Gen.Variant.Strictor.74816_982d419e0a

by malwarelabrobot on December 4th, 2016 in Malware Descriptions.

Susp_Dropper (Kaspersky), Gen:Variant.Strictor.74816 (B) (Emsisoft), Gen:Variant.Strictor.74816 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)
Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 982d419e0a9f3a5a1bd3259144ec1236
SHA1: 3d8c162b2d0904779539d6b8aa9b47914a7294cc
SHA256: 1f64000c7f2dab22cb6438188020195e1eda6927e6bea52cde7ec38bdc4cb3b5
SSDeep: 12288:b06/F 8bO8O1D sErRccRSmJ9fJUMmtgu7qUN3O8RcPifmIj7u 0:I6jIantZoIK37qu1cPazvu
Size: 574976 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: PackerUPXCompresorGratuitowwwupxsourceforgenet, UPolyXv05_v6
Company: TODO:
Created at: 2016-10-18 12:54:30
Analyzed on: Windows7 SP1 32-bit

Summary:

Trojan-PSW. Trojan program intended for stealing users passwords.

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

%original file name%.exe:2984

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:2984 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\pic[1].gif (719 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2B2UVDJU.txt (265 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\load[1].gif (817 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\36GBOYBG.txt (415 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\ptlogin_report[1].bmp (66 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\json2[1].js (7098 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\icon_11[1].gif (913 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\pt_fetch_dev_uin[1].js (54 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\TCapIframe[1].js (5266 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\stat[1].js (1081 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\core[1].js (765 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\ptui_ver[1].js (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\ptqrshow[1].png (439 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\tongji[1].htm (952 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\TCapIframeApi[1].js (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\c_login_2[1].js (64891 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\N90VYBGE.txt (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\shiyitop[1].htm (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\TCapMsg[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\xlogin[1].htm (4258 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\xver[1].htm (99 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\53P3XZXY.txt (141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\r[1].htm (1 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016101020161017 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016102820161029 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2B2UVDJU.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\N90VYBGE.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\r[1].htm (0 bytes)

Registry activity

The process %original file name%.exe:2984 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\International\CpMRU]
"Size" = "10"

[HKLM\SOFTWARE\Microsoft\Tracing\982d419e0a9f3a5a1bd3259144ec1236_RASMANCS]
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\982d419e0a9f3a5a1bd3259144ec1236_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Internet Explorer\International\CpMRU]
"InitHits" = "100"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Internet Explorer\International\CpMRU]
"Enable" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\982d419e0a9f3a5a1bd3259144ec1236_RASAPI32]
"FileDirectory" = "%windir%\tracing"
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1476784470"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"processname" = "iexplore.exe"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"WindowClassName" = "DDEMLMom"

[HKLM\SOFTWARE\Microsoft\Tracing\982d419e0a9f3a5a1bd3259144ec1236_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\982d419e0a9f3a5a1bd3259144ec1236_RASAPI32]
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\982d419e0a9f3a5a1bd3259144ec1236_RASMANCS]
"FileDirectory" = "%windir%\tracing"
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\982d419e0a9f3a5a1bd3259144ec1236_RASAPI32]
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Internet Explorer\International\CpMRU]
"Factor" = "20"

[HKCU\Software\Microsoft\Multimedia\DrawDib]
"vga.drv 1276x846x32(BGR 0)" = "31,31,31,31"

[HKLM\SOFTWARE\Microsoft\Tracing\982d419e0a9f3a5a1bd3259144ec1236_RASMANCS]
"EnableFileTracing" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: ??
Product Name: ??QQ????????
Product Version: 1.8.0.0
Legal Copyright: ????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.8.0.0
File Description: ????
Comments: ??????????(http://www.dywt.com.cn)
Language: English (United States)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
UPX0	4096	1007616	0	0	d41d8cd98f00b204e9800998ecf8427e
UPX1	1011712	561152	559104	5.49106	61722d0eb3361eea5cf242dff33e044b
.rsrc	1572864	16384	14848	3.18507	01ba250f4419239c748d6d21537f7c24

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://www.gutou.cc/up/tongji.htm	120.24.75.226
hxxp://gutou.cc/ad/shiyitop.htm	203.195.236.181
hxxp://www.gutou.cc/å…¬å…±è½¯ä»¶ä¸‹è½½/å¤±å¿†ç§’èµžç§’è¯„è½¯ä»¶.txt	120.24.75.226
hxxp://all.cnzz.com.danuoyi.tbcache.com/stat.php?id=1252975436&show=pic
hxxp://gutou.cc/ad/shiyi/dingyue.htm	203.195.236.181
hxxp://js.users.51.la/17287617.js	42.236.74.247
hxxp://xui.ptlogin2.tencent-cloud.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=312326273372QQ277325274344&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html
hxxp://ic2.s51.qzone.qq.com/cgi-bin/feeds/feeds3_html_more?uin=&scope=0&view=1&daylist=&uinlist=&gid=&flag=1&filter=all&applist=all&refresh=0&aisortEndTime=0&aisortOffset=0&getAisort=0&aisortBeginTime=0&pagenum=1&externparam=&firstGetGroup=0&icServerTime=0&mixnocache=0&scene=0&begintime=0&count=10&dayspac=0&sidomain=ctc.qzonestyle.gtimg.cn&useutf8=1&outputhtmlfeed=1&rd=0.09336930761115929&getob=1&g_tk=	112.90.77.174
hxxp://gutou.cc/ad/shiyi/dingyue_files/style.css	203.195.236.181
hxxp://gutou.cc/ad/shiyi/dingyue_files/BE513.gif	203.195.236.181
hxxp://gutou.cc/ad/shiyi/dingyue_files/5842077.js	203.195.236.181
hxxp://all.cnzz.com.danuoyi.tbcache.com/core.php?web_id=1252975436&show=pic&t=z
hxxp://p21.tcdn.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png
hxxp://www.xuelangteam.com/dingyue/images/formbg.jpg	114.215.96.53
hxxp://www.xuelangteam.com/dingyue/images/bg_3b.png	114.215.96.53
hxxp://www.xuelangteam.com/dingyue/images/bg_5b.png	114.215.96.53
hxxp://www.xuelangteam.com/dingyue/images/bg_1.png	114.215.96.53
hxxp://www.xuelangteam.com/dingyue/images/bg_4b.png	114.215.96.53
hxxp://www.xuelangteam.com/dingyue/images/an.jpg	114.215.96.53
hxxp://p21.tcdn.qq.com/ptlogin/ver/10184/js/c_login_2.js?max_age=604800&ptui_identifier=000DDB5B18D05E29B47A688587C4E7CFCB5AE15C9710B85F11ECD82D
hxxp://icon.51.la/icon_11.gif	42.236.73.3
hxxp://www.xuelangteam.com/dingyue/images/input.png	114.215.96.53
hxxp://icon.51.la/icon_0.gif	42.236.73.3
hxxp://all.cnzz.com.danuoyi.tbcache.com/img/pic.gif
hxxp://p21.tcdn.qq.com/ptlogin/v4/style/0/images/load.gif
hxxp://xui.ptlogin2.tencent-cloud.com/cgi-bin/xver?t=0.7756034637612903
hxxp://a1574.b.akamai.net/pt_fetch_dev_uin?r=0.34893135520221974&pt_guid_token=1393125201
hxxp://a1574.b.akamai.net/ptqrshow?appid=549000912&e=2&l=M&s=3&d=72&v=4&t=0.9564570946254969&daid=5
hxxp://p21.tcdn.qq.com/ptlogin/v4/style/20/images/shouQ_v2/small_8.png
hxxp://ui.ptlogin2.qq.com/cgi-bin/report?id=455847	163.177.72.188
hxxp://captcha.qq.com/template/TCapIframeApi.js?aid=549000912&rand=0.9654468947939416&clientype=2&lang=2052&apptype=2	112.90.83.73
hxxp://xui.ptlogin2.tencent-cloud.com/ptui_ver.js?v=0.926366006895559&ptui_identifier=000DD31BFD70EE7959D3AC3FFD4692D2B517A8CAF4D6344E6BE5CC10
hxxp://isdspeed.qq.com/cgi-bin/r.cgi?flag1=7808&flag2=1&flag3=9&1=2000&v=0.316051840694602	125.39.133.14
hxxp://log.ptlogin2.tencent-cloud.com/cgi-bin/ptlogin_report?id=195279&msg=Unknown runtime error\|_\|http://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http%3A//qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http%3A%2F%2Fqzs.qq.com%2Fqzone%2Fv5%2Floginsucc.html%3Fpara%3Dizone&pt_qr_app=ÃŠÃ–Â»ÃºQQÂ¿Ã•Â¼Ã¤&pt_qr_link=http%3A//z.qzone.com/download.html&self_regurl=http%3A//qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http%3A//z.qzone.com/download.html\|_\|1\|_\|Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)&v=0.0016309808707142825
hxxp://ui.ptlogin2.qq.com/cgi-bin/report?id=358342&t=0.09189487731182771	163.177.72.188
hxxp://p21.tcdn.qq.com/2/json2.js
hxxp://p21.tcdn.qq.com/2/TCapMsg.js
hxxp://p21.tcdn.qq.com/2/TCapIframe.js?v=1.0
hxxp://gutou.cc/favicon.ico	203.195.236.181
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756008136&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://gutou.cc/	203.195.236.181
hxxp://gutou.cc/sale.php	203.195.236.181
hxxp://gutou.cc/kss_inc/js/jquery.pngFix.js	203.195.236.181
hxxp://gutou.cc/kss_inc/js/jquery.1.3.2.pack.js?version=M10-P158	203.195.236.181
hxxp://gutou.cc/kss_inc/style/sale_style.css?version=M10-P158	203.195.236.181
hxxp://gutou.cc/kss_inc/images/sale_search.gif	203.195.236.181
hxxp://gutou.cc/photo/miaopingmiaozan.png?mode=open	203.195.236.181
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756011147&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://gutou.cc/kss_inc/images/salelogo.png	203.195.236.181
hxxp://gutou.cc/kss_inc/images/sale_btn1.gif	203.195.236.181
hxxp://wpa.qq.com/pa?p=2:10347904:51	58.251.100.24
hxxp://gutou.cc/photo/qqxiangche.png?mode=open	203.195.236.181
hxxp://gutou.cc/photo/quanrenmiaozan.png?mode=open	203.195.236.181
hxxp://gutou.cc/photo/quan2.png	203.195.236.181
hxxp://gutou.cc/photo/é˜²åœˆæœ€æ–°æ•™ç¨‹.jpg	203.195.236.181
hxxp://ic2.s51.qzone.qq.com/cgi-bin/feeds/feeds3_html_more?uin=&scope=0&view=1&daylist=&uinlist=&gid=&flag=1&filter=all&applist=all&refresh=0&aisortEndTime=0&aisortOffset=0&getAisort=0&aisortBeginTime=0&pagenum=1&externparam=&firstGetGroup=0&icServerTime=0&mixnocache=0&scene=0&begintime=0&count=10&dayspac=0&sidomain=ctc.qzonestyle.gtimg.cn&useutf8=1&outputhtmlfeed=1&rd=0.03575335915511045&getob=1&g_tk=	112.90.77.174
hxxp://gutou.cc/kss_inc/js/admin_pub.js?version=M10-P158	203.195.236.181
hxxp://gutou.cc/kss_inc/js/jquery.form.js?version=M10-P158	203.195.236.181
hxxp://gutou.cc/photo/quan1.png	203.195.236.181
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756014158&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://gutou.cc/photo/shuoshuofabu.png?mode=open	203.195.236.181
hxxp://gutou.cc/photo/fenzu1.png	203.195.236.181
hxxp://gutou.cc/photo/fenzu2.png	203.195.236.181
hxxp://all.cnzz.com.danuoyi.tbcache.com/stat.php?id=1253155700
hxxp://wpa.b.qq.com/cgi/wpa.php?key=XzgwMDA5NDc0MF8zODI0MTdfODAwMDk0NzQwXw	14.17.43.53
hxxp://wpa.b.qq.com/cgi/wpa.php?key=XzgwMDA5NDc0MF8zODIzOTdfODAwMDk0NzQwXw	14.17.43.53
hxxp://js.users.51.la/18972332.js	42.236.74.247
hxxp://gutou.cc/photo/fenzu3.png	203.195.236.181
hxxp://gutou.cc/photo/zhuanfachongfa.png?mode=open	203.195.236.181
hxxp://gutou.cc/photo/renqikongjian.png?mode=open	203.195.236.181
hxxp://gutou.cc/photo/yanzhengxinxi3.png	203.195.236.181
hxxp://gutou.cc/photo/yanzhengxinxi4.png	203.195.236.181
hxxp://gutou.cc/photo/yanzhengxinxi6.png	203.195.236.181
hxxp://gutou.cc/photo/shanchushuoshuo.png?mode=open	203.195.236.181
hxxp://gutou.cc/kss_inc/images/sale_le.gif	203.195.236.181
hxxp://gutou.cc/kss_inc/images/sale_bg.jpg	203.195.236.181
hxxp://gutou.cc/photo/miaozanfenxiang.png?mode=open	203.195.236.181
hxxp://gutou.cc/photo/yanzhengxinxi1.png	203.195.236.181
hxxp://all.cnzz.com.danuoyi.tbcache.com/core.php?web_id=1253155700&t=z
hxxp://gutou.cc/photo/yanzhengxinxi2.png	203.195.236.181
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756017171&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://hm.e.shifen.com/hm.js?7d873703fcccf08b7645d8b2c04b0c12
hxxp://p21.tcdn.qq.com/qconn/wpa/button/button_111.gif
hxxp://p21.tcdn.qq.com/c/=/crm/wpa/release/3.3.7/util/domain.js,/crm/wpa/release/3.3.7/wpa/wpaMgr.js,/crm/wpa/release/3.3.7/wpa/visitor.js,/crm/wpa/release/3.3.7/wpa/kfuin.js,/crm/wpa/release/3.3.7/util/proxy.js,/crm/wpa/release/3.3.7/util/titleFlash.js,/crm/wpa/release/3.3.7/util/cookie.js,/crm/wpa/release/3.3.7/wpa/WPA.js,/crm/wpa/release/3.3.7/util/getJSONP.js,/crm/wpa/release/3.3.7/wpa/filter.js,/crm/wpa/release/3.3.7/wpa/ta.js,/crm/wpa/release/3.3.7/wpa/invite.js,/crm/wpa/release/3.3.7/util/taskMgr.js,/crm/wpa/release/3.3.7/lang/browser.js,/crm/wpa/release/3.3.7/util/pad.js,/crm/wpa/release/3.3.7/util/Bits.js,/crm/wpa/release/3.3.7/util/events.js,/crm/wpa/release/3.3.7/util/onLoad.js,/crm/wpa/release/3.3.7/util/offset.js,/crm/wpa/release/3.3.7/util/Panel.js?v=3.3.7.20160126
hxxp://p21.tcdn.qq.com/c/=/crm/wpa/release/3.3.7/util/onIframeLoaded.js,/crm/wpa/release/3.3.7/util/GUID.js,/crm/wpa/release/3.3.7/wpa/getQQVersion.js,/crm/wpa/release/3.3.7/wpa/ViewHelper.js,/crm/wpa/release/3.3.7/wpa/views.js,/crm/wpa/release/3.3.7/wpa/sid.js,/crm/wpa/release/3.3.7/util/blockStorage.js,/crm/wpa/release/3.3.7/util/className.js,/crm/wpa/release/3.3.7/util/Style.js,/crm/wpa/release/3.3.7/util/sessionStorage.js,/crm/wpa/release/3.3.7/util/localStorage.js?v=3.3.7.20160126
hxxp://p21.tcdn.qq.com/c/=/crm/wpa/release/3.3.7/wpa/SelectPanel.js,/crm/wpa/release/3.3.7/util/css.js,/crm/wpa/release/3.3.7/lang/extend.js,/crm/wpa/release/3.3.7/util/contains.js?v=3.3.7.20160126
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1276x846&et=0&fl=23.0&ja=1&ln=en-us&lo=0&nv=1&rnd=867638635&si=7d873703fcccf08b7645d8b2c04b0c12&st=1&v=1.1.33&lv=1&tt=éª¨å¤´è½¯ä»¶é”€å”®å¹³å°
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756020175&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://wpl.b.qq.com/cgi/ta.php?na=800094740&dm=gutou.cc&cb=JSONP_CALLBACK_1_87	120.198.199.200
hxxp://tajs.qq.com/crmqq.php?uid=800094740&dm=gutou.cc	14.215.138.25
hxxp://wpl.b.qq.com/cgi/ta.php?na=800094740&dm=gutou.cc&cb=JSONP_CALLBACK_3_41	120.198.199.200
hxxp://isdspeed.qq.com/cgi-bin/r.cgi?flag1=7818&flag2=21&flag3=1&2=2279&&1480756019967	125.39.133.14
hxxp://isdspeed.qq.com/cgi-bin/r.cgi?flag1=7818&flag2=21&flag3=1&2=2283&&1480756019974	125.39.133.14
hxxp://isdspeed.qq.com/cgi-bin/r.cgi?flag1=7818&flag2=21&flag3=1&1=45&&1480756020012	125.39.133.14
hxxp://visitor.crm2.qq.com/cgi/visitorcgi/ajax/wpa_first_heart_beat.php?nameAccount=800094740&dm=gutou.cc&title=éª¨å¤´è½¯ä»¶é”€å”®å¹³å°&url=vip.gutou.cc/sale.php&cb=JSONP_CALLBACK_2_36	183.232.88.155
hxxp://visitor.crm2.qq.com/cgi/visitorcgi/ajax/wpa_first_heart_beat.php?nameAccount=800094740&dm=gutou.cc&title=éª¨å¤´è½¯ä»¶é”€å”®å¹³å°&url=vip.gutou.cc/sale.php&cb=JSONP_CALLBACK_4_23	183.232.88.155
hxxp://prom.b.qq.com/se/r.gif?na=800094740&ref=&1480756019974	183.232.88.153
hxxp://p21.tcdn.qq.com/da/i.js
hxxp://prom.b.qq.com/wpadisplay/r.gif?version=3.3.7.20160126&wty=1&type=12&nameAccount=800094740&kfuin=800094740&ws=www.gutousoft.com&aty=0&a=0&title=ä¼ä¸šåç§°&wording=&wording2=&tencentSig=9726016512&1480756020974	183.232.88.153
hxxp://prom.b.qq.com/wpadisplay/r.gif?version=3.3.7.20160126&wty=1&type=11&nameAccount=800094740&kfuin=800094740&ws=&aty=0&a=0&title=éª¨å¤´è½¯ä»¶å·¥ä½œå®¤(æ”¯æŒæ›´æ–°)&wording=&wording2=&tencentSig=9726016512&1480756020974	183.232.88.153
hxxp://da.qidian.qq.com/ping/pv?v=0.6.4&tid=800094740&aid=&pid=fhnnv9.wuxgbh.iw8zwid2&qid=3bmuiy.ycc5mo.iw8zwid2&src=12&cid=4115680256&sid=1.1.3eb2ol.iw8zwid4&r=&pt=éª¨å¤´è½¯ä»¶é”€å”®å¹³å°&sw=1276&sh=846&dpr=1&saw=1276&sah=802&scd=24&so=&bw=1173&bh=539&tz=-2&hasf=23.0.0&hasadb=1&hasc=1&hastc=0&hasls=1&hasss=1&hasid=0&t=iw8zwidm&z=xs9l8u	220.249.244.26
hxxp://da.qidian.qq.com/jsonp/mta?v=0.6.4&tid=800094740&aid=&pid=fhnnv9.wuxgbh.iw8zwid2&qid=3bmuiy.ycc5mo.iw8zwid2&src=12&cid=4115680256&sid=1.1.3eb2ol.iw8zwid4&t=iw8zwid6&callback=S3JSONPPREFIXdd3a8u	220.249.244.26
hxxp://p21.tcdn.qq.com/da/id.html?q=3bmuiy.ycc5mo.iw8zwid2&p=fhnnv9.wuxgbh.iw8zwid2&t=800094740&a=&c=4115680256&s=1.1.3eb2ol.iw8zwid4&src=12&pgv_pvi=&v=0.6.4&ts=http://da.qidian.qq.com/ping/id
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756023185&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://ic2.s51.qzone.qq.com/cgi-bin/feeds/feeds3_html_more?uin=&scope=0&view=1&daylist=&uinlist=&gid=&flag=1&filter=all&applist=all&refresh=0&aisortEndTime=0&aisortOffset=0&getAisort=0&aisortBeginTime=0&pagenum=1&externparam=&firstGetGroup=0&icServerTime=0&mixnocache=0&scene=0&begintime=0&count=10&dayspac=0&sidomain=ctc.qzonestyle.gtimg.cn&useutf8=1&outputhtmlfeed=1&rd=0.08466338141029210&getob=1&g_tk=	112.90.77.174
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756026196&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756029207&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756032218&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756035229&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://ic2.s51.qzone.qq.com/cgi-bin/feeds/feeds3_html_more?uin=&scope=0&view=1&daylist=&uinlist=&gid=&flag=1&filter=all&applist=all&refresh=0&aisortEndTime=0&aisortOffset=0&getAisort=0&aisortBeginTime=0&pagenum=1&externparam=&firstGetGroup=0&icServerTime=0&mixnocache=0&scene=0&begintime=0&count=10&dayspac=0&sidomain=ctc.qzonestyle.gtimg.cn&useutf8=1&outputhtmlfeed=1&rd=0.05748406997788686&getob=1&g_tk=	112.90.77.174
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756038239&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756041252&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756044262&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://ic2.s51.qzone.qq.com/cgi-bin/feeds/feeds3_html_more?uin=&scope=0&view=1&daylist=&uinlist=&gid=&flag=1&filter=all&applist=all&refresh=0&aisortEndTime=0&aisortOffset=0&getAisort=0&aisortBeginTime=0&pagenum=1&externparam=&firstGetGroup=0&icServerTime=0&mixnocache=0&scene=0&begintime=0&count=10&dayspac=0&sidomain=ctc.qzonestyle.gtimg.cn&useutf8=1&outputhtmlfeed=1&rd=0.08937884211109545&getob=1&g_tk=	112.90.77.174
hxxp://a1574.b.akamai.net/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756047272&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756008136&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=....QQ....&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html	203.205.142.186
hxxp://vip.gutou.cc/photo/fenzu2.png	203.195.236.181
hxxp://imgcache.qq.com/ptlogin/v4/style/20/images/shouQ_v2/small_8.png	203.205.158.38
hxxp://combo.b.qq.com/c/=/crm/wpa/release/3.3.7/wpa/SelectPanel.js,/crm/wpa/release/3.3.7/util/css.js,/crm/wpa/release/3.3.7/lang/extend.js,/crm/wpa/release/3.3.7/util/contains.js?v=3.3.7.20160126	203.205.158.37
hxxp://vip.gutou.cc/photo/miaopingmiaozan.png?mode=open	203.195.236.181
hxxp://vip.gutou.cc/kss_inc/images/salelogo.png	203.195.236.181
hxxp://vip.gutou.cc/photo/quan1.png	203.195.236.181
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756041252&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://d.gutousoft.com/å…¬å…±è½¯ä»¶ä¸‹è½½/å¤±å¿†ç§’èµžç§’è¯„è½¯ä»¶.txt	120.24.75.226
hxxp://c.cnzz.com/core.php?web_id=1253155700&t=z	125.76.247.199
hxxp://vip.gutou.cc/photo/quan2.png	203.195.236.181
hxxp://vip.gutou.cc/photo/yanzhengxinxi3.png	203.195.236.181
hxxp://vip.gutou.cc/	203.195.236.181
hxxp://pub.idqqimg.com/qconn/wpa/button/button_111.gif	203.205.158.38
hxxp://vip.gutou.cc/photo/yanzhengxinxi4.png	203.195.236.181
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756044262&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://vip.gutou.cc/photo/zhuanfachongfa.png?mode=open	203.195.236.181
hxxp://ptlogin2.qq.com/pt_fetch_dev_uin?r=0.34893135520221974&pt_guid_token=1393125201	2.21.89.43
hxxp://vip.gutou.cc/kss_inc/js/jquery.form.js?version=M10-P158	203.195.236.181
hxxp://c.cnzz.com/core.php?web_id=1252975436&show=pic&t=z	125.76.247.199
hxxp://vip.gutou.cc/photo/miaozanfenxiang.png?mode=open	203.195.236.181
hxxp://vip.gutou.cc/photo/shanchushuoshuo.png?mode=open	203.195.236.181
hxxp://s23.cnzz.com/stat.php?id=1252975436&show=pic	1.99.192.16
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756047272&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756014158&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://vip.gutou.cc/photo/qqxiangche.png?mode=open	203.195.236.181
hxxp://vip.gutou.cc/photo/renqikongjian.png?mode=open	203.195.236.181
hxxp://vip.gutou.cc/photo/yanzhengxinxi2.png	203.195.236.181
hxxp://vip.gutou.cc/kss_inc/js/jquery.pngFix.js	203.195.236.181
hxxp://vip.gutou.cc/kss_inc/images/sale_search.gif	203.195.236.181
hxxp://ptlogin2.qq.com/ptqrshow?appid=549000912&e=2&l=M&s=3&d=72&v=4&t=0.9564570946254969&daid=5	2.21.89.43
hxxp://vip.gutou.cc/photo/yanzhengxinxi6.png	203.195.236.181
hxxp://icon.ajiang.net/icon_0.gif	42.236.73.3
hxxp://xui.ptlogin2.qq.com/ptui_ver.js?v=0.926366006895559&ptui_identifier=000DD31BFD70EE7959D3AC3FFD4692D2B517A8CAF4D6344E6BE5CC10	203.205.142.186
hxxp://vip.gutou.cc/favicon.ico	203.195.236.181
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1276x846&et=0&fl=23.0&ja=1&ln=en-us&lo=0&nv=1&rnd=867638635&si=7d873703fcccf08b7645d8b2c04b0c12&st=1&v=1.1.33&lv=1&tt=éª¨å¤´è½¯ä»¶é”€å”®å¹³å°	220.181.7.190
hxxp://vip.gutou.cc/photo/yanzhengxinxi1.png	203.195.236.181
hxxp://captcha.gtimg.com/2/json2.js	203.205.158.38
hxxp://vip.gutou.cc/sale.php	203.195.236.181
hxxp://imgcache.qq.com/ptlogin/v4/style/0/images/load.gif	203.205.158.38
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756029207&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756038239&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://captcha.gtimg.com/2/TCapMsg.js	203.205.158.38
hxxp://vip.gutou.cc/photo/fenzu1.png	203.195.236.181
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756026196&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://vip.gutou.cc/kss_inc/images/sale_bg.jpg	203.195.236.181
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756011147&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://vip.gutou.cc/kss_inc/style/sale_style.css?version=M10-P158	203.195.236.181
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756032218&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://hm.baidu.com/hm.js?7d873703fcccf08b7645d8b2c04b0c12	220.181.7.190
hxxp://imgcache.qq.com/ptlogin/ver/10184/js/c_login_2.js?max_age=604800&ptui_identifier=000DDB5B18D05E29B47A688587C4E7CFCB5AE15C9710B85F11ECD82D	203.205.158.38
hxxp://vip.gutou.cc/photo/é˜²åœˆæœ€æ–°æ•™ç¨‹.jpg	203.195.236.181
hxxp://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png	203.205.158.38
hxxp://bqq.gtimg.com/da/i.js	203.205.158.37
hxxp://vip.gutou.cc/kss_inc/images/sale_le.gif	203.195.236.181
hxxp://vip.gutou.cc/photo/fenzu3.png	203.195.236.181
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756023185&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://xui.ptlogin2.qq.com/cgi-bin/xver?t=0.7756034637612903	203.205.142.186
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756035229&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://captcha.gtimg.com/2/TCapIframe.js?v=1.0	203.205.158.38
hxxp://vip.gutou.cc/kss_inc/js/admin_pub.js?version=M10-P158	203.195.236.181
hxxp://vip.gutou.cc/photo/shuoshuofabu.png?mode=open	203.195.236.181
hxxp://combo.b.qq.com/c/=/crm/wpa/release/3.3.7/util/onIframeLoaded.js,/crm/wpa/release/3.3.7/util/GUID.js,/crm/wpa/release/3.3.7/wpa/getQQVersion.js,/crm/wpa/release/3.3.7/wpa/ViewHelper.js,/crm/wpa/release/3.3.7/wpa/views.js,/crm/wpa/release/3.3.7/wpa/sid.js,/crm/wpa/release/3.3.7/util/blockStorage.js,/crm/wpa/release/3.3.7/util/className.js,/crm/wpa/release/3.3.7/util/Style.js,/crm/wpa/release/3.3.7/util/sessionStorage.js,/crm/wpa/release/3.3.7/util/localStorage.js?v=3.3.7.20160126	203.205.158.37
hxxp://vip.gutou.cc/photo/quanrenmiaozan.png?mode=open	203.195.236.181
hxxp://combo.b.qq.com/da/id.html?q=3bmuiy.ycc5mo.iw8zwid2&p=fhnnv9.wuxgbh.iw8zwid2&t=800094740&a=&c=4115680256&s=1.1.3eb2ol.iw8zwid4&src=12&pgv_pvi=&v=0.6.4&ts=http://da.qidian.qq.com/ping/id	203.205.158.37
hxxp://vip.gutou.cc/kss_inc/images/sale_btn1.gif	203.195.236.181
hxxp://s13.cnzz.com/stat.php?id=1253155700	1.99.192.16
hxxp://icon.cnzz.com/img/pic.gif	125.76.247.199
hxxp://combo.b.qq.com/c/=/crm/wpa/release/3.3.7/util/domain.js,/crm/wpa/release/3.3.7/wpa/wpaMgr.js,/crm/wpa/release/3.3.7/wpa/visitor.js,/crm/wpa/release/3.3.7/wpa/kfuin.js,/crm/wpa/release/3.3.7/util/proxy.js,/crm/wpa/release/3.3.7/util/titleFlash.js,/crm/wpa/release/3.3.7/util/cookie.js,/crm/wpa/release/3.3.7/wpa/WPA.js,/crm/wpa/release/3.3.7/util/getJSONP.js,/crm/wpa/release/3.3.7/wpa/filter.js,/crm/wpa/release/3.3.7/wpa/ta.js,/crm/wpa/release/3.3.7/wpa/invite.js,/crm/wpa/release/3.3.7/util/taskMgr.js,/crm/wpa/release/3.3.7/lang/browser.js,/crm/wpa/release/3.3.7/util/pad.js,/crm/wpa/release/3.3.7/util/Bits.js,/crm/wpa/release/3.3.7/util/events.js,/crm/wpa/release/3.3.7/util/onLoad.js,/crm/wpa/release/3.3.7/util/offset.js,/crm/wpa/release/3.3.7/util/Panel.js?v=3.3.7.20160126	203.205.158.37
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756020175&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
hxxp://vip.gutou.cc/kss_inc/js/jquery.1.3.2.pack.js?version=M10-P158	203.195.236.181
hxxp://ptlogin2.qq.com/ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756017171&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5&	2.21.89.43
z5.cnzz.com	1.122.192.15
web.51.la	42.236.74.243
log.wtlogin.qq.com	183.61.38.241
z7.cnzz.com	1.122.192.15

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY HTTP Request on Unusual Port Possibly Hostile

Traffic

GET / HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1


HTTP/1.1 302 Moved Temporarily

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Type: text/html;charset=utf-8

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Location: /sale.php

Server: Microsoft-IIS/7.5

X-Powered-By: PHP/5.2.17

Set-Cookie: PHPSESSID=7tj72aro8o9lm88e228up0pdm6; path=/

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:49 GMT

Connection: close

Content-Length: 0

GET /cgi-bin/feeds/feeds3_html_more?uin=&scope=0&view=1&daylist=&uinlist=&gid=&flag=1&filter=all&applist=all&refresh=0&aisortEndTime=0&aisortOffset=0&getAisort=0&aisortBeginTime=0&pagenum=1&externparam=&firstGetGroup=0&icServerTime=0&mixnocache=0&scene=0&begintime=0&count=10&dayspac=0&sidomain=ctc.qzonestyle.gtimg.cn&useutf8=1&outputhtmlfeed=1&rd=0.05748406997788686&getob=1&g_tk= HTTP/1.1

Accept: */*

Host: ic2.s51.qzone.qq.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.536.2 Safari/534.10


HTTP/1.1 200 OK

Connection: close

Server: QZHTTP-2.38.18

Date: Sat, 03 Dec 2016 09:07:16 GMT

Cache-Control: no-cache

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 125
_Callback({.."code":-3000,.."subcode":-4001,.."message":"need login",.
."notice":0,.."time":1480756036,.."tips":"5C49-77".}.);..

