Gen.Variant.Graftor.23084_16a363c83a

Dynamic Analysis

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Trojan creates the following process(es):

%original file name%.exe:580

The Trojan injects its code into the following process(es):No processes have been created.

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process %original file name%.exe:580 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)

Registry activity

The process %original file name%.exe:580 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 96 65 86 D8 7A F2 C3 E0 17 A8 11 84 06 E4 79"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Internet Explorer]
"iexplore.exe" = "Internet Explorer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):

   %original file name%.exe:580

2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:

   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: ?????
Product Name: ??DNF???
Product Version: 1.0.0.0
Legal Copyright: ??
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: www.tongtong.com.cn
Comments:
Language: Language Neutral

Company Name: ?????Product Name: ??DNF???Product Version: 1.0.0.0Legal Copyright: ??Legal Trademarks: Original Filename: Internal Name: File Version: 1.0.0.0File Description: www.tongtong.com.cnComments: Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	466758	466944	4.54466	745422ba2793f0779c4a31ca5acdd823
.rdata	471040	181280	184320	2.81904	5a10c1d80c364e1426ca45f71bcd7669
.data	655360	226090	61440	3.44739	b16b40c5c33960e0dd4d769a0a9a6703
.rsrc	884736	119336	122880	2.75692	03582068b950d96f74f35118513743fc

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://shop.gds.taobao.com/
hxxp://shop.gds.taobao.com/shop/noshop.htm
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/s/kissy/1.1.6/kissy-min.js?t=20110524.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/p/header/header-min.css?t=20110506.css	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/p/header/header-v8-min.js?t=20110629.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tbsp/tbsp.css?t=20090602.css	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tbra/1.0/tbra-aio.js?t_1=1&t=201003241751.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tbra/1.0/assets/tbra.css?t=201003241751.css	195.27.31.240
hxxp://www.gslb.taobao.com.danuoyi.tbcache.com/home/css/error.css
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tbsp/img/header/logo.png	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i2/T1CCRNXmRFXXXXXXXX.png	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i4/T1POdHXh8cXXXXXXXX-489-90.png	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i2/T16WJqXaXeXXXXXXXX-32-32.gif	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i4/T1giRRXXNjXXXXXXXX.png	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/app/search/monitor.js?t=20100331.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i4/T1z3ypXcBkXXXXXXXX-50-50.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i1/T1I_56Xl0wXXXXXXXX-104-1.png	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i1/T1XgzaXX0kXXaXezbh-48-70.png	195.27.31.240
hxxp://shuo.gds.taobao.com/
hxxp://shuo.gds.taobao.com/highqualityshop/high_quality_shop.htm
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/??kissy/k/1.4.2/seed-min.js,tb/global/3.1.5/global-min.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tb/global/3.1.5/global-min.css	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tb/phenix/0.0.2/header-min.css	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tb/ishopbook/0.0.8/g/page/found/index-min.css?t=20130925.css	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/t/font_1404888168_2057645.eot?	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/s/aplus_v2.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/apps/ishopbook/src/pkg/wgt/nav-v2/iconfont.eot?	195.27.31.240
hxxp://count.gds.taobao.com/counter6?keys=TCART_234_17e002f6e58e45f8d59eecfe815ebe56_q&t=1412117811346&callback=jsonp0&t=1412117811346
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tb/phenix/0.0.3/header-v2-min.css	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i4/T17.GqXEFXXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i2/T1psWqXq4cXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i1/T1.qOqXElbXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i1/T1au1rXpNaXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/s/fdc/??spm.js,spmact.js?v=140619	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i4/T1Jt5pXwxeXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i2/T1ToSpXtdcXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i2/T14xipXrheXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i4/T1GVuqXutdXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i1/T1bKarXqpaXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i3/T1aPSpXCNdXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i3/T1WzepXuXeXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i4/T1n1epXw8fXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i2/T1I2eGXudeXXcwqdnp-233-31.png	195.27.31.240
hxxp://log.gds.mmstat.com/1.gif?logtype=1&title=%u5E97%u94FA%u52A8%u6001-%u53D1%u73B0%u597D%u5E97&pre=&cache=12a20d5&scr=1024x768&isbeta=4&spm-cnt=a310h.2220293.0.0.l7tB25&category=&uidaplus=&aplus
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i2/T1iHqOXANXXXbjYjco-59-689.png	195.27.31.240
hxxp://c.split.cnzz.com/c.php?id=30062430
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i1/T1pyCFXspgXXcSYPgT-81-164.png	195.27.31.240
hxxp://gtms01.alicdn.com.danuoyi.tbcache.com/tps/i1/T1IJ8DFGpdXXc6EcHc-150-52.png	66.102.255.40
hxxp://gtms01.alicdn.com.danuoyi.tbcache.com/tps/i1/T1ga4HFCJ3XXaSQP_X-16-16.png	66.102.255.40
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i3/T1b1m3XkVpXXXXXXXX-32-32.gif	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tb/ishopbook/0.0.8/g/pkg/??global/index-min.js?t=20130925.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tb/ishopbook/0.0.8/g/page/??found/index-min.js?t=20130925.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tbc/??umpp/1.4.20/index-min.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/kissy/k/1.4.2/??dom/base-min.js,dom/ie-min.js,dom/class-list-min.js,dom/selector-min.js,event-min.js,event/dom/base-min.js,event/base-min.js,event/dom/hashchange-min.js,event/dom/ie-min.js,event/custom-min.js,io-min.js,promise-min.js,anim-min.js,anim/base-min.js,anim/timer-min.js,base-min.js,attribute-min.js,node-min.js,json-min.js,cookie-min.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/s/kissy/gallery/??datalazyload/1.0/index-min.js,kscroll/1.2/index-min.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/kissy/k/1.4.2/??overlay-min.js,component/container-min.js,component/control-min.js,component/manager-min.js,xtemplate/runtime-min.js,component/extension/shim-min.js,component/extension/align-min.js,component/extension/content-xtpl-min.js,component/extension/content-render-min.js,xtemplate-min.js,xtemplate/compiler-min.js	195.27.31.240
hxxp://log.gds.mmstat.com/app.gif?&cna=MmqyDMhU6lECAbhrJiYFiPcH
hxxp://c.split.cnzz.com/core.php?web_id=30062430&t=q
hxxp://q4.cnzz.com/stat.htm?id=30062430&r=&lg=en-us&ntime=none&cnzz_eid=1516345071-1412135986-&showp=1024x768&t=undefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefined&h=1&rnd=1199409612	42.156.140.136
hxxp://shuo.gds.taobao.com/highqualityshop/high_quality_shop_more.htm?styleId=56&catId=4&page=2&startPoint=0
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tb/tracker/1.0.13/index.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tbc/??fixtool/1.3.0/index-min.css	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/s/kissy/gallery/??flash/1.0/index-min.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tbc/??fixtool/1.3.0/index-min.js	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/sd/data_sufei/1.1.8/aplus/index.js	195.27.31.240
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=37872731
hxxp://pcookie.split.cnzz.com/app.gif?&cna=MmqyDMhU6lECAbhrJiYFiPcH
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tbc/umpp/1.4.20/flash-post-message.swf	195.27.31.240
hxxp://a1293.d.akamai.net/get/flashplayer/update/current/install/version.xml11.6.602.168~installVector=6&lang=en&cpuWordLength=32&playerType=ax&os=win&osVer=7
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i1/T1peCbFoJfXXc9zjvi-54-54.png	195.27.31.240
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i3/T1twurXApXXXai.eUc-54-225.png	195.27.31.240
hxxp://gtms01.alicdn.com.danuoyi.tbcache.com/tps/i2/T1mEW0FXVXXXc_GIzs-25-136.png	66.102.255.40
hxxp://gtms01.alicdn.com.danuoyi.tbcache.com/tps/i4/T10ielFtVdXXbQPHYA-152-152.png	66.102.255.40
hxxp://a.tbcdn.cn.danuoyi.tbcache.com/tps/i1/T19EqoXzBeXXaXezbh-48-70.png	195.27.31.240
hxxp://g.tbcdn.cn/tb/ishopbook/0.0.8/g/page/??found/index-min.js?t=20130925.js	195.27.31.240
hxxp://log.mmstat.com/1.gif?logtype=1&title=%u5E97%u94FA%u52A8%u6001-%u53D1%u73B0%u597D%u5E97&pre=&cache=12a20d5&scr=1024x768&isbeta=4&spm-cnt=a310h.2220293.0.0.l7tB25&category=&uidaplus=&aplus	140.205.96.1
hxxp://img01.taobaocdn.com/tps/i1/T1bKarXqpaXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://img01.taobaocdn.com/tps/i1/T1XgzaXX0kXXaXezbh-48-70.png	195.27.31.240
hxxp://g.tbcdn.cn/kissy/k/1.4.2/??overlay-min.js,component/container-min.js,component/control-min.js,component/manager-min.js,xtemplate/runtime-min.js,component/extension/shim-min.js,component/extension/align-min.js,component/extension/content-xtpl-min.js,component/extension/content-render-min.js,xtemplate-min.js,xtemplate/compiler-min.js	195.27.31.240
hxxp://jie.taobao.com/	140.205.134.80
hxxp://a.tbcdn.cn/p/header/header-min.css?t=20110506.css	195.27.31.240
hxxp://at.alicdn.com/t/font_1404888168_2057645.eot?	195.27.31.240
hxxp://gtms02.alicdn.com/tps/i2/T1mEW0FXVXXXc_GIzs-25-136.png	66.102.255.40
hxxp://g.tbcdn.cn/tbc/umpp/1.4.20/flash-post-message.swf	195.27.31.240
hxxp://a.tbcdn.cn/p/header/header-v8-min.js?t=20110629.js	195.27.31.240
hxxp://gtms04.alicdn.com/tps/i4/T10ielFtVdXXbQPHYA-152-152.png	66.102.255.40
hxxp://img02.taobaocdn.com/tps/i2/T1CCRNXmRFXXXXXXXX.png	195.27.31.240
hxxp://img01.taobaocdn.com/tps/i1/T1.qOqXElbXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://store.taobao.com/shop/noshop.htm	140.205.152.99
hxxp://g.tbcdn.cn/tb/ishopbook/0.0.8/g/page/found/index-min.css?t=20130925.css	195.27.31.240
hxxp://gtms01.alicdn.com/tps/i1/T1ga4HFCJ3XXaSQP_X-16-16.png	66.102.255.40
hxxp://g.tbcdn.cn/tb/global/3.1.5/global-min.css	195.27.31.240
hxxp://img02.taobaocdn.com/tps/i2/T1psWqXq4cXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://g.tbcdn.cn/tb/phenix/0.0.2/header-min.css	195.27.31.240
hxxp://img02.taobaocdn.com/tps/i2/T1ToSpXtdcXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn/s/kissy/1.1.6/kissy-min.js?t=20110524.js	195.27.31.240
hxxp://a.tbcdn.cn/s/fdc/??spm.js,spmact.js?v=140619	195.27.31.240
hxxp://img01.taobaocdn.com/tps/i2/T1iHqOXANXXXbjYjco-59-689.png	195.27.31.240
hxxp://img04.taobaocdn.com/tps/i4/T1giRRXXNjXXXXXXXX.png	195.27.31.240
hxxp://a.tbcdn.cn/tbra/1.0/assets/tbra.css?t=201003241751.css	195.27.31.240
hxxp://a.tbcdn.cn/s/kissy/gallery/??flash/1.0/index-min.js	195.27.31.240
hxxp://img02.taobaocdn.com/tps/i2/T14xipXrheXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://pcookie.taobao.com/app.gif?&cna=MmqyDMhU6lECAbhrJiYFiPcH	140.205.96.1
hxxp://g.tbcdn.cn/tb/ishopbook/0.0.8/g/pkg/??global/index-min.js?t=20130925.js	195.27.31.240
hxxp://g.tbcdn.cn/kissy/k/1.4.2/??dom/base-min.js,dom/ie-min.js,dom/class-list-min.js,dom/selector-min.js,event-min.js,event/dom/base-min.js,event/base-min.js,event/dom/hashchange-min.js,event/dom/ie-min.js,event/custom-min.js,io-min.js,promise-min.js,anim-min.js,anim/base-min.js,anim/timer-min.js,base-min.js,attribute-min.js,node-min.js,json-min.js,cookie-min.js	195.27.31.240
hxxp://w.cnzz.com/c.php?id=30062430	1.99.192.14
hxxp://img04.taobaocdn.com/tps/i4/T1n1epXw8fXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://img02.taobaocdn.com/tps/i2/T1I2eGXudeXXcwqdnp-233-31.png	195.27.31.240
hxxp://fpdownload2.macromedia.com/get/flashplayer/update/current/install/version.xml11.6.602.168~installVector=6&lang=en&cpuWordLength=32&playerType=ax&os=win&osVer=7	184.84.243.10
hxxp://c.cnzz.com/core.php?web_id=30062430&t=q	42.120.219.6
hxxp://img01.taobaocdn.com/tps/i1/T1peCbFoJfXXc9zjvi-54-54.png	195.27.31.240
hxxp://img02.taobaocdn.com/tps/i2/T16WJqXaXeXXXXXXXX-32-32.gif	195.27.31.240
hxxp://pcookie.cnzz.com/app.gif?&cna=MmqyDMhU6lECAbhrJiYFiPcH	42.120.219.171
hxxp://img04.taobaocdn.com/tps/i4/T1POdHXh8cXXXXXXXX-489-90.png	195.27.31.240
hxxp://dongtai.taobao.com/highqualityshop/high_quality_shop_more.htm?styleId=56&catId=4&page=2&startPoint=0	140.205.152.86
hxxp://img03.taobaocdn.com/tps/i3/T1b1m3XkVpXXXXXXXX-32-32.gif	195.27.31.240
hxxp://img01.taobaocdn.com/tps/i1/T1pyCFXspgXXcSYPgT-81-164.png	195.27.31.240
hxxp://img04.taobaocdn.com/tps/i4/T1Jt5pXwxeXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn/tbra/1.0/tbra-aio.js?t_1=1&t=201003241751.js	195.27.31.240
hxxp://img04.taobaocdn.com/tps/i4/T17.GqXEFXXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://www.taobao.com/home/css/error.css	195.27.31.241
hxxp://count.tbcdn.cn/counter6?keys=TCART_234_17e002f6e58e45f8d59eecfe815ebe56_q&t=1412117811346&callback=jsonp0&t=1412117811346	140.205.135.67
hxxp://shop63216378.taobao.com/	140.205.134.242
hxxp://a.tbcdn.cn/tbsp/img/header/logo.png	195.27.31.240
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=37872731	42.120.219.171
hxxp://g.tbcdn.cn/tbc/??fixtool/1.3.0/index-min.css	195.27.31.240
hxxp://img03.taobaocdn.com/tps/i3/T1aPSpXCNdXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://img04.taobaocdn.com/tps/i4/T1GVuqXutdXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://img01.taobaocdn.com/tps/i3/T1twurXApXXXai.eUc-54-225.png	195.27.31.240
hxxp://img01.taobaocdn.com/tps/i1/T1au1rXpNaXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://a.tbcdn.cn/s/aplus_v2.js	195.27.31.240
hxxp://g.tbcdn.cn/??kissy/k/1.4.2/seed-min.js,tb/global/3.1.5/global-min.js	195.27.31.240
hxxp://a.tbcdn.cn/app/search/monitor.js?t=20100331.js	195.27.31.240
hxxp://gtms01.alicdn.com/tps/i1/T1IJ8DFGpdXXc6EcHc-150-52.png	66.102.255.40
hxxp://a.tbcdn.cn/s/kissy/gallery/??datalazyload/1.0/index-min.js,kscroll/1.2/index-min.js	195.27.31.240
hxxp://img04.taobaocdn.com/tps/i4/T1z3ypXcBkXXXXXXXX-50-50.jpg	195.27.31.240
hxxp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm	140.205.152.86
hxxp://t.tbcdn.cn/apps/ishopbook/src/pkg/wgt/nav-v2/iconfont.eot?	195.27.31.240
hxxp://img03.taobaocdn.com/tps/i3/T1WzepXuXeXXbCFbsb-100-100.jpg	195.27.31.240
hxxp://g.tbcdn.cn/tbc/??fixtool/1.3.0/index-min.js	195.27.31.240
hxxp://g.tbcdn.cn/tb/tracker/1.0.13/index.js	195.27.31.240
hxxp://g.tbcdn.cn/tb/phenix/0.0.3/header-v2-min.css	195.27.31.240
hxxp://g.tbcdn.cn/tbc/??umpp/1.4.20/index-min.js	195.27.31.240
hxxp://g.tbcdn.cn/sd/data_sufei/1.1.8/aplus/index.js	195.27.31.240
hxxp://img01.taobaocdn.com/tps/i1/T1I_56Xl0wXXXXXXXX-104-1.png	195.27.31.240
hxxp://img01.taobaocdn.com/tps/i1/T19EqoXzBeXXaXezbh-48-70.png	195.27.31.240
hxxp://a.tbcdn.cn/tbsp/tbsp.css?t=20090602.css	195.27.31.240
s.tbcdn.cn	195.27.31.241
login.taobao.com	140.205.76.163

