5....ZPA.........Z.....`.0....W........GJF.1.@.L.#VB....=juaSda.m.<HN~U:...|k

<<< skipped >>>

GET /sync2r.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1

Referer: hXXp://pos.baidu.com/sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: release.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 2047

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:11 GMT

Etag: "55dc1feb-7ff"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Server: nginx

<<< skipped >>>

GET /tpl/ac.js HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dup.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:59:15 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: close

Last-Modified: Thu, 16 Jul 2015 08:53:20 GMT

Expires: Tue, 25 Aug 2015 11:02:46 GMT

Age: 89

Cache-Control: max-age=300

Content-Encoding: gzip

Ohc-Content-Crc: 1751464740

Server: hkg01-sys-jorcol01.hkg01.baidu.com

63f.............VmS.:....0.;A.hM.v..vU........~.\F..X..\Y&....=r.B.;s..d..t$...<G8o....L.....s*...wQ...i....<.&.."....kg...Z..o.f....r~..^.X....Y\.M...V.o_.'...Q.....C.W$.*.^,."$.........E.. ..!...V.........66............N9...i#.,6.NO....u._^...g.....r.S0.."........".]....%....;|Ws.(P....5..`.s....B..=..9..0......RU..$.....Z2.....S.../.r...6`.?Q.x.3...v.......].....'....`h..B.i.....k.`ho..{(.)/..0$@9D%...j.......`.....6S..EQ. .N*...!.v..7....8g..V......w{.}............G./.qVb.B.x. 0@....8..S........ip.......,|..G.1 .hC.i..6.}.Fi..5..N..Ku..c$r......R0.[.......j.'..g.a.#I7.i.(..l.'..S.u&d.}.....e.l}..I.}QS.0F..ED...1|.[z.W..._."..W......P. .Qv$..zQo...5I.7AhI....:).k......k.T.".V...B..<..n..uHe.(.UW.......}m...f.!..^ t..2.P...G(..?.^-.. .a.7.D2........01Y..bi .M...u...a....r.<..`.Nl......(...2..R..9..`...k..p..g.....................#.;.dK.\R...Psg..F......X6*....X..g'W......m.{dGD.T0...................7.&..D$.s.o. DB......A...m...p....E.W.<.d.V2p.......:.}n...\.............pp.....t.3]j.\Vh).A!........\.5.l..d..{.b.s..D.mi.B.l...2..n..._]...Z..Bm]...*.m.......'(...4:.m..........YPK.%...b.....J._-...h.NC.....s....3....,.; k{.Y..f....b4.......>.t.[.@...S9.L....m..`?...XLS ...};.;(..i7..M.$..x.o7...h...}9.e..M)_,.fN.Bo.g.IA..IP.......`0.......N.......g\..X..........B'..&.IE.H*.dJE..R....y.@.e.t....R%-.....]..&.z..,Sp~. ./....P..@..*....<.*.2`.....d...........v.M.z.(.p.f...g_W.....&....xo .s..{r...2....&.z..m].l..r......q...Z.........8.7. ........~.......>......i..-...*Q..i.ez.U.Q:z.6.........

<<< skipped >>>

GET /sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cpro.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:59:06 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Last-Modified: Fri, 21 Aug 2015 15:41:51 GMT

Age: 97563

Content-Encoding: gzip

Ohc-Content-Crc: 327863765

Server: hkg01-sys-jorcol04.hkg01.baidu.com

GET /9.gif?abc=1&rnd=1882719831 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cnzz.mmstat.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Server: Tengine

Date: Tue, 25 Aug 2015 10:59:07 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=ezhjDrYCjAACAcLyYOLflqIz; expires=Fri, 22-Aug-25 10:59:07 GMT; path=/; domain=.mmstat.com

Set-Cookie: sca=2cbdf709; path=/; domain=.cnzz.mmstat.com

Set-Cookie: atpsida=409600bb180fa85a41990390_1440500347; expires=Fri, 22-Aug-25 10:59:07 GMT; path=/; domain=.cnzz.mmstat.com

Location: hXXp://pcookie.cnzz.com/app.gif?&cna=ezhjDrYCjAACAcLyYOLflqIz

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server: Tengine..Date: Tue, 25 Aug 2015 10:59:07 GMT..Content-Type: image/gif..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=ezhjDrYCjAACAcLyYOLflqIz; expires=Fri, 22-Aug-25 10:59:07 GMT; path=/; domain=.mmstat.com..Set-Cookie: sca=2cbdf709; path=/; domain=.cnzz.mmstat.com..Set-Cookie: atpsida=409600bb180fa85a41990390_1440500347; expires=Fri, 22-Aug-25 10:59:07 GMT; path=/; domain=.cnzz.mmstat.com..Location: http://pcookie.cnzz.com/app.gif?&cna=ezhjDrYCjAACAcLyYOLflqIz..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cache..GIF89a.............!.......,...........L..;..