GET /da/i.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: bqq.gtimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:07:00 GMT

Cache-Control: max-age=600

Expires: Sat, 03 Dec 2016 09:17:00 GMT

Last-Modified: Tue, 15 Nov 2016 10:41:40 GMT

Content-Type: application/x-javascript

Content-Length: 14364

Content-Encoding: gzip

Keep-Alive: timeout=60

X-Cache-Lookup: Hit From Disktank Gz
............kW..........E.Z..I..(.95...........j..H2...o..u...d.j.;.g.
..SSS.p.OZ=.g.*.3?.6. ._.Ip.D...e.....E\.d....."..E.....)<.?v.$..".
.=..t..%.'E._./.t.....g.|.d.W%...Iu>.B.Hf.x.xA...q...X[..IZv..y.fQ.
.I....x>.~K....i..E.U...C.k.f.."....so.$._...4...7.G.s....`.=......
:/.P&.uG..L. X.a.....Xgp...Y.....77..4nT..Gf6*Y[K|..XT.]W.\.#.._q.A=x.
....~P..z3y-.PDYr..Aw3/....;.,.}.kk^.[."L.............z.JKw..>6v]..
z.g...2....L.2.1.'..^....}2....fIq...q6J^.YZ.E.us.X..!.e..EZ(.".b.i>
;..{x6>K....YR.V.9...).....~..._E.LGy.1M..q5.........3....?o...e.u.
....o....t.M..A0..6.....J}&.L6...-.t..~k...A2-..0.....$/.0...Q~..e^.3.
.*.U.T..,.0..:.(]Gy7...E.GE..M....^0.....$;.&.."....[N.Q..o.....h.~GC.
.....N. lmw...:I....j.m.4.z...gCo.|..ER.S..............|1......(...mk.
..k..Jp.Wf.9......M............]P.....c....?.8........G..n.A A...8..C.
p........wx........[4.....{h?.y./4J..|>..7R@...'.x.....8...#N.....3
=`'.......q.....9..9|.q...k.&@.h.s..(3....a...22G;.w.A........(?... ..
...>.(P[=Z...U...^8.B.K..:.. =..E.."L.<.~.r..Hp..Y....h...~..t^.
._....:..l...........G........c..s.{.}...v....*..f....'.....R..q=>.
'.8f.).-,............d.|...~.Y~>.3..?..#S..  .!.q.c.T.o."........`.
\ce~...p.U.cJE.).Boo.. ..V~........^./...|.?.YW...[.....>.. 1i.....
z$,.=....{ag..k".x.]..0....:....<..~F....GQ...p..B..iR..0o..~.u.c..
1.<.J.Mq..T......% .......77.'n.g..g?7..>6..k......#..*...p..Ez.
.Ga...H.....t...pM..lR.j.O..y2.v0....1Y...>.JvU...."..:..IZy.....;.
..9."....L.W.w...W.eR<.).....U.5.r...<...~{z......{..H......<<< skipped >>>

GET /pt_fetch_dev_uin?r=0.34893135520221974&pt_guid_token=1393125201 HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

P3P: CP="CAO PSA OUR"

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 54

Date: Sat, 03 Dec 2016 09:06:44 GMT

Connection: keep-alive
ptui_fetch_dev_uin_CB({"errcode":22027, "data":[]});..HTTP/1.1 200 OK.
.Server: Tencent Login Server/2.0.0..Pragma: no-cache..P3P: CP="CAO PS
A OUR"..Content-Type: application/x-javascript; charset=utf-8..Content
-Length: 54..Date: Sat, 03 Dec 2016 09:06:44 GMT..Connection: keep-ali
ve..ptui_fetch_dev_uin_CB({"errcode":22027, "data":[]});......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756008136&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 66

Date: Sat, 03 Dec 2016 09:06:48 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(2879395856)', '');..HTTP
/1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cac
he-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appl
ication/x-javascript; charset=utf-8..Content-Length: 66..Date: Sat, 03
 Dec 2016 09:06:48 GMT..Connection: keep-alive..ptuiCB('66','0','','0'
,'.....................(2879395856)', '');......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756014158&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 66

Date: Sat, 03 Dec 2016 09:06:54 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(2602565940)', '');..HTTP
/1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cac
he-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appl
ication/x-javascript; charset=utf-8..Content-Length: 66..Date: Sat, 03
 Dec 2016 09:06:54 GMT..Connection: keep-alive..ptuiCB('66','0','','0'
,'.....................(2602565940)', '');......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756020175&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 66

Date: Sat, 03 Dec 2016 09:07:00 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(2166383272)', '');..HTTP
/1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cac
he-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appl
ication/x-javascript; charset=utf-8..Content-Length: 66..Date: Sat, 03
 Dec 2016 09:07:00 GMT..Connection: keep-alive..ptuiCB('66','0','','0'
,'.....................(2166383272)', '');......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756023185&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 66

Date: Sat, 03 Dec 2016 09:07:03 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(1570793336)', '');..HTTP
/1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cac
he-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appl
ication/x-javascript; charset=utf-8..Content-Length: 66..Date: Sat, 03
 Dec 2016 09:07:03 GMT..Connection: keep-alive..ptuiCB('66','0','','0'
,'.....................(1570793336)', '');......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756029207&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 66

Date: Sat, 03 Dec 2016 09:07:09 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(3914363468)', '');..HTTP
/1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cac
he-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appl
ication/x-javascript; charset=utf-8..Content-Length: 66..Date: Sat, 03
 Dec 2016 09:07:09 GMT..Connection: keep-alive..ptuiCB('66','0','','0'
,'.....................(3914363468)', '');......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756035229&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 66

Date: Sat, 03 Dec 2016 09:07:15 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(1070618888)', '');..HTTP
/1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cac
he-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appl
ication/x-javascript; charset=utf-8..Content-Length: 66..Date: Sat, 03
 Dec 2016 09:07:15 GMT..Connection: keep-alive..ptuiCB('66','0','','0'
,'.....................(1070618888)', '');......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756041252&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 65

Date: Sat, 03 Dec 2016 09:07:22 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(389026932)', '');..HTTP/
1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cach
e-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appli
cation/x-javascript; charset=utf-8..Content-Length: 65..Date: Sat, 03 
Dec 2016 09:07:22 GMT..Connection: keep-alive..ptuiCB('66','0','','0',
'.....................(389026932)', '');......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756047272&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 66

Date: Sat, 03 Dec 2016 09:07:27 GMT

Connection: keep-alive

ptuiCB('66','0','..

GET /cgi-bin/r.cgi?flag1=7818&flag2=21&flag3=1&2=2279&&1480756019967 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: isdspeed.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:07:00 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Server: Apache

Cache-Control: max-age=0

Expires: Sat, 03 Dec 2016 09:07:00 GMT

1.....0..HTTP/1.1 200 OK..Date: Sat, 03 Dec 2016 09:07:00 GMT..Content
-Type: text/html..Transfer-Encoding: chunked..Connection: keep-alive..
Server: Apache..Cache-Control: max-age=0..Expires: Sat, 03 Dec 2016 09
:07:00 GMT..1.....0..

GET /icon_0.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://gutou.cc/ad/shiyi/dingyue.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: icon.ajiang.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: max-age=86400

Content-Length: 846

Content-Type: image/gif

Last-Modified: Fri, 26 May 2006 14:11:44 GMT

Accept-Ranges: bytes

ETag: "0902a51ce80c61:505"

Server: Microsoft-IIS/6.0

Date: Sat, 03 Dec 2016 09:06:48 GMT

Connection: close
GIF89a................t..R..1...p............................!..NETSCA
PE2.0.....!.......,.............I.......@Q..H..YHG..p......,......K#(.
N..p7..4...U...RNJ.k.i..`(PuC..s7>r... .)..$q.'...sjc%%J)u$5.S}V)4R
in.-H.R.v~.).=g).Gf. ...-......!.......,..........y..I....mL)....Q..@.
.0.......S!.j0....R..`...I....Q..<:Y.%.x$..NDpJ.Rs.bR...../.<`u@
DQ.>!...Yq]oy!wcRp!$~w.DQ#.AZx.........!.......,.............I.....
..Z&.....ha..!.......,.............9..8..{...p`y.... "L.)K.P...E.!....
...,.............IQ...-..H...t.e.R..\S..C...!.......,............I ...
jD..^.].hZ.I ..!.......,.............D....l#.!.......,..........^..B&E
...z.....P.......( ..vu........N#...@.B@..r  ....8)DEB.........[.[Z7.h
)%.sk.w .jf.w.xy\...!.......,..........]..R&E.J.z.....a.b...4~`0..vu..
!......C.H:%.P4.Ir...Q..s...Z,L.F....t..Bp...(.14l3. Ekz.w.kN...!.....
..,............E.;..

GET /cgi-bin/report?id=455847 HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ui.ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:06:47 GMT

Content-Type: image/bmp;

Content-Length: 66

Connection: keep-alive

Server: QZHTTP-2.38.20

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

BMB.......>...(...................................................H
TTP/1.1 200 OK..Date: Sat, 03 Dec 2016 09:06:47 GMT..Content-Type: ima
ge/bmp;..Content-Length: 66..Connection: keep-alive..Server: QZHTTP-2.
38.20..Pragma: no-cache..Cache-Control: no-cache; must-revalidate..BMB
.......>...(.....................................................

GET /template/TCapIframeApi.js?aid=549000912&rand=0.9654468947939416&clientype=2&lang=2052&apptype=2 HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: captcha.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: tencent http server

Accept-Ranges: bytes

Pragma: No-cache

P3P: CP=CAO PSA OUR

Content-Length: 2451

Connection: close

Content-Type: application/x-javascript
!function(t,e){var n=e(t);"undefined"!=typeof define&&(define.cmd||def
ine.amd)&&define(function(){return n})}(window,function(t){function e(
e){var n=0;m=!1;for(var o=0;o<e.length;o  ){var c=t.document.create
Element("script");c.type="text/javascript",c.async=!0,c.src=e[o],c.onl
oad=c.onreadystatechange=function(){"undefined"!=typeof this.readyStat
e&&"loaded"!==this.readyState&&"complete"!==this.readyState||(m=  n>
;=e.length,m&&(g(),g=function(){}))},t.document.getElementsByTagName("
head").item(0).appendChild(c)}}function n(){if("undefined"==typeof JSO
N.stringify||"undefined"==typeof Messenger||"undefined"==typeof AqSCod
e)return void(t.console&&t.console.log("script onload not ready"));var
 e=f({ele:b,src:h[0],domain:l,s_type:h[1],s_type_suffix:y,uin:v},E||{}
);j=new AqSCode(e),j.listen(S),j.start(k),j.end($)}function o(){return
 j.getTicket()}function c(t,e,o){"function"==typeof e?(S=e,E=o):(E=e,E
.callback&&"function"==typeof E.callback?S=E.callback:"function"==type
of o&&(S=o)),E&&E.start&&"[object Function]"==Object.prototype.toStrin
g.call(E.start)&&(k=function(){E.start&&E.start(),s.start()}),E&&E.end
&&"[object Function]"==Object.prototype.toString.call(E.end)&&($=funct
ion(){E.end&&E.end(),s.end()}),b=t,m?n():g=n}function a(t){j&&j.refres
h&&j.refresh(t)}function i(){j&&j.destroy&&j.destroy()}function r(t){v
ar e=new AqSCode({ele:t,src:h[0]});return e}var d={add:function(e,n,o)
{t.document.addEventListener?e.addEventListener(n,o,!1):t.document.att
achEvent?e.attachEvent("on" n,o):e["on" n]=o},remove:function(e,n,<<< skipped >>>

GET /wpadisplay/r.gif?version=3.3.7.20160126&wty=1&type=12&nameAccount=800094740&kfuin=800094740&ws=VVV.gutousoft.com&aty=0&a=0&title=ä¼ä¸šåç§°&wording=&wording2=&tencentSig=9726016512&1480756020974 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: prom.b.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:07:01 GMT

Content-Type: image/gif

Content-Length: 0

Last-Modified: Mon, 25 Jul 2016 09:54:54 GMT

Connection: close

ETag: "5795e1ee-0"

Accept-Ranges: bytes

GET /cgi/ta.php?na=800094740&dm=gutou.cc&cb=JSONP_CALLBACK_1_87 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: wpl.b.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:07:00 GMT

Content-Type: text/javascript

Content-Length: 53

Connection: close

X-Powered-By: PHP/5.3.13

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache
JSONP_CALLBACK_1_87({"r":0,"data":{"sid":"3999717"}})..

GET /stat.php?id=1253155700 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: s13.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:06:55 GMT

Last-Modified: Sat, 03 Dec 2016 09:06:55 GMT

Cache-Control: max-age=5400,s-maxage=5400

Via: cache18.l2et15[8,200-0,M], cache4.l2et15[9,0], kunlun4.cn44[102,200-0,M], kunlun6.cn44[102,0]

X-Cache: MISS TCP_MISS dirn:5:159661829

X-Swift-SaveTime: Sat, 03 Dec 2016 09:06:55 GMT

X-Swift-CacheTime: 5400

Timing-Allow-Origin: *

EagleId: 7522074614807560152898639e
26d5..(function(){function k(){this.c="1253155700";this.R="z";this.N="
";this.K="";this.M="";this.r="1480756015";this.P="z7.cnzz.com";this.L=
"";this.u="CNZZDATA" this.c;this.t="_CNZZDbridge_" this.c;this.F="_cnz
z_CV" this.c;this.G="CZ_UUID" this.c;this.v="0";this.A={};this.a={};th
is.la()}function g(a,b){try{var c=.[];c.push("siteid=1253155700");c.pu
sh("name=" f(a.name));c.push("msg=" f(a.message));c.push("r=" f(h.refe
rrer));c.push("page=" f(e.location.href));c.push("agent=" f(e.navigato
r.userAgent));c.push("ex=" f(b));c.push("rnd=" Math.floor(2147483648*M
ath.random()));(new Image).src="hXXp://jserr.cnzz.com/log.php?" c.join
("&")}catch(d){}}var h=document,e=window,f=encodeURIComponent,l=decode
URIComponent,n=unescape;k.prototype={la:function(){try{this.U(),this.J
(),this.ia(),this.H(),this.o(),this.ga(),.this.fa(),this.ja(),this.j()
,this.ea(),this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.pa()
,e[this.t]=e[this.t]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}
},na:function(){try{var a=this;e._czc={push:function(){return a.B.appl
y(a,arguments)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=e
._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.len
gth;b  ){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[ob
ject String]"==={}.toString.call(c[1])?c[1]:String(c[1]);.break;case "
_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}
}catch(d){g(d,"cS failed")}},pa:function(){try{if("undefined"===typeof
 e._cz_account||e._cz_account===this.c){e._cz_account=this.c;if("[<<< skipped >>>

GET /core.php?web_id=1253155700&t=z HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: c.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Content-Length: 763

Connection: keep-alive

Date: Sat, 03 Dec 2016 08:58:46 GMT

Last-Modified: Sat, 03 Dec 2016 08:58:46 GMT

Expires: Sat, 03 Dec 2016 09:13:46 GMT

Via: cache4.l2et15[0,200-0,H], cache11.l2et15[0,0], kunlun9.cn44[47,200-0,M], kunlun4.cn44[48,0]

Age: 491

X-Cache: MISS TCP_MISS dirn:0:126008065

X-Swift-SaveTime: Sat, 03 Dec 2016 09:06:57 GMT

X-Swift-CacheTime: 409

Timing-Allow-Origin: *

EagleId: 7522074414807560174544359e
!function(){var p,q,r,a=encodeURIComponent,b="1253155700",c="",d="",e=
"online_v3.php",f="z7.cnzz.com",g="1",h="text",i="z",j="站໳
1;统计",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m
="1",n=l "//online.cnzz.com/online/" e,o=[];o.push("id=" b),o.push("h=
" f),o.push("on=" a(d)),o.push("s=" a(c)),n ="?" o.join("&"),"0"===m&&
k["callRequest"]([l "//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k["cr
eateScriptIcon"](n,"utf-8"):(q="z"==i?"hXXp://VVV.cnzz.com/stat/websit
e.php?web_id=" b:"hXXp://quanjing.cnzz.com","pic"===h?(r=l "//icon.cnz
z.com/img/" c ".gif",p="<a href='" q "' target=_blank title='" j "'
><img border=0 hspace=0 vspace=0 src='" r "'></a>"):p="
<a href='" q "' target=_blank title='" j "'>" j "</a>",k["
createIcon"]([p])))}();HTTP/1.1 200 OK..Server: Tengine..Content-Type:
 application/javascript..Content-Length: 763..Connection: keep-alive..
Date: Sat, 03 Dec 2016 08:58:46 GMT..Last-Modified: Sat, 03 Dec 2016 0
8:58:46 GMT..Expires: Sat, 03 Dec 2016 09:13:46 GMT..Via: cache4.l2et1
5[0,200-0,H], cache11.l2et15[0,0], kunlun9.cn44[47,200-0,M], kunlun4.c
n44[48,0]..Age: 491..X-Cache: MISS TCP_MISS dirn:0:126008065..X-Swift-
SaveTime: Sat, 03 Dec 2016 09:06:57 GMT..X-Swift-CacheTime: 409..Timin
g-Allow-Origin: *..EagleId: 7522074414807560174544359e..!function(){va
r p,q,r,a=encodeURIComponent,b="1253155700",c="",d="",e="online_v3.php
",f="z7.cnzz.com",g="1",h="text",i="z",j="站长统#
745;",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m="1",n=l "<<< skipped >>>

GET /cgi/visitorcgi/ajax/wpa_first_heart_beat.php?nameAccount=800094740&dm=gutou.cc&title=éª¨å¤´è½¯ä»¶é”€å”®å¹³å°&url=vip.gutou.cc/sale.php&cb=JSONP_CALLBACK_2_36 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: visitor.crm2.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:07:00 GMT

Server: Apache

X-Powered-By: PHP/5.4.41

Cache-Control: no-cache, must-revalidate

Content-Length: 244

Connection: close

Content-Type: text/javascript

JSONP_CALLBACK_2_36({"r":0,"isAuto":0,"autoTime":30,"autoMsg":"\u60a8\
u597d\uff0c\u8bf7\u95ee\u6709\u4ec0\u4e48\u53ef\u4ee5\u5e2e\u5230\u60a
8\uff1f\u8bf7\u63a5\u53d7\u804a\u5929\u9080\u8bf7\u3002","gap":10,"hbD
omain":"http:\/\/hb.crm2.qq.com"})..

GET /cgi/wpa.php?key=XzgwMDA5NDc0MF8zODI0MTdfODAwMDk0NzQwXw HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: wpa.b.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:06:55 GMT

Content-Type: text/javascript

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

X-Powered-By: PHP/5.4.41

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

Content-Encoding: gzip
1257.............Z.r....?U..2....1...q.f\..NO:....)E... .1MR.....e.c~.
#. .w.....vM..T,..rp.........Q..d.&N....h...S.e.'.0.E.0....../..|.<
.:.0o$e..l<...<.......{H.E.....o....i8..q....\`.6;......I....y".
|MS.fwRf...A..O..?..h...Cy.f....`....9P...Y...2..1...~.......A.e.S....
0..9...4!...|..).w|.yB..0.....TK.2~.....Z.....[..........e.....xc. M.#
n..#.V....9...>.._.....u..ddy:_...#....^..2...9...A..0J*~.H..m...r.
r .A.>..}.".r)!q.....d`.[.._.<K.MQ.W.......hO('(/[m.k.~.. .-.m..
6.>b.nA.l.)..Y......1Z.L{4....>j.....q>.j1.s...\..(..8. 7t...
..b........T._#>.....M.S<.........&.DD......hJ*u.IQ2.d...I..e...
.m5zi.P.0.'u....X.J.."..}v..G.`I.L..d.]y.M.-&...T.......3l...El.-..'R.
...PE2...E.......r...k..Z........9l....%.-.2.......U..|dis....~.....x!
.M.s...;.....^.....K.;..qDj...QF:>......\.B".....E.q*".|iq`<.Ww.
|.2}.5........Qr..Xa..._Q.n........c.......<... .6v..._...0....|a..
...~."?d....G.?2.@....G#...0. ..D.$....w....5.....q....k..2G<..#S..
>....E&%.iL. )......9>Bx.L.U...'.L.....Dq8.N.1..V...U\.BxS/.'.x2
hyE...d,..,(. .,....aj................X.....o.>....4..!T....,^8.;.a
o,.d.>.s...V .'5.#.*:.sd..{......wj..G?.vW3O.<.y.... #j.U$.V. ..
a.i..0i|,..<7.Q1.q....q.J....7.....|...tX..^%{Ab....Y3o....9..!...*
..qWZ...Y!....O...*.....A.GBQH.....V. ...<.....E.......R`..e...1..2
.fJ.Xv.e.i..sfX.5..L...f.AtT:......Q.....([ydi.!.)307Ff.$w.Y.P..#w{.%.
..V^$Jm..N..8....gV.....o.....JM...!.W...r.][.{.?......s%..9.D........
ri.).=PjN.\.~...o8..(.u.Z..&W2_..o..](>...y..'.V......<.@...<<< skipped >>>

GET /wpadisplay/r.gif?version=3.3.7.20160126&wty=1&type=11&nameAccount=800094740&kfuin=800094740&ws=&aty=0&a=0&title=éª¨å¤´è½¯ä»¶å·¥ä½œå®¤(æ”¯æŒæ›´æ–°)&wording=&wording2=&tencentSig=9726016512&1480756020974 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: prom.b.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:07:01 GMT

Content-Type: image/gif

Content-Length: 0

Last-Modified: Mon, 25 Jul 2016 09:54:54 GMT

Connection: close

ETag: "5795e1ee-0"

Accept-Ranges: bytes

GET /cgi/ta.php?na=800094740&dm=gutou.cc&cb=JSONP_CALLBACK_3_41 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: wpl.b.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:07:00 GMT

Content-Type: text/javascript

Content-Length: 53

Connection: close

X-Powered-By: PHP/5.3.13

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache
JSONP_CALLBACK_3_41({"r":0,"data":{"sid":"3999717"}})..

GET /ptqrshow?appid=549000912&e=2&l=M&s=3&d=72&v=4&t=0.9564570946254969&daid=5 HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94


HTTP/1.1 200 OK

Server: tencent http server

Accept-Ranges: bytes

Pragma: No-cache

P3P: CP="CAO PSA OUR"

Content-Type: image/png

Content-Length: 439

Date: Sat, 03 Dec 2016 09:06:45 GMT

Connection: keep-alive

Set-Cookie: qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq; PATH=/; DOMAIN=ptlogin2.qq.com;
.PNG........IHDR...o...o.............pHYs................iIDAT8......0
..P..t.@.......?...J..F$...E........S.!..R.............<...K.dB....
...7..`.#...cNs........6.I.....;..9_...N.3.|e......6X<.#=.Y.....<
;.qy;..y t...oH ..e..T...R@.f......!..V2.T.m.....).p..d]...F:{.H.w....
@%.i..p.,. uB-..*l..a.......6....y.."....r..i.FMrT.gN!q1E..1&.|.7.e...
.a5..X{.CU...|u.wzqq..3g..8.o.'.c*]......&D. s..l!'.e^sR....5..|....3.
..g..o..!../..T.....IEND.B`.HTTP/1.1 200 OK..Server: tencent http serv
er..Accept-Ranges: bytes..Pragma: No-cache..P3P: CP="CAO PSA OUR"..Con
tent-Type: image/png..Content-Length: 439..Date: Sat, 03 Dec 2016 09:0
6:45 GMT..Connection: keep-alive..Set-Cookie: qrsig=sSREmXCtBn6wE086j2
123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq; PATH=/; DOMAIN=ptlogin
2.qq.com;...PNG........IHDR...o...o.............pHYs................iI
DAT8......0..P..t.@.......?...J..F$...E........S.!..R.............<
...K.dB.......7..`.#...cNs........6.I.....;..9_...N.3.|e......6X<.#
=.Y.....<.qy;..y t...oH ..e..T...R@.f......!..V2.T.m.....).p..d]...
F:{.H.w....@%.i..p.,. uB-..*l..a.......6....y.."....r..i.FMrT.gN!q1E..
1&.|.7.e....a5..X{.CU...|u.wzqq..3g..8.o.'.c*]......&D. s..l!'.e^sR...
.5..|....3...g..o..!../..T.....IEND.B`.....
<<< skipped >>>

GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756011147&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 66

Date: Sat, 03 Dec 2016 09:06:51 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(4188025480)', '');..HTTP
/1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cac
he-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appl
ication/x-javascript; charset=utf-8..Content-Length: 66..Date: Sat, 03
 Dec 2016 09:06:51 GMT..Connection: keep-alive..ptuiCB('66','0','','0'
,'.....................(4188025480)', '');......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756017171&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 66

Date: Sat, 03 Dec 2016 09:07:01 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(1551899564)', '');..HTTP
/1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cac
he-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appl
ication/x-javascript; charset=utf-8..Content-Length: 66..Date: Sat, 03
 Dec 2016 09:07:01 GMT..Connection: keep-alive..ptuiCB('66','0','','0'
,'.....................(1551899564)', '');......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756026196&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 66

Date: Sat, 03 Dec 2016 09:07:06 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(1487943204)', '');..HTTP
/1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cac
he-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appl
ication/x-javascript; charset=utf-8..Content-Length: 66..Date: Sat, 03
 Dec 2016 09:07:06 GMT..Connection: keep-alive..ptuiCB('66','0','','0'
,'.....................(1487943204)', '');......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756032218&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 65

Date: Sat, 03 Dec 2016 09:07:12 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(382734860)', '');..HTTP/
1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cach
e-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appli
cation/x-javascript; charset=utf-8..Content-Length: 65..Date: Sat, 03 
Dec 2016 09:07:12 GMT..Connection: keep-alive..ptuiCB('66','0','','0',
'.....................(382734860)', '');......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756038239&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 66

Date: Sat, 03 Dec 2016 09:07:19 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(2122325216)', '');..HTTP
/1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cac
he-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appl
ication/x-javascript; charset=utf-8..Content-Length: 66..Date: Sat, 03
 Dec 2016 09:07:19 GMT..Connection: keep-alive..ptuiCB('66','0','','0'
,'.....................(2122325216)', '');......


GET /ptqrlogin?u1=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1480756044262&js_ver=10184&js_type=1&login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG&pt_uistyle=40&aid=549000912&daid=5& HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Server: Tencent Login Server/2.0.0

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Expires: -1

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 65

Date: Sat, 03 Dec 2016 09:07:25 GMT

Connection: keep-alive
ptuiCB('66','0','','0','.....................(217079564)', '');..HTTP/
1.1 200 OK..Server: Tencent Login Server/2.0.0..Pragma: no-cache..Cach
e-Control: no-cache; must-revalidate..Expires: -1..Content-Type: appli
cation/x-javascript; charset=utf-8..Content-Length: 65..Date: Sat, 03 
Dec 2016 09:07:25 GMT..Connection: keep-alive..ptuiCB('66','0','','0',
'.....................(217079564)', '');....

GET /sale.php HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Type: text/html;charset=utf-8

Content-Encoding: gzip

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: PHP/5.2.17

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:49 GMT

Connection: close

Content-Length: 13159
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"...O.<y...<M...L_~....I..
.....wr...7O....o.x...w.7u.l....Yy........m.zt........../..yu..`..e.u.
......GG.q.._......,.g......4...~.E[.G.._.W......_....................
.......'.M.....p..Y..7o^n...Wg?..G'........U.Qz...7./.|.Q..k....t:..&o
?[......w-.e..?..'....|.N..g.}....r.~.....W.................O./..?.?.;
.........../K..v...|=.V..V...iK.*....(..........y.....:?....o.../.....
.& ......[.....Y..fZ........L>.(m.......?...y}=......W.....c...?.".
=. ..~..U..a..Z^< .Qo.(.l.(...j=!...0..eV.g/^.9~.....oS......4EE...
......}.K..n[.j.^.W...$U.[......n.I..o......6...U...ES../....DG......G
w~.v.{..m]..YuugL.Uei.n......G...e.N.w..._n}.V..F>:...j.u.[......9.
%...g...;.)=....d}M0'.....j......(5...h\..V;/.;..m...i.>.}l..Xd.y#.
3i.{....c..7N~...H`...F_.............01io/.j..y.:...E1...M.Pt....L...j
..=x......@............V.[..H...O..eVn..}._...............W.._........
.......7........)...........W......?...3.......?......a.0...@.<..s.
......q8..C(....w4...gy.\/..|9.f.W..N...Z.Slqg....C.C.......hi.4.G....
._._......G.M......W.._........?,.G......O.jv..e~.....X~...G)1....zU..
...</....vH.. B.._w3.n.I........Nx.x'..e..f.bya.nHM.....X~6%b.5...g
...bq..Y....E....-.P.Y......l./.cK.....Et^...'.~.......O.^M.....uv..'.
..{..&....A..3o:n.......S.p..6.x.}$Dy.s..z....zw(.}..O.......|..F...s.
.v..~..r.....;.w..wy....2<...M...L......[N...d`Mu..E.......`2v.>
..6....8e........O....?........Y....w.......?!....................<<< skipped >>>

GET /cgi-bin/r.cgi?flag1=7808&flag2=1&flag3=9&1=2000&v=0.316051840694602 HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: isdspeed.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:06:45 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Server: Apache

Cache-Control: max-age=0

Expires: Sat, 03 Dec 2016 09:06:45 GMT

1.......