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /s/kissy/1.1.6/kissy-min.js?t=20110524.js HTTP/1.1

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 19706

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:33:48 GMT

Last-Modified: Wed, 07 Mar 2012 07:21:18 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Vary: Accept-Encoding

Via: cache7.l2cn201[0,304-0,H], cache14.l2cn201[1,0], cache1.de1[0,200-0,H], cache10.de1[0,0]

Content-Encoding: gzip

Age: 1543

X-Cache: HIT TCP_MEM_HIT dirn:5:857546816

X-Swift-SaveTime: Wed, 01 Oct 2014 03:33:48 GMT

X-Swift-CacheTime: 3600

............k....0..,......!j#.a...4m.x<N..q...{.e..H..B.$n.<......%.....u............j{.J.<J...,.....em...h..Oc'prg.........1[..j....$.....<_.B......./.z.^.M ..Q>fl......f7ko.h...o...f]....0.....Pb.].x...a..5.....T..Gg...z........C.}>j}........[=.>~g..c^>m....3u.}h..)a..?..................,..}?.z.....w. ...?....?GI...u......n.[...Y.........z.....h5..<...p..t?.... 'z4vt.n.c....j........g.........{.s6......4.=g..8=..V......=cl..3o.3..Q}}..q.O..}......&....yk.L.4..C...x=....83=.....<L.?...|..`..y._..<........Z.._.~.d..~..].T....xdG.\\..B..1,..#j..I.....2*......x.......c.g...3H.V.p...,...yy....vr.m...@a...7s..q....d....|8<..?z.r...z.....ZA8X..e...._.......U..|"=@.j.{@ .N..A.IX......l.=.-.1.nz....(....c..N..^y.....@V...v..,.Ji4fH. ..2._......|^B(1..#....Q2....B..w.T.......[.N...H..l....#uT.I5.v....{.2.n.....Q.g.`..........8ac.y... s...\h.,K3JI9................./.......U2...t2..N.Z.........%,...s...e.....y....b...p.,.... Qn......Gf.|...}..; ..g....|f./..3UDA/.V.....At...%A..0.~Q...2.'..O...8....D.fc.h.......q.._]...`..i........iJ5...:.-g..t..?f.P.Ji`.<..g..D.T....z?..0x*..s....N....1.AKLw../qIM....._.~...B5U..a@.VW.CR..U.[P.........?N.2..;..3g.D..P..RG.dX....].D$7.N...<.."1(..5.g.6...d8...c.n..J....^."(........ ]v,...`.O..r.4Z.....1P[;w`5..l5..(_......V./h...{Q..........&.._><t..v.....`.G..2..F..?./os......RuF.,....^..n...a..........I.q.....!.uf...K..!.#....D.U...|.\,.I..1.........r"...qn.\.Z...../...`J..t..\."..i4.B..T.T..u...)....Ny.1.ZEk.s.5.Z.D..........^ak.n.....A

<<< skipped >>>

GET /tbsp/tbsp.css?t=20090602.css HTTP/1.1

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: text/css

Content-Length: 3814

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:03:14 GMT

Last-Modified: Thu, 18 Nov 2010 05:40:21 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Vary: Accept-Encoding

Via: cache20.l2cn201[0,304-0,H], cache15.l2cn201[1,0], cache8.de1[0,200-0,H], cache10.de1[0,0]

Content-Encoding: gzip

Age: 3379

X-Cache: HIT TCP_MEM_HIT dirn:5:220495861

X-Swift-SaveTime: Wed, 01 Oct 2014 03:03:42 GMT

X-Swift-CacheTime: 3600

.................=@....X{@jx.|....K..~4......H.....0...H.Q-J.$....U.uvWw.......6K[.W.V#..u...?;?..[_.O...G'.......r.U....6....=#...N.....b.<=;Y[.].... ..>....-=......_.....[_.....$.f..e.}t...<..*..'|....QS\..n......C../...4..CY.T:.[T.nQ..v....nK. .....=E.)vO.{Z.]...-.K.u...............q...}.i.R.s..._>_Z.\|rqq=...j...K..j.....Y..Y......u..h?>....KsA0.^...n...:...........(y...E......o.#..5...........>0..D}3....ZW..H..... U.K....kTb...xb....'..=..A.. ..2h.@...)..>C.....OK.z...#./.?....w..(.vV....}..........4.j!>....}../..x.|x..=.....]...~.W...%>..(.a..v...nF...O.......5<.a!.`S..d..=w.VU..S{. .;.B_>...{n.........6b!..4Z..f...m.....z.j_...b...D.... .m....>..:.yD.!...avBuG.>\...T.o.0.>...x"Q:..s......y..^H!y...X..).J.,........5...]zD..7.~..|....P.I....O/...lJ..w.l.....\{..j.d...t............}*....}E......}...*.C.|6..&..1....'...%.. .q..a..I"...w...8......\.p.q.02H8h.....I.!......]B.z ..bU.t.<q..<f..^....T.%..En.}M.........lQv.`....A@.Gb*...&Z.V..aj......>k...<..H4..u..ML....Y........)D.6V..&..~.(......S~s.....6....T.G...[..&.C~`....vV.........wC~..).9@....[...@..XZ.).].`.S.s.h.......U. ^.. ...9...0D..q`-.b=......39.Q..#.:.C.J.G.. `6.u.......K.D.,UKs.'\(.. ....L. #...:....b.0.T..g..e. .7.n2..|.f.*....RN&...P=.x..:@.. ;;...q...I.\...H..:'S=..`.pJ3....H..B..=..b...^......K...........3R.N...'.4..4$.......[4(..)..i..MNh.&sx0.....i..".Cm$F.X.-S..-V.....vu&..@.W.5.Y...icBL...1.v&.D.|......@...j8..i_..H.^h.5.D....2.L.....P...........3..3%.4.....4.'.>....."s..,%........

<<< skipped >>>

GET /tbra/1.0/assets/tbra.css?t=201003241751.css HTTP/1.1

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: text/css

Content-Length: 491

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:53:24 GMT

Last-Modified: Thu, 27 May 2010 07:19:05 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Vary: Accept-Encoding

Via: cache25.l2cn201[0,304-0,H], cache25.l2cn201[0,0], cache1.de1[0,200-0,H], cache10.de1[0,0]

Content-Encoding: gzip

Age: 369

X-Cache: HIT TCP_MEM_HIT dirn:6:858572981

X-Swift-SaveTime: Wed, 01 Oct 2014 03:53:43 GMT

X-Swift-CacheTime: 3600

...........R.n.0....}i.(..nK$.._R..m..%C.s....}K.lH....H.s..............@:........d...U.6kq..9..!..Q.....CG.$..ZP.G4.u.ez...zX..r..*.7..l.4E.u.>...<.....F.-.6.m..8\.x"..1..:t......@k.(..!ct.....<...9.#.]*..xW:J.*.....l..p....L..4C%_..r62U.jJ.1..Q.*.9/.~..-.U......F>TU...)&..M..F8F..k K...*{.xR.p..L...=w.{.v.q........Y.8...#3'.~......j.p%iU..*.......5.eB...[]C........75VO.u.C....WJ..,..cN.)S[m.g/.....4M....`;..W.V...oO.:]b<..VUH.Ij......n..[4...-..Mo@..N.....o.C..q..@4l.a.....{~.<.`.h.......

GET /app/search/monitor.js?t=20100331.js HTTP/1.1

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 2578

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:37:56 GMT

Last-Modified: Thu, 02 Sep 2010 07:30:34 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Vary: Accept-Encoding

Via: cache19.l2cn201[1,304-0,H], cache1.l2cn201[1,0], cache9.de1[0,200-0,H], cache10.de1[0,0]

Content-Encoding: gzip

Age: 1299

X-Cache: HIT TCP_MEM_HIT dirn:2:321022763

X-Swift-SaveTime: Wed, 01 Oct 2014 03:37:56 GMT

X-Swift-CacheTime: 3600

...........Y.o.8..^..C*..i....].{.......K..`{.Z.m%.(S..9[....z.J...@.....g~. .........J..8....`\.-Y...s..........d..H.. lJ...%Nw^.0g2.D."...3.g.\.H8>[. r.....63.9sJ^.z{..6....tM...5.B.......CDL"."i.>...{0...1..lz.......k#.ti.8J.....tF`4Y.X.......Gat.......B..g.8....w~9.........y..........=.....y.r....ua|... \....;%3T3........'.`z...........F.w.U...%<._..kB...L.>p.....<.>.r>..m<V5.U.^.f..q..H......@.......OL....3..P..O1...wF......[ ...?B:6;b.....h.w.t.T|.)>......5K.(..(.p....f..qr....u..aX.)(......=@..9..uq..Qj8..C D.FLQ...s.41.8...}..s...D.....p.!.^... .....$I~%KZ..,.f/.."....^"..!p..].....j...<y.tK.(.......Pm.....i4..!?>V..0.....emV.U6;qq0..[i.hm..J.?....].o.q.k......".......-.Z).. .. ./A"hD...me. ../......u8....u.pq.9.X4.v..e...0.^Q.W.X..Q.%.D......n....*.....Y%(E...".y.r......O.)....I..v..y.O...;.........0...s7.ow.d}.v|_..........Li5..iC.."..&\..'.E....a.]B#..D...>..K...!.x...4.....I...t..r.$...j.6s .tB.m.0.r..0.z.:KC..JV..5'.AX...[....B$~....g....Q<.....Q 9.rJ..4E....YM..[...Yq=....O16Q..._>~.5 (...7..b.Y2....R..?c..@J.......kR_.D........m....".?/....=.sGS.x.2.......3U&_' I...J|...9S....G.5.w..A<.......t@.yi^X.......=..;.,J..u.@n.%;.Ngv....Y. $.."*F..^....`.nDKWZ......muV.D8..9IDE.....z...(BO..$=.....F-{K..a............\k.....i0..%R.ft.("-...Y..6e.}3........Ev..9D.....?.N.3:(..........V.r........,..f.S..Q...........x..|U..^..Vi.6...|...q\._I.r....VAc.\..........W$... .(.......C ..A...j....fX._..[......m%....X.).9.U..:p..'.{....c..g*..L....Xb.. .E.Z4".#Tc#..w .../

<<< skipped >>>

GET /s/fdc/??spm.js,spmact.js?v=140619 HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 5446

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:35:31 GMT

Last-Modified: Thu, 28 Aug 2014 02:43:25 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Vary: Accept-Encoding

Via: cache23.l2cn201[0,304-0,H], cache23.l2cn201[0,0], cache4.de1[0,200-0,H], cache10.de1[0,0]

Content-Encoding: gzip

Age: 1454

X-Cache: HIT TCP_MEM_HIT dirn:0:118839362

X-Swift-SaveTime: Wed, 01 Oct 2014 03:35:31 GMT

X-Swift-CacheTime: 3600

...........Z...6.. .....F.q..............nN.LA.$q,..E.F..~_.|..H..j.....F$A.h...n.............O:.n..n...Vm...4.#....')K...L.(.yi..'*]'..%...j..........L..K.=...H.s.M..7..FCH...3..F.U..z5c.@.]/..x,.U,...gK...9Ui/M.p.N._}d.=....8.....#w.N..~e}..R.M.:...hI.-.8.Z.7..PwZAQ9.!.q\kPYY`[.]a4V..'.i.-$..N..cGS.].K.O..e...6.G.*H...Dn.......2....m..'=V!.b...w..3......v.).ML.\."...P.^$g..A..X=. ..n6.X.Z1U.x.r..3>.}9..b...W...........,..A.$...AF....ZEJ.....#1VA<V?.|s./.q..........o....%..8W...s.........(..93%..;h....X..5}.H..J%V9.Z..[...K..j9.S.x..C!m..0.0.@"$..w...........5.s.Gc...6..0..\k.)3S..L....3.s.^j..a.t.....W'.J.a$...b.w"..3.....Q..8.7J....:)..U... !...).I.2.......$.|x..U..&J7.U..G.;..B.....D...L.......Z...........P.\..2...r....{##.i.....F.R..l.!0.w]g..K<w.._.1...6..}.yG.I..$.T...c......hz..oJ.~'.Ys2....o......_|.L7&2.......a.o,Vn-d...C-).$.?q..L..o..I.TI..c...p.F:PC....p._..G]..:6Tt.>#.h..$S..c.qU..J......@m...K..D:H.d.....y.?.&'&|....b4.*..WE:g....O...D......l.#`:....}V..G..nC...1c*..a....Dzz~p ...>..E. sA^D...6F..D.....O.~.........E..Ok.l}sas..o....\...j.}.).....n...9.....T......<y..S..v.....iT...=..0.........M.1.._..K..6..Z).)".....".F%I.3/c&. Z..G...D$.?m......x.-h......[.....N*f....m.6...6.}.<[-...~...m......6v.......V,Q..&.....>}xw%...v..PZ^....{v.i.G..O;p.Q.o.G..(.$....o:.Hq.dn.........u..@:^...)......k...W"..h9..[.0&)...j|...jvK.5......O.H...4..p...&..CNo...U....{.:"R.L..|.W..K.....%.K.Q......h...9.......s..8.x.8$.].E....E<..=.....(Q.#<.\gP..G..X@.p....!...o<X...dU.....j....

