Backdoor.Win32.PcClient_85784b229f

by malwarelabrobot on December 10th, 2015 in Malware Descriptions.

Susp_Dropper (Kaspersky), Gen:Trojan.Heur.3uZ@yDgEvJmif (B) (Emsisoft), Backdoor.Win32.PcClient.FD, Trojan.Win32.IEDummy.FD, GenericPhysicalDrive0.YR (Lavasoft MAS)
Behaviour: Trojan, Backdoor


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 85784b229fd483ddd707706e21161bea
SHA1: 2995be1b726dccac8953f4a2c34830f0ed92e063
SHA256: f6e2b6a4af35737e4b83d607dbf9c38700b1a9de7904652a917facd4c42d5575
SSDeep: 12288:2CrjJSWj7aBX TLBhAuwf48ZujbT1lq8ENSue3QSsQS4KjvuNeR440aCBBUQ0ZQ1:RZtXXTLBuuKUT1VJQ06jGNeG5b0Za
Size: 913425 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2008-05-03 17:08:38
Analyzed on: WindowsXP SP3 32-bit


Summary:

Backdoor. Malware that enables a remote control of victim's machine.

Payload

No specific payload has been found.

Process activity

The Backdoor creates the following process(es):

ctfmon1.exe:1952
%original file name%.exe:464
Server.exe:1328

The Backdoor injects its code into the following process(es):

×Ô¶¯ÊÕ»õV4.1.exe:140

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process ×Ô¶¯ÊÕ»õV4.1.exe:140 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ad-mymacro8-p[1].htm (3 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mymacro.zip (22 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ad-mymacro8-p[1].txt (240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\go[1].htm (846 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\85e4.tmp (17716 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (3856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\s[1].js (38 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\s[1].php (3 bytes)
%Documents and Settings%\%current user%\Application Data\qmacro\qdisp.dll (6532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\mmcount[1].htm (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@qmacro[1].txt (151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\s[1].php (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ad-mymacro8.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aroute[1].php (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\e1537fea1e043634e7359bee6656a[1].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2.tmp (896 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (162 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\ad.vrbrothers[1].xml (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\plugin.zip (6740 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\hm[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f97f5aec6423f2058a1ab68892cb5[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aroute[2].php (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3.tmp (28844 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\hm[2].js (315 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ad-mymacro8-b[1].htm (755 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ad-mymacro8-b[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\adcon\mm\tmpad.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\2.tmp (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mymacro.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ad-mymacro8-b[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\plugin.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\hm[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\adcon\mm\tmpad.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\mmcount[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3.tmp (0 bytes)

The process %original file name%.exe:464 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsu1.tmp (0 bytes)

The process Server.exe:1328 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Program Files%\wi520468nd.temp (159649 bytes)
%Documents and Settings%\svchost.exe (33 bytes)
%System%\ctfmon.exe (673 bytes)

The Backdoor deletes the following file(s):

Registry activity

The process ×Ô¶¯ÊÕ»õV4.1.exe:140 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015120920151210]
"CacheOptions" = "11"

[HKCR\VBS]
"(Default)" = "VB Script Language"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"Locale" = "EN"
"(Default)" = "Microsoft Windows Script 5.7"

[HKCR\MSScriptControl.ScriptControl.1]
"(Default)" = "ScriptControl Object"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"IsInstalled" = "1"

[HKCR\TypeLib\{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}\1.0\0\win32]
"(Default)" = "%System%\MSScript.ocx"

[HKCR\QMDispatch.QMLibrary.Inner\CLSID]
"(Default)" = "{EBEB87A5-E151-4054-AB45-A6E094C5334B}"

[HKCR\ScriptControl\CLSID]
"(Default)" = "{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}"

[HKCR\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\InProcServer32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\APPLIC~1\qmacro\qdisp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Component Categories\{0AEE2A92-BCBB-11D0-8C72-00C04FC2B085}]
"409" = "Active Scripting Engine with Authoring"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCR\QMDispatch.QMFunction\CLSID]
"(Default)" = "{EBEB87A4-E151-4054-AB45-A6E094C5334B}"

[HKCR\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InprocServer32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\APPLIC~1\qmacro\qdisp.dll"

[HKCR\Component Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}]
"409" = "Active Scripting Engine with Encoding"

[HKCR\VBScript Author\CLSID]
"(Default)" = "{B54F3742-5B07-11cf-A4B0-00AA004A55E8}"

[HKCR\MSScriptControl.ScriptControl]
"(Default)" = "ScriptControl Object"

[HKCR\VBScript\CLSID]
"(Default)" = "{B54F3741-5B07-11cf-A4B0-00AA004A55E8}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015120920151210]
"CachePrefix" = ":2015120920151210:"