GET /ping/pv?v=0.6.4&tid=800094740&aid=&pid=fhnnv9.wuxgbh.iw8zwid2&qid=3bmuiy.ycc5mo.iw8zwid2&src=12&cid=4115680256&sid=1.1.3eb2ol.iw8zwid4&r=&pt=éª¨å¤´è½¯ä»¶é”€å”®å¹³å°&sw=1276&sh=846&dpr=1&saw=1276&sah=802&scd=24&so=&bw=1173&bh=539&tz=-2&hasf=23.0.0&hasadb=1&hasc=1&hastc=0&hasls=1&hasss=1&hasid=0&t=iw8zwidm&z=xs9l8u HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: da.qidian.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:07:02 GMT

Content-Type: image/gif

Content-Length: 35

Connection: close

Cache-Control: no-cache,no-store,must-revalidate

Pragma: no-cache

P3P: IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT

Set-Cookie: __qidianid=ab409783459422b05787caceed21df74b8d706a3; expires=Sun, 03-Dec-2017 09:07:02 GMT; path=/; domain=.qidian.qq.com
GIF87a.............,...........D..;..

GET /ptlogin/v4/style/40/images/icon_3_tiny.png HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: imgcache.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:06:42 GMT

Cache-Control: max-age=259200

Expires: Tue, 06 Dec 2016 09:06:42 GMT

Last-Modified: Wed, 18 May 2016 07:00:15 GMT

Content-Type: image/png

Content-Length: 10711

Keep-Alive: timeout=60

Vary:  Accept

X-Cache-Lookup: Hit From Disktank
.PNG........IHDR.............D.Q.....PLTE.....................r..q..r.
...................342JOE.......-..*..*..&..$.....%..&.|.........Y....
....$..$.. .. .....%..%..'.................$..........................
............................W..........................e..............
/n.%...../l.$.......................}../..}../...<..u.)u.)......[..
B...................................t.(...x.)}. ......!.(.............
....-.. ../..................r....#n.....k...........A.....Z....#..!u.
.w..{..~....%...................................}../........%.......*.
..B%"-........"z....0.....A.#..........**6....&....9:I......12AN....%.
................................BDW.....b.....z.....Njlp..............
3...= ....TV`..........;5......R3 .=...S.qri.....wP.z|........C,.tr...
..9....J*....g..s.....:'.|..TH....i.sEJ..........ltRNS.n2I..,.2.....&.
......)....}..C.'#..WA<l`6..iO.L..v.=RV.....^....3........3......SV
X.dqT.~..........H.............&.IDATx....j"Q....0.h5..4..$w.:..$..I#.
H!.$..n`....*..^Q..6{...h>.k....8.../........C.9...92.G..y.......3,
.HB....$.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I.I...0k.
0.}F.J..mA{.C0i....$i.I.<.A.E.fp..h.(.H......j..51W...Dps..X..^....
.....U..JZ..Kk.a.....d5IfY.$K.:IHB.....$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$
.$.$.$.$.$.$.$.$b.I.S.....Nn.V..*Y.*.|..Z%....kR...4,.S`..A..'.'......
.....T.<7.sq.....K......gD...p......l..[......../Q.;..gf....b..}...
>$.v..^mU.)2..[d.I..t.nw.8...$....?&I.#.I.GV%q.gc5..z......y..$."[$
.....H....&....}dSw.sdSI..c#....$...M....z.A..N2...#...&..,$.j.$.w<<< skipped >>>

GET /ptlogin/ver/10184/js/c_login_2.js?max_age=604800&ptui_identifier=000DDB5B18D05E29B47A688587C4E7CFCB5AE15C9710B85F11ECD82D HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: imgcache.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:06:43 GMT

Cache-Control: max-age=604800

Expires: Sat, 10 Dec 2016 09:06:43 GMT

Last-Modified: Wed, 30 Nov 2016 05:52:35 GMT

Content-Type: application/x-javascript

Content-Length: 33636

Content-Encoding: gzip

Keep-Alive: timeout=60

X-Cache-Lookup: Hit From Disktank Gz
...........}ks.Hr._.0=.@.)....D.kv...Q.4.3Kq..Y.....@Qj....{}....q..;.
].=.._.sq....c}.f.w._83...@H....i........z.t......h2;..=....5?5W.4.$.N
B.|?.F.&.%...;..9..zzp@-Lk1.......b.....w.1..X4.&.#...!..y.)...d<&l
t;..g.k...\y.CW.3&.....e_.`.^bs..g.<Uh...t.C. .7.Mka.X.Z.f..3>|=
....{.........`T.......H4e..p..%..$...."....L........3...m#.6fc......M
....fV.$f...5q.........._..eb.iIr.^.Y...^uR cv..&B. ...g.{~.y....<.
....%..2.3....LQ..E.j.....<....p..k........c_.6...;..n........nP.[.
X .X?.ty3.%..5...v.OY..J...8.9......Y... ..QL#...............b....q...
cc....2..&..!...>.......va-.l.SY..'..DZUt2.....?.l..........A...6N.
...a.VK..CZ.........1........q.2.'.).......A.iS.4._9mA....Y ....jJN...
..!.8.FNR....!.Om.J.........fy..""4......4...:l:;....Z0..~.C^s........
......?:>Y.V......jonl"..0.C.~....^Um......j_..W\....W......B.,.ZM.
B.<.lj. m.=3.V9.8mu.......1...iSI..~2;.r.E<......qh......>...
.h......ba.-wc{c....].kY..h.K.8kbX...MH...j&.X..z........}...M.?.l..!.
.\...J.p....lQ.A...L..$*...?.E.R..;.Q.....S..d8.'~h"......D\M.. U0.]7j
Q........1.|_<..z:..V.>..Y6..H*.......kX...4]..u.S.{w@....x..j^.
.C%(....y.Of..YV!............rlu."Q....8L.&Z..:.m...3.0t|.............
]e.h.<.. ......,.G.`1.F.Aip.ii;.y......$.D..5.....p4KLYE.=...2....8
......m.......sH..T.S.,E}..~.. ..,....#..n..Pb.5:>.P ..4:1..8X....t
V........,..W4q..2.......K7l.H...*G..n..n..v.....Y..I......6..........
..>c..K[*s....a..O...C\.4]..-....^...g*...M.(. ...?1@..V.U....bTX..
u.......t<...!.-.......X/I.1...m..W.K..lI-....D.K./H.^....q9...<<< skipped >>>

GET /ptlogin/v4/style/0/images/load.gif HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: imgcache.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:06:43 GMT

Cache-Control: max-age=2592000

Expires: Mon, 02 Jan 2017 09:06:43 GMT

Last-Modified: Mon, 16 Mar 2015 08:46:52 GMT

Content-Type: image/gif

Content-Length: 817

Keep-Alive: timeout=60

X-Cache-Lookup: Hit From Disktank
GIF89a.....................................wul..y............!..NETSCA
PE2.0.....!.......,..........O.......{....Y..`....I.D8.. S.....(......
.D..(.I~.. .H`....Z.f....k.N..q...;'.L..!.......,..........N.......{..
@.1....Q]AiN.:..)S.T...,........b....$?...Q(0.).j.f....{....n.-~N....!
.......,..........M.........,Eeu......%5..E...f3. ......g(..<...L..
.D".X`.RJ.J.N..........9...=..!.......,..........N...J..Z.'B. ..q`....
.P)8./,S&.$.$.......y....D...."..`.R.ak.b.........m..^S....!.......,..
........M......Z.gJ.....}.H..I...b$.(.t..}.......~9..@Y,2..........i00
......|......t;..!.......,..........M...R..Z..R.. ..}.H..I.l....t.P0..
..B....v>.CG1.2...i.P....J.0.R-.....J....t;..!.......,..........M..
....Z..Z..$..}.H..I.l...at..0..........8..B d..L.I.B)...q80...&..t....
...3..;/*  |xGv00|a0977a7e1f04529fe4ad7ac9aebd6177 */..

GET /ad/shiyi/dingyue.htm HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: gutou.cc

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: text/html

Content-Encoding: gzip

Last-Modified: Wed, 13 May 2015 01:47:00 GMT

Accept-Ranges: bytes

ETag: "0c2deb31e8dd01:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:42 GMT

Content-Length: 1961
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?".....|..>.......4.../../.z..
.$.h.....;.{.......xg7}Sg..h.j..w....(.h...Gw.^]]...M.U}q.......>..
..d{......m|........&....GG...u{;m..|...."]..g[;;......[.e..h.l1.V...b
yq.......`.GG?T....{.#..SV.........\6..80....;tN.|....../N....j.......
N?......|.&x};.E.....~.....O..*k.I...o..<?=./......3....O....?..z|W
>K....8....\...\.m....|...<....l..o.|. .... u~^...{....A...e.._.
[.e....xN....|D~0......g/~.tN]}.....?/......e>.6.Gi...}..7.<o?J[
.......{_f..........|......<WL...=.g...........i.&...v2./.._|N.....
..two...$4......Q.>...K..|....o...dZ.>....V.f..nv.?.w-.|y...K...
s...Q.i.5.T.......*z.?......o................g.Z...~y...?....../......
......./..?........7.a.I.._.g........A.,...X.O^......?........?.......
..w..w..?......?......../..............W...........,_.H...............
..F.W.g...N............?^A....................7...._._........%.......
......v........._...........?.iy.../....z..O..V-_.'..X.8.j.E3n..eV....
.>.8...I.....g.............9.;....<..{.._....._.fe^.[..W........
...G..........._._.!...........7.........C.......;.$...^..Y...$..~.~..
.....b..P.V?.E.......b{R,.......\.N...|9.(%]0.h....-./HU|..O.l........
...P..Xv..l./?Jy..}D@'U.6....y>.dSz3.W...z._M...<{...p:;.......d
...;.....I...t........O..g...{....Y.............?...i'......L.W...h R.
:.$.<...Z>.}.C.[A..M.....c.'VY.uY..}..$..|.)...r]..w........./4.
*..1..&.....'.))&..8.! ...../....?.#......c..?.o...p..Bp....`.o...<<< skipped >>>

GET /ad/shiyi/dingyue_files/BE513.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://gutou.cc/ad/shiyi/dingyue.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: gutou.cc

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 13 Nov 2014 23:01:49 GMT

Accept-Ranges: bytes

ETag: "802c19ce95ffcf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:42 GMT

Content-Length: 8890
GIF89a3.6.......................55.ee.................................
.............NO...{v.so.BC........__d^....kf.[V..<=...QK...........
.......................-.......................XXY0......wy........&mn
....\.............../2.&(.j......................MNP.........ED.......
............C=.oop.s..X.......de.yz..om..-...CDF....>.......93..x-e
ee..........%!zzz.....4.......T1.w..............p1.m9....%.....6(.....
3..9 !!.@*..........lo...>=='((.... .....@6.K5oq{.65..*.<%_bm...
17B...,-.12;.............hg....................!122....mB.}W..........
......_........o|.......2<............/.....9.#@<v.........KHm..
.da...Z.De........c<.|.......!.............333.....................
......................................................................
................................!..XMP DataXMP<?xpacket begin="..."
 id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:me
ta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43  
      "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-sy
ntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.ad
obe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:
stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool
="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:1EF2A2A4A58911E09641C
C9CAB12B942" xmpMM:DocumentID="xmp.did:1EF2A2A5A58911E09641CC9CAB12B94
2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1EF2A2A2A58911E
09641CC9CAB12B942" stRef:documentID="xmp.did:1EF2A2A3A58911E09641C<<< skipped >>>

GET /kss_inc/js/jquery.pngFix.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Fri, 15 Apr 2016 00:49:51 GMT

Accept-Ranges: bytes

ETag: "cabeabb7b096d11:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:49 GMT

Content-Length: 1138
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"....i[T...../...X....|9^-/...&g
t;._6y....../6.}...wm..m..I.-.^...>.......ddZ.9........lk.]..Y[..l.
z.-..>...bZWMu..g.6..y...[.U....._...&./.W.2.....g...._..f\,g../..&
gt;....iz.|..;..g....O..p.t.cp).......j.z.h.....-P.g~...cff......9....
X\|.....g....tg.g.....;Y..[._..v..(..?..s.0.T....b.v^...........u.....
.A../..o......0=.}..T ...}|...A?>...O.........9P'e.4QhS|.......]...
..1.......o.`..>........A.....M.\q...H.0.....G.0..'...@..-..C\.....
.u~.......GszC@....q...O.z..w~.e.O>.X>#|z...a.S.._....f3."!\.0..
.v!.......(.!d.,.,.u....Vi.0>.{.6..R.w..`P...U.L?..^9.._fk...._.u.w
..g......?..2k....j^..6A...h .e...gE.*..G...nO.j..p.M.^..z9{....^.<
.2..[......:.......u...W.....n#.......%.W...(f....g..".....z1.zx|\....
....E..-R}....wz.n.........)~@..E....5o.Y......`Bc.y#i;z|...<b.&Z.S
..4.d.. f..g$J..?....?..H..?......f$.$...b.ou..9M..{../.4........O....
\..}..~.c.m..f..OT.....|.-d`E>..L....v..u]n}.....~.|....s..!...G./.
%z..^.....q.^..".).1..i6.....?......G.........G.$N.b.Z..-9....i.q{.x..
>~...k..!m..M.........=Dr...~.a...z..KD#5Dw....)u.........


GET /photo/miaopingmiaozan.png?mode=open HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 19 Nov 2014 10:55:57 GMT

Accept-Ranges: bytes

ETag: "80dc8f65e73d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:51 GMT

Content-Length: 35724
.PNG........IHDR.......I.....Z.-.....bKGD..............pHYs.......... 
.... .IDATx...{.%G}...sn.nu.....m.B. ...[`.eK.&4x..x...a/..f.Q..eP .g.
...c%...k..a..k.....#.V..x.Xhl.-.C/..."..WRw.{*.....7....U.zd...DGG.&l
t;..eVe..~.UU. .G=..k~....%*...........|......q..;f%....o.O.?.@y.g....
....|.........z.._A...`9)...;..ph3.....2...D"Z9......9x`........d.....
.?swq.J%..|`mh...........w^t.}.3 .`zd...]... D...*7h.N.:..S.N.u....:..
...9'......j.... ..?...M...^t.....<..6..!.=..1...bB..fO.......q..u2
.Vv...4)...1...]x.4....0.......x......":....o"....]K.f.. TLh.BO>...
o...'....h..]D...........w.wt.....,.|.w....X%........5...M.D.:....h.$B
>B|M.u4.O.`e...D.....).>i.[.K.O..HH.b..C.<.....H...|/..1....U
.VO...U..EQ...n............G.$.U...d....'F3.PG0..6~.......... '.T...|.
.X..{.....Wp.!i&"C...|.........w.$.;....{v.u.._......g]..O|....c...P.3
....>.8#W........:B.....0..j$&d#.....n..N.kT#:,........lOT^.m!..%.p
..7. S.1e.]3.M...j.J3m*..D....gO<.....MA.......'.N.|......^y..D..O.
U...|b3.....=q3..sQ3..4{.......}........W....?.J...V... .\|.Y.x.e?u...
?....R....D........z'......EStU...Q.f....g....q"G.Lv$(.ntF.p.y[;T.G.{/
...Ts..h.....{.'ld.>.n.|.4.$..........SRYr.T.G..Ld.M&E1!Y~l..LIe...
V.*..4.Y...RK.6...W.:......~.....g....T.1...Lk._....wL>.w.......?..
Li.~....}...:...<.._8x...p.&.!'yF...yt.......=.....B.N.x&........}x
.y..&..wB. M...>.P.EK t.B....1...r..a..Y.C..(;.....P..C.9T(.Ahy..".
.}...e..1.T..,.....M\..EQ.fRP1..(.#......_|.KDdg...{.)K...e^.P.$.c&.v}
.S_..C.../..<"..PA...]......r.U.L.M.f........>{cc..O|.v.Ak..<<< skipped >>>

GET /photo/quan2.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Tue, 30 Sep 2014 05:55:30 GMT

Accept-Ranges: bytes

ETag: "075fa2373dccf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:52 GMT

Content-Length: 317025
.PNG........IHDR.......;.....8yY<....bKGD..............pHYs........
.. .... .IDATx...I.%[......m3;..ys......Y.$...*.... f.J0...rV.~..$...0
.)..!@.(UfeFfDdt.z.5...v....-..&Y......\...s|........e(.....\.p......m
/......\.p...~...p............%.K.81..\.p....$..s......\.Nr.1..\.p....
$..s......\.Nr.1..\.p....$..s......\.Nr.1..\.p....$..s......\.Nr.1..\.
p....$..s......\.Nr.1..\.p....$..s......\.Nr.1..\.p....$..s......\.Nr.
1..\.p....$..^.o!.........TJ...6..C....zO.yw. ..S..M.~...Mw:.W..!q..R.
../.aL)2s.A)-.a-..,>&x..f..2/..a..i..[ .JJ.!.RjmZ{.f..(...`.h......
.....z.\..BJ1%.5 ....Q)..s.u......J...1.p...O...2#...w....p:J.....'.._
.q.Z.....9.....f_v..s.9...]......i........Vh...E..Z2..y............J.J
k.\.1....>....[#.).-..8D*...SZ.n...W.m.I@*...!. .......l..}w8....A.
..*.TR&"f....0/.WW.4..B....l.V.a..)..M!t.5Ms..M.h.R..`..!2......).1F..
..V.........JI."...,..ir.._..k...R..1.C.i.B...2.c.4m.....d..O')..f.g..
1.Z....'BTRv....p.Jq.L...a.1.Ngm...0L....~.._..SJx...W77o.....T..:..g.
...{......W.oo..y...t<.R.u....y.g)._....eY...1..]..sI...i[..../....
...e......KAB...)...}.OKH%]..~.......JH1.ruu=MS..._~..........t{F9..V.
iyv.0,..w..g.........V..O.OZ.}.i..PK..:-E.......k...W..k7.....3..f.-..
........j..k...K.a.v...MK...~...........~..g..M.I.2#....f.Bik.6...XkK.
)E)..13".....w............0.m/.......k.o..R.. .....2 -HH.u..NMc.....;A
.X.B.\...&!D...SJ...,.R.6..?{....!..J.f.K..M.y...5%...q.J0..Z(J...(*.%
K-..\2.km.%JmI....u.,9s.q.qZ.a.nn.N.s....c..84Mc...x.s...n..F d.....%.
2..../$...Bn.))!.....)Os.R.!.a:.vZ.y.k...S.Q....#.0..Z..R2...v..)E<<< skipped >>>

GET /photo/yanzhengxinxi3.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Fri, 17 Jul 2015 02:08:48 GMT

Accept-Ranges: bytes

ETag: "c44e78435c0d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:55 GMT

Content-Length: 17122
.PNG........IHDR.............t(.T....bKGD..............pHYs.......... 
.... .IDATx...}p$g}...{.o^.&9H...X.............g/...........V..../.L.R
.J,.....O..?.....9....j.^....a.Xa..1...$UZ.5..4s..L.3.[?.....S.......~
._~..gz.=...|.mB./?..W?.^!..bpp......o...~.Mo..r.......-..z...\.......
..wO........".K].Y.w3..fZ..[m}...)<..S?...[..u...!....b|..........E
.A^.q..?.....;o... v.........@7........Tly...m...@...... ..[..........
....d..#.../..z...\....6..b.}..u}7.zm.u.....?..S..[......l6....6......
.......k3.......I......<...... l...{.....T8...V...*.a..=.q... .....
.. l...@...... ..c[....~.q...2s....r......lq.....@.........@7%.U..m.~.
.....'g. ......a ...r ..]....kpp.....u .......2y\/.....[...f..3....K..
.y...B...\.T{.....F...Q..s.....r..>...z.ZY..a ..... 8...^}.....~.P.
..ZT70Ph*&...m`. .@...Q....<...}..7..g^...=Z5E k...3m..-j....[...W.
.B`......._.... .B..]........~..<~.ka....~_/].5....@......U...}.]U.
[V..a!.....jD.W... R..B.Fah.\}.^.lk.K..^..?.S......5....>)...0...T 
U!D.Z.T...... ..0....?.........,...?~8z..A..a....B....0..0..../.?z....
.m.*...o.=zT.......q/=.c..8c..x...^.:6....B.000.u.u......}k\...O..-..y
......un/p.R.:..h3}...*.....?'$..(..$mI[.cc..-..@TE........|...?~.....
.."......\~..na... ...mMc..........Sf.1..u.f.K......ZP l1k........km\}
e.y...2.;.}a ..xM..3s.[.m/.y~R...?~\.O.......R,6..Q.(pm..1|.'.J.4R.S.U
%.).J."..V .J....R.|.c.G.J..~...6..>... ..Q{.@.".*...............}.
.....8.....*.S.J.J... ...2......}.._....#....|rudC=...J.I~K.J......p..
.....T2...O.;'.........2.........].......e....S.wk~...mAv..l.n...O<<< skipped >>>

GET /photo/shanchushuoshuo.png?mode=open HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Thu, 24 Nov 2016 01:44:03 GMT

Accept-Ranges: bytes

ETag: "6d33b23cf445d21:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:55 GMT

Content-Length: 80621
.PNG........IHDR.......b........... .IDATx......Uy..TuW..... ..2......
.. .Q..*...Kb..M^.7.|...l...K..~T.|... ..pd..a.................zjN...k
......}........_...y.s".x<)..B.!..Bf=.....{..A.!..B.!d.innN.D@.H.!.
.B.!...CP.N.H$..B.!.....CP...H$..B.!.... .....>....(.!..B.!..i../..
..6L......B.!..B..F..........B.!..B,....B.!..B,....B.!..B,....B.!..B,.
...B.!..B,....B.!..B,....B.!..B,..%.S..H]l......&.^...0mn}..io;.n.o..o
..%5...........~....r.3U.l....9..z...vE[.....z...!..B.!.....q.|..JeQkO
.._X!.,...sV......y...w..mG...[k ......=.&...Z.\).x.......n8.A..9(/u.g
./....6...........M....@D.....i.w......{&,w..FY=.J...c.wcuT.jD.G~t...P
..K[d...q.....[.j.,.....F2.......>.gh.>..>.\ .b..........)...
.......-....d..3..lO..|y......S..6\.^%...^ ..~.O.Y]/....1`=.M.|....[7.
..{../~u$.,8WVxb..x..u........g(a...Zi........B.!..B|^....u.1..w6K.1#.
5.V.6......V.Z.&g.....1e....] .mi~....W...0.?z... L.#....@.|..m.. ..=.
.....g{..[...A|a...1. ....}.K...7nyx.>pn.<..?.<..M.4.....81.e
#n t6.....e:...z...b.e.y|d.> ..4...@.`>.......t..|... ...@.cv.4.
qm.m._....Va... .q..zF3..^....m.x.Q.h#..zH.<D>p... j./..O..i...i
K.. ..B.!.P .!.!.U$........Q..d....H&E....z... ..]....^.|..zx.....#...
.._;W......*x.0.`.h.....q......-.......e..S..z. P..[Rb.b'H\~...R_..xU.
x...0....-k..y.M........$2.......]..-....R.6...X.a....WF.C./h...<..
b.u.........W.............(.:8f...W`....B.!....B..*.]q..R.......D.....
.d..DRb...R....D.B....m..g.X0.Q.743.7..$.B..!P.x3...A.@L.^E..V...K....
>7......Bh.h.........2.....|by...$.y.."...}u......o8....0.;..R.<<< skipped >>>

GET /favicon.ico HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6; CNZZDATA1253155700=1552319832-1480756015-|1480756015; a2332_pages=1; a2332_times=1


HTTP/1.1 200 OK

Content-Type: image/x-icon

Last-Modified: Tue, 15 Mar 2016 00:53:28 GMT

Accept-Ranges: bytes

ETag: "0b42f16557ed11:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:58 GMT

Content-Length: 4286

......  .... .........(... ...@..... ..........................s.P.s..
.s...s...s...s...r...r...r...r...r...q...q...p...p...o...o...n...n...m
...m...l...k...k...j...i...h...g...g...f...f...f.P.t...t...t...t...t..
.t...t...t...s...s...s...r...r...r...q...q...p...p...o...n...n...m...l
...l...k...j...i...h...h...g...f...f...u...u...u...u...u...u...u...u..
.u...t...t...t...s...s...r...r...q...q...p...o...o...n...m...m...l...k
...j...i...i...h...g...f...v...w...w...w...w...v...v...v...v...v...t..
.o...j...d...b...a...`...`...a...f...j...n...n...n...m...l...k...j...i
...i...h...g...x...x...x...x...x...x...x...w...v...p...f...}A.........
.........................zA..`...i...n...n...m...l...k...j...i...i...h
...y...y...y...y...y...y...y...v...k...w4.............................
.....................s4..d...l...n...m...l...k...j...i...h...z...z...z
...z...z...z...w...i....v.............................................
..............v..a...l...n...m...l...k...j...i...|...|...|...|...|...y
...j....................................k...k.........................
.........a...l...n...m...l...k...j...}...}...}...}...|...p....y.......
...............z6..g...l...o...n...j...d...w6.......................y.
.d...n...n...m...l...k...~...~...~...~...w...|6......................h
...u...y...v...q...o...q...t...p...c.......................u6..j...o..
.n...m...l...............~...m.......................l...z...}...w....
7...n...n...n..p...x...t...e.......................a...o...o...m...l..
.............z....E..................k...|.......~...t....o.......

<<< skipped >>>

GET /cgi-bin/feeds/feeds3_html_more?uin=&scope=0&view=1&daylist=&uinlist=&gid=&flag=1&filter=all&applist=all&refresh=0&aisortEndTime=0&aisortOffset=0&getAisort=0&aisortBeginTime=0&pagenum=1&externparam=&firstGetGroup=0&icServerTime=0&mixnocache=0&scene=0&begintime=0&count=10&dayspac=0&sidomain=ctc.qzonestyle.gtimg.cn&useutf8=1&outputhtmlfeed=1&rd=0.08466338141029210&getob=1&g_tk= HTTP/1.1

Accept: */*

Host: ic2.s51.qzone.qq.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.536.2 Safari/534.10


HTTP/1.1 200 OK

Connection: close

Server: QZHTTP-2.38.18

Date: Sat, 03 Dec 2016 09:07:05 GMT

Cache-Control: no-cache

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 125
_Callback({.."code":-3000,.."subcode":-4001,.."message":"need login",.
."notice":0,.."time":1480756025,.."tips":"5C51-77".}.);..

GET /dingyue/images/bg_5b.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://gutou.cc/ad/shiyi/dingyue.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.xuelangteam.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:06:43 GMT

Content-Type: image/png

Content-Length: 253

Last-Modified: Sun, 07 Oct 2012 12:59:00 GMT

Connection: keep-alive

ETag: "50717c94-fd"

Accept-Ranges: bytes

.PNG........IHDR.....................sBIT.....O.....PLTE............vv
v......R.......tRNS.."3f...f......pHYs...........~.....tEXtSoftware.Ad
obe Fireworks CS5q..6...DIDATX...Q.......@.O.!4......;.&Ij.[.Z..\V..j.
.1.....j..1.....j..1^..@~.9........IEND.B`.HTTP/1.1 200 OK..Server: ng
inx..Date: Sat, 03 Dec 2016 09:06:43 GMT..Content-Type: image/png..Con
tent-Length: 253..Last-Modified: Sun, 07 Oct 2012 12:59:00 GMT..Connec
tion: keep-alive..ETag: "50717c94-fd"..Accept-Ranges: bytes...PNG.....
...IHDR.....................sBIT.....O.....PLTE............vvv......R.
......tRNS.."3f...f......pHYs...........~.....tEXtSoftware.Adobe Firew
orks CS5q..6...DIDATX...Q.......@.O.!4......;.&Ij.[.Z..\V..j..1.....j.
.1.....j..1^..@~.9........IEND.B`...