<<< skipped >>>

GET /s/kissy/gallery/??flash/1.0/index-min.js HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 1824

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:03:19 GMT

Last-Modified: Tue, 18 Dec 2012 08:10:13 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Vary: Accept-Encoding

Via: cache28.l2cn201[0,304-0,H], cache19.l2cn201[0,0], cache8.de1[0,200-0,H], cache10.de1[0,0]

Content-Encoding: gzip

Age: 3388

X-Cache: HIT TCP_MEM_HIT dirn:7:223508040

X-Swift-SaveTime: Wed, 01 Oct 2014 03:03:19 GMT

X-Swift-CacheTime: 3600

...........W}o....?..f.G.h..\...^P...h..M..x.@..D[..I./.......8w....8.............F...Jx...i.g.Jg.:.E.R...B....nJU.....q.4-.T..i0'{UV@....Am....?%W.....'D.......6Z{.D'.#.s......l...9.....<..<W.]..5..y.s...fo..=/G[6....L.V.>:c.L. .!R0..yd.....O..nKS..i.H.T!.T.....&..B.5.Ys..1@....P.Rok......P....]$.S..2.U..O..?.(...zf..>........t.d.....U.S.X.D....(.^.......W?...=....<dz..).p.=(.g`m.....%;....\....p..2.jqKR.....7_.C..l......'I.o....I......].@.,.!..C"pc.....D..I....9..O.E.^@.*... .aD.9...N.w........|.8...T.^.<.."....:...g....h0.gH....N..HK...G.....T...B........T5.F. G5..|..b..P...2.....T.5...a..[Z.....9..x......44......B^j..UN...X*..qD...t...wKd.s..0n......>_.....)...x..!.....M.r.k|<...3..k8.W..e-...]..@...>......I....F....cj2.s.%6.x..lU.....4.iir...q.H2p.............T..jUvv....*G/.Y....j.YI......c.....|..R.f............H.....Z..`..H.a..-Z..Au!........el......g..t1.\.G.)=...(..X1.@......~...d-.B..CI.....l..}...w^D.8./C....< ..............?.n...N.4G...j..2.HJ.s .......`.db.......{.`\....h..@.8.D>..."......<...&O& .....!_>[X....SF....m....BlWw.........m.......C...f0..2^.Y.........h.b.I^...E>[{1.....m &p..@..\....r.FN...O.|.}1}........9.C...c.U.x...._.N..".k.. ...P...N.hx......^..W..1..2t.|....E.....^..:.F.[.z. .N..%Dv.C|.v.i.m.f..Uj.......... .....X./..n...3........&'T....'D.1...v....n.b..D..{1..H.R..3[......#Y`L..e.b...iK.9.....1.cD(..g...n.....D.........."..........&..O].T(...{. o..Z.x...........0.P@...J.N`!..>.A.....&...".......i,...>.t..`.v..K..>i.X.ue.w..W....Y

<<< skipped >>>

GET /tps/i4/T10ielFtVdXXbQPHYA-152-152.png HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: gtms04.alicdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 3001

Connection: keep-alive

Date: Tue, 26 Aug 2014 10:30:30 GMT

Last-Modified: Wed, 12 Mar 2014 02:44:13 GMT

Expires: Fri, 23 Aug 2024 10:30:30 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache19.l2sg1:81, cache5.us1[0,200-0,H], cache6.us1[0,0]

Age: 3086960

X-Cache: HIT TCP_MEM_HIT dirn:6:808649642

X-Swift-SaveTime: Tue, 26 Aug 2014 10:30:30 GMT

X-Swift-CacheTime: 315360000

.PNG........IHDR................v....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...KIDATx..]{.\U....w.;...K.-........i.1...D@..%.`..Q".h..?L...>j......h......R0V..BI..-..}.v......s<g.]f.........u.Ng.........;.... ........"x...!..*f..G ....d.R.FH......4..&.......Nj5..p./.,.[U..?.*u..m.E..r.I.t8j$R ...U.3U....&I/.D..7....N..t8j$R "*.j.%..6IwW#v.n...%.\m......@A"j.F...I...0.@.t.).......aj.. ...l....%..^F.B.........rj-.C.......x.2.f2..zSV:.5...QM ..cSe.....ZU.D.. . G.DjE. ...?...jv;...9Z.6..N..Z1...'.Js.VD................)D.. 4..5...Q.^...`x.....dE.b7O........H.H.VDT.VI.1q.e..%g.[..%...T....5.....D.1.Pu.gO..H.k{.......<.I..]S.........<..Q5#S.h...../.....5...H.VDT.VU....\..[r......K2.hT..5.S.H.VDT.Uu.%.J...0a!U^.l.]..N..)..H.VD.'.d.N..Z.....1?..hi.!I>..p.H.V...Q...n.T...[...\i.!`b..c*.. ."j.Z.9V...N!.<.F.b.3.~..8@}(d!?.rc./...^%.........E. "L&.<..W.........`.._o..#.....H...]..........m....?..-.n..e ..F........].r.EAvtv.]~5.......]..LP....d.VrV..~..(7b.*..z9..-.-..G.U y.^...pe...........<.. .....82..d0%H/.N..cB/z....h. W..F..{...yH/.7.%JF...?..V..s@\..i....F.3;\.N........Bn..ZG^.=......s.........m..v...C0|.^.....^.z.An0...[# `...............a....g......x...h.....pj/....'..../...-.O..>y.\q#..M.......iw....G.....9..k^..............e.'..)......m0.....:...x..(.#4....h.s.]B........\T......w?.8..w...b.,..0...\\....a1{.....;.vn.#..Y!.r.......W|F...<O.dv....3.....~.U....._87..k....t.I..N..C.c$IZ....I...s.i...y..1..2...[..P....{{;...cAR.J.f.P..=...~p....w..}.).._..mv.../ofc=...C<.=Xz.

<<< skipped >>>

GET /app.gif?&cna=MmqyDMhU6lECAbhrJiYFiPcH HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pcookie.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:48 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=MmqyDMhU6lECAbhrJiYFiPcH; expires=Sat, 28-Sep-24 03:59:48 GMT; path=/; domain=.cnzz.com

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;..

GET /app.gif?&cna=MmqyDMhU6lECAbhrJiYFiPcH HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Cookie: uc1=cookie14=UoW28XHzO5gErA==; v=0; cookie2=100b7929c8e64ac2ae1435c07276fd09; t=17e002f6e58e45f8d59eecfe815ebe56; _tb_token_=36176305f5e00

Connection: Keep-Alive

Host: pcookie.taobao.com

HTTP/1.1 200 OK

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:46 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=MmqyDMhU6lECAbhrJiYFiPcH; expires=Sat, 28-Sep-24 03:59:46 GMT; path=/; domain=.taobao.com

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;..

GET /tps/i2/T1CCRNXmRFXXXXXXXX.png HTTP/1.1

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img02.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 1053

Connection: keep-alive

Date: Thu, 04 Sep 2014 13:38:46 GMT

Last-Modified: Thu, 14 Oct 2010 03:53:37 GMT

Expires: Sun, 01 Sep 2024 13:38:46 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache4.l2sg1[0,200-0,H], cache32.l2sg1[1,0], cache4.de1[0,200-0,H], cache1.de1[0,0]

Age: 2298048

X-Cache: HIT TCP_MEM_HIT dirn:2:238890905

X-Swift-SaveTime: Sun, 28 Sep 2014 16:48:43 GMT

X-Swift-CacheTime: 313275003

.PNG........IHDR...x...F.....0..=....PLTE.......r..v.....x..}..............p........{..t.....n..l.....g.................p......................nnn................t..}...........r..w...........t.....q........t.................}......T.u..t.VVV.......w.sss.y..n..{..................Q.....?jjj....._.....................fffhhhggg..U.f...........................).........lll..H................y....qqq.........ooo......}}}...yyy....o......O.......................Piii..f(....tRNS.@..f...$IDATx^..5..A.....j.f.3........e(.Q.L'.%S.;.1.y..... ..g.r.....cQ./x..K.?gU...xB.!.......Dk}......Y.$............G#.5.M_.k}..vz. ....Q...4.p2r..A:}.&..a.~....c.)...CO.u.4.....VY8 E,BY).......-..9|.W...Z...\....p..w$WQ.b.E._?.........s.../...$....{D......[1.........6.a.u......^.~i..Ui\..$...c<<.xn.?.o-.[..^.#Y...*...d.......U@.v.`;?. 9;.....1;p......[28N.L....Z.k;%...3....=..i.Z...-.0M..B.;`.....].v..i6=..s`.'>.$..s......FI..!.p.=..!.dR#$...l..H....^.@....m}.d].....I..rb..'.U%.9....Y..._BN...."-.\.@.u./|.V..Z....9....a......&H........X,...b.xK.*&u....m....IEND.B`.....

<<< skipped >>>

GET /tps/i2/T16WJqXaXeXXXXXXXX-32-32.gif HTTP/1.1

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img02.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/gif

Content-Length: 3223

Connection: keep-alive

Date: Thu, 11 Sep 2014 15:20:29 GMT

Last-Modified: Tue, 15 Dec 2009 02:34:17 GMT

Expires: Sun, 08 Sep 2024 15:20:29 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache27.l2sg1[0,200-0,H], cache35.l2sg1[1,0], cache5.de1[0,200-0,H], cache1.de1[1,0]

Age: 1687145

X-Cache: HIT TCP_MEM_HIT dirn:7:5487438

X-Swift-SaveTime: Sun, 28 Sep 2014 16:59:01 GMT

X-Swift-CacheTime: 313885288

GIF89a . .......333............^^^VVV.........JJJ666.........!.......!.2Built with GIF Movie Gear 4.0Made by AjaxLoad.info.!..NETSCAPE2.0.....,.... . ......Iia....bK.$.F...R.A.T.,..2S.*05//.m.p!z...0...;$.0C....I*!.HC(A@.o...!39T5.\.8)....`....d..wxG=Y..g...wHb..v.A=.0.V\.\.;........;...H.........0..t%.Hs..rY<H...........b..Z.b.OEg:...GY]..=.A.OQ.s....\b.h.9.=sg...c..e....*....f.7D..!.......,.... . ......IiY....YF5..F...R...Tb.G.J.....L..d...&.Ymx........ \...@........ ....1..&R....H..4.1Q..|V..%.z.v...#j0....l.Gg{0~..<.<..[.[.h.x..G...y.........[.0....G.....P.z...h.....kz..i....y....h|z.h.G...V.........\h..[.........&. ..W.7.8...!..!.......,.... . ......I)1....1G5d].(..R...T2..jL.{..< .[.5.M....0..)... L...I...m..E..`....p..U....^f.%..^.......u.;..zz.}0.X....S0.ew.y.k<..%..O.......z..{....|......%......F.i.1..0.......Y.....8.x.....z..@....<................8..Y<.......8...\.P.$...!......!.......,.... . ......I.....g.EU... ..R.a.TB.......p>'...e..$.."...\.#E1C.n......~...J.,..,Aa.....Uw^4.I%P....u.Q.33.{0..i1T.G.gw.y}%..%'R............=...........3..G.%..p..0.....JRo.5...0I..myk...x...T._}.(....^..yK..s.....>i_.%...n.=.....q.4e.-M..D..!.......,.... . ......I)*...')E.d]......PR.A..:!..zr....bw..%6."G.(d$["...J...Fh....a..Q.P.`p%.../BFP\cU...?T.t.W/p..G&OtD.a_.s.y.lD'M......q..tc.........b..2..D...M...:........d..%.......4%s)....u...E3.....YU....t......D.$.JiM.<.Y.;......d<. O..tX.<q' .B....!.......,.... . ......IiR...."J% ......EQZ.......Ld...-Y....h..k.Q.|...5.u...4Y.I........

<<< skipped >>>

GET /tps/i2/T1psWqXq4cXXbCFbsb-100-100.jpg HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img02.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 7047

Connection: keep-alive

Date: Wed, 24 Sep 2014 16:39:36 GMT

Last-Modified: Fri, 26 Apr 2013 14:49:02 GMT

Expires: Sat, 21 Sep 2024 16:39:36 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache28.l2sg1[0,200-0,H], cache7.de1[0,200-0,H], cache1.de1[1,0]

Age: 559209

X-Cache: HIT TCP_MEM_HIT dirn:3:156266497

X-Swift-SaveTime: Sun, 28 Sep 2014 16:50:37 GMT

X-Swift-CacheTime: 315013739

......JFIF.....H.H.....C....................................................................C.......................................................................d.d............................................I.............................!"2.#1B..3AQR$Sabqr..CL..........&5Ds....................................@.........................#..."23!1A.BCb4RSa..$Qcqr....%...................?...m.>.]...t.oLn.y.n..b........z.....l........X.M]O.?..G............F.m>.?.....G.......x.H......9"i...4._...'...N?id.._.Q/..M.gJ....>......K...s.D. T/.z....jx..p...Q...L..:7.@..4[.9....y....;.3.l.V...e....g.R.!./x....3..Z-.6..3.).5MAM..)..2......X!.&..<.......;....Mh.....LNu0.03U..O5..)6&..T..-5}L.Ky8s..u9......)b!tS.J.Q.........eXQ..RI*....f.%$...).a..Z...\.{.......4Vu.j..V......W)..e..W....V.`..n....... ...w....}.....}cz UM....~.b..7....A....!.F..8..w..![f.X]O6>T...........I.....8.7ij...|>.#..V.J.....V.T;..`,..SM..F.....|c...J.i!..H.F...h.....S....A1..gx..mgG...Y......X...Xo..........rM......k9.mk26....p........0{J|..s...v.sj...%.......M........"^\M../.@=....K.l@.......I...-.!....q..jp2...a=.e..u(. .u.....$*.....Pn1.L.. F..:1K.oL)..um..il..R.K...RFzJ...].3L.qB..4..|.]...vC-....%g^2....$.....6.L.;D....j.='........~md7..;K..G...?......'x.,.....k.....F.P.<(..T....`l.Q._......?...K..slK.....J.&.......7..............W...q.....{........\..V.I.M.QK.&.....|.......vW..\/....W.......1t.7.:X].Pq.....x...c.7.%-I.!.(M...c...j.:&."zg......=z.&..{fy.r].(.{./.3)...kAGIC.P.......!.k&.#.3UW..f.CR.94......1.j:....T.>.es

<<< skipped >>>

GET /tps/i2/T14xipXrheXXbCFbsb-100-100.jpg HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img02.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 5015

Connection: keep-alive

Date: Wed, 10 Sep 2014 16:56:29 GMT

Last-Modified: Fri, 26 Apr 2013 14:48:56 GMT

Expires: Sat, 07 Sep 2024 16:56:29 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache35.l2sg1[0,200-0,H], cache5.l2sg1[1,0], cache2.de1[0,200-0,H], cache1.de1[0,0]

Age: 1767796

X-Cache: HIT TCP_MEM_HIT dirn:0:323101591

X-Swift-SaveTime: Sun, 28 Sep 2014 16:50:37 GMT

X-Swift-CacheTime: 313805152

......JFIF.....H.H.....C....................................................................C.......................................................................d.d............................................E............................."2.!#B..13Rb$AQqr..CSa..&4Dc..........................................6.......................#...3$..."24ACRb!1BQSaq.5cr..............?.j.)q...\...ve8...-.D!...(.....oH.....%/5p...5.?X."jc.\8O........1.h...{..[-.....h.5.p......A57fR......D..d...P..\..6.j^...-.9..\A......;.].9v....V.n.o.............../....b...,....G.wW.....K...%y'|._..Mf.$3..A..}7..L..E..p.&....?i.(.$p....vl.......u`....8.lIN.......N9...e.>....m.,...=..\..x.)...Op.., ..F..s.bO0...W.9..m...p....v..%.Q!..X'....w|...o..O'.....R.2.m/....e*....{..7.8c.o.o,-.;.q.r.n1.5.=..{..h...`.l|B..............l...OA/oc....../..V...........\...a..].. ...!o}g.].........!...$B....X.>.....>....%.9G\.'.g....hi....u....[..).-.....r..>_..|A.......q..........eyd.2..Bf....57%.*.w@.........g.........<k..Z../..K,....M.U.?f39e/..#.*.K...d{...C..i..si.4@m....N.N....pe...Rr..<..H.$}...G.{..?Df.........@..*.n....O...`.7rC.$...)#..?......l..3....Vvn../.8.U..o.~x.?..v..w.Z...Xp.....c]S.C.!..j.QML..t.Pj...>l...FWR.P.G...G.>.=....H.......Z......).n............G.G.*..hf.f.......uj;..].)7[6.N.S.....wwiQ..Q.....S..f.u......[...%.M.{~r.........E.p.B.6..4-J.3TSs...2.a./...&..z..I.m.> L3.THyH..2.=.....uH.t....GK.-..S....Ju.D...$.>...Q.."......Wb......?........B..6.!......Y.kOe...j..Z}r<`...S@..|..<w.d.......H..|*..

<<< skipped >>>

GET /tps/i2/T1I2eGXudeXXcwqdnp-233-31.png HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img02.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 1210

Connection: keep-alive

Date: Thu, 04 Sep 2014 09:46:42 GMT

Last-Modified: Wed, 15 May 2013 06:29:26 GMT

Expires: Sun, 01 Sep 2024 09:46:42 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache25.l2sg1, cache7.de1[0,200-0,H], cache1.de1[0,0]

Age: 2311984

X-Cache: HIT TCP_MEM_HIT dirn:0:789144579

X-Swift-SaveTime: Wed, 10 Sep 2014 18:14:34 GMT

X-Swift-CacheTime: 314811128

.PNG........IHDR.............5"......tEXtSoftware.Adobe ImageReadyq.e<...3PLTE...............~~~............nnn............vvv...}(&.....IDATx..X...6........"..l...v.E.l........h...<H........A..!U.?.....k3}....g,.w'.~.E?X.Hm.gCt....?.%...T.K^..*.. Hd.......Z.H....Q!/W$.j.X.%a..P..H..K.X. ......y.X...' L76......r.,....s..\..1.?W.i...i...I...X.......t......{l.....?Xn.kB....T....B..I.l..^.Jp....h.gf"........dum.....an.|.6.0.j9#E..gq|%...'.......E..6'.h......i.......5..T...f..mS.&.z&QNK.]-g...}....Q....#..w...%..FU1...p...........R..........m...t..A.#...]-wH.....xo........[.N.T.......T..^...G.96TE..H....6......lt.maT.'...R.1...E.V.l...hm.......UDX..L..).$r........cr.Z..\...i..?t.. .l.`....Q.k.....}.......~.......)..fG.x.Q.n.y..8.8..&...K..;}....j.a..*g...z.......}..j..$.....N..".T.Y.GN...)2.M....D9q..HNC6.`.$G.5.'..)...;...%-..E.}..J?....e.....:.AD....>.i..|.8Q9#...)c.$L...W..i.*7t.XS..b....T%L0..c8.V.yi#.d.X:.[-j....Q*...{...V........Ds..{..W.E....}...{d........Rt...o.a5ndu9#.........J%R.(..",.}B. ..Fz...6.I....>.ec..xg.*....L/......?....q....R}.. .2...S..4.g....[..x.c#.......ww...^}.](....`.0oE.....U..........mZ...?....]..oG.,.,.......7....G.)._...x...x.B..... }.>H....._.......geH.....IEND.B`...