GET /style/new_index.css HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/css

Content-Encoding: gzip

Last-Modified: Tue, 26 Nov 2013 13:15:54 GMT

Accept-Ranges: bytes

ETag: "0e1ada2a9eace1:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:39 GMT

Content-Length: 3571

...........\.r.H.....w`..G.t..v$..,}b....H..... o.?.\.#. L-T.U. .....c...../....?..k.....>_........l..d...K..?.........o..t.........X\......y.;.d.yC...Ej...tYVezc...6/..sx...I..%..0.rOC.[.ds.......~~.......^^...(..:...6}j.m.......kAG.w.CZ[....>.....sZW.6../.M.&....\W..........]...M....7]G..C]9..c=9..w}q..Bno..P$..j.|.MK...........1...2{...nI......7...tz@/.<}\..Arr.....i.QRH{....f_. ....:.e....:=.Ik...).%/%.."..q.}8X...,.......W*f&..$..Ho[.... ..0.I..........X'xq....&J..iy.R.(.RB..6....E}...i.k...g..yX..r...B.1...\dnu1...7U.o..mB/..s......G....e.......d...........}..?.....!).dV...\.7...H......Yv)c..^7.2x..$.L..h]........Q8_.xS....|....Y.J.< ...l.z...}R..=......Vg...eH"...4...D..<..... 2/.f%S..,...zr.RLe......j.|H...w.....4.L..Ln.[..d.......1..N.Mz./|2.Ps.|Bg%...|S.wI...l....y$.k.Z...%z..H.....,.M.>..../..8.........g.........)..L).._~...O{...6?...DD.'6..:......F.......;....sc.tu.>.R...u..C.P59.....;........i.-....6o...).....eruE.....Oh6.}..q.\5@.gJP....vu.cK.,..)........5.s.......L.TLY?P..........Kp2>Ve.g6\[..!i......1'......6.bHm.V......*./...Jm...H..6........J...4:........XR...4.k...[.q#h...!..jD.M.A5b>n....j.].V....*D...Jis.....P..~Y.B&:?x...s.pN.U....Ql.zi..Q*..L.u[N........?....fH....z......9.....E[.1%.F....\!A...J..F..Q..w..d....4....N.......0.....2...,g.|.r........^..9..V..t$ag.,ri..7.B.....Ki%.....Vb..^"!.a....u..9...N`J....D.=%..)....f&&.........I.<U>.@..VbM.T...&...DP..s.B.k.'.....xH.|.\[.....u~.,..lH..!.n&.?K6m..~,6.<.x.....L.X...o...p'. :.z..c...gIW.....r.^...Fg ..\

<<< skipped >>>

GET /js/tabs9371.js HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Fri, 30 May 2014 05:40:44 GMT

Accept-Ranges: bytes

ETag: "05612b3c97bcf1:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:41 GMT

Content-Length: 860

...........WMo.H.>{%..;T..8!.H.....{.=...&...vb..8)t}..J.J....p.....*...B...x....mZ....43..yf.g.7o..<.n..i..s..=...?{D]b.....v.?.../...4:4`..77.YM...t3.$.3..2[C...jm..N....d.0..-.Q,....D..lT.h^H.YV.g.c.^Q!~ ..!...s...O.~.,........)y..|....R........@.I....]...{.O........]:..c0iJ..W.s.20.q...........|.=...'.4..vqt....../...........*...r......*.w*r............O!....D....L13.kn......c,H...vr....B.,...6$[d...v<.W.j. $r~...O.m.J.x......0=. I.1.RC>.......X.;.~F.E.). ....>f...;}Y"T...q.a>'..i.CN.r.Ro.........(.,D` gD.]."K_[..L.1..MJ?.;.,....\....Y.P..E..........Rn..(.z.....$rS...d..k#.K^^L..,......tI..(...x.\...-"..o.a/......E.r.g.......,..E.p..Z.O...0X...x.R%;*............byX;......4.|...$@.B........0..n.z.IT.i..0...v/.S0... ...K.].L..a..pm.^O.....R...Y..W.oE../.....>w.............bVM.d.....g...vM.5:..Z.:...t.c{.`W....wM.....7/7....xs...~.....8.1.5...........