GET /qconn/wpa/button/button_111.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Host: pub.idqqimg.com


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:06:57 GMT

Cache-Control: max-age=2592000

Expires: Mon, 02 Jan 2017 09:06:57 GMT

Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT

Content-Type: image/gif

Content-Length: 3534

Keep-Alive: timeout=60

Vary: Origin

X-Cache-Lookup: Hit From Disktank
......JFIF.....`.`.....C..............................................
......................C...............................................
..........................O.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...u...k
...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4......
..[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..
^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2
...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....
}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;
.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(..
..F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o
]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x.......
.m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.
. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?....
...P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.
b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..
$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.<<< skipped >>>

GET /kss_inc/js/admin_pub.js?version=M10-P158 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Fri, 15 Apr 2016 00:49:51 GMT

Accept-Ranges: bytes

ETag: "16faa6b7b096d11:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:53 GMT

Content-Length: 4509
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"........t..y.....v.....4y..X...
={..2.J..:.....z9..}..._...iV..l.....r...r../.%.u...........y....7....
..g......_.E....G......7I./.u.....^~......-.c`.MN/.eK_......kn6~.~..^~
Lz.._.g..;......O.3..../B.q..>......v^4..gi>^e...M ..k...C.Q7.qb
.M.i....em.........3.........?.../..?.?........;..?......?........o...
....._..?....................?./....?.....*.H....._.?.}......q....w...
._...............7......O./..?...k..?...W...N...../......?........;..?
.g......_.........9.1....u.L....{ci..4.............4k.......Bx...`[.f.
!..._.i....G.I....'.....................x]..r...V)$G7.>.hw....O..&l
t;\U......_.5....O.-.......~......>_..|.{}...?{....~...|.....s...V.
}...W..>).!..iyX|....c.(.....x:...v......yQ.o@.Zl.....>w~.w.2_^.
s...h.....>..0............/..?.f.?........S....../......S...J....b.
E./f#.w.-r.\..._L?g...YM.9>.s.......V.....j.........._._.Y......=^7
.2..EV.4.....`<.4..?.....>..........o..Ao.V[......?.F...3;...q.(
../....L...I5.i..;.n...........|..<.?.Kr.S....O.[.......P^..2..#.&g
t;....>....5>...x^.h.............6...../....~.^...{W.[.|....O...
!..1.......a..o....O..........7!.f....I5...j./g[.=...i1..c}.......#I..
....!..?.;...8$.......W...._........!....G..R.L#G...g....<L.......O
.f...@.P.......u..<..>..G..#....lK.....;.f^]1..........O\...?./.
..........2J. ..R..c..:)..........$..r.n.[fXp..Z..CQ.T^.........F....c
N.uC...k.d...%0..q...l.o..}.....#..[.^r....}......5.ro.M.r.o......<<< skipped >>>

GET /photo/shuoshuofabu.png?mode=open HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 04 Mar 2015 04:19:43 GMT

Accept-Ranges: bytes

ETag: "801987703256d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:53 GMT

Content-Length: 29709
.PNG........IHDR.......I.............bKGD..............pHYs.......... 
.... .IDATx...}...}.._..bA....,e..I.......u.d..R.L...U..FR...*q..\:.%Y
w....,..U.$.......h...J|'...LZ.x4..u.}.....[>P.....bw..G..>....=
=3=...X.l..O?O...y........=I7.I.$I.$I.4..O.4.&.I..i*..i..H.G..3.w:q...
.......3.I.I.i..&.n7Y[[.......I.E.."Q.....w.(.....&.Z.>M..H........
q.EQ$Q.E.g..q......Ng&...8..D3.....T$.I.4...""..3q$Q,q,q$..$].&I.].v.u
.t.I..SGQ..&I7I.I......I$.%.".4JE.T$...M3.6.n.....E.eS%.&k....][[[....
..$.....".vH....Wcmu.......t.....I..&.$.t..1...t......N$Y.I.$.BJ...Eq.
g.....lM...G..$i..i".I.giff:...........e.........HGdFd6...H|...}.Y*.9~
..Z..L.EY...Qv.....eJV...o.1.....)i~....~(....).._......u?.f.Z....... 
<..j.....,.i.....t..]..*.....t..&..J.H.I'.8.N$q"...'W.dee........ .
k...e..v.yE.:..N'.;2....\...3.9..WeuEV................W;....>;3..gf
f;33....4.V_.....g;....N.iS.i......../."....A$.....ki.....i...<....
./..UIc.8M#.8..~>. .H2...|........L...o<.s...t9..,  ruY..-.....O
...O.."...._..I.N"Q..I*Q$iv.N.T.8 M.ko.!.P.4.n.v.$...r*.l:.I.I....Y8..
E?..(.b....Z..t.nw...$....]5[Z.....X$J.l.K.(.t.n...v..3;;..$.N'NE..ZI.
wyu.OE.8.SI.IcI.I...^.4.=r....$I.wA..=..Y/.J%M%...n.]... ..6.$.Z7.t...
...~......H.4.v.$YO-../.;33.M.8.S.t:..N.......8.Kz.T......ME$..^4.;...
..Dq..I...QW..(.4I.8..........^Q\.............%_....Z.M...Qi..8..'...h
...gzH...i. ..'..(...d......n.......F(.."...Q...-5U....8.:.K$...v..X.:
..;2.K...s......E.Q....(..q.......8..(..N..Q..".E.J$iv-..]."...~ .../&
lt;......6.f.9..[....i......u=p..OY...w..A..t.DD...z....W$._...k-[<<< skipped >>>

GET /photo/zhuanfachongfa.png?mode=open HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 26 Nov 2014 01:46:56 GMT

Accept-Ranges: bytes

ETag: "06816dc1a9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:55 GMT

Content-Length: 28041
.PNG........IHDR.......F.....t.......bKGD..............pHYs.......... 
.... .IDATx...}..W}.._?W.u.r.d#.'..K2!....x.1`."..%.[.r.)...$D[$8..%..
......7.]..T.!..coQS;..#Q.....(..1L,.8.1... d[..}z...9..9.O.~..>.O.
...s..9.....9..}..?.I...x..3?....3k.,.3.E2.E../....^5...=[h)...]U....r
......#....E..._...O.S\.X.mi... ........E....Z,.T.......P....p.....pU&
lt;..%.v363.../..h......ar.-..lK...RO..J,"o....uI...:..O...D..........
...../..H.........}......E[../.......K.....$.z../.R.8......%...U"../..
.,]...YzI..d..,.$K.d.......[.n.l.....9.}..].a.\u......W_}.WDV....d....
D......r.Yy..\</.....j....A$.-...s.._Ix..@....o...>......E4..W&g
t;.y.i..zkQNx....h .U...W\8./o..g?....]""g.....y._.|.{./.U.Dd)n......o
.?..]..q,...."..D.$.FQ.E.?.^.yCN.q|....._.x.,-..%.......E.....".......
i..}...].ED......|ZD..../.v.3..=.:'<..e.$/....{_..mk/...#..\{.%.lX.
...U.........../...E..h.....^.....cw<.8.......~..g.....u....K}[..G.
l.q.....R....6..9'.?...3.ZZ.....9.l.a....ze.)......q....O.z....o......
go..qGz...u....u1.3,7.d...h..XhK......'...$.5I]r.l....V..s.w.9.g......
.^.....>p.@.3.B..LI...:);.-z...VZ....!q.....(..H..&J..Q.4.xB....^x.
W~.gF.W.......]Z..."D....o..."r...$_......^.e4KX.y....,.x.K...........
.||.C'.:.F..\..........'_..7....SK.....d....<{.....n^..v........3G.
W.w..;.s.}7....Sw< ...,bv.(DX(.l.>..O.....yV......M...R..2'"..X.
...N.....ph...........Q..=tT;.d.d...g..G...8.g....[r..6..Ht..9.....o.2
......w|n....7kk).z.O....]..........'.J..B.'3........`...P.ED.Y.d..O..
.z.......cw?.(2wp...]..^.....n[...j.K..e8..#...[......Q4.....\....<<< skipped >>>

GET /photo/yanzhengxinxi4.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Fri, 17 Jul 2015 02:08:49 GMT

Accept-Ranges: bytes

ETag: "cdf52b8535c0d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:55 GMT

Content-Length: 17947
.PNG........IHDR.............3.U.....bKGD..............pHYs.......... 
.... .IDATx...}x..}/....l....w.....@@...S.&...:*m.Di...(...{......}...
}.......S..J.'M.R.I.k)o..7j....T.%$4../.......cvg...93;..#}?..Y..9s...
3.9sv.ZYY....._.......{...g...vtt,//{........o.fY^^...h....T}..]lk=..5
..O._.....l_.~.i.j}.R..R]L....&.Sx..G.t.VU.?<.."..}..}..'O......T..
...k......_W.s.9......mmmmmm..bW.....................q......@Z!.......
B,.....i..'..~.......%U.fn..Z..vG..>..Z..T..T.......u>...l3.....
..gra[kC.[..R......z....Xo.mM.....O?......:...?=..r..D.~..`....rO...H.
.%............B,.....i.X.......!":.s... .=.D.. ....K..@&..j.....x./...
.s..... ..C...'.....k.^.ML..y.....L...... C.|....>.Zgv.......5...1.
...,..............V.~..... .:::.|...K.. ^...4i......J,{...=.m...q.....
..<..S/.tf....g.f....R.M.T......J..M.6tw.q..sL.m.z.....{..ew=.2.E.{
.c*$...@..,..w........{m&c.n9.s.LM2.._6...e..E..}..g....\..KM.5..%T5N=
5..6t|.....h..G..7.....7C......^>{..7Y.ED~..*..X.E........m...M.^/Q
...0_..........:...qe..nY.eg,.\r..Pk.}.Y....m{.i.Z-_/Q.....e/..w.${.On
.g ...6-.I....m..Yn.%..[*..V...,..-...`.|\...%.VSQ...'.....-..m..3.L..
3..m[.mo...l..........h......?..K.%S.....F.<p.....ox/..k.N&..d.....
.... .a.J .'6i..)C./.F#.Y.....OJ..y...O....f;........I..$lJU.ia.7..,.\
../K../l&.._w....} D...l...l-.z.KX...LTyF..(.9..S.>......N.......U1
..0.6T.U ..../.W#....s.. F.................\.hG....bk:>>..'.r]}.
..J6[..J.B...eiL).T.4)...F..*..%.DD.[*.J......qgp.U*..o.p}.'4..gY.eQ..
.V.qY...4.....w.9~`.ub.......Wf......!.>...VSQ......sw~..7..}*.<<< skipped >>>

GET /kss_inc/images/sale_le.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Fri, 15 Apr 2016 00:52:16 GMT

Accept-Ranges: bytes

ETag: "de3290eb196d11:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:55 GMT

Content-Length: 4194

GIF87a.......,..............3..f.......... .. 3. f. .. .. ..U..U3.Uf.U
..U..U......3..f..............3..f..............3..f..............3..f
.........3..3.33.f3..3..3..3 .3 33 f3 .3 .3 .3U.3U33Uf3U.3U.3U.3..3.33
.f3..3..3..3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3..3..3..f..f.
3f.ff..f..f..f .f 3f ff .f .f .fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..
f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff..f..f.......3..f..........
 .. 3. f. .. .. ..U..U3.Uf.U..U..U......3..f..............3..f........
......3..f..............3..f..............3..f.......... .. 3. f. .. .
. ..U..U3.Uf.U..U..U......3..f..............3..f..............3..f....
..........3..f..............3..f.......... .. 3. f. .. .. ..U..U3.Uf.U
..U..U......3..f..............3..f..............3..f..............3..f
...........................X.A....R0.0.....2D8paC.?.V.(.`... P$8......
F,.....#.N..pc...........1m.D..e......i....)I...Qd...%2t@qh..Q'nDz2 T.
8.z..ui..N.Z\..i..`.j....C.a..4.q.S.?.~.I....9....X*^.q'....$........!
.._.R.h.0..9...|.p......KVl...u.V..........Wtk.....]....V...}S.......&
lt;......A.7..{...{.g..e..e.2N.\.....'Vm..u_t.=..}...]...'.P.uVWo....u
..t]BU.%ZL.f&.z,.E.a..7.R;...}....Q..V.|...Rk... P/...i4.&.H...b..)..U
..($C.2...J..W. ~H..$.WS.z%...V.... ....oz5.......,....ni9....I...e.U.
wb'......n.z.f.mFv..... ..Y(&hd...wY2('.....@...Y....wg."....[U...L..W
.l.......(L..f.....hc......my.}P.."A..XjjXV.&..........m-.....B:.y....
.u.....Z...^...L.*u.......)..a..z.Sa.&k....8"..>.0....'.D^....h..g.
F9..)u..~..K1d..G0._..c."......[.....l......*.,.../L.G.......|.^u.

<<< skipped >>>

GET /photo/miaozanfenxiang.png?mode=open HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Sun, 24 May 2015 23:10:28 GMT

Accept-Ranges: bytes

ETag: "04ac2d27696d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:56 GMT

Content-Length: 19923
.PNG........IHDR.......F.....t.......bKGD..............pHYs.......... 
.... .IDATx...mp..}....(.......b ....K... ..]...<.m^..JE*.-..\y....
....\..*.A*....K..,-|.[..R)wkiK.T"[...D.z.r...,..l2$.LI.HL....9.......
..~JE.zz.O.....sf..m{ffFDD.o..o...oJ........luu...IV.=.;....z......<
;9..G.......,@...]....d.......W.......w...'.u..3 .....o.w.............
...a......N}p........'.]x..K.?...j.a|Y...D...U.].. .."..H..._..Od...&g
t;i.]M...........P....\."4..w|......|.."K.g._.9..,VJr.2..\. .O.....".-
K....%e.X..=~.R.r.....r.._{....u.........W~ "....ZT$..[K.JIj.|<.. .
...-....m...Dd........<z.g.o.%KDd..^... V..@G..../...wY.........l..
mq.s...D......,.r..}!....m.......,v~]..S..-....................D..S7.p
.*.....s..@D....7....p...u.x$bKn^>....g......f.9~f...e..l._...6..-_
.......r.u".|.\M..;w.........m..c|l..9..l\7....?.U..l\7.~~.K.n.?....{.
..2....C6b|........./<.!........e......4....{&.bWw.fZ.gn}bggoP..6k.
....[D.........}..to...#._.;pA.mc.&.'..i}bg.(.......;;.m?.2.i.&....{Q.
.b./"R..... .C..Ay2.vO.....^x.....{K.6k..$..'vv..>..t.j~hk..v..,2..
......S..............v3..`,'..!)....a.....?..........6....-.]..._}...}
HDn......_.....U.K.-.X<.]...o.....okn\....3..M..y.._.e...m^w...{.O.
.a(..|...............d......;_.O...O....vi.......N.;86'"r....NQ....9.D
..v.f..f...1b...c.|.`,G..#.E...f..}.0...v....y.Es....e..{..2u..." .u.t
.t?qQ}S........i..-."....q.=....W..-..o..;..q...&.....}.'..vkO. V.y.wg
|.....y9#0.*.5 ....;#..n/.t..7.....=./..4=f....7....t<.....N......M
TK..CK9.t..?.w.W.aQ.9...k,L.....vX....0|o._~o.G.'.*.@.k.-...\.....<<< skipped >>>

GET /photo/yanzhengxinxi2.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Fri, 17 Jul 2015 02:08:48 GMT

Accept-Ranges: bytes

ETag: "b5e89c8435c0d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:56 GMT

Content-Length: 15869
.PNG........IHDR..............lw.....bKGD..............pHYs.......... 
.... .IDATx...ql.......J1boD..p..k..#...{..-....".6..wB../....ND...K .
..p...M;dt......._...?O...X..>.Q6...&..4./.:Y`..a.................&
.....=..U.=......S o.!^}......B.!..={n.......o..O..bPn...g....n..U.A..
u..e..............".K..]........b.........o>.w.....................
...... /.x...y....B... .....Ho......Q....qjaQ).....i.ZV.*.V...Pe.....@
iJ.UU.[...@u........V...P]D.......OY./k....n..U.A..u....@....v..v..v.K
..V.j..V......$v..U.[V.k{.|kp\...Z..T..T..;...dl...~...7..............
.......].U.W\.`.8.....SV......U...T..*.....=n....T..%.....*o5.P5...`.b
$..........6........{.*7....0...RF.......V...P]]~y...`...g...7.].|....
.i.b.l!5.D...`.{...~...^.....;..}K9..!.J..h..q#......?t....Y.....RSA..
...1)..[?...w?....Z.$.`nd...L...md.&..BH!.!~..;?~.'O|..!...K..j.^j*.V.
.D.o.Sn...{.....&....w..}.K)..iTW..<RJ!..../_y#...).z.lEk*.V..\.z..
.........v,)eT..HD".ET ..B*.HjQ....KU.^.b5.y.......dW..d.l!h...-..[H.E
R.$N..q..qR.nH)e..HF*...[.x.l.j*...^..q5.I.EQ.E.Z..E.Z-.d.E...........
.Y..<..........*YV>...i.......y..R......Z.V......}.?.`.5.m..J..4
K....Wx....Q....-..gx.m... ...=........I..$o..4....Z'...P].q .....f...
.o..(G.E$.D.3l..z.K.{..L..,VSQx$@.I..&;C....~..Ul}.YQoVar...Y.j.%...Y.
(....."......6..z@/..R.(g.2...............i..Q[.@......T .........Y)C.
i........8...I..q...f.4/..........O...!....R....2G.....3Z=..../-~m..v.
...m....v..9.#C.}..U...X..<I..K..........e.s...3P....m.?..Q#b....&l
t;.j..Q=.J.vv.I..Q.......z4.'s..X...a...a...l....h.......1 ...TV..<<< skipped >>>

GET /17287617.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/up/tongji.htm

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: js.users.51.la

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: no-cache

Content-Type: application/javascript

Content-Encoding: gzip

Last-Modified: Wed, 29 Jun 2016 18:14:36 GMT

Accept-Ranges: bytes

ETag: "8898f1832d2d11:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/8.5

Date: Sat, 03 Dec 2016 09:06:42 GMT

Content-Length: 1010
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"f.t........<...q........m.zt
..................|..............Rf...w...g.Q..Y......g.w.....C....>
;..p...~>8}.?......N.=.........".J.....6.....VK..~..ww...9.i.1.IU..
...Z...w.....~...w....2....h.<.w...C..j..G........b9...e5...Zz...f'
....u^.o ....V.?..v.?[...g..*}........*..@..tk.]..Y[..l.z.-..>..E.6
.l..t..{/4.:...U../...v~.K..l.4....F.q.....(.V.q....H2.o.w~..|.N..VY..
,..^8...mO..m;...E>^pC..U~q.n......3..n.......l.{.....ug..g~.;...s.
.........,......-.......z.3}.l.;.....;..z.T..?{.....7.".7.1.".}..Ow.E.
.....s...g.qs...O./......U..?.{..[...e>n...x........}?*.....C..\.o.
::.`._.....R....*.Z...w~...%.>2..9.%..&........AG..FR.....OnM....9.
}.p.....w-..._.../.?........w%(...$m.:?.%.U;...V......Z...2 ..5.....m.
5k...JJ.cU.W.Dt.......8kV.GsY.>.....WM./l.C?V...~..[!....G? .L.l.l.
.33.....s...;w?.......1..?...u..@P}uU...'......... .8... .......v.Y.7.
.....,~4..qB...j.n}._..}.B....Pf.>......r..h.....0..g....HTTP/1.1 2
00 OK..Cache-Control: no-cache..Content-Type: application/javascript..
Content-Encoding: gzip..Last-Modified: Wed, 29 Jun 2016 18:14:36 GMT..
Accept-Ranges: bytes..ETag: "8898f1832d2d11:0"..Vary: Accept-Encoding.
.Server: Microsoft-IIS/8.5..Date: Sat, 03 Dec 2016 09:06:42 GMT..Conte
nt-Length: 1010...............`.I.%&/m.{.J.J..t...`.$..@.........iG#).
*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"f.t........<
;...q........m.zt..................|..............Rf...w...g.Q..Y.<<< skipped >>>

GET /dingyue/images/an.jpg HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://gutou.cc/ad/shiyi/dingyue.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.xuelangteam.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:06:43 GMT

Content-Type: image/jpeg

Content-Length: 1344

Last-Modified: Sun, 07 Oct 2012 13:57:10 GMT

Connection: keep-alive

ETag: "50718a36-540"

Accept-Ranges: bytes
......JFIF.....H.H.....C..............................................
.........""""""""""...C................             !      !!!   !!!!!
!!!"""""""""""""""......0.|......................................../..
.............................a.TU.1.Qcdt"E............................
....'.......................R...."!1.Q.2qa............?...t..Xs...cT.r
.EX.j...1......*...~....Z..Z~.....v..U.DMcN....v.B.;.j*..5.:A3...hX.`.
E].&..H&s%.........D.4...d.Q.`..5.v.... ...j4,..f....X...9..F..v..U."k
.t.g2].........McN.L.K.....3QW`..i....v.B.;.j*..5.:A3...hX.`.E].&..H&s
%.........D.4...d.Q.`..5.v.... ...jx...J2.f...bk.t&s%..uS.....'d,.....
.......!9#...*..O.....x.../..: 2v0..W...w.!.}.8......ah...D@.Z"....&..
.0.D... L-..ah...D@.Z"....&...T.......8..\..x..[.U.;xz?._.QS.%5..H...q
h...D`.Z#....%...(.F.E.0J-..Qh...D`.Z#....%...(....l..i.r|.;.y5.....h.
.aG.W..._e..HZI...$X&C.`..E.d9....X&C.`..E.d9....X&C.`..E.d9....X&C.aD
...x.....0...m..M`M>....E$.....e..K...o..6..@X&..`....o....@X&..`..
..o....@X&..`....o....@XT.%..T..E..ic..C........#Z...V..R..)..#$.....3
..6....?h..?..t'.".{...,.Kq....iK.k$.....g.[.M.*....67...Y....{...v.M.
....z..t...(...cx;~E..n.7..J'k$.....g.[.M.*....67...Y....{...v.M.....z
..t...(...cx;~E..n.7..J'k$.....g.[.M.*....67...Y....{...v.M.....z..t..
.(...cx;~E..n.7..J'k$....?.g.[.M.*....6Q_......V...!.T.*..M.R........]
M._...7...)W.......<<< skipped >>>

GET /kss_inc/js/jquery.1.3.2.pack.js?version=M10-P158 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Fri, 15 Apr 2016 00:49:51 GMT

Accept-Ranges: bytes

ETag: "705ca9b7b096d11:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:49 GMT

Content-Length: 28270
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"........$.V..?.....;.e.zZ..6}^L
..>......Q.....z9m.j.u.._fuZ~...ft1........~..F.. ../..g.....;....u
.L..UZ....bY.../.=.............xk.3.os...;.........g~......{...O..nwG.
.n..........}.#...!@}V.Wu.V..*.....#..o............z./...|.t..f..j...c
0....g...m\...v....5..m.../.}|.K........>........GB..?{:......;..._
...>......g~.o......................_..M.0.>3../...........|....
.....q1.]?.O.q..;..b9.....=...:.................mU..=.%...Ym}.A.o..j\4
.,.iX...}g\......%........S....~..k......h7.m...u.]32.......Q5^dos..1.
.....F?.....>b..h..?....a0|.._2..pMNm.L.....8..7e1....,....#.......
.j.._......l.....<}N.......*..r...0..}.c.?..`.o...af..>'j. .....
....{|.~DT.....I....?.....?.h..ON?...G....s.T...C....l.....4.C..`..V.5
#E#7,.?..(..s...}oH].........F..s.....;.:...t...$..NG.@/gm[.w1...$.~..
...$..@_ ..9.~a{.0....a.....g>.....8..PjL...~./9<......mK>...
Y$.......z...Xw~q5......n...e..D.gM..~F.;.|tF......M........S?.*f.....
..>...y..._..WY....*k........>...d4......>y..#....z.>..~W.
_1.~...!..\.e@.q.X......rR*<."./......Z..S."Ni..OI........n.X4..g.}
DF....g~.`F.;........(gx9h....1...g...?.Yp...d.....uNz.l....=|.}......
dtUg...t.....h..r.....Q8v.qY-.-......}.1.d..7y.>..wr.../yF.p.xK:...
sxE$..>'.^7...1#..........N...c>..2..%a...k"d._.D...`..!..."..I.
c..../9.......U./.e......p3j.u.x..TR.4c.?.lW...f.QC...t5>.../.[a.o.
........g........X.B.........K.....$...n..._....L.E....Y.G.#!.....<<< skipped >>>

GET /photo/quanrenmiaozan.png?mode=open HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 19 Nov 2014 11:24:27 GMT

Accept-Ranges: bytes

ETag: "8027cd60eb3d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:51 GMT

Content-Length: 17642
.PNG........IHDR.......N.......6m....bKGD..............pHYs.......... 
.... .IDATx...m.$W}.......>.^.H..KB..x.-.c..U.....KeC%.......d.T...
..2H.....!.E.cW....)[.D.H....L.....G...]..>.;}...m.{......33.Omm...
>}.....................5....-_y.......O_...w.q.g~..?8q.......;~../.
.TJ&.L.L*..|.;........o.x..O.<U..Qc....o ..p*.................8PH.&
lt;{.....d........_.-#dL..hsgi.......{D....L...........U....#g.....90.
*.....{.<.....R;.T...}..,........9p...m..9".HQ._........"J.M.6e.!..
LNK.!.......T.W..g=a..w...5..`.....YWa....K.}......{{..........=R.RMdr
B.?,'...I.6D)Y.%..HY.....z..EO"H..0....5w.v.%W.f.U.Z....."c...o...&...
...r..y......x......."r...?......}.../.."[_F.}...oO|...}`..".y.g..1...
@.p.[g.T..\.u.z..l.E..7..Xo.:8..:.<2z[....o.K...l..%..g.a...}....W.
.>..RJ........B....(..?wz...j)_....T'O..^.Vx.w......K}...p.y.......
"...s.....<z.}......}.9...........AJDI5..G_.....}...="r.?~s}..s.Z.W
?...}...x..?..>..K$.[H.q.i.}...l.,....*..X#.t-.)$mA.......=...v3.G~
.....~...'....x..|~-...@.RU.3H..4..u.:Hm......_....{..^...v...|a......
Z....<..?.........<.....?...E......M..8...?.o.{`...~.....o|..n.l
....{....\.C.~. ~..;.6i.._L.....hJn.......#.....1%r<....h|Ro..D..x.
/.<~. 69..4...}M0b..=.5...,c8..........s...8..|...0..2 SJ..... ...(
 H.RR.EQ..R...EU......^.JIU...c..G..G.DD.... u..S...J._v..S..........v
............/.Wd....._...w......O.......;&e..>...f'..=...1.X...=Fe.
-...Z5m......g...H.%..._..E.N.%p.#:.G.......(\..]M'.......!..7P..%K\?.
......|[P.YF.0..Ru..*..t....u..(.U.R.[..T..#g.U..........U/VU%.I..<<< skipped >>>

GET /photo/é˜²åœˆæœ€æ–°æ•™ç¨‹.jpg HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Fri, 10 Oct 2014 02:15:25 GMT

Accept-Ranges: bytes

ETag: "80dc50d30e4cf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:52 GMT

Content-Length: 504376
......JFIF.....`.`.....C..............................................
......................C...............................................
........................`. ...........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..~.$.PI
$..$.N..d.OA....k...J.z..P.R.j.!J..P.J.j...:t..Js.RmF..r...S.....&....
K]^.|/.G...Y....Z.1O.x;...3*.3Xhz..r ..*.[H.:....9.._oO.>:.B.'....U
h.....eX9.U"..J./.B.%o...jS..V..h...e0.Jr..q.JN.).E.xM6.e.~d. .....j..
......<..|p.q....c8 .v.j...~b1...\_..[............o.h.Z..vN....2...
/.-....U....JT..6.].m..ky..?...~.x..9...sS..x.>O.8.s...^.qc.a2...Sp
..................^....]..?..V.n..........D..?.L....W........ .....?..
...w..........@.......D..?.L....G.C.....L...........le.....K........#.
_.......3....5...x...2..J8S............../.....(....J.s...........9...
.....(.O.~...]..?.......P...>5... ....:...#Q........ .....?.....w..
........@.......D..?.L....G.C.....L...........le.....K........#._.....
..3....5...x...2..J8S............../.....(....J.s...........9........(
.O.~...]..?.......P...>5... ....:...#Q........ .....?.....w........
..@.......D..?.L....G.C.....L...........le.....K........#._.......<<< skipped >>>

GET /2/TCapMsg.js HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: captcha.gtimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:06:45 GMT

Cache-Control: max-age=600

Expires: Sat, 03 Dec 2016 09:16:45 GMT

Last-Modified: Wed, 16 Nov 2016 03:12:03 GMT

Content-Type: application/x-javascript

Content-Length: 636

Content-Encoding: gzip

Keep-Alive: timeout=60

X-Cache-Lookup: Hit From Disktank Gz
..........}S]o.0.. ..*X......-.L..i.&MQ49`.7bg......^0.N.....s|.......
!."..j#....*..*...nPF...>c...o.._ ..P........I..#.9B.]T$..s.1.u..f.
......\s.1.....pH...z..%W.R| .7...k............B....F...z.G...A(..m..{
..ZL...wN...:#..-...#.......=p.q....(q@l..V..iSO@.2......M...;...xR.HE
.i..o...."..w8.}..3.~ ........N.ev5W."....#..`Q.xh..:..(T..v...h...Hi.
*QK.3.Z....hO.....mr..J....F. .Q.....f.4.ZF.....2.d.J..#....2....G2k..
w.....5....=.y^..g!...%^..l...[................y.tA?..:....D.. 0kp.,V.
B...,.bh.=@.}.....t9.3.&_....v.z......91.;..f.......k.B5.`.y....S..3..
.....m........s..T.........Hr2.&..g..,m..?..F..q..:..2_.t..M.#.....8..
3I.RL....HTTP/1.1 200 OK..Server: X2S_Platform..Connection: keep-alive
..Date: Sat, 03 Dec 2016 09:06:45 GMT..Cache-Control: max-age=600..Exp
ires: Sat, 03 Dec 2016 09:16:45 GMT..Last-Modified: Wed, 16 Nov 2016 0
3:12:03 GMT..Content-Type: application/x-javascript..Content-Length: 6
36..Content-Encoding: gzip..Keep-Alive: timeout=60 ..X-Cache-Lookup: H
it From Disktank Gz............}S]o.0.. ..*X......-.L..i.&MQ49`.7bg...
...^0.N.....s|.......!."..j#....*..*...nPF...>c...o.._ ..P........I
..#.9B.]T$..s.1.u..f.......\s.1.....pH...z..%W.R| .7...k............B.
...F...z.G...A(..m..{..ZL...wN...:#..-...#.......=p.q....(q@l..V..iSO@
.2......M...;...xR.HE.i..o...."..w8.}..3.~ ........N.ev5W."....#..`Q.x
h..:..(T..v...h...Hi.*QK.3.Z....hO.....mr..J....F. .Q.....f.4.ZF.....2
.d.J..#....2....G2k..w.....5....=.y^..g!...%^..l...[................y.
tA?..:....D.. 0kp.,V.B...,.bh.=@.}.....t9.3.&_....v.z......91.;..f<<< skipped >>>

GET /cgi-bin/feeds/feeds3_html_more?uin=&scope=0&view=1&daylist=&uinlist=&gid=&flag=1&filter=all&applist=all&refresh=0&aisortEndTime=0&aisortOffset=0&getAisort=0&aisortBeginTime=0&pagenum=1&externparam=&firstGetGroup=0&icServerTime=0&mixnocache=0&scene=0&begintime=0&count=10&dayspac=0&sidomain=ctc.qzonestyle.gtimg.cn&useutf8=1&outputhtmlfeed=1&rd=0.09336930761115929&getob=1&g_tk= HTTP/1.1

Accept: */*

Host: ic2.s51.qzone.qq.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.536.2 Safari/534.10


HTTP/1.1 200 OK

Connection: close

Server: QZHTTP-2.38.18

Date: Sat, 03 Dec 2016 09:06:42 GMT

Cache-Control: no-cache

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 125
_Callback({.."code":-3000,.."subcode":-4001,.."message":"need login",.
."notice":0,.."time":1480756002,.."tips":"5C48-77".}.);..