<<< skipped >>>

GET /tps/i1/T1I_56Xl0wXXXXXXXX-104-1.png HTTP/1.1

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img01.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 212

Connection: keep-alive

Date: Sat, 06 Sep 2014 13:42:42 GMT

Last-Modified: Sun, 14 Oct 2012 05:51:49 GMT

Expires: Tue, 03 Sep 2024 13:42:42 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache11.l2sg1[0,200-0,H], cache10.l2sg1[1,0], cache2.de1[0,200-0,H], cache6.de1[0,0]

Age: 2125013

X-Cache: HIT TCP_MEM_HIT dirn:6:699690931

X-Swift-SaveTime: Sun, 28 Sep 2014 16:49:14 GMT

X-Swift-CacheTime: 313448008

.PNG........IHDR...h.................pHYs...H...H.F.k>...aIDAT......@ ..@...$J...2.$..!. .@...!.$i.1&$.(.y^..q^.UU.M...u}?..(...yY.R..m.~.Zkc.y^....8........_=...4....tEXtSoftware.Adobe ImageReadyq.e<....IEND.B`.....

GET /tps/i1/T1.qOqXElbXXbCFbsb-100-100.jpg HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img01.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 5963

Connection: keep-alive

Date: Wed, 24 Sep 2014 16:35:30 GMT

Last-Modified: Fri, 26 Apr 2013 14:48:56 GMT

Expires: Sat, 21 Sep 2024 16:35:30 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache11.l2sg1[0,200-0,H], cache16.l2sg1[1,0], cache6.de1[0,200-0,H], cache6.de1[0,0]

Age: 559455

X-Cache: HIT TCP_MEM_HIT dirn:5:520854864

X-Swift-SaveTime: Sun, 28 Sep 2014 16:57:48 GMT

X-Swift-CacheTime: 315013062

......JFIF.....H.H.....C....................................................................C.......................................................................d.d.............................................E............................."..!#2B.1R.3Aab.$CQr.4q..%5ST..s......................................7.......................#...23C..!"$AB.14c..QRbs...5r.............?..l.n.Z.....j.....,.V....,....#$[..Hg&.uL.U.R..#SH....u...L}...j.^O..7N-.......M4..de_......... ,<..G..]...V..H.....@GJ.z.k...P1.....LOW/^!#/MO.u........./....h.m..._...cu9..`L..8......g$mu...V......S....=D_....u...?mcy..r.[n[....W.......~.Z.&...........Mf.o...?.........:W...8.85g...pA..V....>..P3eo......$..T.R.O...q...nw.K.?..0.`.........&l.i..S..Bw....($.#]E*....".e.........k....){.X.x......{...ce...o(..~. .w).i.Z...b.J.[..n.iLnj..t..|D:...{>..=.G(..AC..E.Sn.W..u........m......t.S.....`.......Up.8.O.<..U..<#r. ......0..U4.(_!.p.C.@R.Dq.qH(...L...P.....X$U..'.._R.Xj..;.k.p.*v...;d.i..uK..RxIFBA..^E@.4.P>.1"...E......s$....=.=.6..YU\.........v.....5.....q....i....E[.... _MX2.b~.].. .....3..s.m....[.G.;/.(..M.....k.7.k.z=Xg.9L.....sJ..>.0.s.A.22_2.;^-tK..bW..V2.AgL..b.RI..S...B.G..a.-*.V...^&...!k...w..h....U....I.!o.8.j...(}iW..V.L...m...J..~l...`...k...}......V..i4........U0.X.I.~.77..<'-.........f.<...Uq`..I........Qb..Z...U..L..Q-.....t_....N_....Q...@2J=..6..eV..<P..^...F.)........@..6..ov9e.{......'.<...q.........>......N1...Xi.>Z.pgq...O.J...y>....T.Y.....z...b..'.'.=...... .d.ldsp.b....;8..y

<<< skipped >>>

GET /tps/i1/T1bKarXqpaXXbCFbsb-100-100.jpg HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img01.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 4404

Connection: keep-alive

Date: Sun, 28 Sep 2014 16:58:31 GMT

Last-Modified: Fri, 26 Apr 2013 14:48:55 GMT

Expires: Wed, 25 Sep 2024 16:58:31 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache32.l2sg1[0,200-0,H], cache30.l2sg1[0,0], cache5.de1[0,200-0,H], cache6.de1[1,0]

Age: 212474

X-Cache: HIT TCP_MEM_HIT dirn:1:997631677

X-Swift-SaveTime: Sun, 28 Sep 2014 16:59:38 GMT

X-Swift-CacheTime: 315359933

......JFIF.....H.H.....C....................................................................C.......................................................................d.d.............................................H.............................."2.!B..#13Ab$CQRSaqr..c......4.5Ds......................................(........................#.123C.."r..$A............?..$..>..xW..{.O.......5.. ...@.s..c...,.\..U..7x..E.UD..1..... 7^.l......)..g/..-....O7^rb.Y..7STS,...@..]..*.Z.x.cl.d.)..o.....3..!I|....4R7..S.....{.3...6.. .'.IG..)..... K.....y.Zs...j....GG..C.2...@S.....I...^....M.)......i.:....#....IL..3...[nv.3...uQ..[[.C7#..=L..sP...=.[.sO...4....av.]...s..W.L?I..N.5.:.'...b..R..a.9..'.6..p..Ho^T.-.a@p]2....8.q..F.?.2.K.74..k`gRU.TANV.>..i..O.R..TKQ.}..o.].M&.<^......n...O*jOp..~..z......q...EjH9.!SV..Z).................Pf*Q..=]jk.X{4...M..R.....;...6...l..dl....T....... ).ox.w..a 5.I......C..C.(...@.7%A....&..#.0....B...7.Vj...eJl....)...'9.C&v...,...X..T....I....E......KII.F^|....:....8..ej..,....]../..E.......r.o..ty...tu=..=....tR,..b.[.6*.:..PY]..U>.....j(......~....p..n.y...O.Sx../. ...F...~ZO..W.....r.SV.Rm...S.."uy.........S..oW............j.jCz...V.[h..E).KM..9.H..r.........Wd...p.g-...Q..q.....1?Qo..a....[.......:...y.y..v.........O......:c...p....<.h._..44.6sDg..bU...4.<......{...[*q.....C|..m).6M.-.'......~...v..dK..5.......7.......*E$.............9~.%..t.OR.k,.L#..s.G/e.>...u..k.\.L....W.F...O.x.Oh......}..I.b...O.n?.\....pFl..../.9x.$.h.Up....QI...b]..Da...S..<.E..].x3\...

<<< skipped >>>

GET /tps/i1/T1pyCFXspgXXcSYPgT-81-164.png HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img01.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 1730

Connection: keep-alive

Date: Sat, 20 Sep 2014 00:35:57 GMT

Last-Modified: Wed, 15 May 2013 06:29:10 GMT

Expires: Tue, 17 Sep 2024 00:35:57 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache34.l2sg1[0,200-0,H], cache4.l2sg1[1,0], cache1.de1[0,200-0,H], cache6.de1[0,0]

Age: 962629

X-Cache: HIT TCP_MEM_HIT dirn:4:727456899

X-Swift-SaveTime: Sun, 28 Sep 2014 16:57:48 GMT

X-Swift-CacheTime: 314609889

.PNG........IHDR...Q...........2.....tEXtSoftware.Adobe ImageReadyq.e<...8PLTE...........@..I......................................b.....Z...........]..............Z........7...........W..w.................u........n..D..{...........j...........B..R..M..e...........h.....B..n...........l..@.....g.....K.................T...........9........a.....{..~..s..G........K.................5.............htRNS...........................................................................................................K....IDATx....v.8.@ev.!..a....!;.d...Iz..}......`....,UY2.3.....{.%U.J...2{....7.8.........).J........w.B..D.......t.!..0.F.w..T..`.n\.P..u..rF..U ..?..?....Hq|,...=.e/.3.,R<. .../..o.N.."u.bd..pM..W.j\..Y.f<.2..5V.RF......q<i.SY......1.3f|K.yk7.........*H..#..q.g/Na....X..[`}........emd.8.z..l....1..8..1.r);0^....K.....c.7(9.=..."ec`..b..?o..I...1.N!....g../-c.d.g.......o...l!i...B...-........_....e.e....R.2r....MX....e...e.o/X,.".e.....$8.}..T%.w.......A<.Hn..Ph4.{.K...q....]...#......} y.E...q...k..|..)Pt@u....6.c..z....=.q.........3..gI.....{]......W8s-< ..O.A/..~..=...`g|. ..uQ......o..W.=.....G...M....{.5[..v.....E......)=..eV.^..a..w.0... .,.).......V*.G..|...8..=..!)#...l.p;F\.s......H....E..H..>.9G.F=. .u.1TdP.!.1.18ZNl|.p....U..........g#.07.J..A.s./.`.2.T..7.{6..sL..]cH.2j.;."..8i.1Yb.F..6...q..3g7.M.Q#6c.. zk..^1..i.....Q...7k.R...4.E..GF.4.~..Fw.....8......d`.....K........J.}_...H...3..y.y.|H....1. ....w..'.1.2.=XI. A. .==4...)<........q./....U..iZF^.<.(!.YF.T....%..e,#?..

<<< skipped >>>

GET /tps/i1/T1peCbFoJfXXc9zjvi-54-54.png HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img01.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 638

Connection: keep-alive

Date: Sat, 20 Sep 2014 00:35:58 GMT

Last-Modified: Thu, 22 Aug 2013 04:59:38 GMT

Expires: Tue, 17 Sep 2024 00:35:58 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache19.l2sg1[0,200-0,H], cache35.l2sg1[0,0], cache8.de1[0,200-0,H], cache6.de1[0,0]

Age: 962631

X-Cache: HIT TCP_MEM_HIT dirn:1:81402681

X-Swift-SaveTime: Sun, 28 Sep 2014 16:59:41 GMT

X-Swift-CacheTime: 314609777

.PNG........IHDR...6...6.......5.... cHRM..z%..............u0...`..:....o._.F....pHYs.................vpAg...6...6.N.......IDATH..V.n.0......6........l....(.R....o.....|.....>...'2l..S...O..c.:..\V.]o.kD.(....f.k...j}.........nL. :En'..5..@.$..8..OI2.]...7r.....F."...=$..%. ..7Z.....H.@...\4".b.GX9.6HA.Y-...vg..e].$t...(.}....].....Ts{.5.........t.`...."\...b._<.WA....uk.......aP_..:..dR.V.>.[o..j.N...&.62.......\D=,~.>o.r..\... ..~.FmzQi../2..[3j3.e.].'mk! `..A.n.s.!nrk.....;.)..R."L.<..s.&]N..|.....el{.}.....7L..HZ.k.......%tEXtdate:create.2013-08-22T11:39:04 08:00..#j...%tEXtdate:modify.2013-08-22T11:39:04 08:00|.......IEND.B`.....

GET /tps/i1/T19EqoXzBeXXaXezbh-48-70.png HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img01.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 847

Connection: keep-alive

Date: Tue, 09 Sep 2014 16:53:30 GMT

Last-Modified: Fri, 26 Apr 2013 13:17:07 GMT

Expires: Fri, 06 Sep 2024 16:53:30 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache18.l2sg1[0,200-0,H], cache19.l2sg1[0,0], cache1.de1[0,200-0,H], cache6.de1[0,0]

Age: 1854383

X-Cache: HIT TCP_MEM_HIT dirn:5:727423579

X-Swift-SaveTime: Sun, 28 Sep 2014 16:58:43 GMT

X-Swift-CacheTime: 313718087

.PNG........IHDR...0...F........i....tEXtSoftware.Adobe ImageReadyq.e<...`PLTE....................................................................................................... tRNS................................\\.....YIDATx....z. ..WA...96.F....*...../.$...,.......k..j.............@m.' k...F-..{.T[[..Y....P.Uh-......N~..>.....F..wK:`.Wi..|$.....A~..#..(..............o.../.["5..........0R....@........h..|. #...@4.\...#....xo..|..3...o....@...q.....q........@.S.My.|u..c.....N..7..*.J..k......L..e.f.\3j..6..6.E."P.UY......

GET /c.php?id=30062430 HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: w.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:46 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Wed, 01 Oct 2014 03:59:46 GMT

Expires: Wed, 01 Oct 2014 05:29:46 GMT

1f7a..(function(){function l(){this.c="30062430";this.O="q";this.K="";this.H="";this.J="";this.o="1412135986";this.M="q4.cnzz.com";this.I="";this.q="CNZZDATA" this.c;this.p="_CNZZDbridge_" this.c;this.C="_cnzz_CV" this.c;this.s="1";this.v={};this.a={};this.ia()}function g(a,c){try{var b=[];b.push("siteid=30062430");.b.push("name=" f(a.name));b.push("msg=" f(a.message));b.push("r=" f(h.referrer));b.push("page=" f(d.location.href));b.push("agent=" f(d.navigator.userAgent));b.push("ex=" f(c));b.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).src="hXXp://jserr.cnzz.com/log.php?" b.join("&")}catch(e){}}var h=document,d=window,f=encodeURIComponent,k=decodeURIComponent,p=unescape,q=escape;l.prototype={ia:function(){try{this.R(),this.G(),this.fa(),this.D(),this.l(),this.da(),this.ca(),this.ga(),this.i(),.this.ba(),this.ea(),this.ha(),this.$(),this.Y(),this.aa(),this.na(),d[this.p]=d[this.p]||{},this.Z("_cnzz_CV")}catch(a){g(a,"i failed")}},la:function(){try{var a=this;d._czc={push:function(){return a.w.apply(a,arguments)}}}catch(c){g(c,"oP failed")}},Y:function(){try{var a=d._czc;if("[object Array]"==={}.toString.call(a))for(var c=0;c<a.length;c ){var b=a[c];switch(b[0]){case "_setAccount":d._cz_account="[object String]"==={}.toString.call(b[1])?b[1]:String(b[1]);break;case "_setAutoPageview":"boolean"===.typeof b[1]&&(d._cz_autoPageview=b[1])}}}catch(e){g(e,"cS failed")}},na:function(){try{if("undefined"===typeof d._cz_account||d._cz_account===this.c){d._cz_account=this.c;if("[object Array]"==={}.toS

<<< skipped >>>

GET /tps/i1/T1XgzaXX0kXXaXezbh-48-70.png HTTP/1.1

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img01.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 2678

Connection: keep-alive

Date: Wed, 24 Sep 2014 16:37:21 GMT

Last-Modified: Sat, 28 Apr 2012 03:04:32 GMT

Expires: Sat, 21 Sep 2024 16:37:21 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache17.l2sg1[0,200-0,H], cache15.l2sg1[1,0], cache4.de1[0,200-0,H], cache5.de1[0,0]

Age: 559334

X-Cache: HIT TCP_MEM_HIT dirn:7:238755622

X-Swift-SaveTime: Sun, 28 Sep 2014 16:49:41 GMT

X-Swift-CacheTime: 315013660

.PNG........IHDR...0...F........i....tEXtSoftware.Adobe ImageReadyq.e<....PLTE....t...&.g...(.R..xL..........V..j.........k................B..I......7.\......g.=..L.....R..Q...V..E..).$..a.....I..{...H.C.....3........x*.......P..:..:..X%..x.R..\............{.e...).M.....I..Z......].o..|..............e...........]..j......X.2..w..V....... ..........g.*..u.....7.....g...i.......v7..x..B....a......O.c..6......=.u..S...w....^...l....2...O..vJ#..`..B...c...kox.z%A......t...*....z...{..=.......,..X.....[.....i;....s..\..W..oI.J..L........k.r.........$..g...E.K.....r&.l.....c.g......g..|8.{...Z.h.....[...M.U..T.....j".$...;.D.....z..r..t......h.h..{..p..G.....|.....g..'.cQU.O..&.....k..U..............;..D........./naZ..!.......c*.A..f_y3*.....\.............V.<36.........................H!.b..7...`.}...v.Q..U........za..w.a..}..N..^..................tRNS................................................................................................................................................................................................................................................................S..%....IDATx...y@.g..pPS....@..%.TP..A...a".y.Y...i...WZBfebj&.....Q.giM-\....Z..V;...B..z.............._.......w..=.8..r....m.}2'..?..0..Sm.`.0..F...Mg..............l..$...f..AW.n._r..........^6.E'..i.$.......[".I ..$6Tk.7..2..`..DM5...g./1j.."....z.`...../.&.Q...........P..f..d2.(# hp9.yAm...G.1.!..pQ..{Z?..$......T...#.-.5A.X2,...-P....$..*. ..-.$.q8"....j..=../.^.....{.l...!!;g.Y@.x.$.....Z%.}...<........