GET /img/top_bg.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Wed, 30 Oct 2013 05:37:27 GMT

Accept-Ranges: bytes

ETag: "8085131e32d5ce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:42 GMT

Content-Length: 322

GIF89a..R....................................................................................................................................................................................................!.....*.,......R..._@.pH,...IG.q..#.tD.V9.Nc...F.C.A*....``..J%ObR......C.|L&.........&...&'.'.'... .(..((.(.(!!))A.;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Wed, 30 Oct 2013 05:37:27 GMT..Accept-Ranges: bytes..ETag: "8085131e32d5ce1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date: Tue, 25 Aug 2015 11:15:42 GMT..Content-Length: 322..GIF89a..R....................................................................................................................................................................................................!.....*.,......R..._@.pH,...IG.q..#.tD.V9.Nc...F.C.A*....``..J%ObR......C.|L&.........&...&'.'.'... .(..((.(.(!!))A.;....

GET /huandeng_pic/hd10.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 13:07:54 GMT

Accept-Ranges: bytes

ETag: "071ba5ebadbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:42 GMT

Content-Length: 72191

GIF89a.............I')6..H68D..;..T,4E.$<.$9% '..*..G 44.$4..<.$=.,...4.$,.$4.$(..<.,,.$4.,H<D4.,'.$...,.,4.4$.$,.,7)7OHO... $,:4;".#..$........$$.,..,ZU^..$..,'.4..,.....$!.,..$..,73E..,..4..... A>M)&8..4..,..$........4..,..$.....,..4..$..,.$8........................................................................................................................................................................lT<..l...........................................................i..x..l..{........x.....v..................{T:.~\..i.|b..y..........xk............kD,.X;..l.`F.sT.lR..k..t.......gX.......a@...jUJ.........................N..qPyK6.._..zyWHuA,..k..t.........{oj.;"jF9J4,Y5)..u......w]T............g8,...o,.tLDYEA...mdbgKF...gZXO!.W*%[RQ` .4..X96...O.......................!.......,..................A-a.J....C0..X......./V..q... 3f..%...`..Q.$...0_.....C'.Z......,Nl..J4%J._>*...a..V.....bE..)N.:uk.....e(.bV.L .L.E..L.....fa..b.......I..@A.R.C...&...R.-..T.,9.e..?V....M.aZ..IZ_C.5y.\.:.....H......?..v....,R.N..e2.)W..l.....X.O.guqb.Y..}.2lI../j..L)!\,q...Bi.v...Z:.W/^.....^....Ha..d.u4.._........f.5..S8...gfE.PP...Oh...Z.9..F.B...Q.....g}AY>.]$.Sd5T.f.Mg.VV....%.5.iY...|_....E>.F\..E..V...TY...M...Q._...`....w...VG.y...S...e.!X.dKa..H.}..Inj..P=.$......i..f.P...E?..G..0j....}$.IN.F$I.PD..1..&IP...E.M%i$.].........qe..zZr.]_].%.oz..RV.....rN. ..I.`......v..Q.#.J.._...EBJ.E?b..a....SN..X.u..g).].._..v...7>.]...$...~......Q...z...>..\]...z .F&J.z.V..-..%/>4Qb.".....9.R...Y.Iy....y.-

<<< skipped >>>

GET /huandeng_pic/hd12.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Sun, 24 Nov 2013 11:12:14 GMT

Accept-Ranges: bytes

ETag: "03b3076e9ce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:45 GMT

Content-Length: 63661

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2013:11:24 19:11:53.....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................l.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.................?......W....f....K{[sI.Sft).......0zR%\....X_h. W..~......n.e..N."..iv.OJ|?....a...!.g.z...b.f.U..?......I.^.$.T....`(.G*U.D...v..(kw..N%.a. ....M..Yr....64.......C...1..v\zQ$.S ..I$.Z.....:..Uv..d.P....z.a &.J.w.:..... ..Y2-f....X..o\......D......W....3*..k`..[g).R......Y4......[.`f.,..`V,.........r.,.........Y...._NwQfE9u...u.......U.w.*.w.......'....N.".....8.5..N.....E...l...-k......p.........Ts:..d.etc.:...\.kw.........H.geF$......,.d.Uw...p...}N.m.}..Yv...X.[f...4....]......g.t,. ..kskah.1....i.D.....t......)...[}.........;....A.|.]Yn.Bf..@M.K....Q..Nn.5..5()Np!..,..w.3...............9i..3....K..........6._.8......F.k..n..Yz'....}e.uuAS._..V..X..k.