GET /icon_11.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/up/tongji.htm

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: icon.51.la

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: max-age=86400

Content-Length: 913

Content-Type: image/gif

Last-Modified: Fri, 26 May 2006 14:21:40 GMT

Accept-Ranges: bytes

ETag: "0f268b4cf80c61:505"

Server: Microsoft-IIS/6.0

Date: Sat, 03 Dec 2016 09:06:48 GMT

Connection: close
GIF89a0............._..@y./h..Y..Q..@........................!..NETSCA
PE2.0.....!.......,....0........I..8S!.....`).....J.....@.........`8..
.F.n......m.D.8.....*.......>1..i........I.l.m.?cs.pQ.Q.......w H=z
.XY.............{.xI2...2............C.8.6.y...........7......9.......
.......!.......,....(.....Z..I..8.A....!.fNW9..%].{....mH......J......
.@P...c.R(....!{.r'........,.{...W.:.v..in[kGD..!.......,....-.....i..
I..8k*.......q..^...o.eC...l. .."..V...6....Q...4&!.......M.S..4Xb.W..
..WUZ ....4..[..j.b'..gzeU.{e{....!.......,....-....._..I..8k:........
.9..%]...m;.k ....&.N...(.a).#...'/i. ......j.]...............X;.s'gxy
..g.Xyz...!.......,....-.....w..I..8k*.......QDE.C.q.%....R..Z..2DI.r!
R-.O...M..o....V#S..v..b.K!#..I.....\.v^(.....F..h.XAr.fy;. ..N&L'.(,j
.G..5..'..!.......,....-.....r..I..8k:.......Q.%..9..%].kM....=.......
....$..&N ..K.$<.QB...]p)..bO.i.`X#..w.-...h<e.g..n.}}yy..~v.we.
ys..r.t....;..

GET /18972332.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: js.users.51.la

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: no-cache

Content-Type: application/javascript

Content-Encoding: gzip

Last-Modified: Sun, 09 Oct 2016 03:27:16 GMT

Accept-Ranges: bytes

ETag: "71b8d8dd21d21:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/8.5

Date: Sat, 03 Dec 2016 09:06:55 GMT

Content-Length: 970
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"f.t........<...q........m.zt
......................Q.f.E.~...?)..[..h.......,..?........y..!~~.t..~
.{..?..>...O....'...O|...~.@.o.'...nv...?.s..'.Y.f@.%.....G........
?.-..gW.rV]..j..E...;.......u^.o ....V.?..v.?[...g..*}........*..@..tk
.]..Y[..l.z.-..>..E.6.l..t..{/4.:...U../...v~.K..l.4....F.q.....(.V
.q....H2.o.w~..|.N..VY..,..^8...mO..m;...E>^pC..U~q.n......3..n....
...l.{.....ug..g~.;...s..........,......-.......z.3}.l.;.....;..z.T..?
{.....7.".7.1...}..Ow.E......s...g.qs...O./......U..?.{..[...e>n...
x........}?*.....C..\.o.::.`._.....R....*.Z...w~...%.>2..9.%..&....
....AG..FR.....OnM....9.}.p.....w-..._.../.?........w%(...$m.:?.%.U;..
.V......Z...2 ..5.....m.5k...ZO?....|".......j.5....,f...B......... ..
A?...P.|....T..>.....gf......4.[w.~.s.mY.Qcn................O>..
..yq1GWFoP[.@.S...%..~..o..5}..Y.h.................g)D.lA.e...1(.../..
.v...?W..~D...HTTP/1.1 200 OK..Cache-Control: no-cache..Content-Type: 
application/javascript..Content-Encoding: gzip..Last-Modified: Sun, 09
 Oct 2016 03:27:16 GMT..Accept-Ranges: bytes..ETag: "71b8d8dd21d21:0".
.Vary: Accept-Encoding..Server: Microsoft-IIS/8.5..Date: Sat, 03 Dec 2
016 09:06:55 GMT..Content-Length: 970...............`.I.%&/m.{.J.J..t.
..`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!..
..?~|.?"f.t........<...q........m.zt......................Q.f.E.~..
.?)..[..h.......,..?........y..!~~.t..~.{..?..>...O....'...O|..<<< skipped >>>

GET /kss_inc/js/jquery.form.js?version=M10-P158 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Fri, 15 Apr 2016 00:49:51 GMT

Accept-Ranges: bytes

ETag: "705ca9b7b096d11:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:53 GMT

Content-Length: 6993
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?".....i[T...../.h..i.......2...&
lt;k.u../.%.....(.lU|..m}..X..m.^...>....=...."o.v.p..w....r....|.@
T.b...gW.rV]....O.....6>_......^O.E....Z.Gs....[.k;/.q.//..._\V.[..
W....b.*..i.......M.n..*..|./..._.m>...a..~..@.......j6......G.....
-.....:O........w~....7.)z}...._r(`..8k.z.c..P............(.~F=64]....
.....~[l.7w.}.1.@....Q:..4...y.....P...5........x.......o.{......;w...
.|..w...._r.......wm..m..:...G......&...-.......~$...??}...8..E...>
.....v..-.m..[C...=>...2k.u.j..ge.....lR..G.2[.......;<}.y[.w..D
........^..v..EV.?.?.}.M..#...;..~....w.O.$...E..!.. M_.\.Z;.Orz-.m...
.p..-.iP.CS......R.[3b.P.4 .I6}.E.Dk.lV....L{#......'.ae../...0....Cb.
.k>....._.n......7.q]g..JM...m1...xz...&V...u..b...........l..7....
;..ar...?.........bhJ./...HyW@m_.\....!.......N..}w..)..%.<*.._.../
.E.m...c..}../.......? 0.....Z...$k.-" ..7..Z>...@..I9...<......
..g;......?.EFE..~.\.../.i6,0...........Ru..-L.._l..W.f.L.._.f.5...K..
M.H...f ..}.XN..,.v1..K..w5.b.o.p.#..&.{..cTU9{-*.2........_r8........
Q..2..o....c...E;'...E....f.Wt.w...@..........E.ip....h^Wt{..~o-......
u...m4.w.Z.3..-i.;&..g~..|HS..V.g;.E..3..x...c............g.Uy...F..t.
3?..,n.....G'p...;.5.....G..Q..&e>....:...,.b..Y..Z.[h,.*zG;.j.....
.l........B........../r"....${......f...;A.]..<..:s.7........}tz...
.......>._.L3.....&.F.#.l ......../......)0.'..9..n../.|.3?......i3
-.&...|u\.....7vY...,S......UYe.3.e 3......go..^......y...6...mp#.<<< skipped >>>

GET /photo/fenzu1.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 05 Aug 2015 01:58:05 GMT

Accept-Ranges: bytes

ETag: "f31d6f2b22cfd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:53 GMT

Content-Length: 40005
.PNG........IHDR.............q.......bKGD..............pHYs.......... 
.... .IDATx...{|T.....=I&... .@b..AQA@...*..j..Jm..).=-...}5U...ZO....
.z......=..j=G M.R.AQ...B.%...!.......?..=k....=3{..<.......<k3.
.....<.R... ..D)......~q.zjc..\..[a..[....|.4.u#.QY.^Z.>.,m..<
;y66.....$....z...u..?........C.\C..v|.6<<$....z.:..v.T...I*.g..
.%J.c.J.=..[......}........|....qG.....'.M..7g!...=.........w..?....8.
@(.m..l._......A...u...........F.[x^mY.EB..A.$y...;...... ..Y.T.{.}...
A..A..a....W....z].....tR.@.....=.F..A0...A..=..`..L*).*.fv".. H.sb. .
.a.0z...:...-..P.^u.q.......A?.}'..).....J.........S...o.(.... ..,....
.._p...."..o~f=..[~~..G......Z..9uv....W|...#G.....3..c..6.;80....@..u
.. H:.....=J)...........7!......&.....p_.1p.ht,.s.....<n.....S.....
..t.@pl...........N.(.W;bb..s..9.G..P0t8sj:=..7..,.......#..jF~......p
..........$.>.f...:E..uO.=v.].W..8o...m!.X.tZ....k.m.j/Y:.....'.M.^
...5.B|.%K.5Or.....Z...4..k.....m.......h...fV...{~....C........u V...
......Z...usm-C..j{lT..%.V.k....$'..M..].W>y......Ar.J.a..;5U......
...4.M...~...>}!....~..@Iir..C.................X...'.M.u.O.....4.~.
.[.....}....P.@......Go........]9g..v...^.sM....../m.._..a...O:..yB|-.
...c......wG.. ..-..p...5L.....o....u3.nU..d..%v.bo...WU.A.....b..,._.
...Tsc.......o.8.q.,..{C..ge.5..I^.Ksg].9..0:.... C....`..v...T..@)h.!
.. J{.@.0...h...aP]O...^.....`.. ..g.=Z..........{.......j.......`.D..
.=.>.w......O.....yc.........sj.....p......,.uUBkS}.T....u.w .YYW.[
.V4....<.i}_..r......]K..q....:vX.......w..........\V.....m?l..<<< skipped >>>

GET /photo/renqikongjian.png?mode=open HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Fri, 19 Dec 2014 07:40:01 GMT

Accept-Ranges: bytes

ETag: "801ed5fe5e1bd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:56 GMT

Content-Length: 30421
.PNG........IHDR.......F.....t.......bKGD..............pHYs.......... 
.... .IDATx.....].u.....Z....[...`..q,'q....~.Y4..g'k.H...^..<G.$..
-~$y..V...3.....5.....7$/.3.jV,.AQl..`.....u../...5.{..Q...[.N.s....~?
..to.:U..=..>.vU...f.. 7......_...'..<..<..{...........R....w
O.."....7.)r!...{.wN..{~.s.S..{.;...Hr....`Ot^...7.IU...-......Sj.\."C
o[..S....F..q.."..(.....^.....E..5.....&N..cJ.[....D.&...<s........
...S^...o0.^]8..O... .......=..R.....w..7~|j.......G~...7>..>.5.
.?.....?n.#..~........c............s.p...>?..M......CJ.......c/.D.f
.;..On...~......^...3.....g..w..7~...........|B..W\.l..Z-.g.ma.._9zd.C
........M..v...#...C......=..j. .y6.w.a.:|./.H......6.d;...x...>...
t.{...]oJ.........l.&L...=.o!..W?A.;2..t[".).... .....eC ..m...[.....h
...~.8~....."..Iw.....7.........~G%...?~3....E...W.m.o[.........G]..~.
._.....X6.b.E...c...m......'..m..-.]r..;..>....<..^.c/....;>)
R.p.'_~s........N...P....o......7W.#:.mz}.^?J.^......._..5?......g.,..
.......'..?..D....MdS.Z....?....i...........}...|....A......V...V....x
..o.Z.ON...<.{..t.._.[.Zu...>.|.7..N/5.h...\V..........c._.....K
....s./..=..,[$.........N...7....D.>...F...........(.n....7...c..Cg
.[1.......P..5...D....D.%j.E.%j.5.:..m.W-.).!.HTTP/1.1 200 OK..Content
-Type: image/png..Last-Modified: Fri, 19 Dec 2014 07:40:01 GMT..Accept
-Ranges: bytes..ETag: "801ed5fe5e1bd01:0"..Server: Microsoft-IIS/7.5..
X-Powered-By: ASP.NET..Date: Sat, 03 Dec 2016 09:06:56 GMT..Content-Le
ngth: 30421...PNG........IHDR.......F.....t.......bKGD............<<< skipped >>>

GET /c/=/crm/wpa/release/3.3.7/wpa/SelectPanel.js,/crm/wpa/release/3.3.7/util/css.js,/crm/wpa/release/3.3.7/lang/extend.js,/crm/wpa/release/3.3.7/util/contains.js?v=3.3.7.20160126 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: combo.b.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:06:59 GMT

Cache-Control: max-age=300

Expires: Sat, 03 Dec 2016 09:11:59 GMT

Last-Modified: Fri, 22 Jul 2016 19:07:15 GMT

Content-Type: application/x-javascript

Content-Length: 3671

Content-Encoding: gzip

Keep-Alive: timeout=60

Access-Control-Allow-Origin: *

X-Cache-Lookup: Hit From Disktank Gz
...........:.n.:v."sn.R......ZnT.......k.qc...xTb.E..T=.... YL...M..M6
.IV.$.........Y.R....}33......9..H........#.9......90..)..P....h..L..K
CYtn...0cX.c<qS..7..E.k0.M;.Tb........8Aa^..P.}...TA..b.......|tn..
P.6.VK......Z.s..V..... t..V...a.[.2.Q.J%...P*1_. ....Z..d..w|.j.~....
..h.fp<L{.. ..,%" '.M2...)'/..$m<"..nBJ.O...[...&4..`...O..h....
.`.".|l..n.)...B.H.........\...R`J..BhS.YA.Q.S ......QVPF......xZc:)..
:..Y....P.Iy.X2 (.....B.K..P_H.wv....n)...p!a M.\.,3...%T-.1..1..J.>
;...i.R.,...!%#...rf..k}..%......T.. .|0....}..3....TLD.....L...r1..c&
lt;....Y...{...H.......:.2..N........hp0.....Gh.Ax7Fgxrj..G.&.........
y.>.)......................}.9M.....*.v...v.j......................
.....O......_..................vr~............x..zwp...>x.%...8;...
...?<A..w......._...............j.|.....?>9...........O.....>
...~...ovA.._../O...7u....`R.~.0..}U.#..]:...6..........GGh...........
..S.....r...e.s._.h....>v('0..z..>z......7.....'..<......{?..
...`5.<.&...P>...7....{r.i.(.~B..G.Q..pv5V.....&T..<.k.....:~
,..7....0....u..c9o.T(|.A.?......*x..64K.{piD..!..An.P.qQ.G..1q.k..;..
d...5@.{By...3....c....`.s.!.2FkuW....\..1....>|.xY..P..P.........)
3..........71.j..w...'..z.l..f.;..P....,.4...A.<...P..{".....P.-qF.
..O<F..h.`..O...n,..r&f..j:b.x.....m)......`:.......jv.~....M.3:.1.
.8..L(l......t('.M.u.F..Q.`..[DFa.s.&.8.eh...:.....xS...2j. .f.5...g.8
g&.Y..L(..),.Hg.. j:..p^.....z.P.....A...6...z.P..... !qF.".9.....T.g.
..Ui...h{m..ME{.^p........C..y.....E..fJh......hxN'..I. .T_.......<<< skipped >>>

GET /kss_inc/images/salelogo.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Fri, 15 Apr 2016 00:52:16 GMT

Accept-Ranges: bytes

ETag: "de3290eb196d11:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:52 GMT

Content-Length: 45207
.PNG........IHDR...X.................pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#....Y....a...@....V....HU..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..]3...Z..z..y8.@...P.<......%b..0..>.3.o..~..@...z..q.@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V<<< skipped >>>

GET /photo/quan1.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Tue, 30 Sep 2014 05:55:23 GMT

Accept-Ranges: bytes

ETag: "8057ce1f73dccf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:53 GMT

Content-Length: 53235
.PNG........IHDR.......[......m......bKGD..............pHYs.......... 
.... .IDATx..]g..5.~...wi.R..M. .. ..Xh*...V.TP@AD@PP.bCE...{E.i*.....
...EY...|?2....;....2.....$''...If.....='.T....^bZ.UX......B..c..;DD..
./.T..!".W8.....Wv&.W...^...f....B.c...C..&gD$P.r...[./..b.p......<
..VZo,G.]P.......[.b..7..h.X.!A.I.%"..6..4...<..@)#.G...."k.....KrE
....}...p.p..~v....o....d..T;k.y.H....BeV.....,..h...F.=.b.....9......
.m.....0.._.4...u.G..|*.......).........J.x..Q$.[*.=.2.Lb...d.... ..(!
.....u..6<.y..?.....[.....;.V.z.5W_|......e.....r5....dz`... ..1...
...^.A."J...,.Jp&.Df.V...:......,K..;.CH-jq&.]7..o....6.;:d(s..|....VU
.D......7w..H...XP.D..".7Fy.E....B.m  5...).-_...*...om..r....B.!...k.
U..J...?.:e.(..}(...Zl.*5.X<..).dp.`|9..t5k..<x..9s.K]T..5....*A
....:x..%(pW0..Sg....w....{v.......5.][..s.TPPp.-..w.q../...........0.
D3y72..R.i.....M......t..i..iY.i......m.M..$.3.0........8.....NW.o...c
...c.....T.eY2...h..k.....N.S...7.J.........U.*g1#..a..=......3...,fZ&
..<c.OZHF..'..y...B8.d....".s.....,\...*. ..!..1.4y...RK)C..L.R>
.5M....m.j.:....&93-w..S./-.&uu.KCR..D..*(.=I...........7.....r.@e../.
....LO...."^.........m....K........8h.tr.J(..:<.,......0sNU.6.. ...
.......d2.L.$..d.RNN...J.*.$..a...k....8...J..4B)...<O.............
4M..iJ.Csz..c^...bY..i......u.]t........_....z....V..q.T..u.n...._~...
...Rj....T.....j.2.......u.c.i..B........h.........3.B....2...`.0...L.
 .`9.a2Tn..L......5k............>...U.u.......E...-.j`.n*..0'~-....
b..}T.V)..1..w-b........;..ry.u.*...".o...L1.....1...L8....../....<<< skipped >>>

GET /photo/fenzu2.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 05 Aug 2015 01:58:07 GMT

Accept-Ranges: bytes

ETag: "25614f2c22cfd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:55 GMT

Content-Length: 13375
.PNG........IHDR...............|I....bKGD..............pHYs.......... 
.... .IDATx....l.W..oW7..g..#.d_.....a2..1.....&.Az.....#Y;/R....(...7
.y...-...4....iXy....I..@2z ..1Jp....$.@HF.......?.].}...nUWwU...E.\u.
UuU}.9.TUl....^}.qLM....n......>..o.bb.X>.......Tcc......".(....
........_a....2.;&e.OUS{{..3e:./]......W...Wr7.7.<$o..DP....H......
........O.l.L.h.|R..W.R....K...-.E(]....v,..B.....U.)...|>o./......
O..Y......I../.D.5k../&e...-...... y.M.K.......gu'....a..\.u..f.....w.
..#....&.......1>.z%.!. !.].....s."....P..H...@........e.~..9....@.
.B.....?.e......"g.......A.....2b~~......P.@....B....O&..........d....
%9....xT5...|>.......D"..........w...y.....R..Q........hH....cP....
]u.....8Pw...................5.....@..u....j...../.oa._.....j.....q...
......o.....I&..{..I..a.....)..{t...J52..d2.*.<..T;Ju.....D.FUV.].^
uL.........A.{..F...........|".:"..$:....."..w....j.d.U..d2....d.....|
-~...q......wO&.5...W.O.$...ym./..A..P..>........w.....@U..wO&.s.).
_a.....j.`/h.w...Za..T..l.....~.....-.p......S.^.x...."...;"'..,....W.
..!9C......$. A.I.P...-|.H.kp....... ...;/.. ....".e..k....$..F^).[m..
.....a.\v~.P....q{...=..D.S...!...$.\.7...V....b..1..q.1.b 1..wt.q..MN
u~.`...........0.w.%..#.N3_....<....&C..n~=....5..................*
m^0....D...< .....k........3......)~.....a...d?............D.o9....
o.{.....Km>.-..K..I.. h.srV...........@m.-g.<.\1..].T.yk..b.|T..
.bq.rN.,.D..........[d..3"..G..y.&..~.._.]...j.U.]e..O..S..p........u.
..3pH9$e.D8..H.O..#...@.....q...qBV<o..O...`...@.).=....eRz....<<< skipped >>>

GET /photo/fenzu3.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 05 Aug 2015 01:58:08 GMT

Accept-Ranges: bytes

ETag: "4172272d22cfd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:55 GMT

Content-Length: 14053
.PNG........IHDR................m....bKGD..............pHYs.......... 
.... .IDATx....l.e.._W..;6....p..8N.4....@ .&....i3.;...d..R....,YmfGZ
......IoN...=.......!3..n..f7Qr........@LB`tm.c.......o......U..~.B...
.TuU}..y...X\\$..B..._o}v'!...N^x.9B11.e}.m.....o.{.A.@EE..`.f.......D
}}=.....S..6.pk.D..$.x..k.....MfO.R~{..3.:./]...W..n..G..^.o{.._.. c..
s....o...Q....H.|.G.._>........C...0..,...?.%.L.{...ok.....^...pD..
.P./.{.Y..{!E..W....:..a....."....:....:......7./:e............"...E1.
OG..e..fF.=/G............?..5.ext.%...g...k....N`.......@..U.).....X..
....(-....e.Y..J....f..H..Y;..X.2.....q..d..c.8..u....(?.....2@t:..8..
.l..{...,......(K.....m....9>.2... H.. W:.......\,.=.....x......<
;e...jaa.0....-........... .?.e..`.............3.....fnn...Z.O(K 0GU..
................x.~~~I..,A..U.Z.....o..QSSc.&F\....bqqq~~.....J(...GU.
......=..........B}........z.....?.{.............933.......(,.........
..l.................>........@y }...v.MR.T.&x'.L.m...,S\._...%.%...
T*.J.....P....HE..lD...b.r..e2.\>?...D.]..TdiG........,........D.*.
.. ...{......|.r ..g2.~YX@..{=].^..n...@...9<T.........WF..3..m....
A....^..d.?..n.......@I.......Lf...Y) .H.L....q.H..2.......B......r3q9
S.^O....v.kA.......fmm..j..12.K~1..e.i.$.T..... D.7.%..2.....l.wL.;..!
...D......2.r../....$.6i..pn....?........V.....5LE;..d...@... .x.{:n..
eFt.....U./q..@..>O`7.c.#.6....r..=...N.a...0...=.......[.%L>..5
]..A??BO..:&1A9...SY..............z}m.....}.]....e...I~.o..X......,a.#
..YIuS....%..HO..c}Q.......>.......{>..7....=.>..........<<< skipped >>>

GET /photo/yanzhengxinxi6.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Fri, 17 Jul 2015 02:08:49 GMT

Accept-Ranges: bytes

ETag: "c2e3728535c0d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:55 GMT

Content-Length: 17973
.PNG........IHDR.....................bKGD..............pHYs.......... 
.... .IDATx...}x..}/.3..w...6.I...@.....^.K..k.z.....C....zoR..q@.yn..
{c...u/Y'..D.<...%n....@..~P..... /!!!/M..6.[........m.......yx.j..
.s......Yk.CK..d~......#_}h.u..B.>..S..$..BZZZ........G.~...V...[ZZ
j....W}k.\,k%..5../.^..l.'{,.q.f....T.f....V..........9..4.s.......?c.
|...../.G{R~.'.l.. .P....Z.~..u.l...H....k.....P3..k........62_......@
3.z[..X...B...............`..h.WB..mv.......0........Q.....^X.........
....3.a.... f......@.8.I..?.P.5^\.....\....4..b...f.o3....bb...1.}-..a
k..n .G....XVs.}k..T=.Z.f.W3...J.oc..../....'j\..!.....j... 4....V.`!.
....N1..B.q..`...\.....3.a.... f......@.8..r8.<..K...Dx......K.. ..
.\u.......%.......... f.......!...;7].YL..u....PK.w....K..X.=/..].....
..@$L.O...m.U,.....@D0......b&........WKK../.X.R......7M..%2.)U.a.^...
x....J.......K/...oN..^~....].....u,.gi..HR~9.v.....n...d.F.....R.....
....6..;.u!......eY'~..s....9.....u....$.....es...,B.E.K.O^~........g2
.a.H.......L....1...j.=.J..v\pV....4.m...3.n.}...!4.k.^y,.".....c.O...
cK.^/Q..R....PE._r^TY.{.....X.,....K\...C. ....q...m/$.....%.WS......t
.I.....J..2.m..k.. Fl.....]BH....n.uXZ.e..m.^.j........)Ui/...wy.l..m.
..D"...D"a..m..?s..~pppttT.'G.-.jpp........./...N...r......B....H$...q
..=./...j...J..&..4e...^h.< T..@..Ty.7Q3....*.lYXP.t...&.>..)Ui.
.1_4..,....2_...f.{...G.:.W.JHl.v.?..2......_.D.g..R..$P.....4...n.g.@
.f....U....J..... ..^.h....fag..,)..............\.p{..pM.5...e..K.....
..L...R..paaQ.J..U)M.)....".....'..n>........y..Q .....iO.Hh.!e<<< skipped >>>

GET /kss_inc/images/sale_bg.jpg HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Fri, 15 Apr 2016 00:52:16 GMT

Accept-Ranges: bytes

ETag: "de3290eb196d11:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:55 GMT

Content-Length: 7859
......JFIF.....H.H.....C..............................................
.........          ...C................                               
                  ........z........................................5..
.................!1....AaqQ.."....2BR......br.........................
..............................!...a............?..F..K....:./V...r.w..
....|.. ...j...2QQw...u....E....-..EE....G..._.QQuV7..r...d.....j..nB.
T].......L."..l<.R.;..^.%..sA....A...aV...\...^.....R...r..-Z8.S...
TiJ.< ,.7..g..e./4....... ........,..b1..zB.-z..J....r.^..u../. .Q.
T..r.;.aV..*gW:;......T.* ..x.w....}.V....Y.,..o..m...s(...*!'...Er.^.
.n,[k'Y....o,X..O......N.>..E.}/c .......*....(..|F..&y.......*.~..
....j.iu.p.* ...(..w.HW...Z.D...r.;...V./...(....-ZTm7(..f..[.|..s(.7.
.....2e..y..*.3..1.y........^f....Sw32.^..yb..b!}...5.k.X.T.......V.4.
.d.....X....u..7.*.S.R....K..i..e.y......T./}.4.S......U...R..Er..-[.W
eS..vK...O.........`.c2...*.O..a'TW.......:...]...nH.5s......Z.P.TYz.C
...'t..C.b.....\.TL'..s$,.%.%^U........X......_.*......y...n..D.r...7.
./..\.uEr...Z....S(.]...n..<..(.^C...s.P..n.^..9y..HW..*.....Y.^../
..:... G....E...q;/R......n1).J...?.Qk.........V..uW....4.c...*/.X..C.
.............EEr.V...d.....ngU.T."./3|E.G.]....J....yE....>......Z.
z...Yy...X.}........-Z/..LE.^C...*...fw....y*K.r...V.._.foZ'...&U.e...
.v....`.].^.j........}/bU..W...^f..[...].qA.......o.U.W.e....Q.~.J./-~
..U.7%..y...~.d./.....W....^X.....%.Er./bU....%....`*F...._K..l^..e..^
Z..L.......yr.~..6b.S.Y...o..j~IVTYv7..JCJ.VY...%[.u...Yy...1...s2<<< skipped >>>

GET /photo/yanzhengxinxi1.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Fri, 17 Jul 2015 02:08:47 GMT

Accept-Ranges: bytes

ETag: "8d6368435c0d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:56 GMT

Content-Length: 58101
.PNG........IHDR.......o.....T8sn....bKGD..............pHYs.......... 
.... .IDATx....|T...........&.M.....U.,....PJ...B..?(...mk..a...n)..~.
.n....O.twi.BK.|.EL..TT.H.%.J.bF. I&...d...;ss......3y?...w.=.}~.s^.}.
w......tM...k.~...............2ka6;...P1.....13:c....g...f...s.g&..N.|
/...i..M..O-...-6444k^Cu2.....h....Z.C.O.u......>......i\....{...CS
c.}......{..1tv.M..{..~a#@l...}.G?N........~.pvu......<....?.g..@..
.:..6.C6.c...A..|k.....d....hX.iPf.?................s.}n.....k..}x..).
.l..;..r..)._.g###...?~t.m...&......3G:...s...A..52:..............vj..
G...;*.......'N..........f..^=.....w.rMEY.nT.H./H..M;{.......f.t...i..
...O.e...[4....^~......n....7.{..;>x{.w........|....0:.......n.....
\i..._...w.z[r...mkY.....p..W..O..=.{..]w......../~..I....<.....}d.
....-.o.|..^=...=.|..w......@.....K....../.@.....f...5t...>.....]G_
9.......k./...]s....[.......x....g...W.9..<.s.#.|v..w..{.. .s.....z
.)....I.}h..eW^Y.Lv=..Y4.......... J....x.u..2.........7^...3...L;>
.....tx...tbX.=w.....M..\~.....[nz...^?}:7V5.h?x....~.....__4u.......%
g.-l|${j...;...^................UTT./.g....??...}..?....w...&.W.......
......}..Kg..;......Kg..wo.(7r..._......}....W.z.....~..........w4^...
v.t....[...h...{.;...C.K...?z.k........~....O.:}z..._=yr.....g?y...._?
r..M;....K.7|..?...>......_.}........q......W'...?O4..N.....o~..CG^
$...=K...}._...X~........M.,x..W...?'....5.@..WO.z....^.a...../....9.]
.i..s.Z.........X.O......}.e..:........>i...k'..7....y_.b.#.{..K.W.
... ./.5./7|fvu..p!o..U..^R]....$O....N.|..K.Zl....I.............c<<< skipped >>>

GET /jsonp/mta?v=0.6.4&tid=800094740&aid=&pid=fhnnv9.wuxgbh.iw8zwid2&qid=3bmuiy.ycc5mo.iw8zwid2&src=12&cid=4115680256&sid=1.1.3eb2ol.iw8zwid4&t=iw8zwid6&callback=S3JSONPPREFIXdd3a8u HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: da.qidian.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:07:03 GMT

Content-Type: application/javascript; charset=utf-8

Content-Length: 22

Connection: close

Cache-Control: no-cache,no-store,must-revalidate

Pragma: no-cache

P3P: IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT
S3JSONPPREFIXdd3a8u();..