<<< skipped >>>

GET /tps/i1/T1au1rXpNaXXbCFbsb-100-100.jpg HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img01.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 6789

Connection: keep-alive

Date: Sat, 20 Sep 2014 00:35:57 GMT

Last-Modified: Fri, 26 Apr 2013 14:49:02 GMT

Expires: Tue, 17 Sep 2024 00:35:57 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache18.l2sg1[0,200-0,H], cache30.l2sg1[0,0], cache4.de1[0,200-0,H], cache5.de1[0,0]

Age: 962628

X-Cache: HIT TCP_MEM_HIT dirn:5:238931796

X-Swift-SaveTime: Sun, 28 Sep 2014 16:49:53 GMT

X-Swift-CacheTime: 314610364

......JFIF.....H.H.....C....................................................................C.......................................................................d.d.............................................I..............................!".#2B.13ARb.$Qar...CS....q..MTcd......................................>.......................#.....23."1C!ABSb.$QRaqr....45...................?.oR..n..,..r:;..}..gao..x.o........'&{...*...3.....-.S....r...6.<x.vmv...'.j...iX.z...o.zd...c...-.&.>.N...O....Eg..8.8.i4nf..9......p..h...............Z..'.j[.Rh.?l.6h..s'...`.PB*.c.E....v..e......A...GTo..;...,..)..0o..E..Z:.6..i.....da.72O.M.n.-......D]Ln.....EU.U.]&..-. ..}...Z.6CZgy-4.{%....87..G.5c..;...."-.W0pN..........S X....x.&..11[.0.....n7.)...6.iu@\?^R.zZP.u...Y.....l.V..TH.p..[.9'..<X8.zM.....f.....R...e.n.?.z..m^....pLb".............Zj.w._...|......"..9z.8.@-....q....>.B...5.s.nNVi-25......s.y.....B...I.f;.RV.jd...'..q7.......-4....x...v...Rs..UA.@G.p..:.-4.....y..nd.y>..a..$.....NP.@.Qj"..Z........EI..E.. *...UCKw..NX..Lj....T5.E8..kZ=)..VK.cJ...Qp..W......*...#1JB...' .......[%..9....S...jXl.....X.Du1VRgy.D....Yy5y2u6.....RS....)....k.......8Q... &.6$z.......;XD.$tA. c.8..H.J....ly..vqE.......].\.p.....K6m...%P......~z.O...(..L...|.....1.....R..M.T.....j..Y...KU...H..8...{..).........$g...M.Ar.>.....(...m..l......Y..D:c..z..z. 1.,.Z...M.....K2!..(._...!..._/.h.t..[.z.-..S.y.[x...9.G1p\A1.*......i$...&N5.M..iQl.>..@g......8n.[.;xY....U.&..)m1MR...G%K.....uuF. .....S..<%L...&....?.5.....

<<< skipped >>>

GET /tps/i2/T1iHqOXANXXXbjYjco-59-689.png HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img01.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 8976

Connection: keep-alive

Date: Thu, 04 Sep 2014 17:51:52 GMT

Last-Modified: Tue, 21 May 2013 07:36:52 GMT

Expires: Sun, 01 Sep 2024 17:51:52 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache2.l2sg1, cache7.de1[0,200-0,H], cache5.de1[0,0]

Age: 2282874

X-Cache: HIT TCP_MEM_HIT dirn:7:428038577

X-Swift-SaveTime: Wed, 10 Sep 2014 18:14:34 GMT

X-Swift-CacheTime: 314840238

.PNG........IHDR...;..........O$.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE..Y..E...........t.....}..h..\...........k..........................n...................................x..^..Q..k.......................{..H..A.......................M...........V..g..R.....m...........b.....r..`.....F...........v..C..........................N..U.....e.............._..c..W.....T...........=..........................................................................................................................................................................................................................?...........q.................@............................................L..C....................w..O.................{........I.....O..U..........................o....................k..U...........~........?..q..h.....J..@.....e.~>.......8......tRNS................................................................................................................................................................................................................................................................S..%....IDATx....TUG..Y......QA.$..*....DA.`...Q{...}..... ;.."......!..D.%Qc....t....nM...=..[..9...9.W...8.}.U........K....._...e..:A...O....46.".....Dg..8..a..W4.%0=.4.X.Mg/y>r.7.......0!...D...c..i....V0l.K..&..-:4...e..H../Y......X.@.3f...z...Un.bM.J...B.&.K..7......s.H...1....W....b..a....6p}.,..KVp}......H..ns(x.J..)P&$..Z.)X`,f..e.Z....%...Z....y{ZIK..........]k........`........zZ...........Y..........

<<< skipped >>>

GET /tps/i3/T1twurXApXXXai.eUc-54-225.png HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img01.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 1229

Connection: keep-alive

Date: Sun, 21 Sep 2014 14:20:31 GMT

Last-Modified: Fri, 26 Apr 2013 13:17:07 GMT

Expires: Wed, 18 Sep 2024 14:20:31 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache32.l2sg1[0,200-0,H], cache24.l2sg1[0,0], cache1.de1[0,200-0,H], cache5.de1[0,0]

Age: 826758

X-Cache: HIT TCP_MEM_HIT dirn:3:729734569

X-Swift-SaveTime: Sun, 28 Sep 2014 16:57:50 GMT

X-Swift-CacheTime: 314745761

.PNG........IHDR...6............x....tEXtSoftware.Adobe ImageReadyq.e<...)PLTE.........................................................................................................................................................................................................................................................................................................wk.....ctRNS...................................................................................................w5......IDATx...g[.A...E.BSz.,.tP..n...{......F....m..d....3....w....B.zB!..".K..5`...x...d.5NH..[.1-..5.[.....3....,...\.e.v.g.....~[38..V%.x..c{.v.....5 ..4nj^..c.H.....^/...[Apr-.R.......... .H...~)(..(v6~I..PQ..$#.......Q.j.0...Z...2..@V.."........... 6.l...X..C(f.h.@.._g.......3......7.q.1....t..v.J?l....."....!......\.a#.j&6.@.f...%.o3...|?.F.8..b.....{z....g`A....{.o....6.......y.C..5f..........#.3.....!.s..f...uN...Y.....%..*......h@L..<..l.Z.q;.X.qb....:.V.GI....A...4....o..!K...B......Oi...F..^..7...7.\.R.K...sz.......|.mO.#Fl>.. o$.xU.b.W............7.\.....s..pd........$.H#K.K.4..`.y.n;....gz...To7.0..m....F.Ib........o..&.O2...3Sc...\....V.83......BN.(...P.:0...3...2x..c.b.1.0Sr.SYl..M......c3.^......n.Q.H.an....IEND.B`...

<<< skipped >>>

GET /get/flashplayer/update/current/install/version.xml11.6.602.168~installVector=6&lang=en&cpuWordLength=32&playerType=ax&os=win&osVer=7 HTTP/1.1

User-Agent: Shockwave Flash

Host: fpdownload2.macromedia.com

Cache-Control: no-cache

HTTP/1.1 404 Not Found

Server: Apache

Content-Length: 350

Content-Type: text/html; charset=iso-8859-1

Date: Wed, 01 Oct 2014 03:59:49 GMT

Connection: keep-alive

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /get/flashplayer/update/current/install/version.xml11.6.602.168~installVector=6&lang=en&cpuWordLength=32&playerType=ax&os=win&osVer=7 was not found on this server.</p>.</body></html>...

GET /shop/noshop.htm HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: store.taobao.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:26 GMT

Content-Type: text/html;charset=GBK

Content-Length: 4477

Connection: close

S: STATUS_NOT_EXISTED

P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Content-Language: zh-CN

Content-Encoding: gzip

Accept-Ranges: bytes

X-Varnish: 2192562875 2192211370

Age: 2089

Via: 1.1 varnish

X-CacheHits: 1009

X-Cache: HIT

.................;.o.F.?'@..).m.".I}..e........[/....."%1.8.I.V|.c..t....&u.$N..g...c'n...-....Z wi.......!.!%Y...E.%..y....=R..#....../.v....??....H...........4...k."-..Y.;..X......S.I. p .....[,...Rf..,Q\.].~..ae.......*......f..mjj./..{.m.....j..0..d.x.Z.....L'...kJ(|...s)P(.i.hc.7...?......V`..........{./.k...g..6......2jz...:......2_.g...U.r..g.3...l.o.f ..g6...\.7.'.p.W.{1..M.X0../.3yU...Z...R.4..g.....0..2o.~O.rZ..?3...h.Ex.jU.c..)....\/L....S.."......$.......Q...........@.0.Fe.dl..v].....w.m@U...6Q..7..^..z`:FJ.........*"c9.Q...&:&9...I..P..y...XUB........Z@.1#..eJ;()....c.j{...g.0M....\.....}0P..,G..&...}......p..=..*.<.p......M.M.[....[.aM..t.q.IX...p..3..3...=..$......'.L..WU.....u.hk.D..r.t.)...F0.p@ ..'(..........A.lk$FJO.yu.<.i.S..qbA...S..i.2.v.Pv..S...b.%....k.....q%...i..&.R......_Vu....#.).d=M.<.....j..M ..X.)G#...h.C...vL;..b...V.."M.......#.Kb..qZ........\.c... .@(x.otf4.X.79.........m\.K..(.`..F.4...t.._...A..|.h.=.x..kw}....[..w.gR.c.m.....[...T.E.......6........Z.m./B.u....g&T.P*>..@..{....&..9....../>...s...."g.G.}p.8.Uv.|.N}.Ly..[k7.....E.hU..P|...>1..aC4........[N.|.W........k.U=...f.&J`...@.t.2.8.3..,c..6.2n........[6.P..sg._.I....A?..6._y.ri.......N....!>.r.s)m..X.........o.(.K.4...Y....gn..!2@...[..>...a.......}Zca....Ei....mC......P.4.e...H....K.x.......U6$\...p..xu.n$..`.I4?..w...i..As...........k..@..~.H...}b.Oc.....0K..N.%............u..}lg..g.|.w...(7..]..`..1...........q..c#..=1cV.>.mK]..y....9.......m....5R...q...Q...)d&,.[..fh).'.&.V.u]...8.h.....a

<<< skipped >>>

GET /tps/i3/T1WzepXuXeXXbCFbsb-100-100.jpg HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img03.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 4889

Connection: keep-alive

Date: Mon, 22 Sep 2014 04:53:47 GMT

Last-Modified: Fri, 26 Apr 2013 14:48:55 GMT

Expires: Thu, 19 Sep 2024 04:53:47 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache20.l2sg1[0,200-0,H], cache24.l2sg1[1,0], cache4.de1[0,200-0,H], cache7.de1[1,0]

Age: 774358

X-Cache: HIT TCP_MEM_HIT dirn:4:240275628

X-Swift-SaveTime: Sun, 28 Sep 2014 16:50:37 GMT

X-Swift-CacheTime: 314798590

......JFIF.....H.H.....C....................................................................C.......................................................................d.d............................................C.........................."....2.!#B13AQRb.$Caqr..S......4c...D...................................3.......................#...3.2C..!"1Q$B...4ARbcr.............?........H.K^i.I..F.L.....%......".....,.....&..F.....g...7./~.../..$..8C....z..m....j.Y .AR....$b...Ml.P.[....,:...T.U......h.....sU....)-..I.0.7...H.G.J...f5.aO.Z....N.T...l........H\...'m.^!B..}.1.7........3..W}..!...P{.l..Q.*.SUHY..L..U.....Q..g..1.k.lS.......I.'....E....."....X..[...[.N. ................h."......8o .S.5..'........V......,8p.\c.$[ ...G~...A.W/g.,.....n.,..>.N3KA..)......l....5..H...X.2'...f. YL.......M../P.....zxC......!.@...{.a%l...j.a8p..a..A..|mS0.....g..4"%L....<|..K93?.K..}J.......^.~.}.o|.....T....Mi.j....I6...%"8.....C..........e';{5)..<...r...g.....5..v..-..C7.Q.".)...NO'...5.....8aHx...,.....5C.......0/ ....U.X.a.r...j..a.k.E..z...a-?. |RJ.V...r...n.....E<..OG....B}A .Q.l.M#f...b.u.aR...y...4 a..............udsm..wV..@..H#vZ.k..T.mG-m..B6...f........#...:c.;...7M\./.Wdt...M.0l..4%H...]).7QcL.7w.....o..u..}..i...\.M......."Kg.*.Z[..kX..M.^....c...o....N..H....gl..]?;uYL...............O.Olq.Q.oR....*...).k;R...fi.qA.R.f...,.\...v.0v.....1dX*...|..N.^v....F\.......rn..QH.=.p...xT....*vkD...a...@...o4f.J..q.$..^X...m..o n...m.w.n...Wh..e)..F......gv .0.n..rjv]....$...Z.4.%....8S.4}.R;0......e.&...Z.P95T#.n...

<<< skipped >>>

GET /??kissy/k/1.4.2/seed-min.js,tb/global/3.1.5/global-min.js HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 28574

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:07:25 GMT

Last-Modified: Tue, 02 Sep 2014 07:47:58 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache7.l2cn201[0,304-0,H], cache13.l2cn201[0,0], cache1.de1[0,200-0,H], cache8.de1[1,0]

Content-Encoding: gzip

Age: 3139

X-Cache: HIT TCP_MEM_HIT dirn:7:856676232

X-Swift-SaveTime: Wed, 01 Oct 2014 03:07:25 GMT

X-Swift-CacheTime: 3600

............i{.F.(.]..Brd.l..dy!..xM<'Nrc...C1...n..R.#r~.[U...P.d.>...Ld.........><z.....d.i....X...}....u.~tz.....Oi.-.(<...<lm.E4h.....y..x...=..]{k^....`.fK..n..V.OX&qo.,v.lm..t.J-SU.Yh...p\..[..h.]/[.{.%X.y.~o...-G|K.......K..0.......q68...o....X.^g........WW/?......w.....z........=2.....v....f..{.*[.i2.m......v.g..:.... .....S..X.'.3.....)....[d 7..-gb../.4.6f`.'v....]@..,.....ck8..o>7..........1|..,q]...n<.E1,...1..5...M...=...cW...,.6?eI.........{v...U.j.4l.az..aX.Y..g.].&..?.?E....}.........`.~~....E5../~.y`...Z.../........L.......c.!'8<.4.x.a."X.X.46....qh..B.#..m...#.B'.W.|b.-g.z.,.........2.L..'n..\..I.mA..w;.....u......?.9{..........s.....!...Kv.....7.m.......R_`.o,........b9.<.Z.....q..E..&pcY.........^...W....._.^..X........._..O.K....z_,k.e..=..au...'..0n.k..-.;....1..>k.....r!.5KaEC.P...|....@....7..!...5.......W.~{.......Ah......]>n.....#o.H...n...u..:..W.l..7_..o..E...yd...a.~...&^....WQ..|..&.|]E....1&...?e.V.x...[.d..j.nL.....4......#.B.Cj........7.bU.@Bs.H...&....,..RQh.D.*..qtrr<.6....%.8.f .... q..K,W&.3....v.n.oz..tGc.a.....gyv.R...I...o.(.....F.=..;..7p.N..]._.......9l.~.!..{n...a....Q..`.@j#.f.n.y.oX.Oa...B.....Y.'>...C6k..6...wS@'.......o.$.C....Hl..]X.'..........5K-.GR.n.. ...&j...}..:........7.x..:.$\nr.v.l...n........'...../..G.X...6.6..ibg....$=...Y.......?....F...;.-...A..Eb.......y......C!Q...La.Sx..@.S...X.JnKk...!.b@....EX.bD.......&Zj.......S........ .....s7.....0.W..2.iM,g^..;.V...v.6.(.oa..s/....(,...@>...Wn.-.|.......%.=` ,..9.