[HKCR\VBS Author]
"(Default)" = "VB Script Language Authoring"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCR\VBScript Author]
"(Default)" = "VB Script Language Authoring"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCR\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\InprocServer32]
"(Default)" = "%System%\MSScript.ocx"

[HKCR\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}]
"(Default)" = "QMDispatch.QMFunction"

[HKCR\VBScript]
"(Default)" = "VB Script Language"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\CLSID\{EBEB87A5-E151-4054-AB45-A6E094C5334B}\InprocHandler32]
"(Default)" = "ole32.dll"

[HKCR\Interface\{3F4DACA0-160D-11D2-A8E9-00104B365C9F}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{EBEB87A5-E151-4054-AB45-A6E094C5334B}]
"(Default)" = "QMDispatch.QMLibrary.Inner"

[HKCR\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}]
"(Default)" = "QMDispatch.QMRoutine"

[HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\Version]
"(Default)" = "5.5"

[HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCR\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}]
"(Default)" = "VBScript Language Encoding"

[HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\ProgID]
"(Default)" = "VBScript"

[HKCR\QMDispatch.QMVBSRoutine]
"(Default)" = "QMDispatch.QMVBSRoutine"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCR\QMDispatch.QMFunction]
"(Default)" = "QMDispatch.QMFunction"

[HKCR\QMDispatch.QMRoutine]
"(Default)" = "QMDispatch.QMRoutine"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32]
"(Default)" = "%System%\VBScript.dll\2"

[HKCR\MSScriptControl.ScriptControl\CurVer]
"(Default)" = "MSScriptControl.ScriptControl.1"

[HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\5.5\0\win32]
"(Default)" = "%System%\VBScript.dll\3"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"ComponentID" = "MSVBScript"

[HKCR\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\TypeLib]
"(Default)" = "{0E59F1D2-1FBE-11D0-8FF2-00A0D10038BC}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 70 62 E1 B1 59 98 03 62 2F 9F FA 12 2C 7F AF"

[HKCR\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\ProgID]
"(Default)" = "VBScript Author"

[HKCR\MSScriptControl.ScriptControl\CLSID]
"(Default)" = "{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}"

[HKCR\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\ProgID]
"(Default)" = "QMDispatch.QMLibrary"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\VersionIndependentProgID]
"(Default)" = "MSScriptControl.ScriptControl"

[HKCR\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}]
"(Default)" = "VB Script Language Authoring"

[HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
"(Default)" = "%System%\VBScript.dll"

[HKCR\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\Version]
"(Default)" = "1.0"

[HKCR\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\MiscStatus]
"(Default)" = "0"

[HKCR\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\ProgID]
"(Default)" = "QMDispatch.QMVBSRoutine"

[HKCR\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\ProgID]
"(Default)" = "QMDispatch.QMFunction"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCR\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\ProgID]
"(Default)" = "VBScript.Encode"

[HKCR\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
"(Default)" = "%System%\VBScript.dll"

[HKCR\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}]
"(Default)" = "ScriptControl Object"

[HKCR\VBScript.Encode\CLSID]
"(Default)" = "{B54F3743-5B07-11cf-A4B0-00AA004A55E8}"

[HKCR\VBScript.Encode]
"(Default)" = "VBScript Language Encoding"

[HKCR\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\InprocServer32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\APPLIC~1\qmacro\qdisp.dll"

[HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\TypeLib]
"(Default)" = "{3F4DACA7-160D-11D2-A8E9-00104B365C9F}"

[HKCR\QMDispatch.QMLibrary\CLSID]
"(Default)" = "{EBEB87A6-E151-4054-AB45-A6E094C5334B}"

[HKCR\Component Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
"409" = "Active Scripting Engine"

[HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32]
"(Default)" = "%System%\VBScript.dll"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"Version" = "5,7,0,16599"

[HKCR\QMDispatch.QMRoutine\CLSID]
"(Default)" = "{C07DB6A3-34FC-4084-BE2E-76BB9203B049}"

[HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}]
"(Default)" = "VBScript Regular Expression"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015120920151210]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012015120920151210\"

[HKCR\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\MiscStatus\1]
"(Default)" = "132499"

[HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}]
"(Default)" = "VB Script Language"

[HKCR\VBScript.RegExp]
"(Default)" = "VBScript Regular Expression"

[HKCR\CLSID\{EBEB87A5-E151-4054-AB45-A6E094C5334B}\LocalServer32]
"(Default)" = "D:\V41~1.EXE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCR\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\ProgID]
"(Default)" = "MSScriptControl.ScriptControl.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015120920151210]
"CacheLimit" = "8192"