GET /ad/shiyitop.htm HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: gutou.cc

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: text/html

Content-Encoding: gzip

Last-Modified: Tue, 18 Oct 2016 05:44:59 GMT

Accept-Ranges: bytes

ETag: "97b6cec3229d21:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:28 GMT

Content-Length: 1130
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"...O.<y...<M...L_~....I..
.....wr...7O....o.x...w.7u.l....Yy........m.zt........../..yu..`..e.u.
......GG.q.._......,.g......4...~..6#\..v.....g..T.6_..o.W.G.T....6...
....t..M.~v1.....Qz.p..-....?.......}|W........u{{R.......M{].iK](.i.0
Z..7N....>.O.....z.n......OW.~..jw'......G..?{.C..j.}E..<{.....z
.pg..=..~..........................sU...g.=x..Q:..Y^.....a|...........
.mn^..O4..YC........G...#4.K......W......../.{.Q"H.<....s.....Z....
MV...|..mv.^............m....GG..?.O.o?........;..?...c?...._./.......
.&y.=....... ...].......7c..?./.G.........?./.#....O..MX.4.....{..@#xC
x.....O...'................=.6.............7.....z.=..o.....1..G.v#...
................ &.'~...o......o......=..7R..C........y.!..&.1S?......
.....?.....'z#d7"O..............<P...........;.........!."O..c..X..
./f8_....j.;.n...C%.0O.y.DQ7..]>.%..?.(..4/.h....n....:...8.~.....b
...y.v2..s..}..O.l.....i.../.[......g..............-..#.[..wo...Q..._.
......./....?..p[.L....r.b.o;.L..1................?...............o...
I0....D?.u...R.....o..?........HTTP/1.1 200 OK..Content-Type: text/htm
l..Content-Encoding: gzip..Last-Modified: Tue, 18 Oct 2016 05:44:59 GM
T..Accept-Ranges: bytes..ETag: "97b6cec3229d21:0"..Vary: Accept-Encodi
ng..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date: Sat, 03 De
c 2016 09:06:28 GMT..Content-Length: 1130...............`.I.%&/m.{.J.J
..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l.<<< skipped >>>

GET /cgi/visitorcgi/ajax/wpa_first_heart_beat.php?nameAccount=800094740&dm=gutou.cc&title=éª¨å¤´è½¯ä»¶é”€å”®å¹³å°&url=vip.gutou.cc/sale.php&cb=JSONP_CALLBACK_4_23 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: visitor.crm2.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:07:00 GMT

Server: Apache

X-Powered-By: PHP/5.3.8

Cache-Control: no-cache, must-revalidate

Content-Length: 244

Connection: close

Content-Type: text/javascript

JSONP_CALLBACK_4_23({"r":0,"isAuto":0,"autoTime":30,"autoMsg":"\u60a8\
u597d\uff0c\u8bf7\u95ee\u6709\u4ec0\u4e48\u53ef\u4ee5\u5e2e\u5230\u60a
8\uff1f\u8bf7\u63a5\u53d7\u804a\u5929\u9080\u8bf7\u3002","gap":10,"hbD
omain":"http:\/\/hb.crm2.qq.com"})..

GET /ad/shiyi/dingyue_files/style.css HTTP/1.1

Accept: text/css

Referer: hXXp://gutou.cc/ad/shiyi/dingyue.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: gutou.cc

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: text/css

Content-Encoding: gzip

Last-Modified: Thu, 13 Nov 2014 23:01:49 GMT

Accept-Ranges: bytes

ETag: "802c19ce95ffcf1:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:42 GMT

Content-Length: 760
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"&..:....-...X>JwV...U6..... 
.%.._....V......w......M...l........t].[...v.........u^f..6...i.......
n................I.|.g......l....R...tf..a...hw.j[zL...M.ju...f..:L..Y
;..>|.P.kh.a... 0...ZX"o.B......DZ<J...@Gg....o..\...i.l..u[....
Q..I...\.O1......?...D}....y..w....N.......lm....Cy...W.br1........e..
n..<....l.p_.,.e....w?L..e.}..M.rF..UF.`....hVevM....-....B.....5..
...,f,..wG.............}...r....)U,W.Vx$.&....1..26.l..(....Z..k.... .
2G.....h......$......6...L.....`w.>....W.b.#.....dQ.".J......O.....
.:.4.?._]<..p....e..1..9.I..~.......~..<?..|=)2f$..F...........l
Q...G..=...2Ja-. :J..d.......2.n.W...Z.=.... .{"...7...-.).c..{....5._
..?.2......HTTP/1.1 200 OK..Content-Type: text/css..Content-Encoding: 
gzip..Last-Modified: Thu, 13 Nov 2014 23:01:49 GMT..Accept-Ranges: byt
es..ETag: "802c19ce95ffcf1:0"..Vary: Accept-Encoding..Server: Microsof
t-IIS/7.5..X-Powered-By: ASP.NET..Date: Sat, 03 Dec 2016 09:06:42 GMT.
.Content-Length: 760...............`.I.%&/m.{.J.J..t...`.$..@.........
iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"&..:....-
...X>JwV...U6..... .%.._....V......w......M...l........t].[...v....
.....u^f..6...i.......n................I.|.g......l....R...tf..a...hw.
j[zL...M.ju...f..:L..Y;..>|.P.kh.a... 0...ZX"o.B......DZ<J...@Gg
....o..\...i.l..u[....Q..I...\.O1......?...D}....y..w....N.......lm...
.Cy...W.br1........e..n..<....l.p_.,.e....w?L..e.}..M.rF..UF.`.<<< skipped >>>

GET /favicon.ico HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Host: gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1


HTTP/1.1 200 OK

Content-Type: image/x-icon

Last-Modified: Tue, 15 Mar 2016 00:53:28 GMT

Accept-Ranges: bytes

ETag: "0b42f16557ed11:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:48 GMT

Content-Length: 4286

......  .... .........(... ...@..... ..........................s.P.s..
.s...s...s...s...r...r...r...r...r...q...q...p...p...o...o...n...n...m
...m...l...k...k...j...i...h...g...g...f...f...f.P.t...t...t...t...t..
.t...t...t...s...s...s...r...r...r...q...q...p...p...o...n...n...m...l
...l...k...j...i...h...h...g...f...f...u...u...u...u...u...u...u...u..
.u...t...t...t...s...s...r...r...q...q...p...o...o...n...m...m...l...k
...j...i...i...h...g...f...v...w...w...w...w...v...v...v...v...v...t..
.o...j...d...b...a...`...`...a...f...j...n...n...n...m...l...k...j...i
...i...h...g...x...x...x...x...x...x...x...w...v...p...f...}A.........
.........................zA..`...i...n...n...m...l...k...j...i...i...h
...y...y...y...y...y...y...y...v...k...w4.............................
.....................s4..d...l...n...m...l...k...j...i...h...z...z...z
...z...z...z...w...i....v.............................................
..............v..a...l...n...m...l...k...j...i...|...|...|...|...|...y
...j....................................k...k.........................
.........a...l...n...m...l...k...j...}...}...}...}...|...p....y.......
...............z6..g...l...o...n...j...d...w6.......................y.
.d...n...n...m...l...k...~...~...~...~...w...|6......................h
...u...y...v...q...o...q...t...p...c.......................u6..j...o..
.n...m...l...............~...m.......................l...z...}...w....
7...n...n...n..p...x...t...e.......................a...o...o...m...l..
.............z....E..................k...|.......~...t....o.......

<<< skipped >>>

GET /up/tongji.htm HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.gutou.cc

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:06:29 GMT

Server: Apache/2.4.10 (Win32) OpenSSL/0.9.8zb PHP/5.2.17

Last-Modified: Sat, 04 Jul 2015 23:52:47 GMT

ETag: "3b8-51a155e94d1c0"

Accept-Ranges: bytes

Content-Length: 952

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xml
ns="hXXp://VVV.w3.org/1999/xhtml">.<head>.<meta http-equiv
="Content-Type" content="text/html; charset=gb2312" />.<title>
;tongji</title>.</head>.<script type="text/javascript"&
gt;var cnzz_protocol = (("https:" == document.location.protocol) ? " h
ttps://" : " hXXp://");document.write(unescape(""));</script>..<script language="javascript
" type="text/javascript" src="hXXp://js.users.51.la/17287617.js">&l
t;/script>.<noscript><a href="hXXp://VVV.51.la/?17287617" 
target="_blank"><img alt="我要啦免࣓
9;统计" src="hXXp://img.users.51.la/17287617.asp" style="b
order:none" /></a></noscript>.<body>.</body>
;.</html>.HTTP/1.1 200 OK..Date: Sat, 03 Dec 2016 09:06:29 GMT..
Server: Apache/2.4.10 (Win32) OpenSSL/0.9.8zb PHP/5.2.17..Last-Modifie
d: Sat, 04 Jul 2015 23:52:47 GMT..ETag: "3b8-51a155e94d1c0"..Accept-Ra
nges: bytes..Content-Length: 952..Keep-Alive: timeout=5, max=100..Conn
ection: Keep-Alive..Content-Type: text/html..<!DOCTYPE html PUBLIC 
"-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/
DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://VVV.w3.org<<< skipped >>>

GET /cgi-bin/ptlogin_report?id=195279&msg=Unknown runtime error|_|http://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http%3A//qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http%3A%2F%2Fqzs.qq.com%2Fqzone%2Fv5%2Floginsucc.html%3Fpara%3Dizone&pt_qr_app=ÃŠÃ–Â»ÃºQQÂ¿Ã•Â¼Ã¤&pt_qr_link=http%3A//z.qzone.com/download.html&self_regurl=http%3A//qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http%3A//z.qzone.com/download.html|_|1|_|Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)&v=0.0016309808707142825 HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en
HTTP/1.1 200 OK

Connection: close

Server: QZHTTP-2.38.20

Date: Sat, 03 Dec 2016 09:06:46 GMT

Content-Type: image/bmp;

Content-Length: 66

BMB.......>...(....................................................
.

GET /ptlogin/v4/style/20/images/shouQ_v2/small_8.png HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: imgcache.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:06:44 GMT

Cache-Control: max-age=259200

Expires: Tue, 06 Dec 2016 09:06:44 GMT

Last-Modified: Mon, 06 Jun 2016 09:14:56 GMT

Content-Type: image/png

Content-Length: 8566

Keep-Alive: timeout=60

Vary:  Accept

X-Cache-Lookup: Hit From Disktank
.PNG........IHDR.............b.{X....gAMA......a.....sRGB.........PLTE
Liq....................................^^^............................
................................zzzccc................................
......................................................................
................................................fff......7............
......................................................................
..........{yx...............ONP.........bba>>>&..$$(stsYXZ...
...mml...U..[.................ppp...v.....D.....z........k....K`>,.
.....p[Q...Q. ...2........C.....Q..}..A........r....u.~...?......qr.l.
.=&......~eP>......=..,...ka....a@...[....q.......b.......<{...w
.............~^...&m......O......,..O....`..H...ck{....|*.kZ......>
...q9.PY.....B......*h~.Bq.J'yJC|...BY.kk...3....Gu.V...&...%.Y.....x.
..z...l[.&...8.......6....0tRNS..%....0.. I7U>..z.e....U.....\...xI
.............?-.....IDATx...mL......1..(I.4.M.Vj.I~sv...g|G.........1.
.cc.Mx.v0.......b..4.....R..i...:.......)..-...E.v.....c'.a.ot._...>
;....p...m.J.r)..;.[..).y.HI^nV...G..wI.O..*."...Rp..e".......e...2..]
Y;3.{..e...2,...rA..k.%..0. ..lr.r3Y...P.s  /..de...d.).....%s...$..gg
..........w.I..wd....-....Z...B.......-.....F..p......C....~..`(...B..
....;.......lW......q.b0......CC...p(..W...&..-...D<..`4..x...C.^..
....F.....p....c.cC..1...p.......#....b...P..k>|h...b...%...E{4@.P.
....'h.D...#j.2R..t.5.{.6.....&. ..@`)...I. .D....]......x..uW,..J.~p.
x=.$.^.D...U{=.E/.........]....I.......c5.......c$..=..v........v4<<< skipped >>>

GET /cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=....QQ....&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: xui.ptlogin2.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:06:42 GMT

Content-Type: text/html

Content-Length: 9811

Connection: keep-alive

Server: QZHTTP-2.38.20

P3P: CP="CAO PSA OUR"

Cache-Control: max-age=86400

Set-Cookie: pt_user_id=13806169508266578274; EXPIRES=Tue, 01-Dec-2026 09:06:42 GMT; PATH=/; DOMAIN=ui.ptlogin2.qq.com;

Set-Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; PATH=/; DOMAIN=ptlogin2.qq.com;

Set-Cookie: pt_clientip=305a0a37d8564c37; PATH=/; DOMAIN=ptlogin2.qq.com;

Set-Cookie: pt_serverip=d17a0aa693d945ee; PATH=/; DOMAIN=ptlogin2.qq.com;

Set-Cookie: pt_local_token=-359121953; PATH=/; DOMAIN=ptlogin2.qq.com;

Set-Cookie: uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; PATH=/; DOMAIN=ptlogin2.qq.com;

Set-Cookie: pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; EXPIRES=Sat, 10-Dec-2016 09:06:42 GMT; PATH=/; DOMAIN=ptlogin2.qq.com;

Set-Cookie: ptui_identifier=000E0103D1288A365166C25066CA9BCFB386083E52CA70048F26E44A57; PATH=/; DOMAIN=ui.ptlogin2.qq.com;

Last-Modified: Thu, 08 Mar 2012 02:04:00 GMT

Content-Encoding: gzip
...........}{w.........(.1............Y.Ap...g.*uWK..]..j.Fh-CB.y...0.
p/.!.w2......>.......W....}.u....V..X u.y...{....|x......;g........
...]..|.....bq..........V.P...N.....w....o......z....S....`.x.....W...
...hYh.m{.$.w...........Dc..:...=7t.e8...F.v.^.........\.j......."..l.
..`...Q../. ..a .....pg.o.Dffww.~..).}7....K.9?...n;.....u....-.Z.....
-..(.?....n...B....a.........._.........u5gT ......6.f...F=....\'t.t]z
.....=...n.....}.....`F(....k>g..._W....;.....Aa4t.S.h2..,..V#<a
{.Fy.VYX:..n6.....80...N.U.M.~ofvoofv....l........u...s.....<...0h.
...........|.....L..r...._............v...;..J..|...U.m.hV........UM..
-.=....k........w~d.J.d.......7..z../0].......'W...|e.....0........vO&
lt;1....>.:..7.7_..M...._.O....._..N..>~.#....................-7
h..u[.}.....x..m5.a.d.HR.....U..1.....3.%pf8.@../.....M...s......A8...
..(...=..z....:......^......5....G.V......N.....,*.9H..K...<uL...C|
...{;...7.;=..!.6...m8~.5.N..v;...~.x..A..!...C.,.[..l.n'...#.x..V.|H.
&@/r!.@M..Aj...;ct...|..xm...N..........67...........7%z#....~T.u!..n.
u.A.D.x.g...l.!...:.g..g0...-.J..r....K].Cu...Q....p.">U.......1..g
._.....I..*%....3...r!h.J..........'......Q..&.7q....-\ .%M...0.....%.
c....j3kV...S...W.%...R@..v.....q2,Rs.m.[...T.7..P.Db...CX..]). .ji.\*
.AD!...\.%X.Ryq.l..1...........6u`....r..S6r{...R. .9X....5.0......'..
...k.........$.....5....n...T).*(gh3 `.h.. ... 9.,.....9...2k...w6 .Bd
.v.....!....U...r.5..Y...6C.P/.....R..r0A...}4...M..5.z.L.Di...Z.=..sh
q.G.<...=.;..`W../...V.......v..O....v.....Z.|z}m.t...Rmi.zj...<<< skipped >>>

GET /cgi-bin/xver?t=0.7756034637612903 HTTP/1.1

Accept: */*

Accept-Language: en-us

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html#prefix_0

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: xui.ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:06:44 GMT

Content-Type: text/html

Content-Length: 114

Connection: keep-alive

Server: QZHTTP-2.38.20

P3P: CP="CAO PSA OUR"

Content-Encoding: gzip

............Q..0.......TF.A...B...@..X7....{...N?...'r9|.-y...p*.(. K.
.R.%..1.C.Q.....P.A.....PD..og.i.s...3..c...HTTP/1.1 200 OK..Date: Sat
, 03 Dec 2016 09:06:44 GMT..Content-Type: text/html..Content-Length: 1
14..Connection: keep-alive..Server: QZHTTP-2.38.20..P3P: CP="CAO PSA O
UR"..Content-Encoding: gzip..............Q..0.......TF.A...B...@..X7..
..{...N?...'r9|.-y...p*.(. K..R.%..1.C.Q.....P.A.....PD..og.i.s...3..c
.......

GET /ptui_ver.js?v=0.926366006895559&ptui_identifier=000DD31BFD70EE7959D3AC3FFD4692D2B517A8CAF4D6344E6BE5CC10 HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: xui.ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:06:45 GMT

Content-Type: application/x-javascript

Content-Length: 177

Connection: keep-alive

Server: QZHTTP-2.38.20

Last-Modified: Wed, 30 Nov 2016 05:43:23 GMT

Content-Encoding: gzip

Cache-Control: public; max-age=86400

Expires: Sun, 04 Dec 2016 09:06:45 GMT

..........U.A..0.D."Y.E.TmA....n..4..$.1.....P.j.7.<.Q.SR...L.n.!.o
4l*..N...`xJfD...s.R..G}.....n..$.r.2.5.h`....B%X&'}|h......#./M}...I~
.8. ..6....w..\..T..t......S4.{.$.U.....HTTP/1.1 200 OK..Date: Sat, 03
 Dec 2016 09:06:45 GMT..Content-Type: application/x-javascript..Conten
t-Length: 177..Connection: keep-alive..Server: QZHTTP-2.38.20..Last-Mo
dified: Wed, 30 Nov 2016 05:43:23 GMT..Content-Encoding: gzip..Cache-C
ontrol: public; max-age=86400..Expires: Sun, 04 Dec 2016 09:06:45 GMT.
...........U.A..0.D."Y.E.TmA....n..4..$.1.....P.j.7.<.Q.SR...L.n.!.
o4l*..N...`xJfD...s.R..G}.....n..$.r.2.5.h`....B%X&'}|h......#./M}...I
~.8. ..6....w..\..T..t......S4.{.$.U.......

GET /pa?p=2:10347904:51 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: wpa.qq.com

Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently

Date: Sat, 03 Dec 2016 09:06:56 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Server: tws

Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

0..HTTP/1.1 301 Moved Permanently..Date: Sat, 03 Dec 2016 09:06:56 GMT
..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..
Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/
qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-c
ache; must-revalidate..0..

GET /c/=/crm/wpa/release/3.3.7/util/onIframeLoaded.js,/crm/wpa/release/3.3.7/util/GUID.js,/crm/wpa/release/3.3.7/wpa/getQQVersion.js,/crm/wpa/release/3.3.7/wpa/ViewHelper.js,/crm/wpa/release/3.3.7/wpa/views.js,/crm/wpa/release/3.3.7/wpa/sid.js,/crm/wpa/release/3.3.7/util/blockStorage.js,/crm/wpa/release/3.3.7/util/className.js,/crm/wpa/release/3.3.7/util/Style.js,/crm/wpa/release/3.3.7/util/sessionStorage.js,/crm/wpa/release/3.3.7/util/localStorage.js?v=3.3.7.20160126 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: combo.b.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:06:58 GMT

Cache-Control: max-age=300

Expires: Sat, 03 Dec 2016 09:11:58 GMT

Last-Modified: Fri, 22 Jul 2016 19:07:28 GMT

Content-Type: application/x-javascript

Content-Length: 37208

Content-Encoding: gzip

Keep-Alive: timeout=60

Access-Control-Allow-Origin: *

X-Cache-Lookup: Hit From Disktank Gz
...........z...H....[?.V-5..sUo..l|`..1...F..}.6......u.L...w.......L.
R....2C.....[..v. u...:....sK#q.......mR......k..M.~z.........5p..k.. 
K...._..J...j..oS.J...}m.........oN\9....Q....Z'....F..7R;v...,.Pm....
.K..w.7...o.|.-.....q...~\.....1.&.........u.p.w.|m~...d{.?.....J.L..?
<...q...yx..}]..w?".....n..o..............m...p...x..z.;8e.V.{....4
..S....16R..,.S....=;.........J..........E....F.....C...Gn >|..h..~
..|,#.M...&[w......yy.{.............o`...............~]./.s....ZG.....
..Ar..8~.4..cE..W./..O..^6I..o............/...... .._~y...3.n'.......&
.b..;...YM:..6........?..=^-......vnS....@)y.....9/....*-).j...-0z...F
..4.'.N....V.]..zP......Y..}.j.....y>...............z. .K.) ./.h|..
3...efO.SQ<....1..*..4..........I...7...w.\.4.w.7'..%.o2.....Al....
.7< ..7.~.4...@...q3`.7.|.p.../t......v........t......3.:Z....z.K'.
....p.x.$C.........>:.k{?h....:v.....>....oq......>t....;....
 ...k...q.>.../...e ..K.....>.a.Wg....hcei...G...`..z.g....|....
..v...I5.o.o..........|}...."..z...".....Ry.i......c......,........E.]
.K....U._../...l<....&Fj9..r.]....#I.....6^.y..m...z .....z...#...,
.......`.!............F.6.EM.#.u.PJ......X....}.*....u...H.....v8.....
. `:.?....w.......-'.....;......$.....&9P..E..........K..%..uP...0...J
...g..T...h.4..7.......=..Z.u9..7......`..?...4.?XP.2z._.b..z..9.{.9..
a.$......~.....3...\6.z.@..}c(..^..... @.......C....@.....QS.oQ$..*w..
.F`..~6....@.?...F..;..~.:..Ao.l.`..x...Y......x_..=X.0......@.C..T...
.K.|.%...._..#....s.@..U.r.?..t..a.._>t..........W......qx`....<<< skipped >>>

GET /da/id.html?q=3bmuiy.ycc5mo.iw8zwid2&p=fhnnv9.wuxgbh.iw8zwid2&t=800094740&a=&c=4115680256&s=1.1.3eb2ol.iw8zwid4&src=12&pgv_pvi=&v=0.6.4&ts=http://da.qidian.qq.com/ping/id HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: combo.b.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:07:02 GMT

Cache-Control: max-age=600

Expires: Sat, 03 Dec 2016 09:17:02 GMT

Last-Modified: Tue, 15 Nov 2016 10:41:40 GMT

Content-Type: text/html

Content-Length: 5261

Content-Encoding: gzip

Keep-Alive: timeout=60

Access-Control-Allow-Origin: *

X-Cache-Lookup: Hit From Disktank Gz
...........Zk[....~~.hw.v#......1y(..3-e..t&.<&Q....l....o?.....t..
..K....k......N.<>...Y..M.7.XN"&$C]........p.g....t.f...t.S.s...
.....}.F.;..0K.zgs\..N......!=....#}.........lCD...0......'0.O........
.F."M7#..fY|..R......D..BzL....#1.21O..`~p..<..*k4<=M.`.fq".....
i...H..D\....y....0[..V.Ep.%Zx..Ss..%S.."6R.b......`X.p.i...f."..*....
>...=....%cOD.../..7.4bT.."*F.FC{.uVJoq........../....#../...B.....
z........k.!.u.g.G..#y....a..3.....&......v.W....4..:z&..X.?V.G.t.hf.y
...d."i[......A*.DOC.l.......c..:6."3.\_X......U...?...C.]..[G.:....$O
...z..S.....?..u......C"ji.:.....}....../..........?..~....?../....4..
=.I5..r]\].....<...??......Y@...........e.M%P..7..YidB.p........j0T
2W..Y!..D.....ojL...y,Z..v!.....yz......../K.D.c..0?L.I..95....k:..E .
.K....d.?y....Hy.mS.....,..v.c...........*Z..*..e.j...V.4..q.M...FE...
/Y1xu!.....7...S....w.=.^f....1O.....%r....L..........~.....mv......?;
.....5.aeqE...=.0.)........T..N..3.kq..j.X2....u%."..a...W..,.q.~2._.}
"F.LQi...Db#dh5.^.l$.........y.............\....y~....*O.\7..l.Z...HO.
.p*..T.pa.@...|.....uv..@...H...q]^.. ..n.Z...?.h.}..B.W.2z.y...W/~z.3
T.=(...NI.eT.!.Q......!.S.w.G ..i...Z......o........N........|<a..,
...J.3.l....U.V.......^.S.....vX.4S.w.Zd{19C..x4:..M.Kr-..z..<.3...
...:.NMo..R......v'I$....._....8..V.0..ppi....8"|..... ..x.c^.e.y.....
.y....**... \.fD.hs.h.~.j.......1.1~.cgXz...:..i.he...XaR.j...>/.|n
.e.;..!..Q.H..KU.Xi.R..^.H:y[x...K..B.....!....d..&.k...$.|1...3.q....
4..i.`.....i..7.....^.X..p1.R..6..f.V.)[.px.,}(..2.l4.cd.g...G..?.<<< skipped >>>

GET /stat.php?id=1252975436&show=pic HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/up/tongji.htm

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s23.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Content-Length: 9944

Connection: keep-alive

Date: Sat, 03 Dec 2016 08:01:08 GMT

Last-Modified: Sat, 03 Dec 2016 08:01:08 GMT

Cache-Control: max-age=5400,s-maxage=5400

Via: cache2.l2et15[0,200-0,H], cache18.l2et15[0,0], kunlun9.cn44[101,200-0,M], kunlun4.cn44[102,0]

Age: 3933

X-Cache: MISS TCP_REFRESH_MISS dirn:9:158792174

X-Swift-SaveTime: Sat, 03 Dec 2016 09:06:41 GMT

X-Swift-CacheTime: 1467

Timing-Allow-Origin: *

EagleId: 7522074414807560017613108e
(function(){function k(){this.c="1252975436";this.R="z";this.N="pic";t
his.K="";this.M="";this.r="1480752068";this.P="z5.cnzz.com";this.L="";
this.u="CNZZDATA" this.c;this.t="_CNZZDbridge_" this.c;this.F="_cnzz_C
V" this.c;this.G="CZ_UUID" this.c;this.v="0";this.A={};this.a={};this.
la()}function g(a,b){try{var c=.[];c.push("siteid=1252975436");c.push(
"name=" f(a.name));c.push("msg=" f(a.message));c.push("r=" f(h.referre
r));c.push("page=" f(e.location.href));c.push("agent=" f(e.navigator.u
serAgent));c.push("ex=" f(b));c.push("rnd=" Math.floor(2147483648*Math
.random()));(new Image).src="hXXp://jserr.cnzz.com/log.php?" c.join("&
")}catch(d){}}var h=document,e=window,f=encodeURIComponent,l=decodeURI
Component,n=unescape;k.prototype={la:function(){try{this.U(),this.J(),
this.ia(),this.H(),this.o(),this.ga(),.this.fa(),this.ja(),this.j(),th
is.ea(),this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.pa(),e[
this.t]=e[this.t]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},n
a:function(){try{var a=this;e._czc={push:function(){return a.B.apply(a
,arguments)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=e._c
zc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length
;b  ){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[objec
t String]"==={}.toString.call(c[1])?c[1]:String(c[1]);.break;case "_se
tAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}ca
tch(d){g(d,"cS failed")}},pa:function(){try{if("undefined"===typeof e.
_cz_account||e._cz_account===this.c){e._cz_account=this.c;if("[obj<<< skipped >>>

GET /crmqq.php?uid=800094740&dm=gutou.cc HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: tajs.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Sat, 03 Dec 2016 09:07:00 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

X-Powered-By: PHP/5.5.31

Content-Encoding: gzip

14........................0..

GET /img/pic.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/up/tongji.htm

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: icon.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/gif

Content-Length: 719

Connection: keep-alive

Date: Sat, 03 Dec 2016 02:37:17 GMT

Last-Modified: Thu, 12 Feb 2015 08:15:09 GMT

Expires: Sun, 04 Dec 2016 02:37:17 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

Via: cache54.l2cn44[54,200-0,M], cache29.l2cn44[55,0], kunlun5.cn44[0,200-0,H], kunlun7.cn44[1,0]

Age: 23367

X-Cache: HIT TCP_MEM_HIT dirn:10:581747486

X-Swift-SaveTime: Sat, 03 Dec 2016 02:37:17 GMT

X-Swift-CacheTime: 86400

Timing-Allow-Origin: *

EagleId: 7522074714807560044494173e

GIF89a2.........f..3...33.............................................
.......................................!..NETSCAPE2.0.....!..Powered b
y AFEI.!.......,....2...... !.di.hjBl..p,....x......`P.(...GR.D6...CH.
...,..@8.... -..EQc.8...........`...."....................~"..H.......
.H......"...$....#.........."..........."Z.......*...%!.!.......,....2
...... !.di.hjBl..p,....x..|....p r..H.C.\&.H.tJu...#b......7..W.h....
...7..l..v..-....."....................~"..I........I......"...$....#.
........."..........."\.......*...%!.!.......,....2...... !.di.hjBl..p
,....x..|....p r..H.C.\&.H.tJu...#b......7..W.h.......7..l..v..-....."
....................~"..I........I......"...$....#..........".........
.."\.......*...%!.;HTTP/1.1 200 OK..Server: Tengine..Content-Type: ima
ge/gif..Content-Length: 719..Connection: keep-alive..Date: Sat, 03 Dec
 2016 02:37:17 GMT..Last-Modified: Thu, 12 Feb 2015 08:15:09 GMT..Expi
res: Sun, 04 Dec 2016 02:37:17 GMT..Cache-Control: max-age=86400..Acce
pt-Ranges: bytes..Via: cache54.l2cn44[54,200-0,M], cache29.l2cn44[55,0
], kunlun5.cn44[0,200-0,H], kunlun7.cn44[1,0]..Age: 23367..X-Cache: HI
T TCP_MEM_HIT dirn:10:581747486..X-Swift-SaveTime: Sat, 03 Dec 2016 02
:37:17 GMT..X-Swift-CacheTime: 86400..Timing-Allow-Origin: *..EagleId:
 7522074714807560044494173e..GIF89a2.........f..3...33................
....................................................................!.
.NETSCAPE2.0.....!..Powered by AFEI.!.......,....2...... !.di.hjBl..p,
....x......`P.(...GR.D6...CH....,..@8.... -..EQc.8...........`....

<<< skipped >>>

GET /å…¬å…±è½¯ä»¶ä¸‹è½½/å¤±å¿†ç§’èµžç§’è¯„è½¯ä»¶.txt HTTP/1.1

Connection: Keep-Alive

Content-Type: application/x-www-form-urlencoded

Accept: */*

Accept-Language: zh-cn

Referer: hXXp://d.gutousoft.com/å…¬å…±è½¯ä»¶ä¸‹è½½/å¤±å¿†ç§’èµžç§’è¯„è½¯ä»¶.txt

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

Host: d.gutousoft.com


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:06:40 GMT

Server: Apache/2.4.10 (Win32) OpenSSL/0.9.8zb PHP/5.2.17

Last-Modified: Tue, 18 Oct 2016 09:54:20 GMT

ETag: "f2-53f20ad275a19"

Accept-Ranges: bytes

Content-Length: 242

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: text/plain

..........5.8..(....................)..............hXXp://d.gutousoft.
com/å…¬å…±è½¯ä»¶ä¸‹è½½/å¤±%E
5¿†ç§’èµžç§’è¯„è½¯ä»¶.exe.....
.........................!....HTTP/1.1 200 OK..Date: Sat, 03 Dec 2016 
09:06:40 GMT..Server: Apache/2.4.10 (Win32) OpenSSL/0.9.8zb PHP/5.2.17
..Last-Modified: Tue, 18 Oct 2016 09:54:20 GMT..ETag: "f2-53f20ad275a1
9"..Accept-Ranges: bytes..Content-Length: 242..Keep-Alive: timeout=5, 
max=100..Connection: Keep-Alive..Content-Type: text/plain............5
.8..(....................)..............hXXp://d.gutousoft.com/å…%
ACå…±è½¯ä»¶ä¸‹è½½/å¤±å¿†ç%
A7’èµžç§’è¯„è½¯ä»¶.exe................
..............!....