<<< skipped >>>

GET /tb/ishopbook/0.0.8/g/page/found/index-min.css?t=20130925.css HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: text/css

Content-Length: 8254

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:08:24 GMT

Last-Modified: Mon, 05 May 2014 09:27:35 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache14.l2cn201[0,304-0,H], cache23.l2cn201[0,0], cache1.de1[0,200-0,H], cache8.de1[0,0]

Content-Encoding: gzip

Age: 3081

X-Cache: HIT TCP_MEM_HIT dirn:3:859523133

X-Swift-SaveTime: Wed, 01 Oct 2014 03:16:42 GMT

X-Swift-CacheTime: 3600

...........=...F...u#....y....`.v...1..3....A..D.D*$.....u...^Qj'3X`.....^U.z.n..e.dEs...f}9.....6.Vyq...}S.<..i.6..^eNVUeu..u..eqYe...o...N..X9M...i'Mv.8.&_...2@V.n..l.r{...:.vuP...y.......\...7yqsPj..Y.Z7.AD .S..@...8.....f.N^....7{.X.x<.{Q:....i.......KRViV...-.$K..ow?H.z..........Y...x...E:x......d<.....5....~..4\l..Z.......Al...........wg..%.dMz.H.MY]..A@~....xL~N...t..wh..!&.^....%..Y..|.p.b./......UxqQ.[Z......*_>..y.fE.GEYd..owe..E.4....y.'.&o....Z.......2A.6b...mV5."..t...6....vJRD.8.......!...U...;l.l.......UU........l.o.n\...:~U.....O.{>../...p./......kgF...vrM.l2g.m6.4.s.Z...pW.Vy...f.&qA.9..eY.:p/._.0....wy..I.G....2.UF.JH..]..T.E..V..*!...*c....e.z..^&....2.U&.JD.D]..T.x.).2..LA.).B.....V"..Z.......7....!]....j..K_Tc.......{b.=.Z.X....'..g...<|8._...X5.T.3.=Q.M..S...|1..a.....x........o|.8..........[ `c..3Q....?...>.B.....H`..8...>.}.....'0P}<.X.=.$.....@-..Tb...sC.;Z..b.V0j.C ...#..(.8..L}......>k.^$wV ....d......X.QO.....$......V.........!..V....z.(..KGA..H)..KMa.~..k..TX.....G( ..O\a.~..k..XX...B...ZV...zIGn.....%-..K:...t.W/...Q..`.H..F....E...e...e...e.$.e.*.e.0.;.h.Q...Q.)4.]...u.Es ...."..`...3...s.%7y....S..SR...#.t.,[>.P../...>.. ..e......t..M\5.@.t..K&.%.:..I?.j..,...~........Jy.o.T..........n.D.-..X.8).......|.j.M./.[*...,K...YL...8\.v.~.I*..7...Y..).['I....d...Ud..b..k......oY.T 5u.............1..=......A.#_...B.V.}...u.\z...J....9%2v.2.bN.....!..I.. .(.3T.'L&U..Dz....n..A........y:8[....g......_...w.. (k..."......T.....a~.....j!<Z7......].yC.%..6

<<< skipped >>>

GET /tb/ishopbook/0.0.8/g/pkg/??global/index-min.js?t=20130925.js HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 1953

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:21:49 GMT

Last-Modified: Mon, 05 May 2014 09:27:35 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache18.l2cn201[0,304-0,H], cache18.l2cn201[0,0], cache3.de1[0,200-0,H], cache8.de1[0,0]

Content-Encoding: gzip

Age: 2277

X-Cache: HIT TCP_MEM_HIT dirn:1:42642415

X-Swift-SaveTime: Wed, 01 Oct 2014 03:25:39 GMT

X-Swift-CacheTime: 3600

...........X{o.....~...<iQ(.y5N..m...y...V,.AI..F"uE*n....P.[..t.. .xt.?.../.................f<...5......5g.$k)w6..;;.....l.....*..e....}.N#............ "<".1..........d..Z...m].n>.P"..d.....gO..Uus sc......T.[.%%..Y.E.Ri...........; b.q\@.....LK..q..2..];.T......$.....R9..c.].*,....4.\k...(.......dJ.. $4..\..._.i.tv{.??..<..;.!...........<....H....../........y..O..cIb...xuw}uy.d.E....L.....A.tw3....M.......g.)...]..JW.......r....O.Z..r#2N.fX../ .1{h...V .[.N.......\.....d;...1.T....8I.g.n.Q^P..!.R.F.5vO.\...x.j.:....-.l...4..lX.V.k.......T..Z}(W...8\..K...X _h..K0..YmEW....DRw..NQ..z....>...#.....t.WL~. ...0.7Fx..xSQF!.x..7|w;.......7.F# ..H..t...'..Sd..i}Y...b.-Y@.=........Y....V...LEL..|.B.Z.&D.n..1<~.M...4&>=-..3e..r.QmuX.,...9.@I7...,.2,#.....E.6........I.&PcF.....4"..l..S.E.&......m...\:.......NS.._).#p.x..;...b....&..4f.g..8s...{.....q{.qLkC$..x..c.E.....=..X.P.L..5....2...P ..H5..i.....B..(...k.....F(@.........?.5Xm..7Z..c.?.h)..R..X...? ..~*w....../|9.N..=.p... am...o....".P..5...s.Q...Q.8.B....8.(|....Y,.X.2H.X...rk.]]XE....*Nw..... .5...s.......M.`.X.8...(.U.VO)...<.D...TY......\..#......HV..$....j....[h./...G....,\....8.&.......R?...7p*.L#..0.....z..D......EWs|aG..Y/.F d....OX.....cB...*o....$6.....-d......0.A....n...,.B.>.#.......71@;b..F.Kj.........W.t...2.....P=...'.TD.G...o{7.;m....S.LY>.b){.1.;.>..s6.(.a...M.s.`?[.3...'s...A...:wa h.W.6..l.s.;..IwI.2.a. \f..1..@t.5'"3........v.Hlm..:..@.*..]..A..j..r.....5:.1.h`.x.=a......;....&..HO.UX.:..Oh.i.#cV.....LB..

<<< skipped >>>

GET /tbc/??umpp/1.4.20/index-min.js HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 3932

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:50:41 GMT

Last-Modified: Mon, 25 Aug 2014 05:47:59 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache19.l2cn201[5,304-0,H], cache25.l2cn201[5,0], cache4.de1[0,200-0,H], cache8.de1[0,0]

Content-Encoding: gzip

Age: 545

X-Cache: HIT TCP_MEM_HIT dirn:3:386712895

X-Swift-SaveTime: Wed, 01 Oct 2014 03:50:41 GMT

X-Swift-CacheTime: 3600

...........Z..........Ei...$.)\...:M.......P...\R.Q\.\.Y...wf.......r.c..3.|.......f....L_]L^_..n.|...........&2..8b<u_./&.......%..^....P."..s0...f4p....".....\..xv.\LO...'.A.v...,k^Gv@C.9..V.....-....%....h.G.4......H........7..&.$........_.<....u.X....g.Mm.......Z .....`...i.QL..2....9..|. ...e...?.. ....... ;v..o...[.;(.V...g..s.T.J....J........\.`.].....br..~.W. ..l...\.kD.o.9.....c...OF.F..Wi.........K2bn.nm......7.....d"`..EBf-..`...h..NpT?p."..........o.b.....b:W.....PT.kXp&.M..q.6.-...*...L........M#."t.....O..4..>....u....".a.j...#.D.'...[0......g..~3...w.F|3l.....>Sg..qK........#...:....V....."0.c0..3.*.-....X9.. ..?... ..S#.....pz.=....U.......r.BPS.....x....4....v.x....=.....G....D....WC....4Ns...G.......qx.<...gZ.....[.b....8....`F.....X.....s...m^o.!E(.7d%..$.....x..ddo.HtQ..9@...e..}...j=.....k....f..'.9..>...?f.I.t....kz%..n...PA...!...a.{^.....7.P.[.....W{n......G.......C0../JP.....8....p...........Y......r...z...c....{..FTP..2A.q._8...."K...,.....Y..w.-....!...a.&..g%'.z`r..bY..Eoa..9.....A.0..Pz.E...jr..E..1...b.I....i......E.....{....*O.}....p.5..B.G.R........i;c...N."..-.".J........}..0.h......B.....j!....].s.1..e..w.F.m..a'....n...........>...."&.b D)....@...<........0.C.>.......B.g2w.~.3.$..P.......)Fd/.:..W..%....iM..k...|....[.P..\...X..A.c.^ws'..z...I....... .....N.N}....8....Y.....p..PD../....V..B{..2d[..[.m.......8..O;.YJx....x......?.7bf"Wi..xP..WyS..%.l..@. 2H%...).P_.qu.9..`..0Za...h....|....L L|../..K.9O.w...8iY.....[.[..F....1.10J..)...s.K@5.T....<

<<< skipped >>>

GET /kissy/k/1.4.2/??overlay-min.js,component/container-min.js,component/control-min.js,component/manager-min.js,xtemplate/runtime-min.js,component/extension/shim-min.js,component/extension/align-min.js,component/extension/content-xtpl-min.js,component/extension/content-render-min.js,xtemplate-min.js,xtemplate/compiler-min.js HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 20308

Connection: keep-alive

Date: Wed, 01 Oct 2014 02:51:52 GMT

Last-Modified: Fri, 07 Mar 2014 04:43:07 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache10.l2cn201[0,304-0,H], cache13.l2cn201[1,0], cache2.de1[0,200-0,H], cache8.de1[1,0]

Content-Encoding: gzip

Age: 4074

X-Cache: HIT TCP_MEM_HIT dirn:5:825898501

X-Swift-SaveTime: Wed, 01 Oct 2014 03:25:24 GMT

X-Swift-CacheTime: 3600

...........}iw....w..._"...E.I-Mw.....:v........ .....B..OU..F/.d.3.sb.h,..P...._*....U2.m..f....|....T....v....... .....o.iX.$...>..j..n;.../.......f,.D..ws.]o.Z...N.^.....7..02.V.....T.Y..._..f.._.Uu.F5Q.....j.Yln....M9..s..%..'.........V.tk..kuX;~.&_...[.]..N....f,WQ.\?....~...0....f...r.N.O.....t..z.b.F .:_....$...j.....Y,.j.7......$....S...z............ X......*.o^.$4.q..6.SA.g..zl..o......(.S45.^q...h..f....d.p.}.X......Q.FPu.[E....go..^....<d.=...'....D_q..z...z...&Z..j...w&...BL.q.._.............a..i.....kj..h..4y..;[.S.kF......E......g......Q.........$^y...V..2p.^0....y......^d....oF.8.n....r...K/H67n.T.|....>>.C.....8'.Oa}~5L....J._.7.}.....4.6.?.t.....-.@R._.F.%...../...(..S.z.9.~.^a.......>%......<...X.=8v.x.Fs...o....5.....#....K...B ....E..0..[.<.......?r..(.@.p.....ayo..........4.......)..?#L.K._..^M...........~<.G..t...|5X.....V`'59O....t....M.@).........h....D...D..._{.k.y{.f?...{.lO. 0u.i..(...'."%.V.....6......7....'...}..... .n#.Qko1......7u.$..5vw........f...H.z.P..%.<G....q..|..[............r.............@{..2......&,..O>.b....g..N...J;.....L......4.&..{p..G....56.R.L....^.[..."......7..@..*...S.-...f.*......S..].3....B .\o.S`,...e.....# .~{..>X..d..n...'...j;.....b6....c.-;..r....!.....h....D.^...<.Za......\~.....[..=`4....6..2pLH.....=n,.........7[.1$....F.3..=.8..UG ........U..8_.IX.xL....4>...j...d}"..D..1..t...,..HB...H.._..GMJ..F...jPa...M.P.`..".}.cO...2..nX.|?....i...x.o7....W..>^/....#L).. .pr......3..G 0"!.....b....S..=....;..[.l........v

<<< skipped >>>

GET /tb/tracker/1.0.13/index.js HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 1505

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:44:56 GMT

Last-Modified: Fri, 11 Jul 2014 01:29:04 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache26.l2cn201[0,304-0,H], cache2.l2cn201[1,0], cache6.de1[0,200-0,H], cache8.de1[1,0]

Content-Encoding: gzip

Age: 891

X-Cache: HIT TCP_MEM_HIT dirn:2:721609421

X-Swift-SaveTime: Wed, 01 Oct 2014 03:44:56 GMT

X-Swift-CacheTime: 3600

<<< skipped >>>

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 3057

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:04:38 GMT

Last-Modified: Mon, 23 Sep 2013 07:53:34 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache25.l2cn201[0,304-0,H], cache16.l2cn201[0,0], cache1.de1[0,200-0,H], cache8.de1[0,0]

Age: 3309

X-Cache: HIT TCP_MEM_HIT dirn:6:727636714

X-Swift-SaveTime: Wed, 01 Oct 2014 03:31:12 GMT

<<< skipped >>>

Accept: */*

Accept-Language: en-US

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-shockwave-flash

Content-Length: 4495

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:54:46 GMT

Last-Modified: Mon, 25 Aug 2014 05:47:59 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Accept-Ranges: bytes

Via: cache8.l2cn201[0,304-0,H], cache14.l2cn201[1,0], cache1.de1[0,200-0,H], cache8.de1[1,0]

Age: 303

X-Cache: HIT TCP_MEM_HIT dirn:1:856596663

X-Swift-SaveTime: Wed, 01 Oct 2014 03:54:46 GMT

<<< skipped >>>

GET /tps/i1/T1ga4HFCJ3XXaSQP_X-16-16.png HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: gtms01.alicdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 430

Connection: keep-alive

Date: Mon, 28 Jul 2014 02:03:22 GMT

Last-Modified: Tue, 21 Jan 2014 03:08:04 GMT

Expires: Thu, 25 Jul 2024 02:03:22 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: http/1.1 l2cn12 (ATS [cHs f ]), cache8.us1[0,200-0,H], cache8.us1[0,0]

Age: 5622984

X-Cache: HIT TCP_MEM_HIT dirn:3:510191489

X-Swift-SaveTime: Wed, 30 Jul 2014 21:37:32 GMT

X-Swift-CacheTime: 315116750.PNG........IHDR.............:.......pHYs...H...H.F.k>....vpAg.........\.......IDAT..=....0.....T.ns..iD.B.i`B.....g.......=..T.......].;aU....p.BM\....6....M.5.:.%.].G............NeI...k.f.2oZ..?~AD.... ...z.. .l...9c<..*F.......P...i..[.....s...s..`...=:N.. ..m..1SE_.k.u'?.6.&.)*....%tEXtdate:create.2014-01-21T11:08:04 08:00..9:...%tEXtdate:modify.2014-01-21T11:08:04 08:00........tEXtSoftware.Adobe ImageReadyq.e<....IEND.B`.`..