[HKCR\VBScript.RegExp\CLSID]
"(Default)" = "{3F4DACA4-160D-11D2-A8E9-00104B365C9F}"

[HKCR\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\ProgID]
"(Default)" = "QMDispatch.QMRoutine"

[HKCR\Interface\{3F4DACA1-160D-11D2-A8E9-00104B365C9F}\TypeLib]
"Version" = "1.0"

[HKCR\Component Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
"409" = "Active Scripting Engine with Parsing"

[HKCR\MSScriptControl.ScriptControl.1\CLSID]
"(Default)" = "{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}"

[HKCR\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}]
"(Default)" = "QMDispatch.QMLibrary"

[HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\ProgID]
"(Default)" = "VBScript.RegExp"

[HKCR\ScriptControl\CurVer]
"(Default)" = "MSScriptControl.ScriptControl.1"

[HKCR\QMDispatch.QMLibrary]
"(Default)" = "QMDispatch.QMLibrary"

[HKCR\QMDispatch.QMVBSRoutine\CLSID]
"(Default)" = "{241D7F03-9232-4024-8373-149860BE27C0}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCR\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
"(Default)" = "%System%\VBScript.dll"

[HKCR\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\InprocHandler32]
"(Default)" = "ole32.dll"

[HKCR\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\LocalServer32]
"(Default)" = "D:\V41~1.EXE"

[HKCR\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCR\QMDispatch.QMLibrary.Inner]
"(Default)" = "QMDispatch.QMLibrary.Inner"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015120920151210]
"CacheRepair" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\CLSID\{EBEB87A5-E151-4054-AB45-A6E094C5334B}\ProgID]
"(Default)" = "QMDispatch.QMLibrary.Inner"

[HKCR\Interface\{3F4DACA2-160D-11D2-A8E9-00104B365C9F}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
"ThreadingModel" = "Both"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}]
"(Default)" = "QMDispatch.QMVBSRoutine"

[HKCR\VBS\CLSID]
"(Default)" = "{B54F3741-5B07-11cf-A4B0-00AA004A55E8}"

[HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
"ThreadingModel" = "Both"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCR\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\InProcServer32]
"ThreadingModel" = "Apartment"

[HKCR\ScriptControl]
"(Default)" = "ScriptControl Object"

[HKCR\VBS Author\CLSID]
"(Default)" = "{B54F3742-5B07-11cf-A4B0-00AA004A55E8}"

[HKCR\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\ToolboxBitmap32]
"(Default)" = "%System%\MSScript.ocx,102"

The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Backdoor deletes the following registry key(s):

[HKCR\VBS]
[HKCR\VBScript\OLEScript]
[HKCR\VBScript Author\CLSID]
[HKCR\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\OLEScript]
[HKCR\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{0AEE2A92-BCBB-11D0-8C72-00C04FC2B085}]
[HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\ProgID]
[HKCR\VBScript Author\OLEScript]
[HKCR\VBScript.Encode\OLEScript]
[HKCR\VBScript.RegExp\CLSID]
[HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}]
[HKCR\VBS Author]
[HKCR\VBScript.RegExp]
[HKCR\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
[HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]
[HKCR\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}]
[HKCR\VBS Author\CLSID]
[HKCR\VBS Author\OLEScript]
[HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\ProgID]
[HKCR\VBScript.Encode\CLSID]
[HKCR\VBScript.RegExp\OLEScript]
[HKCR\VBScript]
[HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\OLEScript]
[HKCR\VBS\OLEScript]
[HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\OLEScript]
[HKCR\VBScript Author]
[HKCR\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
[HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
[HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
[HKCR\VBScript\CLSID]
[HKCR\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}]
[HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\TypeLib]
[HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\Version]
[HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
[HKCR\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\ProgID]
[HKCR\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\ProgID]
[HKCR\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
[HKCR\VBScript.Encode]
[HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories]
[HKCR\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
[HKCR\VBS\CLSID]
[HKCR\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories]
[HKCR\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories]
[HKCR\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\OLEScript]
[HKCR\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}]
[HKCR\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}]

The Backdoor deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process ctfmon1.exe:1952 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 8F AC 7F A8 67 0A 43 23 0C 72 6A 03 A1 F8 48"

[HKCU\Software\Microsoft\CTF\LangBar]
"ExtraIconsOnMinimized" = "1"

[HKCU\Software\Microsoft\CTF\Sapilayr]
"ProfileInitialized" = "1"

[HKCU\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000409\{09EA4E4B-46CE-4469-B450-0DE76A435BBB}]
"Enable" = "0"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%WinDir%\ime]
"sptip.dll,-600" = "Speech Recognition"