GET /cgi-bin/feeds/feeds3_html_more?uin=&scope=0&view=1&daylist=&uinlist=&gid=&flag=1&filter=all&applist=all&refresh=0&aisortEndTime=0&aisortOffset=0&getAisort=0&aisortBeginTime=0&pagenum=1&externparam=&firstGetGroup=0&icServerTime=0&mixnocache=0&scene=0&begintime=0&count=10&dayspac=0&sidomain=ctc.qzonestyle.gtimg.cn&useutf8=1&outputhtmlfeed=1&rd=0.03575335915511045&getob=1&g_tk= HTTP/1.1

Accept: */*

Host: ic2.s51.qzone.qq.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.536.2 Safari/534.10


HTTP/1.1 200 OK

Connection: close

Server: QZHTTP-2.38.18

Date: Sat, 03 Dec 2016 09:06:53 GMT

Cache-Control: no-cache

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 125
_Callback({.."code":-3000,.."subcode":-4001,.."message":"need login",.
."notice":0,.."time":1480756013,.."tips":"5C4A-77".}.);..

GET /hm.js?7d873703fcccf08b7645d8b2c04b0c12 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: hm.baidu.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: max-age=0, must-revalidate

Content-Encoding: gzip

Content-Length: 8274

Content-Type: application/javascript

Date: Sat, 03 Dec 2016 09:06:59 GMT

Etag: 54bc1c26697e1a6ec7f8e4c5ce9c1901

P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Server: apache

Set-Cookie: HMACCOUNT=1DD08177AF2CF4BE; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
...............(function(){var h={},mt={},c={id:"7d873703fcccf08b7645d
8b2c04b0c12",dm:["gutou.cc"],js:"tongji.baidu.com/hm-web/js/",etrk:[],
icon:'',ctrk:false,align:-1,nv:-1,vdur:1800000,age:31536000000,rec:0,r
p:[],trust:0,vcard:0,qiao:0,lxb:0,conv:0,med:0,cvcc:'',cvcf:[],apps:''
};.;.{......p...nT'iK.. rx.rv.]`..4.....8.k;IK....H.#......5.G.h4....g
F..I..]....-X<.".d.=gV..v..O{.Yg...0.....?V'....f.....If.s.=.......
.6i.'.|.-.l.N|.Z.......>..3..K.i(^.....j\.p5.._........x<...h.*A
.U.s.d..... ...1..3..A.Z..3s..~..s/."..._LV...&7...9..xR`o..(........u
.....-(.....E..y..a....4......../[-..%..s^......L..=.-...,..d...m.H.m.
.Hq..x@.C..^...X8$.....SvcCu...7i....|.H~}..}.....J..8...7..A...0....u
..b.A.).2..ieX..4..O...2...E,[......e...t./........=...d..E$......#...
..... .L......Td.x.lv.\.l.`..0....1....p...........3..k.....@..)W..^.V
.M....8.......;H.....4`...x\L..2p.v...........(...n........%Qd.H..H...
71}.NkV2/L..,M...Z#..[R..Gt\k.....h....."......eb.,..H.<...Y...K./|
B.ti9.\.^.(.7.3..6../...(.a.5......l...b....$.....y......(,l.A..%P..J5
`9..z....ra..{yd....'.............q....k......N...P...H..........(.V2.
..V.u...*.Z~....[f.vF%.W..........@.k...{.. .@..d..v.)onf....n.6..l...
./X[}...Vk..F....gWt..|>...G...ou...&..x..Gs..r._.F..#.E. .O.X...&g
t;..4..6.d.y...z`...._.\z.0...)...!.....vO.nz...R...P:.L.....=lL.{V~,.
...zZ.G.q..._..<......5.vI.5D";..t.....nY..xi...l..V...y.1.~.......
c.Z...s.........~).*d..f,.16......fF(...puE...J.....f....M.......<.
/..........._C.5$..\...F......\.......1o,g(.V38..=n.D..UW..9......<<< skipped >>>

GET /cgi/wpa.php?key=XzgwMDA5NDc0MF8zODIzOTdfODAwMDk0NzQwXw HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: wpa.b.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:06:55 GMT

Content-Type: text/javascript

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

X-Powered-By: PHP/5.3.13

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

Content-Encoding: gzip
1238.............Z.r.8...U..2j.E..Zv.R3.[v..M.....R4]..I.i."@]l.].=..&
gt;...~..I..L.VM.b.$.....!........PFi....}..N.>.\.y...E............
....3..FR.n..]9...$N.a....tT......}k.>..(J&.;o.s.}.....?k.>k=={.
<.....l...Y..d...R...f>....PN..d...,...wN.._.........._n>}...
...0.2.....Q.G..y.y..a.l>....3..<.gq.L|.v<5..._'.0.V...tx{#.&
lt;..r1...Y.5.bb......m...y.f5q; ....4W...-..._'yIF...U..2.{f..@/.A.f.
..&..D.QR.CF2.o.PL.%..<.}......p......K.O....^Q?.y......F..h...hO.'
(/Gmvh.A....=....1.{$&=.=..S...4)....9...x<...g....=Ad...ZB..&<.
.z?..;N.....~.......|..v,u..._....l....B.d.~n...I#.......5......(.G...
..mAY*..h{.^..."....4m.(...i..yd...~d..v....,.U....j....:.G....~.V..\.
...<.#...M.U..:.Y.l1>.D..S.|..........%n-a.F.j-]...!...|(.....#K
.S.....a..w .iij.............G$.C.?..M R....1...$.VW..-.D....U.t. ".|h
I`2..i(..L........b0..........KY.-..{*a..N(C..L__.8.C.......A1i..Xpo..
...r..........;.... ...s.....#...0....,8q...&...t.....=.t4.i.......L).
...;......1.....s.......cg.n.?~y..T/..>8..!w2.1w.q\........\s2.d...
....DN.,(. .......j6.......K...[.....h.e.7s..i...Q.......,^9.7.co,.t.&
gt;.r..n6.. .RG.Ttv.......k...d.6.y..gw5...'...}...Q..&.....l...4.y.4&
gt;.w..........p...%o|...e..rg...H:..\... .e.J...7Y........x...w..V.,x
T...F.Ci9..Aed1y...P..j.rG....&c..*...."..IqG.W.0...^.....,...2.]`YXZ!
..........z.Y`..J...K.{.%.......G.V3.I...q2. ...z..d..._...d.."QZ..u".
.......zK......[. ...l...t...T.th..H...c....V.7>...Z..k..g.^.}.....
....O....<..r[....|r#......LC.i.|.S.=...@.....!....Q..[x...\...<<< skipped >>>

GET /ad/shiyi/dingyue_files/5842077.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://gutou.cc/ad/shiyi/dingyue.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: gutou.cc

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Thu, 13 Nov 2014 23:01:49 GMT

Accept-Ranges: bytes

ETag: "802c19ce95ffcf1:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:42 GMT

Content-Length: 1048
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"f.t........<...q........m.zt
.................v.<.(m.."o?........GG...E..../..w.....]..w..?=....
.....{O............S.<xz.!~.....v.w>e..>=....'O..............
.........q..j9.~.....e........8.v.u......gy.hY-....G..fG....;..eV.....
]....G........?.-..gW.rV]..j..E...;....Q=...v.V...T.:.6..z..._....U.4k
..;..iUV5.....2.,......j."[..}....m..*.../.^h.u./...]^>.W.....y..i.
........&D..Z..c.%D..| ......ujH..j.....?.4.e?..m:...E>^p;..U~q.n..
....3.....~s........."o>....w..o..:.....Gw..Zx[........{.>J...&?
[.[.e......|o..w.|...R.....g.&o...\...$....O>....owgg..ag<.}....
O....$..p........VE.}...../..n.byaqh..Z-aHD.P.8.Q.J%..../.g...).....d.
O..;.....a........m.-.}z.[{..'..F......OnM..?.E.........w.$....._>?
...6.........62........V.`..Z./.x..j}.\..X...0....i..I..7R......'bH...
....Y..=..b.......U...[....n.....V.l>k...HK.'[;....L!>....&x...O
w..-.$j.-....y]...To]..v...#..</......j.,.p.s.....oV..%....3...}B..
.j.n}...~~.B....Of.>......r..h.....\.|.....HTTP/1.1 200 OK..Content
-Type: application/x-javascript..Content-Encoding: gzip..Last-Modified
: Thu, 13 Nov 2014 23:01:49 GMT..Accept-Ranges: bytes..ETag: "802c19ce
95ffcf1:0"..Vary: Accept-Encoding..Server: Microsoft-IIS/7.5..X-Powere
d-By: ASP.NET..Date: Sat, 03 Dec 2016 09:06:42 GMT..Content-Length: 10
48...............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@...
...{....{....;.N'...?\fd.l..J...!....?~|.?"f.t........<...q....<<< skipped >>>

GET /kss_inc/style/sale_style.css?version=M10-P158 HTTP/1.1

Accept: text/css

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: text/css

Content-Encoding: gzip

Last-Modified: Fri, 15 Apr 2016 00:52:40 GMT

Accept-Ranges: bytes

ETag: "b4d9c81cb196d11:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:49 GMT

Content-Length: 872
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"......./>....y.(..G.G_...j..
6.}.o..G...]..E......I?.B..d^..e..(.............o.c....O...A6...G...w.
..7N&....O.....Z/g.~..?........"....MV....b....;i........_<...~..;O
...?.G...&e...YM.m......u6..Y^oO......V...*.Y..;...=.wo........X^<.
.z._..'.;..=..C...../..e.=...y.h.....4.....Y;...> iS..Q...y%.......
...y..l.=z.Co......`..MD../..;.....Hwwv~.tG....\4%" E..'....7yVO..x...
...*.m^..w..........=...........7........}.b....^..,.v.........N..3..j
.......v......@N.v.....e j-.|H,d.m.....?h.w.vV...G...8..tx..m1.Jm.(f.2
......<.w...........{D......G}..:....u.......{..#82..=.....2_o.,.n.
f.....1...s2F...-..2..4....d..`.Pf...C..E...2..2)...-... i....xV4.2.~4
)........Ge~..8..].H.....w.H..8RTl..FJ.G{...o~....o.|..I......S.#.-...
.....)=..U..E.|D.t..... ../n....y..B...............


GET /kss_inc/images/sale_search.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Fri, 15 Apr 2016 00:49:50 GMT

Accept-Ranges: bytes

ETag: "6235a2b7b096d11:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:51 GMT

Content-Length: 2437
GIF89av.%...............f..3..............f..3..............f..3....f.
.f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3....
..........f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3
............f..3..............f..3..............f..3..............f..3
....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...f..f..f..f.ff
.3f..f..f..f..f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3
ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3..3.f3.33..3..3..3..
3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.........
....f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3
..3..3f.33.3............f..3...]..\..[..Z..Y.. p..n..l..j..h..f..c.._.
%z.!m..d..Y.-..\.. L}h..Mq..........M..=w.E..L..`....................U
..R..[.....!.......,....v.%.......#E......*\......#J.H..C..32.7o.....q
.f....(S.\.-.?R....I....8s.....O..<.......H.*].....P...&._.mX.j....
..`...K.,.....].....p...K..]....e.O.>.............[.xq....A..v....'
.=.92>..C...d^.....[..u...Q.F.......s..M.......w..b...)_..u?..].F.|
....U.../37..... ...x....>N..ry.......}.....7.......]w....?....<
.^. ...(!..T..=...Z=.....y.'.<y.7.~...!|...b=....~%.#..#...w.......
v.i?..Dh..S........qHJ;...G=Xb..>..R..`b.Zz.d(.>.......x..?.H`&l
t;.-...=>..|{..b.....>......q.%....c>.|..<]....K...;.f..=.
....z.............<.....=....`..z.L..Vk..~.N....N..a.._..:..A..i..p
..u.....iv.N.....:...n).Q..........0,)..c.;..S.:...bU..F..L.6p...#....
.-....._...B........[......o...k;..........E2..=.g3..K.s.>..G3h<<< skipped >>>

GET /kss_inc/images/sale_btn1.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Fri, 15 Apr 2016 00:49:50 GMT

Accept-Ranges: bytes

ETag: "6235a2b7b096d11:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:51 GMT

Content-Length: 1592

GIF89aE...............................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..........&;$.3.......................................................
......................................................................
...........!.......,....E........$8.......)T.P....#B.D..$..?i...B...&l
t;..IR...&I.\.....0c.D@.&..8sN......?........H.*-:.i..P.J.j..)R....!..
......K....h.pY...[..,Y*.5.].(..Ea.......xA...,.. ^....K....A....2.o..
...i.C..\....Q..^.:.....H8.....?....-._......\.........y...e..e.6..4v.
.......Y...@.......O.%..X....?..}..V...........4..0B.R$..h.*.\....@..V
.M40`....E.......4..VA.!....,......(#.T.HE......<......PC4,.Yd4'\..
.L..Z...(...|`..1.8#.6.../..Q..d.r. z..f4t....i.).x...G"..)Z*|...-. C.
..$b. ...&..^.&..F..h].....d..).m.i ....2...H#..........a..*..a......&
).....j.nj.3.8ah...zi.b...._T!..U.f..Vd.Z..N..$.}....Nr.3.8.G.......R 
.... ......h.../h..,0#.0...|$.0.k4.o.SD,...W<q.......w..(. .D.r.l..
(.<q.,7...0.,3.-71..8...#....'s....D.a4.H....L3=..1..2.TWm..Vk"

<<< skipped >>>

GET /photo/qqxiangche.png?mode=open HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: AJSTAT_ok_pages=1; AJSTAT_ok_times=1; PHPSESSID=7tj72aro8o9lm88e228up0pdm6


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Tue, 06 Sep 2016 00:17:01 GMT

Accept-Ranges: bytes

ETag: "4be4fdd37d21:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 03 Dec 2016 09:06:51 GMT

Content-Length: 436089
.PNG........IHDR................=.. .IDATx......U...T.%.BV./......8..(
.`PpD.qDq.pP_u^uD....(3#..........8*$.$.,D.....f.K.[..>.V...TuUwu..
.O...U.N.:u....9....).B.!..B.!.d@..IN.j. ..B.!....4.!...PB.!..B.!..LaI
.!..B.!$ ....!..B.!.......B.!..BHfPt.B.!..B........Joj......U.........
.sN...H.Z...F...,.Z...U.L..n.B.!...Cb.....a.a.......G?...=h{...\..<
ay. ......w.H..N.A.>......B.!..X...n...S..JGw..Eg\..G...{.8.4-t.z\O
..~a.... ....Z<...L.B.!....Q.$(...T=.:..-h...A..0O._...y......iy4..
.....N.W...{.......{\X.t.~V......B.!....1........<:^...SG...y....3w
:.... ..'f......A..j. ..DY....n..F....8.z...JI.{....B.!..R.A.3....=.I=
HI...A.u<.i.1.a..Y........$c?.....8...*MA.t.*...B.!.......t.-:...a.
....o..s.o..Q..&..~.t.. ..'|W.....N~...q.KB%..R..w.^.x..!..B.I...to.C.
f....Yxg................'<...t..._RQ.6I._I.ku.q.9!..B.!.$..k.H{).J.
..,B5..s..Dy:.@.S.#J.f..;.Kj)8...d..MZ..!..B...or..Ym...:.a..9K.NHh..x
uHK.....i....].N..{.J....9NG..z..!..BHm......o...Ym....3....Cu.Z..H...
..Lr....*.4..~.V2...{.H.:4.Va.I...B.!...4Km.r*~....&r..gP.jV..i...wlPz
qgDMk...ma..<uY.......N. M.G.!......s..:.q..w.q.g..3.Q..a..}..=h{..
T.O.t.}..O[....j.#....mY...oY.z<..X]B.!..B....~...........LE.i.y.t.
.I...g..zi..]...E.....?On.....-...T....A.!..B.M.=......XtO.V(!..B.!..L
(.:...B.!..B...NB.!..B.!.A.I.!..B.!$3(:.!..B.!.d.E'!..B.!.....$..B.!..
......B.!..B2....B.!..BHfPt.B.!..B....NB.!..B.!.A.I.!..B.!$3(:.!..B.!.
dFs.3@.!..W.._K...d}0E:."..Z...B.I..NB.!..4[b....\3.....)Z....E~.....j
.;B.!$=(:.....E..#r....=.Wd.a.c]...!...m...{.!...=.f..9.j3..Bd...f<<< skipped >>>

GET /cgi-bin/r.cgi?flag1=7818&flag2=21&flag3=1&2=2283&&1480756019974 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: isdspeed.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:07:00 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Server: Apache

Cache-Control: max-age=0

Expires: Sat, 03 Dec 2016 09:07:00 GMT

1.....0..HTTP/1.1 200 OK..Date: Sat, 03 Dec 2016 09:07:00 GMT..Content
-Type: text/html..Transfer-Encoding: chunked..Connection: keep-alive..
Server: Apache..Cache-Control: max-age=0..Expires: Sat, 03 Dec 2016 09
:07:00 GMT..1.....0..

GET /se/r.gif?na=800094740&ref=&1480756019974 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: prom.b.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:07:00 GMT

Content-Type: image/gif

Content-Length: 0

Last-Modified: Mon, 25 Jul 2016 09:54:32 GMT

Connection: close

ETag: "5795e1d8-0"

Accept-Ranges: bytes

GET /dingyue/images/bg_4b.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://gutou.cc/ad/shiyi/dingyue.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.xuelangteam.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:06:43 GMT

Content-Type: image/png

Content-Length: 474

Last-Modified: Sun, 07 Oct 2012 13:57:10 GMT

Connection: keep-alive

ETag: "50718a36-1da"

Accept-Ranges: bytes
.PNG........IHDR................^....sBIT.....O....QPLTE.........)))..
.......<<<333...ppplll.........zzz...........................
......-UL"....tRNS.."3333DDUUUffff...........p,......pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS5q..6....IDATx...I..0.@.....e(...Jh
.B$. ....'...vUu.........s.'...K7-..s..sR.t....\....{M....})=..,.....&
gt;...@.k.....} =...M.N..[..G...v.X..G.aS...'.X....yC..%.Z.IwQ..U.[.Fl
j_.@....Y..AB...C.!k.F....U.0e8i................#.........IEND.B`.HTTP
/1.1 200 OK..Server: nginx..Date: Sat, 03 Dec 2016 09:06:43 GMT..Conte
nt-Type: image/png..Content-Length: 474..Last-Modified: Sun, 07 Oct 20
12 13:57:10 GMT..Connection: keep-alive..ETag: "50718a36-1da"..Accept-
Ranges: bytes...PNG........IHDR................^....sBIT.....O....QPLT
E.........))).........<<<333...ppplll.........zzz............
.....................-UL"....tRNS.."3333DDUUUffff...........p,......pH
Ys...........~.....tEXtSoftware.Adobe Fireworks CS5q..6....IDATx...I..
0.@.....e(...Jh.B$. ....'...vUu.........s.'...K7-..s..sR.t....\....{M.
...})=..,.....>...@.k.....} =...M.N..[..G...v.X..G.aS...'.X....yC..
%.Z.IwQ..U.[.Flj_.@....Y..AB...C.!k.F....U.0e8i................#......
...IEND.B`...

GET /dingyue/images/formbg.jpg HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://gutou.cc/ad/shiyi/dingyue.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.xuelangteam.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:06:45 GMT

Content-Type: image/jpeg

Content-Length: 73672

Last-Modified: Sun, 07 Oct 2012 13:57:10 GMT

Connection: keep-alive

ETag: "50718a36-11fc8"

Accept-Ranges: bytes
......Exif..MM.*......................................................
.................................................(...........1........
...2...........i..........................'.......'.Adobe Photoshop CS
5 Windows.2012:06:24 18:11:25...........0221..........................
.........................................j...........r.(..............
.......z...........t.......H.......H..........Adobe_CM......Adobe.d...
......................................................................
......................................................................
.. ...."................?.............................................
.............................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S
...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw....
....................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......
&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.............
....?..-$.L..$.R.<.An.....)..y..y...^.Jo....5...7..Q........i'..t..
....UA...06v.i0......_.(..[._.pDO3.~w.!./.... ....s..p-.@$x"z9q>...
>CI.O....\..!.n....`.0Z....ifi.w{D6`..l.....U.(.K...>`...i." ...
..?B..q!.4$}(?.......9..y....G}?......M..Ih.......w...'.|n.......o.w.T
.......DO.y.p......d....Y.O-..E?.,..X~.&d..C.......TXj-".`..p<.6~..
.;q*....m/.!2^ . 7.G..!.h..D.<pSO..xk..8k[.6e.... .{...s].....G*..|
..O..;.....^...~..@...g.M.k.......~....)..)...r......@...K..W3..}7....
*.[I...6.....3c[........^...p...:..*..g..#$......*N,.......<...a...
....4.....z............_V..`.v#.MY......C.....{.......;....o'.K.R.<<< skipped >>>

GET /cgi-bin/r.cgi?flag1=7818&flag2=21&flag3=1&1=45&&1480756020012 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: isdspeed.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:07:00 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Server: Apache

Cache-Control: max-age=0

Expires: Sat, 03 Dec 2016 09:07:00 GMT

1.....0..

GET /core.php?web_id=1252975436&show=pic&t=z HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/up/tongji.htm

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: c.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Content-Length: 765

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:01:27 GMT

Last-Modified: Sat, 03 Dec 2016 09:01:27 GMT

Expires: Sat, 03 Dec 2016 09:16:27 GMT

Via: cache11.l2et2-1[0,200-0,H], cache10.l2et2-1[0,0], kunlun8.cn44[49,200-0,M], kunlun8.cn44[51,0]

Age: 316

X-Cache: MISS TCP_MISS dirn:5:141565707

X-Swift-SaveTime: Sat, 03 Dec 2016 09:06:43 GMT

X-Swift-CacheTime: 584

Timing-Allow-Origin: *

EagleId: 7522074814807560029771029e
!function(){var p,q,r,a=encodeURIComponent,b="1252975436",c="pic",d=""
,e="online_v3.php",f="z5.cnzz.com",g="1",h="pic",i="z",j="站&
271;统计",k=window["_CNZZDbridge_" b]["bobject"],l="http:"
,m="1",n=l "//online.cnzz.com/online/" e,o=[];o.push("id=" b),o.push("
h=" f),o.push("on=" a(d)),o.push("s=" a(c)),n ="?" o.join("&"),"0"===m
&&k["callRequest"]([l "//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k["
createScriptIcon"](n,"utf-8"):(q="z"==i?"hXXp://VVV.cnzz.com/stat/webs
ite.php?web_id=" b:"hXXp://quanjing.cnzz.com","pic"===h?(r=l "//icon.c
nzz.com/img/" c ".gif",p="<a href='" q "' target=_blank title='" j 
"'><img border=0 hspace=0 vspace=0 src='" r "'></a>"):p
="<a href='" q "' target=_blank title='" j "'>" j "</a>",k
["createIcon"]([p])))}();HTTP/1.1 200 OK..Server: Tengine..Content-Typ
e: application/javascript..Content-Length: 765..Connection: keep-alive
..Date: Sat, 03 Dec 2016 09:01:27 GMT..Last-Modified: Sat, 03 Dec 2016
 09:01:27 GMT..Expires: Sat, 03 Dec 2016 09:16:27 GMT..Via: cache11.l2
et2-1[0,200-0,H], cache10.l2et2-1[0,0], kunlun8.cn44[49,200-0,M], kunl
un8.cn44[51,0]..Age: 316..X-Cache: MISS TCP_MISS dirn:5:141565707..X-S
wift-SaveTime: Sat, 03 Dec 2016 09:06:43 GMT..X-Swift-CacheTime: 584..
Timing-Allow-Origin: *..EagleId: 7522074814807560029771029e..!function
(){var p,q,r,a=encodeURIComponent,b="1252975436",c="pic",d="",e="onlin
e_v3.php",f="z5.cnzz.com",g="1",h="pic",i="z",j="站长ń
79;计",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m="1<<< skipped >>>

GET /2/json2.js HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: captcha.gtimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:06:45 GMT

Cache-Control: max-age=600

Expires: Sat, 03 Dec 2016 09:16:45 GMT

Last-Modified: Wed, 16 Nov 2016 03:12:03 GMT

Content-Type: application/x-javascript

Content-Length: 5426

Content-Encoding: gzip

Keep-Alive: timeout=60

X-Cache-Lookup: Hit From Disktank Gz
...........<ks.8... 0..PJdY.e27..|.....$N........@..Ej...........l'
;u....D.h4...fv.o....$~9.....h............fQ..w.J.....t,.....~:.&.....
....;q|">|.....wC...H...o._N...O........J.E.......f.....a.^.^f.E...
x..".......I...L.U..A..{..J..:JnV*..u...Jf~.....&.....~..U..^.. ......
....3....uvr....o.....`.........zw$......G'.?:9..........tvr....I.FJ..
......Q2.....dv......@.0...&. ./.y6.Y..oapC.d<.k.fJ../......Q.."..H
_......o..Ec.w.....\.D....Y!.......T.4.7..x.u..H.y...7.R.&.A..9.....a.
.d.aV.5..B.......E=3.6..`A....'(b..!.c._$.....B..T..J.V>.....a<.
..8...X.6...`....T.......#Y.9<...\].b.FQ'4.1 ..h......LI..,B.....[.
.X.@.:.......!.s.R..v.... .....\..TTA..-zY./...7.=d..,.e.}.. nZ/....X.
.'2.P @.-.|.....Pb.&..'%$.#r.i...jZP..u.bG.X.P..".....XUg\'Op..(F....~
l.#V..}.>. .;B..)..<.Jm. CqX.7O`.q.B..PF...1.5U .L....*...U..j..
....k..E...B.Wy.\.....~...L.(.m3..'UE...Pf-3b=.^*0PY.....:....1..Cmd.!
.P...*.....Z....h(..EX.cc...8..(x..!.]..7k5..|S...l./n[....zq...vw...0
%..]......J.fDJf9..yx.27....!b..bo$..7......x.u.}s......B._.../....i..
._.o..w...u.~.]Z...b...S...~......O.[R....S...p.. .<....*...r.?.&..
..D.....A..B..\.e.3k....&U..V.n.... ..R.F...>T4.._....!.6.#...YB...
...b.L`..9f.\.;..2kh.....#.t..yu.G.........k..!.fXS.....5#..C.n....T..
.....f..a.=.. =AV..zV"l.C.f`......B.>........N.R...9,...!.B&.,...D?
......H..8c...S...6..0t4....n..i.^..>.....n...]k7..9.Z...T`..F...g.
..7.....3.U.Z..-..M.m. .._.IKqs...'_r..t.s.r F.......$$.....cq. ......
...1.F:.:.ZA..r...;j..o4.VA1....MCIK0.wp.>..........[. .V..q.[.<<< skipped >>>

GET /2/TCapIframe.js?v=1.0 HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: captcha.gtimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:06:46 GMT

Cache-Control: max-age=600

Expires: Sat, 03 Dec 2016 09:16:46 GMT

Last-Modified: Wed, 16 Nov 2016 03:12:03 GMT

Content-Type: application/x-javascript

Content-Length: 3092

Content-Encoding: gzip

Keep-Alive: timeout=60

X-Cache-Lookup: Hit From Disktank Gz
...........Yms.6.. 2.N% D...I.....^r.4..w..U..H.BC.,..%..... ..(Io..}.
L,...b..].d..b.E..`_=....#<.....<K......{..}2..w..I..../........
~;?....x.].{........b....j*Y.F1.%..2......xf..K..l.(..k.B2...H...8,...
.....q....Eg.H.?~y}!ns..L.2....\...t...dq8...-/.....4..bjZ..z.Z.T.N...
G.4.$...t....Lp ........N.."Jh.K.Fr.....(.(.kX."....!0M.Q..c.e....o#..
..&.5q..<~oI..).,f...r.!..E...0.".IE..!].>|HY..M.*{w.......m.]..
UC&wA.g%......C...K........,V$.[.0.....5.....HD..d...0y)x.B.=.H.......
.C..y%Ih...m....s..Sv....*lVc6.O...7L.#..K4#.<...^..u..j.I.b..i....
1gS%.....4....)..B3...D.. K......^@R..he.x..#..xl.r......a.8..'_Q.....
.!.r@.MkW ...$lx........l)6...K...2Fg...B..ty....o....Ol.~E....T...A..
...{2?.._.....J.\)."..d4...........>@........L$...dO2k.%`..zV....Gp
......6..{.(0..n...*.B.e'..!.!.}l...g.......q_.*.g.....m.Z..9.._.@.k..
.^.5 ...]....."....c...ut.st.|..%.a_......X2@.;.a&...........z.......w
..M...M.(.....z(#.~....V...=M.]...8..M....GMw2...[.....,.T....G?.C....
..8 r...Y.S..0..h..[.o..Q.^.Z)..K..W....xxV0..gp\..!.........U..o^..D.
.lF...lV.................`mP.#..W.<}..@H'..%}=?#....j..YIL..XO.%..*
.j.J=.....u.i.................W3.)...V.Q....mvI..e.YLBa...k."y$p......
._..q......1.[....C*...|...".......*../.:..%T.U..6G.......e...reH.....
......#..v-.......,........nA..Yh.F.......F......`$=.p-........`.`.;..
*u..H..`....s..x...Eq.U....h.`.G..G.:{.l..~.X...Bs..5d.....H.Pg...C.d.
..h....;....}....O..~.....KKd.Sk;0.....E<.x_A.........m6..2.......:
..^&L..._.n..2..%Q..Abom>....?.|...U.....|o.]NM=j.@N...... ..:e<<< skipped >>>

GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1276x846&et=0&fl=23.0&ja=1&ln=en-us&lo=0&nv=1&rnd=867638635&si=7d873703fcccf08b7645d8b2c04b0c12&st=1&v=1.1.33&lv=1&tt=éª¨å¤´è½¯ä»¶é”€å”®å¹³å° HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=1DD08177AF2CF4BE


HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Sat, 03 Dec 2016 09:06:59 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Content-Length: 43..Content-Type: i
mage/gif..Date: Sat, 03 Dec 2016 09:06:59 GMT..Pragma: no-cache..Serve
r: apache..X-Content-Type-Options: nosniff..GIF89a.............!......
.,...........L..;..