GET /tps/i1/T1IJ8DFGpdXXc6EcHc-150-52.png HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: gtms01.alicdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 5703

Connection: keep-alive

Date: Fri, 05 Sep 2014 02:45:29 GMT

Last-Modified: Mon, 21 Apr 2014 09:19:03 GMT

Expires: Mon, 02 Sep 2024 02:45:29 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache22.l2sg1[0,200-0,H], cache28.l2sg1[1,0], cache6.us1[0,200-0,H], cache8.us1[0,0]

Age: 2250857

X-Cache: HIT TCP_MEM_HIT dirn:5:402239042

X-Swift-SaveTime: Thu, 18 Sep 2014 08:12:08 GMT

<<< skipped >>>

GET /highqualityshop/high_quality_shop.htm HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dongtai.taobao.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:44 GMT

Content-Type: text/html;charset=GBK

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

S: STATUS_NOT_EXISTED

Pragma: no-cache

Cache-Control: no-cache

Set-Cookie: uc1=cookie14=UoW28XHzO5gErA==; Domain=.taobao.com; Path=/

Set-Cookie: v=0; Domain=.taobao.com; Path=/

Set-Cookie: cookie2=100b7929c8e64ac2ae1435c07276fd09;Domain=.taobao.com;Path=/;HttpOnly

Set-Cookie: t=17e002f6e58e45f8d59eecfe815ebe56; Domain=.taobao.com; Expires=Tue, 30-Dec-2014 03:59:44 GMT; Path=/

Set-Cookie: _tb_token_=36176305f5e00;Domain=.taobao.com;Path=/;HttpOnly

P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Content-Language: zh-CN

<<< skipped >>>

x-requested-with: XMLHttpRequest

Accept-Language: en-us

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept: text/html, */*; q=0.01

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dongtai.taobao.com

Connection: Keep-Alive

Cookie: mt=ci=-1_0; uc1=cookie14=UoW28XHzO5gErA==; v=0; cookie2=100b7929c8e64ac2ae1435c07276fd09; t=17e002f6e58e45f8d59eecfe815ebe56; _tb_token_=36176305f5e00; cna=MmqyDMhU6lECAbhrJiYFiPcH; CNZZDATA30062430=cnzz_eid=1516345071-1412135986-&ntime=1412135986

HTTP/1.1 200 OK

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:47 GMT

Content-Type: text/html;charset=GBK

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

S: STATUS_NORMAL

Pragma: no-cache

Cache-Control: no-cache

Set-Cookie: uc1=cookie14=UoW28XHzO5gErw==; Domain=.taobao.com; Path=/

P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Content-Language: zh-CN

Content-Encoding: gzipa8............-....0.D......7j.},..... ...@^M..)..."..9.......]..c............%..$....ggB.....ft.I5...Z.....<.`HdH[.$..y.h....V=.......).s.......z.tw......[....,)... ........0..

GET /tps/i4/T1GVuqXutdXXbCFbsb-100-100.jpg HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img04.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 5968

Connection: keep-alive

Date: Sun, 07 Sep 2014 15:56:52 GMT

Last-Modified: Sat, 27 Apr 2013 05:14:07 GMT

Expires: Wed, 04 Sep 2024 15:56:52 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache19.l2sg1, cache6.de1[0,200-0,H], cache3.de1[1,0]

Age: 2030573

X-Cache: HIT TCP_MEM_HIT dirn:3:882171688

X-Swift-SaveTime: Wed, 10 Sep 2014 18:26:44 GMT

<<< skipped >>>

GET /tps/i2/T1mEW0FXVXXXc_GIzs-25-136.png HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: gtms02.alicdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 588

Connection: keep-alive

Date: Tue, 23 Sep 2014 08:04:09 GMT

Last-Modified: Wed, 18 Sep 2013 03:37:02 GMT

Expires: Fri, 20 Sep 2024 08:04:09 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache28.l2sg1[0,200-0,H], cache27.l2sg1[0,0], cache9.us1[0,200-0,H], cache6.us1[1,0]

Age: 676541

X-Cache: HIT TCP_MEM_HIT dirn:7:478990060

X-Swift-SaveTime: Sun, 28 Sep 2014 16:47:20 GMT

X-Swift-CacheTime: 314896609.PNG........IHDR.................... cHRM..z%..............u0...`..:....o._.F....bKGD..........pHYs.................vpAg..........Q.....MIDATX...Q..0.D#.Y=..M?.Q...ql.U...^M.d.SN.&......<..p.....p@.......vU<@...p....#..4.[sJ.d.....8.e.C.G....wk j..!.W.J...g..RB._6........d..../.@.y$..."X....XE.. ....b.q.x..BNin_...}.%O..%y.bI..p.....b...if}.C.[...$.. .....L'.r.u.".W?'......7.Wg..._...}.....%.../..#.*.....9%..l..h.U...(.}.A.w7$.@WC......@...........U0..y....g..w....e...Asq...%tEXtdate:create.2013-09-18T11:37:02 08:00.{G....%tEXtdate:modify.2013-09-18T11:37:02 08:00q&......IEND.B`.`..

GET /p/header/header-min.css?t=20110506.css HTTP/1.1

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: text/css

Content-Length: 4383

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:05:59 GMT

Last-Modified: Mon, 28 Mar 2011 08:39:04 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Vary: Accept-Encoding

Via: cache16.l2cn241[51,304-0,H], cache15.l2cn241[52,0], cache27.l2cn201[1,304-0,H], cache5.l2cn201[1,0], cache7.de1[0,200-0,H], cache9.de1[0,0]

Content-Encoding: gzip

Age: 3212

X-Cache: HIT TCP_MEM_HIT dirn:0:791551673

X-Swift-SaveTime: Wed, 01 Oct 2014 03:05:59 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 3928

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:11:33 GMT

Last-Modified: Tue, 01 Nov 2011 12:05:11 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Vary: Accept-Encoding

Via: cache22.l2cn201[0,304-0,H], cache13.l2cn201[0,0], cache8.de1[0,200-0,H], cache9.de1[1,0]

Content-Encoding: gzip

Age: 2880

X-Cache: HIT TCP_MEM_HIT dirn:5:220825096

X-Swift-SaveTime: Wed, 01 Oct 2014 03:13:48 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 53550

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:15:03 GMT

Last-Modified: Thu, 27 May 2010 07:19:06 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Vary: Accept-Encoding

Via: cache4.l2cn201[0,304-0,H], cache26.l2cn201[0,0], cache2.de1[0,200-0,H], cache9.de1[1,0]

Content-Encoding: gzip

Age: 2670

X-Cache: HIT TCP_MEM_HIT dirn:1:827422743

X-Swift-SaveTime: Wed, 01 Oct 2014 03:16:31 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 2347

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:52:30 GMT

Last-Modified: Thu, 27 May 2010 07:19:59 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Accept-Ranges: bytes

Via: cache8.l2cn201[4,304-0,H], cache26.l2cn201[5,0], cache9.de1[0,200-0,H], cache9.de1[0,0]

Age: 424

X-Cache: HIT TCP_MEM_HIT dirn:1:321645579

X-Swift-SaveTime: Wed, 01 Oct 2014 03:52:30 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 5178

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:15:19 GMT

Last-Modified: Wed, 10 Sep 2014 06:48:49 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Vary: Accept-Encoding

Via: cache7.l2cn201[0,304-0,H], cache14.l2cn201[0,0], cache8.de1[0,200-0,H], cache9.de1[0,0]

Content-Encoding: gzip

Age: 2666

X-Cache: HIT TCP_MEM_HIT dirn:3:221940764

X-Swift-SaveTime: Wed, 01 Oct 2014 03:15:23 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 4815

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:32:48 GMT

Last-Modified: Tue, 06 Aug 2013 03:22:17 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Vary: Accept-Encoding

Via: cache30.l2cn201[0,304-0,H], cache6.l2cn201[0,0], cache1.de1[0,200-0,H], cache9.de1[0,0]

Content-Encoding: gzip

Age: 1618

X-Cache: HIT TCP_MEM_HIT dirn:6:858124573

X-Swift-SaveTime: Wed, 01 Oct 2014 03:38:27 GMT

<<< skipped >>>

GET /tps/i4/T1POdHXh8cXXXXXXXX-489-90.png HTTP/1.1

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img04.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/png

Content-Length: 2472

Connection: keep-alive

Date: Wed, 17 Sep 2014 02:47:53 GMT

Last-Modified: Fri, 13 Jul 2012 21:03:24 GMT

Expires: Sat, 14 Sep 2024 02:47:53 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache25.l2sg1[0,200-0,H], cache24.l2sg1[0,0], cache5.de1[0,200-0,H], cache10.de1[0,0]

Age: 1213901

X-Cache: HIT TCP_MEM_HIT dirn:6:2847700

X-Swift-SaveTime: Sun, 28 Sep 2014 16:59:00 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img04.taobaocdn.com

Connection: Keep-Alive

<<< skipped >>>

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img04.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 1852

Connection: keep-alive

Date: Sun, 14 Sep 2014 15:50:18 GMT

Last-Modified: Thu, 22 Sep 2011 02:14:59 GMT

Expires: Wed, 11 Sep 2024 15:50:18 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache28.l2sg1[0,200-0,H], cache10.l2sg1[0,0], cache4.de1[0,200-0,H], cache10.de1[0,0]

Age: 1426157

X-Cache: HIT TCP_MEM_HIT dirn:3:241689758

X-Swift-SaveTime: Sun, 28 Sep 2014 16:48:51 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img04.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 6637

Connection: keep-alive

Date: Wed, 10 Sep 2014 17:11:30 GMT

Last-Modified: Fri, 26 Apr 2013 14:49:02 GMT

Expires: Sat, 07 Sep 2024 17:11:30 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache5.l2sg1, cache7.de1[0,200-0,H], cache10.de1[1,0]

Age: 1766895

X-Cache: HIT TCP_MEM_HIT dirn:6:387490715

X-Swift-SaveTime: Wed, 10 Sep 2014 18:15:18 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img04.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 7261

Connection: keep-alive

Date: Sun, 28 Sep 2014 16:50:59 GMT

Last-Modified: Fri, 26 Apr 2013 14:49:02 GMT

Expires: Wed, 25 Sep 2024 16:50:59 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache22.l2sg1[0,200-0,H], cache23.l2sg1[0,0], cache8.de1[0,200-0,H], cache10.de1[0,0]

Age: 212926

X-Cache: HIT TCP_MEM_HIT dirn:7:85528087

X-Swift-SaveTime: Sun, 28 Sep 2014 16:59:38 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img04.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 5833

Connection: keep-alive

Date: Sun, 28 Sep 2014 03:12:44 GMT

Last-Modified: Fri, 26 Apr 2013 14:48:55 GMT

Expires: Wed, 25 Sep 2024 03:12:44 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache30.l2sg1[0,200-0,H], cache8.de1[0,200-0,H], cache10.de1[0,0]

Age: 262021

X-Cache: HIT TCP_MEM_HIT dirn:0:709875137

X-Swift-SaveTime: Sun, 28 Sep 2014 16:59:38 GMT

<<< skipped >>>

GET /tps/i2/T1ToSpXtdcXXbCFbsb-100-100.jpg HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img02.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 4459

Connection: keep-alive

Date: Mon, 22 Sep 2014 04:53:47 GMT

Last-Modified: Fri, 26 Apr 2013 14:48:55 GMT

Expires: Thu, 19 Sep 2024 04:53:47 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache29.l2sg1[0,200-0,H], cache33.l2sg1[0,0], cache3.de1[0,200-0,H], cache10.de1[0,0]

Age: 774358

X-Cache: HIT TCP_MEM_HIT dirn:7:907388988

X-Swift-SaveTime: Sun, 28 Sep 2014 16:56:04 GMT

<<< skipped >>>

GET /9.gif?abc=1&rnd=37872731 HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cnzz.mmstat.com

Connection: Keep-Alive

Cookie: cna=MmqyDMhU6lECAbhrJiYFiPcH; sca=3f0ce6f6; tbsa=b6d4a17159269d7bfccd9513_1412135986_1; atpsida=ba565f533c22ab6913d47ac4_1412135986

HTTP/1.1 302 Found

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:48 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: tbsa=b6d4a17159269d7bfccd9513_1412135988_2; path=/; domain=.cnzz.mmstat.com

Set-Cookie: atpsida=ba565f533c22ab6913d47ac4_1412135988; expires=Sat, 28-Sep-24 03:59:48 GMT; path=/; domain=.cnzz.mmstat.com

Location: hXXp://pcookie.cnzz.com/app.gif?&cna=MmqyDMhU6lECAbhrJiYFiPcH

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cacheGIF89a.............!.......,...........L..;..

GET /t/font_1404888168_2057645.eot? HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: at.alicdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/octet-stream

Content-Length: 8652

Connection: keep-alive

Date: Mon, 25 Aug 2014 10:08:42 GMT

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Cache-Control: max-age=31557600

ETag: "1DA30AE7733100C4411A11D851465533"

Last-Modified: Wed, 09 Jul 2014 06:42:48 GMT

x-oss-request-id: 53FB0B2AF47FA107375FA699

Via: cache35.l2sg1, cache7.de1[0,200-0,H], cache7.de1[0,0]

Age: 3174663

X-Cache: HIT TCP_MEM_HIT dirn:7:428043585

X-Swift-SaveTime: Wed, 10 Sep 2014 18:14:02 GMT

<<< skipped >>>

GET /core.php?web_id=30062430&t=q HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:47 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Wed, 01 Oct 2014 03:59:47 GMT

<<< skipped >>>

GET /home/css/error.css HTTP/1.1

Accept: */*

Referer: hXXp://store.taobao.com/shop/noshop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.taobao.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:34 GMT

Content-Type: text/css

Last-Modified: Mon, 26 Jul 2010 02:20:33 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Expires: Thu, 01 Oct 2015 03:59:34 GMT

Cache-Control: max-age=31536000

<<< skipped >>>

GET /counter6?keys=TCART_234_17e002f6e58e45f8d59eecfe815ebe56_q&t=1412117811346&callback=jsonp0&t=1412117811346 HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: count.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:45 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

Content-Encoding: gzip50.............*.. 0..V.qv...726.74O500J3K5.H51M.H1.LMMNK.04MMJ55./T..5.....7.K.<.....0..