<<< skipped >>>

GET /img/sizikqak.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sat, 02 Nov 2013 05:40:47 GMT

Accept-Ranges: bytes

ETag: "805986148ed7ce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:45 GMT

Content-Length: 59

GIF89a...................!.......,........................;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Sat, 02 Nov 2013 05:40:47 GMT..Accept-Ranges: bytes..ETag: "805986148ed7ce1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date: Tue, 25 Aug 2015 11:15:45 GMT..Content-Length: 59..GIF89a...................!.......,........................;....

GET /album_pic/album_2013_11_7_17_13_15_360.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 09:13:15 GMT

Accept-Ranges: bytes

ETag: "8087fd9699dbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:47 GMT

Content-Length: 2527

......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......X.Z.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..c|..F.....t.^.XI".'.j....F..K..Eu6.. ...^.<...D...X.\(......F.0.k...t.1s{.....g....G&.._..cnZ..S...."?._..!Z..lc>W.=.....4...Z$..bN6........ZO.u...p!..0<....x . ..~...x..[...........w....?*...w$ .io.q.QR!........{..6.....`U...`.IV....7......w#...}O.U....(....(.......jW.......M]f.32..p...x... &..TW;5....6.... .Y ....,I&..#._.....Gp.&..v....R../"2..8,...j.....8.-c.[.Q...b..Ci;...n....A..'.8.Z~.q|......$..w0.cO.49.]Z?....[.....2......z..M^..Sis3..QS.]=....$h.rV$....J..0.(...(..--.a...;Bp..N...}..J..}g:.5..q..h.q].....#.<.. ]K.V.C.B......\...j...;...........4{..$w.E!.e..0>..^a....].n-..X..R6P.O...c.^....o.h.f...!QHbGn{S..aB.-.....=....]......Gf!H.#.s...`.H.{5..i.Kq.eT..%.......%...HV........?.vV...?..b..\ E4a.....sET.`|{E}=._.....M.<.E...|....<~.W..?...-.l..:.{......?Z.8.#...G.o..."o.....[ba....\...}..K...g.D....P"....CE.}..]"......]y.......8...V...t'.......V!.Ux..q^}.z'....Oy...

<<< skipped >>>

GET /note_pic/298879.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Sat, 30 Nov 2013 10:50:23 GMT

Accept-Ranges: bytes

ETag: "80140f8b9edce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:48 GMT

Content-Length: 17708

......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..I.e..X....d......3.P...R....N9..<A:}..@`...6.qh...$dc.lR...R.......f...'.m...2.....M}?..././.l.E..$.#c.....d.:..e...{.g......5....Xn$....X._R .....nP>.*.....k> ...Y...by.^....[}~=R%*..k0r:0.Z....Pq)b3.f.....o..8.X...$.B.......y...R....Q..y...0_iVQ.k1..N..o......~.Y..0.M...3...yu$w.@...n..xhYX.Fzc.....I.t...I.g.....H..1T.c...Z..._~:.....L...........?.y...d.....j...3.Q..S...xn..0..s..>.J.5....r.Z.7#K.piq.w...........!B.......$o.S.]W......:..$.{7.-L.....>%...J...qc..n..u..>.k.5..|/......U...[#.Z..*]z...5....;.Yh..z.meaf..`O..'.w.|....[......34.Ry.9..'s..E:|.."Ssk.......Y.|X...6...T.X.........o.Be.KX..........'.....|.....m...s.B.....g...*.....cp.Q]y2.RD......O.R......]._3g............4]...2j%..cn"8.<..~s|d..=*...#....s.]....-f.......y.. ........Y/5]9..?..ea..)..s..TU8.4a.......e...J.q.^.l.y...O....}|...?.....?`.....v.W.B.[.O?.~\~......ZC...s...|. ..rn...9.#.........b...M$..d.E....Q.