GET /c/=/crm/wpa/release/3.3.7/util/domain.js,/crm/wpa/release/3.3.7/wpa/wpaMgr.js,/crm/wpa/release/3.3.7/wpa/visitor.js,/crm/wpa/release/3.3.7/wpa/kfuin.js,/crm/wpa/release/3.3.7/util/proxy.js,/crm/wpa/release/3.3.7/util/titleFlash.js,/crm/wpa/release/3.3.7/util/cookie.js,/crm/wpa/release/3.3.7/wpa/WPA.js,/crm/wpa/release/3.3.7/util/getJSONP.js,/crm/wpa/release/3.3.7/wpa/filter.js,/crm/wpa/release/3.3.7/wpa/ta.js,/crm/wpa/release/3.3.7/wpa/invite.js,/crm/wpa/release/3.3.7/util/taskMgr.js,/crm/wpa/release/3.3.7/lang/browser.js,/crm/wpa/release/3.3.7/util/pad.js,/crm/wpa/release/3.3.7/util/Bits.js,/crm/wpa/release/3.3.7/util/events.js,/crm/wpa/release/3.3.7/util/onLoad.js,/crm/wpa/release/3.3.7/util/offset.js,/crm/wpa/release/3.3.7/util/Panel.js?v=3.3.7.20160126 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: combo.b.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Date: Sat, 03 Dec 2016 09:06:58 GMT

Cache-Control: max-age=300

Expires: Sat, 03 Dec 2016 09:11:58 GMT

Last-Modified: Fri, 12 Aug 2016 09:00:23 GMT

Content-Type: application/x-javascript

Content-Length: 16845

Content-Encoding: gzip

Keep-Alive: timeout=60

Access-Control-Allow-Origin: *

X-Cache-Lookup: Hit From Upstream

X-Cache-Lookup: Hit From Disktank Gz
...........}]w...._.:...d..'1D..6v....p..vX...-$"...Zw.m.f^.i^.m.f....
;...../.@`.}.....c.............O_...Vs.5.] .LC......]E.L.~h{nF}.3..M..
..9.M.?.[n.. ...L.sS....o`.....sx..2.*C(........^....E=...............
.g.?..V.^...$\..'..y.......b.z.....r/?C........Xc...0c.....2b.....R...
....q..8v.Qr..#.2.....l...3j...\.H=.. _^...K..<\]?o......T..Q...^..
.j.p.......`.3.SUN........lf...8..A..I.o..\..-..........h...z.....v...
...`.G.....=<.......}......#``.5...>..o....@)....4H..[...oQ....Y
^f.:E...(.. .P...WH.....4..dG...2D..<.....E..\.Fy.e.w...G......n.N.
.N...n.........@r.V...>...=........r.7u.L.>....Qg.....T|.......&
gt;.o..u.:0B.oE.X.k.Zc...t...n.zR..P..hG.S.hm.}_..K..n..~[,P.&F..HE.I.
/.....<....{...1|.}A~.O.9{..N`. t.`..O..=.....P.....,.NE.X..d.]% .,
C0.sZ.i.(7.[......1fM!.l...r>..4..r.~....A.Y......]..W.}.R...aH....
~\clU.}....n.S...}....g ,.#&{..".=..k&.M@.?.Y~.T..#".......F......2...
...y..m-K.u.$........\P!.H.=..i..Ps....N.>...Y.3.."..Q...T.....A..c
....u(*.. ..-.....? ...k......m....<"...>._..w0.`...S..x....)%.}
..r ..g.r[svP..zQ.?76.U..!.h....2.=.l....3....b.....q...h.D.0NT..:.h..
v.=7.. .f.9..n.^.n>.k.^.9...A9.>,'.Bi.Q.......!.s.2..o.."tK..l..
...?.e.F..........~P..Z.....;......g...K..p..a..i..[..2.-ah.!e........
.....k.{g..".4..,..}.G.....:a....F4...]...............................
.o0.1.m.zZR..g.).........9.>.{..c...f..Q...u....=k.c.`.H....p.d;&..
4 Ge@..t,60.&a...........3..,....[.]B..].1.9.}.W ...M.:...3.KcZO..C.Z.
L.8. ....;;.C..*bH.|..X@-!.'f!M,.lI&.0..v.q.....5...=b=.l'.T......<<< skipped >>>

GET /cgi-bin/report?id=358342&t=0.09189487731182771 HTTP/1.1

Accept: */*

Referer: hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=........QQ........&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: ui.ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_login_sig=gpko11DrXLeS4DTrlm-c91zYO9TN31999TY28Xku7pu00OrKrgpc2lSO9cHoAEfG; pt_clientip=305a0a37d8564c37; pt_serverip=d17a0aa693d945ee; pt_local_token=-359121953; uikey=9c1217d15a69260d3741237a38a8367e12b87632882471006c4ae8ed32951fc5; pt_guid_sig=c5deee02a418822d3cc55da3efd35ba2dc660bc204a0700a102d9c42344a5a94; qrsig=sSREmXCtBn6wE086j2123p14NwNirsrSXw8lV4OEBtq65sWJlghluWcq5sSn*aXq


HTTP/1.1 200 OK

Date: Sat, 03 Dec 2016 09:06:51 GMT

Content-Type: image/bmp;

Content-Length: 66

Connection: keep-alive

Server: QZHTTP-2.38.20

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

BMB.......>...(...................................................H
TTP/1.1 200 OK..Date: Sat, 03 Dec 2016 09:06:51 GMT..Content-Type: ima
ge/bmp;..Content-Length: 66..Connection: keep-alive..Server: QZHTTP-2.
38.20..Pragma: no-cache..Cache-Control: no-cache; must-revalidate..BMB
.......>...(.....................................................

GET /dingyue/images/bg_1.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://gutou.cc/ad/shiyi/dingyue.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.xuelangteam.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:06:43 GMT

Content-Type: image/png

Content-Length: 2992

Last-Modified: Sun, 07 Oct 2012 13:57:10 GMT

Connection: keep-alive

ETag: "50718a36-bb0"

Accept-Ranges: bytes
.PNG........IHDR.............s..$....pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#....Y....a...@....V....HU..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..]3...Z..z..y8.@...P.<......%b..0..>.3.o..~..@...z..q.@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V<<< skipped >>>

GET /dingyue/images/bg_3b.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://gutou.cc/ad/shiyi/dingyue.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.xuelangteam.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:06:43 GMT

Content-Type: image/png

Content-Length: 442

Last-Modified: Sun, 07 Oct 2012 13:57:00 GMT

Connection: keep-alive

ETag: "50718a2c-1ba"

Accept-Ranges: bytes
.PNG........IHDR.....................sBIT.....O....KPLTE.........(((..
.^^^RRR999...{{{wwwlll........................................]g.....t
RNS.."33DDDUUUUf.............l......pHYs...........~.....tEXtSoftware.
Adobe Fireworks CS5q..6....IDATx...I..0.D..f.0'......E...eTu..<}...
..........(..(....|...(......yS......Q.....7.3P..v.^E.'....(.a.G.k..t.
{...f.bQwg:.r..~.N.K.;............>.2 .rx...t.{........w.iN..w..^..
..........;..Q......IEND.B`.....


GET /dingyue/images/input.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://gutou.cc/ad/shiyi/dingyue.htm

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.xuelangteam.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sat, 03 Dec 2016 09:06:44 GMT

Content-Type: image/png

Content-Length: 738

Last-Modified: Sun, 07 Oct 2012 13:57:10 GMT

Connection: keep-alive

ETag: "50718a36-2e2"

Accept-Ranges: bytes
.PNG........IHDR...j...%.....k.......sBIT....|.d.....pHYs...........~.
....tEXtCreation Time.05/30/12.P.z....tEXtSoftware.Adobe Fireworks CS5
q..6...:IDATx....j.0.F._.<C....>T.).W.......l"..@.gp....y@...{ww
....ZSqw.x{...*.h.6.R.sV.Y)%.........{W.].5..dfrw...L.>>T$i.w=..
S..m;...p....j3;..HR)E....:U...3"...@..%...a...S5[..p....Y....9Q.0.R.b
....5.>^#=&l..u.yF:..P.....u|...g......5...{..gcGw.}.W:B.R:M.1.....
3....O....g.....u....[;...^~{...#...8B...#...8B...#...8B...#...8B...#.
..8B...#...8B...#...8B...#...8B...#....".=.....p......G.g.[k..[k.s....
.....=..P....t.b<...p..fw..U:B..rw..<.|.....p.8Q..l.?C=n..%q...\
k.668^KG..L.V...{W)E.5......F....t.u^K!.9..G.5m.6#M....1.q.....*..u.u.
.V...iB...z..]s....[...Sn&7../............L........IEND.B`.HTTP/1.1 20
0 OK..Server: nginx..Date: Sat, 03 Dec 2016 09:06:44 GMT..Content-Type
: image/png..Content-Length: 738..Last-Modified: Sun, 07 Oct 2012 13:5
7:10 GMT..Connection: keep-alive..ETag: "50718a36-2e2"..Accept-Ranges:
 bytes...PNG........IHDR...j...%.....k.......sBIT....|.d.....pHYs.....
......~.....tEXtCreation Time.05/30/12.P.z....tEXtSoftware.Adobe Firew
orks CS5q..6...:IDATx....j.0.F._.<C....>T.).W.......l"..@.gp....
y@...{ww....ZSqw.x{...*.h.6.R.sV.Y)%.........{W.].5..dfrw...L.>>
T$i.w=..S..m;...p....j3;..HR)E....:U...3"...@..%...a...S5[..p....Y....
9Q.0.R.b....5.>^#=&l..u.yF:..P.....u|...g......5...{..gcGw.}.W:B.R:
M.1.....3....O....g.....u....[;...^~{...#...8B...#...8B...#...8B...#..
.8B...#...8B...#...8B...#...8B...#...8B...#....".=.....p......G.g.<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_2984:

`.rsrc

t$(SSh

~%UVW

u$SShe

Bv.SCv=kAv

kernel32.dll

ole32.dll

wininet.dll

Kernel32.dll

shlwapi.dll

gdiplus.dll

user32.dll

GdiPlus.dll

MsgWaitForMultipleObjects

HttpOpenRequestA

HttpSendRequestA

HttpQueryInfoA

42305932-06E6-47a5-AC79-8BDCDC58DF61

HttpClient

hXXp://wpa.qq.com/msgrd?v=3&uin=10347904&site=qq&menu=yes

.rsrc

%S4WD

hg%fpM

S.Ac9SR

0.I%3s

,wAe.kI

aiUy'4xu

%c*@j

.eH'y

{&%U)

lj%4U

xe%CNs

9F.cLe

hJK.ZH

O.qt0

KERNEL32.DLL

COMCTL32.dll

GDI32.dll

MSIMG32.dll

MSVCRT.dll

MSVFW32.dll

USER32.dll

SkinH_EL.dll

&dayspac=0&sidomain=ctc.qzonestyle.gtimg.cn&useutf8=1&outputhtmlfeed=1&rd=0.0

hXXp://ic2.s51.qzone.qq.com/cgi-bin/feeds/feeds3_html_more?uin=

nickname:'

data-fkey=\x22

function timea(){var d,s;d=new Date();d.setTime('

&unikey=&curkey=&from=1&appid=311&typeid=2&abstime=

&style=35&version=8&needDelOpr=true&hideExtend=false&showcount=15&MORE_FEEDS_CGI=http%3A%2F%2Fic2.qzone.qq.com%2Fcgi-bin%2Ffeeds%2Ffeeds_html_act_all&refer=2&opuin=

&i_login_uin=

qzreferrer=http://ic2.qzone.qq.com/cgi-bin/feeds/feeds_html_module?i_uin=

hXXp://w.qzone.qq.com/cgi-bin/likes/internal_dolike_app?g_tk=

1970-01-01 08:00:00

https

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

http=

HTTP/1.1

Content-Type: application/x-www-form-urlencoded

hXXps://

hXXp://

hXXp://user.qzone.qq.com/q/taotao/cgi-bin/emotion_cgi_re_feeds?g_tk=

/myhome

&richval=&richtype=1&private=0¶mstr=1&qzreferrer=http://user.qzone.qq.com/

hXXp://pan.baidu.com/s/1nhMWY

&code_version=1&format=fs&qzreferrer=hXXp://user.qzone.qq.com/

syn_tweet_verson=1¶mstr=1&pic_template=&richtype=&richval=&special_url=&subrichtype=&who=1&con=

hXXp://user.qzone.qq.com/q/taotao/cgi-bin/emotion_cgi_publish_v6?g_tk=

hXXp://vip.gutou.cc/sale.php?shiyi

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies

\*.txt

scripting.FileSystemObject

%Documents and Settings%\IBM\Cookies\*.txt

hXXp://d.gutousoft.com/å…¬å…±è½¯ä»¶ä¸‹è½½/å¤±å¿†ç§’èµžç§’è¯„è½¯ä»¶.txt

hXXp://gutou.cc/ad/shiyi/dingyue.htm

qzone.qq.com

p_skey

skey=

p_skey=

; skey=

hXXp://VVV.gutou.cc

hXXp://shiyi.gutou.cc/

hXXp://gutou.cc

WinHttp.WinHttpRequest.5.1

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

update.temp

z>.bak

Comet.WndShadow.Color

Comet.WndShadow.Proc

Comet.WndShadow

SysShadow

anonymous@123.com

.exe|.rar|.zip|.gif|.jpg|.mp3|.rm

@kernel32.dll

hXXp://gutou.cc/ad/shiyitop.htm

hXXp://VVV.gutou.cc/up/tongji.htm#shiyit

hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=

&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html#prefix_0

%d&&'

123456789

00003333

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

F%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

__MSVCRT_HEAP_SELECT

Broken pipe

Inappropriate I/O control operation

Operation not permitted

iphlpapi.dll

SHLWAPI.dll

MPR.dll

VERSION.dll

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.*)|*.*||

Shell32.dll

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|PNG

(*.PNG)|*.PNG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

1.6.9

unsupported zlib version

png_read_image: unsupported transformation

out.prn

%d.%d

%d / %d

%d/%d

Bogus message code %d

libpng error: %s

libpng warning: %s

1.1.3

bad keyword

libpng does not support gamma background rgb_to_gray

Palette is NULL in indexed image

(%d-%d):

%ld%c

(*.htm;*.html)|*.htm;*.html

VVV.dywt.com.cn

HTTP HTTPS.

Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.536.2 Safari/534.10

Content-Length: %d

%s <%s>

Reply-To: %s

From: %s

To: %s

Subject: %s

Date: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

SMTP

[%s:%d]

Range: bytes=%s-

[%s:%d]

PASS %s

PASS ******

USER %s

E:\e5\dev\e\static_link\static_libs\source\downlib\mystrlib.cpp

SIZE %s

PORT

User-Agent: %s

Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)

Referer: %s

Host: %s

GET %s HTTP/1.1

HTTP/1.0

Cookie: %s

%d, %s

\\192.168.0.129\TCP\1037

NSPlayer/9.0.0.2980; {%s}; Host: %s

rmff_fix_header: assuming data.size=%i

rmff_fix_header: assuming data.num_packets=%i

rmff_fix_header: assuming prop.num_packets=%i

rmff_fix_header: setting prop.data_offset from %i to %i

rmff_fix_header: correcting prop.num_streams from %i to %i

rmff_fix_header: correcting prop.size from %i to %i

%s %s %s

Session: %s

Cseq: %u

%*s %s

%*s %u

CSeq: %u

rtsp://%s:%i

rtsp://%s:%i/%s

ClientID: Linux_2.4_6.0.9.1235_play32_RN01_EN_586

GUID: 00000000-0000-0000-0000-000000000000

[%s:%d]

User-Agent: RealMedia Player Version 6.0.9.1235 (linux-2.0-libc6-i386-gcc2.95)

Range: npt=%s-

%s/streamid=1

%s/streamid=0

Transport: x-pn-tng/tcp;mode=play,rtp/avp/tcp;unicast;mode=play

If-Match: %s

RealChallenge2: %s, sd=%s

Title: %s

Copyright: %s

Author: %s

real: Content-length for description too big (> %uMB)!

Require: com.real.retain-entity-for-setup

SupportsMaximumASMBandwidth: 1

Bandwidth: %u

Challenge1: %s

hash output: %x %x %x %x

hash input: %x %x %x %x

stream=%u;rule=%u,

Illegal character '%c' in input.

.PAVCOleException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCOleDispatchException@@

.PAVCArchiveException@@

zcÁ

c:\%original file name%.exe

#include "l.chs\afxres.rc" // Standard components

GetCPInfo

GetProcessHeap

WinExec

RegCloseKey

RegOpenKeyExA

RegCreateKeyExA

GetViewportExtEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GetViewportOrgEx

ShellExecuteA

SetWindowsHookExA

UnhookWindowsHookEx

GetKeyState

CreateDialogIndirectParamA

HttpAddRequestHeadersA

HttpEndRequestA

InternetCrackUrlA

.text

`.rdata

@.data

`.rkwm

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>PAD

ADVAPI32.dll

comdlg32.dll

OLEAUT32.dll

oledlg.dll

RASAPI32.dll

SHELL32.dll

WININET.dll

WINMM.dll

WINSPOOL.DRV

WS2_32.dll

1, 0, 6, 6

- Skin.dll

(*.*)

1.8.0.0

(hXXp://VVV.dywt.com.cn)

%original file name%.exe_2984_rwx_00401000_0017E000:

t$(SSh

~%UVW

u$SShe

Bv.SCv=kAv

kernel32.dll

ole32.dll

wininet.dll

Kernel32.dll

shlwapi.dll

gdiplus.dll

user32.dll

GdiPlus.dll

MsgWaitForMultipleObjects

HttpOpenRequestA

HttpSendRequestA

HttpQueryInfoA

42305932-06E6-47a5-AC79-8BDCDC58DF61

HttpClient

hXXp://wpa.qq.com/msgrd?v=3&uin=10347904&site=qq&menu=yes

.rsrc

%S4WD

hg%fpM

S.Ac9SR

0.I%3s

,wAe.kI

aiUy'4xu

%c*@j

.eH'y

{&%U)

lj%4U

xe%CNs

9F.cLe

hJK.ZH

O.qt0

KERNEL32.DLL

COMCTL32.dll

GDI32.dll

MSIMG32.dll

MSVCRT.dll

MSVFW32.dll

USER32.dll

SkinH_EL.dll

&dayspac=0&sidomain=ctc.qzonestyle.gtimg.cn&useutf8=1&outputhtmlfeed=1&rd=0.0

hXXp://ic2.s51.qzone.qq.com/cgi-bin/feeds/feeds3_html_more?uin=

nickname:'

data-fkey=\x22

function timea(){var d,s;d=new Date();d.setTime('

&unikey=&curkey=&from=1&appid=311&typeid=2&abstime=

&style=35&version=8&needDelOpr=true&hideExtend=false&showcount=15&MORE_FEEDS_CGI=http%3A%2F%2Fic2.qzone.qq.com%2Fcgi-bin%2Ffeeds%2Ffeeds_html_act_all&refer=2&opuin=

&i_login_uin=

qzreferrer=http://ic2.qzone.qq.com/cgi-bin/feeds/feeds_html_module?i_uin=

hXXp://w.qzone.qq.com/cgi-bin/likes/internal_dolike_app?g_tk=

1970-01-01 08:00:00

https

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

http=

HTTP/1.1

Content-Type: application/x-www-form-urlencoded

hXXps://

hXXp://

hXXp://user.qzone.qq.com/q/taotao/cgi-bin/emotion_cgi_re_feeds?g_tk=

/myhome

&richval=&richtype=1&private=0¶mstr=1&qzreferrer=http://user.qzone.qq.com/

hXXp://pan.baidu.com/s/1nhMWY

&code_version=1&format=fs&qzreferrer=hXXp://user.qzone.qq.com/

syn_tweet_verson=1¶mstr=1&pic_template=&richtype=&richval=&special_url=&subrichtype=&who=1&con=

hXXp://user.qzone.qq.com/q/taotao/cgi-bin/emotion_cgi_publish_v6?g_tk=

hXXp://vip.gutou.cc/sale.php?shiyi

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies

\*.txt

scripting.FileSystemObject

%Documents and Settings%\IBM\Cookies\*.txt

hXXp://d.gutousoft.com/å…¬å…±è½¯ä»¶ä¸‹è½½/å¤±å¿†ç§’èµžç§’è¯„è½¯ä»¶.txt

hXXp://gutou.cc/ad/shiyi/dingyue.htm

qzone.qq.com

p_skey

skey=

p_skey=

; skey=

hXXp://VVV.gutou.cc

hXXp://shiyi.gutou.cc/

hXXp://gutou.cc

WinHttp.WinHttpRequest.5.1

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

update.temp

z>.bak

Comet.WndShadow.Color

Comet.WndShadow.Proc

Comet.WndShadow

SysShadow

anonymous@123.com

.exe|.rar|.zip|.gif|.jpg|.mp3|.rm

@kernel32.dll

hXXp://gutou.cc/ad/shiyitop.htm

hXXp://VVV.gutou.cc/up/tongji.htm#shiyit

hXXp://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http://qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone&pt_qr_app=

&pt_qr_link=http://z.qzone.com/download.html&self_regurl=http://qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http://z.qzone.com/download.html#prefix_0

%d&&'

123456789

00003333

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

F%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

__MSVCRT_HEAP_SELECT

Broken pipe

Inappropriate I/O control operation

Operation not permitted

iphlpapi.dll

SHLWAPI.dll

MPR.dll

VERSION.dll

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.*)|*.*||

Shell32.dll

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|PNG

(*.PNG)|*.PNG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

1.6.9

unsupported zlib version

png_read_image: unsupported transformation

out.prn

%d.%d

%d / %d

%d/%d

Bogus message code %d

libpng error: %s

libpng warning: %s

1.1.3

bad keyword

libpng does not support gamma background rgb_to_gray

Palette is NULL in indexed image

(%d-%d):

%ld%c

(*.htm;*.html)|*.htm;*.html

VVV.dywt.com.cn

HTTP HTTPS.

Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.536.2 Safari/534.10

Content-Length: %d

%s <%s>

Reply-To: %s

From: %s

To: %s

Subject: %s

Date: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

SMTP

[%s:%d]

Range: bytes=%s-

[%s:%d]

PASS %s

PASS ******

USER %s

E:\e5\dev\e\static_link\static_libs\source\downlib\mystrlib.cpp

SIZE %s

PORT

User-Agent: %s

Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)

Referer: %s

Host: %s

GET %s HTTP/1.1

HTTP/1.0

Cookie: %s

%d, %s

\\192.168.0.129\TCP\1037

NSPlayer/9.0.0.2980; {%s}; Host: %s

rmff_fix_header: assuming data.size=%i

rmff_fix_header: assuming data.num_packets=%i

rmff_fix_header: assuming prop.num_packets=%i

rmff_fix_header: setting prop.data_offset from %i to %i

rmff_fix_header: correcting prop.num_streams from %i to %i

rmff_fix_header: correcting prop.size from %i to %i

%s %s %s

Session: %s

Cseq: %u

%*s %s

%*s %u

CSeq: %u

rtsp://%s:%i

rtsp://%s:%i/%s

ClientID: Linux_2.4_6.0.9.1235_play32_RN01_EN_586

GUID: 00000000-0000-0000-0000-000000000000

[%s:%d]

User-Agent: RealMedia Player Version 6.0.9.1235 (linux-2.0-libc6-i386-gcc2.95)

Range: npt=%s-

%s/streamid=1

%s/streamid=0

Transport: x-pn-tng/tcp;mode=play,rtp/avp/tcp;unicast;mode=play

If-Match: %s

RealChallenge2: %s, sd=%s

Title: %s

Copyright: %s

Author: %s

real: Content-length for description too big (> %uMB)!

Require: com.real.retain-entity-for-setup

SupportsMaximumASMBandwidth: 1

Bandwidth: %u

Challenge1: %s

hash output: %x %x %x %x

hash input: %x %x %x %x

stream=%u;rule=%u,

Illegal character '%c' in input.

.PAVCOleException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCOleDispatchException@@

.PAVCArchiveException@@

zcÁ

c:\%original file name%.exe

#include "l.chs\afxres.rc" // Standard components

GetCPInfo

GetProcessHeap

WinExec

RegCloseKey

RegOpenKeyExA

RegCreateKeyExA

GetViewportExtEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GetViewportOrgEx

ShellExecuteA

SetWindowsHookExA

UnhookWindowsHookEx

GetKeyState

CreateDialogIndirectParamA

HttpAddRequestHeadersA

HttpEndRequestA

InternetCrackUrlA

.text

`.rdata

@.data

1, 0, 6, 6

- Skin.dll

(*.*)

%original file name%.exe_2984_rwx_10000000_0003E000:

`.rsrc

L$(h%f

SSh0j

msctls_hotkey32

TVCLHotKey

THotKey

\skinh.she

}uo,x6l5k%x-l h

9p%s m)t4`#b

e"m?c&y1`Ð<

SetViewportOrgEx

SetViewportExtEx

SetWindowsHookExA

UnhookWindowsHookEx

EnumThreadWindows

EnumChildWindows

`c%US.4/

!#$<#$#=

.text

`.rdata

@.data

.rsrc

@.UPX0

`.UPX1

`.reloc

hJK.ZH

O.qt0

KERNEL32.DLL

COMCTL32.dll

GDI32.dll

MSIMG32.dll

MSVCRT.dll

MSVFW32.dll

USER32.dll

SkinH_EL.dll

1, 0, 6, 6

- Skin.dll

iexplore.exe_2992:

.text

`.data

.rsrc

@.reloc

Bv.TBv

>.uzf

.us;}

IEFRAME.dll

MLANG.dll

iertutil.dll

urlmon.dll

ole32.dll

SHELL32.dll

SHLWAPI.dll

msvcrt.dll

USER32.dll

KERNEL32.dll

ADVAPI32.dll

RegOpenKeyExW

RegCloseKey

GetWindowsDirectoryW

_amsg_exit

_wcmdln

UrlApplySchemeW

PathIsURLW

UrlCanonicalizeW

UrlCreateFromPathW

iexplore.pdb

KEYW

KEYWh

KEYWD

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

user32.dll

Kernel32.DLL

xfire.exe

wlmail.exe

winamp.exe

waol.exe

sidebar.exe

psocdesigner.exe

np.exe

netscape.exe

netcaptor.exe

neoplanet.exe

msn.exe

mshtmpad.exe

mshta.exe

loader42.exe

infopath.exe

iexplore.exe

iepreview.exe

groove.exe

explorer.exe

dreamweaver.exe

contribute.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

Kernel32.dll

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

{00000000-0000-0000-0000-000000000000}

\\?\Volume

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

Windows

9.00.8112.16421

iexplore.exe_620:

.text

`.data

.rsrc

@.reloc

Bv.TBv

>.uzf

.us;}

IEFRAME.dll

MLANG.dll

iertutil.dll

urlmon.dll

ole32.dll

SHELL32.dll

SHLWAPI.dll

msvcrt.dll

USER32.dll

KERNEL32.dll

ADVAPI32.dll

RegOpenKeyExW

RegCloseKey

GetWindowsDirectoryW

_amsg_exit

_wcmdln

UrlApplySchemeW

PathIsURLW

UrlCanonicalizeW

UrlCreateFromPathW

iexplore.pdb

KEYW

KEYWh

KEYWD

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

user32.dll

Kernel32.DLL

xfire.exe

wlmail.exe

winamp.exe

waol.exe

sidebar.exe

psocdesigner.exe

np.exe

netscape.exe

netcaptor.exe

neoplanet.exe

msn.exe

mshtmpad.exe

mshta.exe

loader42.exe

infopath.exe

iexplore.exe

iepreview.exe

groove.exe

explorer.exe

dreamweaver.exe

contribute.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

Kernel32.dll

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

{00000000-0000-0000-0000-000000000000}

\\?\Volume

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

Windows

9.00.8112.16421

SearchProtocolHost.exe_3988:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

msvcrt.dll

USER32.dll

ole32.dll

OLEAUT32.dll

TQUERY.DLL

MSSHooks.dll

IMM32.dll

SHLWAPI.dll

SrchCollatorCatalogInfo

SrchDSSLogin

SrchDSSPortManager

SrchPHHttp

SrchIndexerQuery

SrchIndexerProperties

SrchIndexerPlugin

SrchIndexerClient

SrchIndexerSchema

Msidle.dll

Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default

pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty

d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

RegDeleteKeyW

RegDeleteKeyExW

8%uiP

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

</MSG></TRC>

<MSG>

<ERR> 0xx=

<LOC> %s(%d) </LOC>

tid="0x%x"

pid="0x%x"

tagname="%s"

tagid="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

logname="%s"

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

SHELL32.dll

PROPSYS.dll

ntdll.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ReportEventW

_amsg_exit

MsgWaitForMultipleObjects

SearchProtocolHost.pdb

2 2(20282|2

4%5S5

Software\Microsoft\Windows Search

https

kernel32.dll

msTracer.dll

msfte.dll

lX-X-X-XX-XXXXXX

SOFTWARE\Microsoft\Windows Search

tquery.dll

%s\%s

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Windows Search Service

<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>

advapi32.dll

WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll

winhttp.dll

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

<MSG>

<LOC> %S(%d) </LOC>

tagname="%S"

logname="%S"

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

Microsoft Windows Search Protocol Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchProtocolHost.exe

Windows

7.00.7601.17610

SearchFilterHost.exe_3340:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

msvcrt.dll

USER32.dll

ole32.dll

OLEAUT32.dll

TQUERY.DLL

IMM32.dll

MSSHooks.dll

mscoree.dll

SHLWAPI.dll

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

RegDeleteKeyW

RegDeleteKeyExW

8%uiP

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ReportEventW

_amsg_exit

SearchFilterHost.pdb

version="5.1.0.0"

name="Microsoft.Windows.Search.MSSFH"

<requestedExecutionLevel

3 3(30383|3

kernel32.dll

Software\Microsoft\Windows Search

SOFTWARE\Microsoft\Windows Search

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Windows Search Service

tquery.dll

advapi32.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

<MSG>

<ERR> 0xx=

<LOC> %S(%d) </LOC>

tid="0x%x"

pid="0x%x"

tagname="%S"

tagid="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

logname="%S"

</MSG></TRC>

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

%s\%s

winhttp.dll

Microsoft Windows Search Filter Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchFilterHost.exe

Windows

7.00.7601.17610

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\pic[1].gif (719 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2B2UVDJU.txt (265 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\load[1].gif (817 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\36GBOYBG.txt (415 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\ptlogin_report[1].bmp (66 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\json2[1].js (7098 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\icon_11[1].gif (913 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\pt_fetch_dev_uin[1].js (54 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\TCapIframe[1].js (5266 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\stat[1].js (1081 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\core[1].js (765 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\ptui_ver[1].js (227 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\ptqrshow[1].png (439 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\tongji[1].htm (952 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\TCapIframeApi[1].js (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\c_login_2[1].js (64891 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\N90VYBGE.txt (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\shiyitop[1].htm (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\TCapMsg[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\xlogin[1].htm (4258 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\xver[1].htm (99 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\53P3XZXY.txt (141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\r[1].htm (1 bytes)
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.