GET /tb/global/3.1.5/global-min.css HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: text/css

Content-Length: 4196

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:55:01 GMT

Last-Modified: Tue, 02 Sep 2014 07:47:58 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache4.l2cn201[0,304-0,H], cache11.l2cn201[1,0], cache6.de1[0,200-0,H], cache5.de1[0,0]

Content-Encoding: gzip

Age: 283

X-Cache: HIT TCP_MEM_HIT dirn:0:680906672

X-Swift-SaveTime: Wed, 01 Oct 2014 03:55:01 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: text/css

Content-Length: 1061

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:18:19 GMT

Last-Modified: Thu, 06 Mar 2014 10:09:31 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache2.l2cn201[0,304-0,H], cache16.l2cn201[0,0], cache4.de1[0,200-0,H], cache5.de1[0,0]

Content-Encoding: gzip

Age: 2486

X-Cache: HIT TCP_MEM_HIT dirn:7:382533886

X-Swift-SaveTime: Wed, 01 Oct 2014 03:20:46 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: text/css

Content-Length: 964

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:40:00 GMT

Last-Modified: Wed, 23 Apr 2014 06:05:46 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache21.l2cn201[0,304-0,H], cache9.l2cn201[1,0], cache7.de1[0,200-0,H], cache5.de1[1,0]

Content-Encoding: gzip

Age: 1185

X-Cache: HIT TCP_MEM_HIT dirn:5:283681276

X-Swift-SaveTime: Wed, 01 Oct 2014 03:40:00 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 9652

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:40:21 GMT

Last-Modified: Mon, 05 May 2014 09:27:35 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache6.l2cn201[0,304-0,H], cache29.l2cn201[0,0], cache2.de1[0,200-0,H], cache5.de1[0,0]

Content-Encoding: gzip

Age: 1165

X-Cache: HIT TCP_MEM_HIT dirn:1:828347386

X-Swift-SaveTime: Wed, 01 Oct 2014 03:42:26 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 48937

Connection: keep-alive

Date: Wed, 01 Oct 2014 02:20:08 GMT

Last-Modified: Fri, 07 Mar 2014 04:43:07 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache23.l2cn201[0,304-0,H], cache16.l2cn201[0,0], cache8.de1[0,200-0,H], cache5.de1[0,0]

Expires: Sun, 28 Sep 2014 17:08:30 GMT

Content-Encoding: gzip

Age: 5978

X-Cache: HIT TCP_MEM_HIT dirn:0:848354231

X-Swift-SaveTime: Wed, 01 Oct 2014 03:04:49 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: text/css

Content-Length: 875

Connection: keep-alive

Date: Wed, 01 Oct 2014 02:48:17 GMT

Last-Modified: Mon, 23 Sep 2013 07:53:34 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache26.l2cn201[0,304-0,H], cache7.l2cn201[0,0], cache2.de1[0,200-0,H], cache5.de1[1,0]

Content-Encoding: gzip

Age: 4290

X-Cache: HIT TCP_MEM_HIT dirn:6:699121216

X-Swift-SaveTime: Wed, 01 Oct 2014 03:39:03 GMT

X-Swift-CacheTime: 3600...........VMs.0.. n3..m...4..^.....i.1.-..d=.$..'.......$.....-...v. ......'.4.0.!b).).I~A|.i.s"..o.A.&A.R.q..4|.j?@.R.p..0."...8Y`...ci.R..w.*.L...1k......yDiX4....y.u.{.X..v... ......T...['..m..............r...L..K..4.d..<..QDR...}...."m-HB..K.R....PHQ.".. .@..fs...!..}.e..f ..y.F...8.Q.q..K........LSo.*Cf......y&.R.uA....!...t..7....t..-d.k!.g...eq..k...c=....I=.....%..:F....K.W...!...:..c.9....9C3..0d".%....F........(.4.kd.....B....T.i...E...2..4:-.*.....P..5O.z.j...|...f].....H....:>.7.J..fw.[[...L.v.!.h....e.g.u........"...-...h^.W......*D.i...."bv.%.d..X..K*...I.....lb.h..PM...4..f.rO-=...2K...x..SS..T.P.4x........C`.{.......Bbg...h.liq..k.w./...h.W.....V.3 N.M........G.....yo."..... ...u..U.o....C.r...C..B........)....YJ.......p...).G'.?..b.6._%._..*..x.Y.p|s..}Y...k...i.F`....a]..c..]W-........#.]o....zM...k...j.N.:...Z.....]...._...exdw..._.e..@...........GET /sd/data_sufei/1.1.8/aplus/index.js HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/x-javascript

Content-Length: 9172

Connection: keep-alive

Date: Wed, 01 Oct 2014 03:41:24 GMT

Last-Modified: Thu, 04 Sep 2014 06:13:37 GMT

Cache-Control: max-age=315360000,s-maxage=3600

Access-Control-Allow-Origin: *

Vary: Accept-Encoding

Via: cache1.l2cn201[4,304-0,H], cache27.l2cn201[5,0], cache1.de1[0,200-0,H], cache5.de1[0,0]

Content-Encoding: gzip

Age: 1103

X-Cache: HIT TCP_MEM_HIT dirn:5:857793302

X-Swift-SaveTime: Wed, 01 Oct 2014 03:41:24 GMT

<<< skipped >>>

GET /stat.htm?id=30062430&r=&lg=en-us&ntime=none&cnzz_eid=1516345071-1412135986-&showp=1024x768&t=undefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefined&h=1&rnd=1199409612 HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: q4.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.1

Date: Wed, 01 Oct 2014 03:59:47 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Tue, 28 May 2013 02:57:17 GMT

Connection: close

Accept-Ranges: bytesGIF89a.............!.......,...........D..;..

GET / HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: jie.taobao.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:43 GMT

Content-Type: text/html

Content-Length: 260

Connection: keep-alive

Location: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<h1>302 Found</h1>..<p>The requested resource resides temporarily under a different URI.</p>..<hr/>Powered by Tengine..</body>..</html>..HTTP/1.1 302 Found..Server: Tengine..Date: Wed, 01 Oct 2014 03:59:43 GMT..Content-Type: text/html..Content-Length: 260..Connection: keep-alive..Location: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<h1>302 Found</h1>..<p>The requested resource resides temporarily under a different URI.</p>..<hr/>Powered by Tengine..</body>..</html>....

GET /tps/i3/T1aPSpXCNdXXbCFbsb-100-100.jpg HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img03.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 5342

Connection: keep-alive

Date: Thu, 04 Sep 2014 15:22:17 GMT

Last-Modified: Fri, 26 Apr 2013 14:48:55 GMT

Expires: Sun, 01 Sep 2024 15:22:17 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache16.l2sg1[0,200-0,H], cache23.l2sg1[0,0], cache4.de1[0,200-0,H], cache6.de1[0,0]

Age: 2291848

X-Cache: HIT TCP_MEM_HIT dirn:6:241307972

X-Swift-SaveTime: Sun, 28 Sep 2014 16:50:36 GMT

<<< skipped >>>

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img03.taobaocdn.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/gif

Content-Length: 1393

Connection: keep-alive

Date: Thu, 04 Sep 2014 10:14:59 GMT

Last-Modified: Fri, 23 Mar 2012 06:18:51 GMT

Expires: Sun, 01 Sep 2024 10:14:59 GMT

Cache-Control: max-age=315360000

Access-Control-Allow-Origin: *

Via: cache26.l2sg1, cache6.de1[0,200-0,H], cache6.de1[0,0]

Age: 2310287

X-Cache: HIT TCP_MEM_HIT dirn:7:828896513

X-Swift-SaveTime: Wed, 10 Sep 2014 18:21:18 GMT

<<< skipped >>>

GET /1.gif?logtype=1&title=%u5E97%u94FA%u52A8%u6001-%u53D1%u73B0%u597D%u5E97&pre=&cache=12a20d5&scr=1024x768&isbeta=4&spm-cnt=a310h.2220293.0.0.l7tB25&category=&uidaplus=&aplus HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: log.mmstat.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:46 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=MmqyDMhU6lECAbhrJiYFiPcH; expires=Sat, 28-Sep-24 03:59:46 GMT; path=/; domain=.mmstat.com

Set-Cookie: sca=3f0ce6f6; path=/; domain=.mmstat.com

Set-Cookie: tbsa=b6d4a17159269d7bfccd9513_1412135986_1; path=/; domain=.mmstat.com

Set-Cookie: atpsida=ba565f533c22ab6913d47ac4_1412135986; expires=Sat, 28-Sep-24 03:59:46 GMT; path=/; domain=.mmstat.com

Location: hXXp://pcookie.taobao.com/app.gif?&cna=MmqyDMhU6lECAbhrJiYFiPcH

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cacheGIF89a.............!.......,...........L..;..

GET /apps/ishopbook/src/pkg/wgt/nav-v2/iconfont.eot? HTTP/1.1

Accept: */*

Referer: hXXp://dongtai.taobao.com/highqualityshop/high_quality_shop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t.tbcdn.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/octet-stream

Content-Length: 17756

Connection: keep-alive

Date: Fri, 26 Sep 2014 18:00:38 GMT

Cache-Control: s-maxage=204063, max-age=3600

Expires: Fri, 26 Sep 2014 19:00:38 GMT

Last-Modified: Tue, 23 Jul 2013 08:26:33 GMT

Access-Control-Allow-Origin: *

Accept-Ranges: bytes

Via: cache32.l2sg1[0,304-0,H], cache28.l2sg1[0,0], cache6.de1[0,200-0,H], cache6.de1[0,0]

Age: 381547

X-Cache: HIT TCP_MEM_HIT dirn:1:673028952

X-Swift-SaveTime: Mon, 29 Sep 2014 02:36:10 GMT

<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: shop63216378.taobao.com

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Server: Tengine

Date: Wed, 01 Oct 2014 03:59:25 GMT

Content-Length: 0

Connection: close

S: STATUS_NOT_EXISTED

P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Location: hXXp://store.taobao.com/shop/noshop.htm

Content-Language: zh-CN

Accept-Ranges: bytes

X-Varnish: 412457660

Age: 0

Via: 1.1 varnish

X-CacheHits: 0

X-Cache: MISSHTTP/1.1 302 Moved Temporarily..Server: Tengine..Date: Wed, 01 Oct 2014 03:59:25 GMT..Content-Length: 0..Connection: close..S: STATUS_NOT_EXISTED..P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'..Location: hXXp://store.taobao.com/shop/noshop.htm..Content-Language: zh-CN..Accept-Ranges: bytes..X-Varnish: 412457660..Age: 0..Via: 1.1 varnish..X-CacheHits: 0..X-Cache: MISS..

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_580:

.text

.text

`.rdata

`.rdata

@.data

@.data

.rsrc

.rsrc

t$(SSh

t$(SSh

~%UVW

~%UVW

u$SShe

u$SShe

hXXp://517.7q7q.info/dy.asp|ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp

hXXp://517.7q7q.info/dy.asp|ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp

&qqpassword=

&qqpassword=

aaa@xx.com|rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr

aaa@xx.com|rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr

15399997@qq.com|bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb

15399997@qq.com|bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb

hXXp://VVV.3322.org/dyndns/getip

hXXp://VVV.3322.org/dyndns/getip

15399997

15399997

111111111

111111111

11111111

11111111

110119112

110119112

12345678

12345678

55555555

55555555

hXXp://shop63216378.taobao.com

hXXp://shop63216378.taobao.com

smtp.xx.com|sssssssssssssssssssssssaassssaassssssssssssssssssssssssssssssssssssssssssssssssssssssss

smtp.xx.com|sssssssssssssssssssssssaassssaassssssssssssssssssssssssssssssssssssssssssssssssssssssss

password|wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww

password|wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww

CJ$$Yf..vx tv#$be

CJ$$Yf..vx tv#$be

165448879

165448879

TC0001.DAT

TC0001.DAT

Tenparty.DAT

Tenparty.DAT

F%*.*f

F%*.*f

CNotSupportedException

CNotSupportedException

commctrl_DragListMsg

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

Afx:%x:%x

COMCTL32.DLL

COMCTL32.DLL

CCmdTarget

CCmdTarget

__MSVCRT_HEAP_SELECT

__MSVCRT_HEAP_SELECT

user32.dll

user32.dll

RASAPI32.dll

RASAPI32.dll

iphlpapi.dll

iphlpapi.dll

SHLWAPI.dll

SHLWAPI.dll

MPR.dll

MPR.dll

WINMM.dll

WINMM.dll

WS2_32.dll

WS2_32.dll

VERSION.dll

VERSION.dll

GetProcessHeap

GetProcessHeap

WinExec

WinExec

KERNEL32.dll

KERNEL32.dll

GetKeyState

GetKeyState

USER32.dll

USER32.dll

GetViewportOrgEx

GetViewportOrgEx

GDI32.dll

GDI32.dll

WINSPOOL.DRV

WINSPOOL.DRV

RegCloseKey

RegCloseKey

RegOpenKeyExA

RegOpenKeyExA

RegCreateKeyExA

RegCreateKeyExA

ADVAPI32.dll

ADVAPI32.dll

ShellExecuteA

ShellExecuteA

SHELL32.dll

SHELL32.dll

ole32.dll

ole32.dll

OLEAUT32.dll

OLEAUT32.dll

COMCTL32.dll

COMCTL32.dll

WSOCK32.dll

WSOCK32.dll

HttpQueryInfoA

HttpQueryInfoA

HttpSendRequestA

HttpSendRequestA

HttpOpenRequestA

HttpOpenRequestA

InternetCrackUrlA

InternetCrackUrlA

InternetCanonicalizeUrlA

InternetCanonicalizeUrlA

WININET.dll

WININET.dll

GetCPInfo

GetCPInfo

CreateDialogIndirectParamA

CreateDialogIndirectParamA

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExA

SetWindowsHookExA

SetViewportOrgEx

SetViewportOrgEx

OffsetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

SetViewportExtEx

ScaleViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

GetViewportExtEx

comdlg32.dll

comdlg32.dll

.PAVCException@@

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.prn)|*.prn|

(*.*)|*.*||

(*.*)|*.*||

Shell32.dll

Shell32.dll

Mpr.dll

Mpr.dll

Advapi32.dll

Advapi32.dll

User32.dll

User32.dll

Gdi32.dll

Gdi32.dll

Kernel32.dll

Kernel32.dll

(&07-034/)7 '

(&07-034/)7 '

?? / %d]

?? / %d]

%d / %d]

%d / %d]

: %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

(*.CUR)|*.CUR|

%s:%d

%s:%d

windows

windows

out.prn

out.prn

%d.%d

%d.%d

%d / %d

%d / %d

%d/%d

%d/%d

Bogus message code %d

Bogus message code %d

(%d-%d):

(%d-%d):

%ld%c

%ld%c

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

HTTP/1.0

HTTP/1.0

%s

%s

Reply-To: %s

Reply-To: %s

From: %s

From: %s

To: %s

To: %s

Subject: %s

Subject: %s

Date: %s

Date: %s

Cc: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

%a, %d %b %Y %H:%M:%S

HELO %s

HELO %s

SMTP

SMTP

AUTH LOGIN

AUTH LOGIN

LOGIN

LOGIN

AUTH=LOGIN

AUTH=LOGIN

EHLO %s

EHLO %s

Content-Type: application/octet-stream; name=%s

Content-Type: application/octet-stream; name=%s

Content-Disposition: attachment; filename=%s

Content-Disposition: attachment; filename=%s

MAIL FROM:

MAIL FROM:

RCPT TO:

RCPT TO:

VVV.dywt.com.cn

VVV.dywt.com.cn

.PAVCObject@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCResourceException@@

.PAVCUserException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

.PAVCArchiveException@@

zcÁ

zcÁ

c:\%original file name%.exe

c:\%original file name%.exe

#include "l.chs\afxres.rc" // Standard components

#include "l.chs\afxres.rc" // Standard components

(*.*)

(*.*)

VVV.tongtong.com.cn

VVV.tongtong.com.cn

1.0.0.0

1.0.0.0

iexplore.exe_316:

%?9-*09,*19}*09

%?9-*09,*19}*09

.text

.text

`.data

`.data

.rsrc

.rsrc

msvcrt.dll

msvcrt.dll

KERNEL32.dll

KERNEL32.dll

NTDLL.DLL

NTDLL.DLL

USER32.dll

USER32.dll

SHLWAPI.dll

SHLWAPI.dll

SHDOCVW.dll

SHDOCVW.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

IE-X-X

IE-X-X

rsabase.dll

rsabase.dll

System\CurrentControlSet\Control\Windows

System\CurrentControlSet\Control\Windows

dw15 -x -s %u

dw15 -x -s %u

watson.microsoft.com

watson.microsoft.com

IEWatsonURL

IEWatsonURL

%s -h %u

%s -h %u

iedw.exe

iedw.exe

Iexplore.XPExceptionFilter

Iexplore.XPExceptionFilter

jscript.DLL

jscript.DLL

mshtml.dll

mshtml.dll

mlang.dll

mlang.dll

urlmon.dll

urlmon.dll

wininet.dll

wininet.dll

shdocvw.DLL

shdocvw.DLL

browseui.DLL

browseui.DLL

comctl32.DLL

comctl32.DLL

IEXPLORE.EXE

IEXPLORE.EXE

iexplore.pdb

iexplore.pdb

ADVAPI32.dll

ADVAPI32.dll

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

IExplorer.EXE

IExplorer.EXE

IIIIIB(II<.fg>

IIIIIB(II<.fg>

7?_____ZZSSH%

7?_____ZZSSH%

)z.UUUUUUUU

)z.UUUUUUUU

,....Qym

,....Qym

````2```

````2```

{.QLQIIIKGKGKGKGKGKG

{.QLQIIIKGKGKGKGKGKG

;33;33;0

;33;33;0

8888880

8888880

8887080

8887080

browseui.dll

browseui.dll

shdocvw.dll

shdocvw.dll

6.00.2900.5512 (xpsp.080413-2105)

6.00.2900.5512 (xpsp.080413-2105)

Windows

Windows

Operating System

Operating System

6.00.2900.5512

6.00.2900.5512