<<< skipped >>>

GET /huandeng_pic/hd20.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 13:27:18 GMT

Accept-Ranges: bytes

ETag: "0bf8614bddbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:51 GMT

Content-Length: 45362

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2013:11:07 21:26:10.....................................................................................&.(.................................v.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................H...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.................?..r. y...<a.US@d.f..I'.o/$.%..\N......4.J8..G{..g.D..J........!*Q4..............6..-h#......qw;.?.C..S...%.v......dI...t....R...d.Y.-....p..<...G./a$...>H.o.'@.>%I.A...k:#4...J.9.......n...wv..\.......WKg..7....-......h.w...;......Z..J.fE.~C`?..z.k............P....@.l....9...U..0.k.q..I.p...........89.hs.5.k.s............V6....... E....c.w...../.,|..^..2z{.l.....z.........V..:.m.%..?C..0u...kK-h..F....?.e/.u..$..u..r.s.}.y;.4......>CN.5.....%.-imq...=.t ....h...uVY.......;.e.&...@OZV.e......u.O......|.Y..`g..2V.=.`.B......G.......hh..<&q.t...K.v.X...|U....k..f}..t.7..p..y{.gv..E.p...7....1...D..x.E......z..=.'........v..j. g`.....n..\?

<<< skipped >>>

GET /huandeng_pic/hd22.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 13:34:07 GMT

Accept-Ranges: bytes

ETag: "80314f8bedbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:51 GMT

Content-Length: 39165

GIF89a...................N...........2'(.......yz.........tkl...,$%4,-<45.........LDE......vZ^UAD............eNRv^b......xfj......lce..................lU[............eZ].........SIL.........]SV......}pt..............."..J>B...C:=-* ...FCDVST...ZOS...............bV[......j^drflNJL534=;<...&.#...fce......njm...-&,|t{mcl.........jVj4,4<4<D<DLDLTLT\T\d\dtlt...^Z^B6Creszn{N>Pn^pJ>LRFTZN\j]l...VFY8.:fVibTe.|.... .")" ...]NbF<J>6BVL[f\kNES.'2...]Tc~v....mesvo{rjy......62:FBJVRZfbj............................................"..................."...................................... %mje......^ZV...'"......."..znfe^Yjb]cZUtkfzsoA95SIEH@=............YOM......"..............d..............H.............. ........$.....:00...cUUk]]see{mm..................$##........................!.......,...............8........g..C..#F|(.....2...q......c..X...z!h..Z.c.....m......`....."~.......OTHQ.....6j..A.j..X..... ..88.PQ....2<4p.C..&....Pp.....&. q .~r.9.K.......L<qp....F..7!...3.^....P....C.ti..P.Z...k.....M[......,W."b..Ma....G9.B.". .1c)..{..e..4m:0a.... ....?...'OJH.*....S.Ju_!G..8.z....P.".P...,.C:..S.... ......d.-..a....?ti....9vPf..$.d.IV.d .H.n..2......9...O(.p..i.p..!.5.[l..a.mL6.d#c4.......g...%..9(.F.u.RH;.b.,...K/.9..2.e...9.D.x.....F9.'.LA...%@...R...VY...zc)..R%. ....`....`.=.L..:4tqad.Df.9(.......s..............Ha..RYe.3.z....q.r`..J.B.I.lF.f.jIB....I)...E.a.]..JF..y.G....0$=7...Q..1..$'.:}.'y~..'.f...z8,..SP`%......X.(...H.P.. 8a......6..............-fD....LY.D.f9n.<......|.*.

<<< skipped >>>

GET /huandeng_pic/hd23.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Mon, 23 Dec 2013 04:16:00 GMT

Accept-Ranges: bytes

ETag: "0081af95ffce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:52 GMT

Content-Length: 46817

....'nExif..II*.......................................................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2013:12:23 12:14:43.............0221................................................................n...........v...(...................~............%......H.......H............XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch............IEC hXXp://VVV.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._...............\.....XYZ .....L.V.P...W..meas................................sig ....CRT curv.......................#.

<<< skipped >>>

GET /huandeng_pic/hd30.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 13:43:22 GMT

Accept-Ranges: bytes

ETag: "0791d53bfdbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:52 GMT

Content-Length: 32988

GIF89a.......................tA....-..rs....-1...........(...........(.....,.>er.;....g...........b.7-4............P.]w].4.r..G-..B/}..>KD.......... ).rq...........3.AD.VX..'..&..K.Ln.......l........................x....1.,......!..Z.L*..@.$O.....l.-..j..g..j.....A.....q........X..l..h..x.................T..x.....h..x........h.....].....x.....*.............................s..8..8..H..P..X..V..n..h........'..8}p*.....H..F..X........_.....(..@..N..a..m.....$..8..H........)..7..X..............N..u.~G.m..n4..........X(..x...................K..j6.X'vI&.xH..V....|_.P..x8.X8..w.jQ...p9...[.X(_,..H(.X8.hH..o.......Z#..U.H(.X8.......H..hJ..m.4..b6.G(.rN..........U8.H8r8*.XKS<63...H:.,..5)....SI.f_.tr...N..J#....kPN,................................m...?=.MM........................!.......,............y..A........r.....2l..!... ..Xa...w.......H....\.....0c.{. .M.. T..@......L)..Lw.~. .....P.J.J....X.j......`...*P`...5.aU.....4..a.....zh.`.$.....tGth.... N.x..........>...... A..FC.$..[.;..`r:.....c..M.kY.....B......H..A..~:.q.`...w%...M.ha......9@>..~j.....u...'~.t.......O....e.....XC..e.........x.....vRH...XK.)fa...f......f.........P....J.IF..0..#<.4D.*.....<...~..dP ....p.d@..w!.._~=..I...!.X^.e.....N=.p.M...!...%.H....t.......!.kx6.'.y..g...)....Z...&....6....>*i..Bj...2..mg..@.....p.f......._"E. .,^.y..X...d.|..>.....fj6.=n...`.&..`..SG.>F .....)~.......pd..f...:....~..*...v...ji..8}x.;..T"w.D.....I.=...Z..'...@.....G.........e....x.....;....za........[....4....x......`.>..&L..Z.D.m..H.

<<< skipped >>>

GET /huandeng_pic/hd31.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 13:40:43 GMT

Accept-Ranges: bytes

ETag: "80ff57f4bedbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 38181

GIF89a............................4,4...USU..$..,..,..$.....$...GKT..,.4<.....$.$,$,4..........$,$4<........%.,4......&>D....-5.7?....GN.FJ......%T[......HVX...(ahi..=lr^.....R..8[_...Ow|Mdg....46k..l...&(......................$$#<<....,,$44.......$$...% .........144IJJ.-,....../=<.......".osr.C4.6$..../.~...A(.S,...dge..!&_5.d(..."M&.]..7.=o>....u.../...*6*ITI......C.>.~.1u-Q.G...T.K$\.h.WW.8F./g.7..l[.2i.,~.Nw.8F|.x.*m.-t.;..m.....7.....&.....F..(.. ......o..69)........F...;;7............BB@.....f...LE......B.....V.......x%..G..(..6........kn\/ZUI..6.....QxhH......cI.#......}..\... .|..x...Z.{..t..t..l..h...7.l..t..k..t..d....UKA.i..d..d..l...@.\..d..t%.k$.\..i..Y..T..S..\..X..V..K..L..P..E..B..Z.._$.F..T..5..-.K..{'.e!.|2.;...........'"!X".6)'"..............\\\......!.......,...............H......*\......#J......./.......L.0.I....LPV..`e.#..T.I....N.8..3...Nv..9..Q.J,$]z....Cw...S...A....d.W.`c.|...Y.eM2q......9..0wn...):...........!.....N..O...t.Jn.r..}...;.D..&]...I.&..NP.....O%G~JU".5..Jp....w...w u..h..B{.......i ..................l..K.qc...W$0.......4,...$I..G.12..pud.d".u.u)....b.$...Y.Zj?m..Q;.7..L!.TR.}.An#.v.........f..B...M].$.M:...gaU7...i..F..h.G.E..x.90 z...X}.Ui..XB..|yEI.c..'^d....Z!..@J.....,..a.s2'.s.U5\q.....(...p'Ba...&.h. .I\UA...r:mp.....DJ .8]Zmj..eky.......c.=......g....j.B.H........L...Grt...$..`i).4...V0.lD1G..JX.........*.(..^.h...f.n..... &GT...ecW0...L.j.Rf.nT.Gfn..F.8..E...e..A....WL1b.Fd......cu...x.v'0[...VY..4.J@.f..3.HUT.f...)..[.......\@..D']..J.....

<<< skipped >>>

GET /huandeng_pic/hd32.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 13:41:55 GMT

Accept-Ranges: bytes

ETag: "8053421fbfdbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 48737

GIF89a.............L2../1.VY`JKn25.Mq..-...r.*.8n.'\P./oYe...........//-1...pp.BBK...VYi..S.....3....................................................... /.........................u.......)..*~.U.;...,.....G."U.-..nU..P..u.Lw.1..hr.1S. ..Pm..{....Oe.4..4W|,...{.<..n..OX|...V..R..n..l}.@..v........X..u..............(..8..8..H..H.....X.................p.................(..(..8..3..Y......rh...;..H.|(..Xun0..8..T..(.....(..8..H..J..X...WJ...>.x8........I.._..p.xH..h.....(..1..7.{XH8...8.z(..Q.......l...7E8...H.....2VJ.....w.pR..h(.x8..H..X.....m.....H.....q...X8... .h8.xH..X..h3%...H..X.R...,.g'.w7}eH...qR0..f.r.H(.X8...J.h8.xI..X..h.xX..h.....{...X(..U1..h.gH..yl/.*......N...f...X(..g^.hXH".....M0..z.....z..z..yj..L...jW.hX.pf.tp.MCR1.....sl.NH.sm.((....XX.ML...............!.......,............M.0.B....."4.P.....2....D..!6....F../~...$H.$O.L.r.K..0.....M.8...A...2e......,0?..p.f...M.".Q,..5{.P..#...`..<w...s..YH..D.s.>..)......U.........&..a..-....81c...#...pd.. kn\.....?...Y3....sT.."k..S..M{.l..[....7l..}.... .X(>.P...W.`...S...5m..ac....M.=....[.8`.H[...{i.l..ac......_N.-.p..d......]v}0.\.&.......e..F.b.N..h....A.r.X.,.h..(....*.8.`.E(.d1.8.F2F...:2...<....>.i$.5"yc.J......T..4}..rbE...h.u.Qm..F .P.....!^TIQe.{YQ.......~w.a......W4l.A.*.@.O3...]t]...$..Wc.Y.!..1V...m.Ze.J...-.Z"....j..]DX.Q*...A...P..Vd.....k...*....;,...Z,..1..-6.P.L.}..t?..Gu...TVY...)a..G..h..,aLr.{....v..g....#..u....4XR....S.NU....2.c...fF...aH...^...!........g...j.,...@ ..2`0..2.3.l".7..s.1..s.=.,3.<.M..?'=..>/.

<<< skipped >>>

GET /img/s_icons.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Wed, 27 Nov 2013 14:47:55 GMT

Accept-Ranges: bytes

ETag: "805fdda77febce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 6310

GIF89a.......................YZ.pq............................)k.I..Y|.f..o..|..dv........B..X..`."c.#b.!Y.)j./p./o.6t.9w.W..2N.Cf.Mp.g..Vy._..y..Sl.v........q.......zL..X..o........e..~.|d..y................''(...OPR^`c89:DEF...M_kehjloq/PdHi~9JU:]rUx.osu9s.BT\t..bt|T..sxzy~.#..)..0..5..H..Q..Y.....w........&..=..`..[nt......UXY......JZ^...Opwg..Ugk......Uw}P`cHinB`dKlqFej..."##,--.........k.x2fDYrb*^;-a>IuX6R?>YGa.k~.....X.,Q.)...\..l.6h.5...|.A`.6W..f..Tq.f.:Zy3..XO}.Kd(Oj I`'z.Z..................q.!..=...{.&..*.....3..=g|:..Ul.?p.D{.M..R..Z..l.....:..lv.G..g..z..K..R..p..P..X..V..^.....P..Z..Z..c..l..e..x........t..\..U..Z..c..\.._..X.|..x8..:.h..l8....d9..g.O..sP.m6.a9.]8.J..D...e.V8.7..V9................!!.''.--.22.88.33.CC.@@.55.QQ.>>.FF.MM.TT....ff...............!.......,..............#v...e....&.....#J.H.....3j.....a...CF...b.>.4xp.......H....8o..I2.2.&...E..AeH....hf..P.J..rd..X}...h...........F..9....[.".b.5..#G...2..S......L..?.X..]...Q...KnD....Ry&.....a......Te..Sw.j.s.U..I.....F.N...{..h......W1i...N...1........p....C.M.._........t..1S..../f........p.....<y.........8.3....3.5._...(aa.U.^u....~.%... .Ua.......&..4!.(..$...~.J...8..c..U.L3..'$.66...4..............TVi%T.d.%5.\.....#..dF4..hZ..6l..&9[r..7.d..8x.S....y....).........pM..x.M....'... .....M.m..&5....5......h.O..R:...X.S...X.O7.t.....J.?.f..8.h.j.VN3.4..`....#@7.R..5.\.H6......J.,.....5...(.B.z...j['$..9....a..........n.....>y.{.....p...*.6nv.e.u..M../.#. .J...p.e.....7..i..9b..8..:...0..6....$.8.r.0.8.#jv..$|....n&..

<<< skipped >>>

GET /img/iconjans.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Sun, 10 Nov 2013 14:48:44 GMT

If-None-Match: "06ecf423dece1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Date: Tue, 25 Aug 2015 11:16:27 GMT

Etag: "06ecf423dece1:0"

....

GET /img/iconjans.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Sun, 10 Nov 2013 14:48:44 GMT

If-None-Match: "06ecf423dece1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Date: Tue, 25 Aug 2015 11:16:27 GMT

Etag: "06ecf423dece1:0"

....

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_1956:

.text

`.rdata

@.data

.rsrc

t$(SSh

~%UVW

u$SShe

SkinH_EL.dll

hXXp://VVV.33591.com/reguser.aspx

%System%\drivers\kiss.she

\SkinH_EL.dll

C$%cmb

.ppM|

aZ.mO

%-^

.hk;~

KERNEL32.DLL

COMCTL32.dll

GDI32.dll

MSIMG32.dll

MSVCRT.dll

MSVFW32.dll

USER32.dll

277681366

smtp.qq.com

277681366@QQ.com

18904854@qq.com

\48x48.ico

pW`R.ks~

2010-11-29

hXXp://xxx.33591.com

hXXp://8888.33591.com/

%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

ole32.dll

__MSVCRT_HEAP_SELECT

user32.dll

RASAPI32.dll

iphlpapi.dll

SHLWAPI.dll

MPR.dll

WINMM.dll

WS2_32.dll

VERSION.dll

GetProcessHeap

WinExec

KERNEL32.dll

GetKeyState

GetViewportOrgEx

WINSPOOL.DRV

RegCloseKey

RegOpenKeyExA

RegCreateKeyExA

ADVAPI32.dll

ShellExecuteA

SHELL32.dll

OLEAUT32.dll

oledlg.dll

WSOCK32.dll

WININET.dll

GetCPInfo

CreateDialogIndirectParamA

UnhookWindowsHookEx

SetWindowsHookExA

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

comdlg32.dll

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.*)|*.*||

Shell32.dll

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

Kernel32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

out.prn

%d.%d

%d / %d

%d/%d

Bogus message code %d

(%d-%d):

%ld%c

Reply-To: %s

From: %s

To: %s

Subject: %s

Date: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

HELO %s

SMTP

AUTH LOGIN

AUTH=LOGIN

EHLO %s

Content-Type: application/octet-stream; name=%s

Content-Disposition: attachment; filename=%s

MAIL FROM:

RCPT TO:

VVV.dywt.com.cn

(*.htm;*.html)|*.htm;*.html

.PAVCOleException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

.PAVCOleDispatchException@@

zcÁ

c:\%original file name%.exe

#include "l.chs\afxres.rc" // Standard components

1, 0, 6, 6

(*.*)

1.0.0.0

%original file name%.exe_1956_rwx_10001000_00039000:

L$(h%f

SSh0j

msctls_hotkey32

TVCLHotKey

THotKey

\skinh.she

}uo,x6l5k%x-l h

9p%s m)t4`#b

e"m?c&y1`Ð

SetViewportOrgEx

SetViewportExtEx

SetWindowsHookExA

UnhookWindowsHookEx

EnumThreadWindows

EnumChildWindows

`c%US.4/

!#$

.text

`.rdata

@.data

.rsrc

@.UPX0

`.UPX1

`.reloc