To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe" = "%System%\ctfmon.exe"

The Backdoor deletes the following value(s) in system registry:
The Backdoor disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"

The process %original file name%.exe:464 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 60 40 7F 05 84 55 A3 56 FC D9 29 95 EA 20 39"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:]
"server.exe" = "360杀毒 启动程序"

"×Ô¶¯ÊÕ»õV4.1.exe" = "QMacro's macro runner."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The process Server.exe:1328 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\Rat]
"ConnectGroup" = "ĬÈÏ·Ö×é"

Dropped PE files

MD5 File path
a20de3836893f50f73c61ec0a2e45ad7 c:\Documents and Settings\"%CurrentUserName%"\Application Data\qmacro\qdisp.dll
037b1e7798960e0420003d05bb577ee6 c:\Documents and Settings\svchost.exe
60416b828d157d47568c6543bd2e52b2 c:\WINDOWS\Temp\hx107.tmp
5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\WINDOWS\system32\ctfmon1.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 22442 22528 4.47873 f67e97a816d8398d216c91c01800fb17
.rdata 28672 4496 4608 3.58804 0f7b157b78f399340e80aa07581634eb
.data 36864 110424 1024 3.18325 99140708b36c93b713dac5ad4a21f093
.ndata 147456 266240 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 413696 16384 16384 3.08561 4bc8ee2956b4ec6119cd002728de15ef

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 5
277cb9edff20c230f8ba8dc2b19c0d22
6dc8a4a5ba303a9efdf303d097e8fe04
d1ec397d79b14dedd3cd27f677fbf2cf
3f985241cbae555a4e4666810a4f8496
394bf7603e5e28be21052e94c35a0810

URLs

URL IP
hxxp://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm 117.27.139.156
hxxp://ad.vrbrothers.com/xjl/mmcount.aspx?mm=000322F3B03368BC5DDF47F65E57B03959F01688D1C9E1002EB47ACB38B6637D25955DA074380AC8A6361945&randcode=00038B7CE0497B62E1017B9154FE484925E2B84176B79B2FD7C71945 117.27.139.156
hxxp://ad.vrbrothers.com/qmacro/v8/ad-mymacro.xml 117.27.139.156
hxxp://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm 117.27.139.156
hxxp://ad.vrbrothers.com/qmacro/ad-mymacro8-n.htm 117.27.139.156
hxxp://js.adm.cnzz.net/s.php?sid=401069 42.156.140.143
hxxp://js.adm.cnzz.net/js/s.js?v=20140108 42.156.140.143
hxxp://js.adm.cnzz.net/aroute.php?sid=401069&width=1276&height=846&isf=1&domain=&proid=&pid=&fid=&mid=&floorid=&time=144968390702121&referer=&href=http://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm&queueid=1 42.156.140.143
hxxp://img.users.51.la/321019.asp 42.236.74.208
hxxp://cache.adm.cnzz.net.a.hichinacdn.net/material/8d/e/f97f5aec6423f2058a1ab68892cb5.jpg 195.27.31.250
hxxp://hm.e.shifen.com/hm.js?9f7c90c4f314eb12aa0ed7c4b4d9d002
hxxp://am1.adm.cnzz.net/stat.gif?sid=401069&aid=248687&mid=290329&ip=194.242.96.218&cookie=2c277e98b2408060b31dd3337925de03&showp=1276x846&href=http://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm&referer=&rtime=1449683907818&js=2 42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?rsid=401069&raid=248687&rmid=290329&rip=194.242.96.218&rcookie=2c277e98b2408060b31dd3337925de03&showp=1276x846&href=http://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm&referer=&rtime=1449683907834&view=1 42.156.162.21
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=1990573015&si=9f7c90c4f314eb12aa0ed7c4b4d9d002&st=1&v=1.1.20&lv=1&tt=vrbrothers-276*226
hxxp://common7.dpool.sina.com.cn/statistic/index/?url=28977c8f6d42a25dbcc2994418c60f0e
hxxp://ara.sina.com.cn/
hxxp://ara.sina.com.cn/308/2014/0424/13/strandwhitetop.css
hxxp://weibo.grid.sinaedge.com/game/homepage/js/jquery.min.js
hxxp://weibo.grid.sinaedge.com/games/2016/home/jquery-plugin-slide.js
hxxp://weibo.grid.sinaedge.com/games/2016/home/jquery-plugin-pop.js
hxxp://ara.sina.com.cn/307/2014/7/jquery.inview.min.js
hxxp://weibo.grid.sinaedge.com/games/2016/home/8.js
hxxp://weibo.grid.sinaedge.com/game/news/2015/js/Chart.min.js
hxxp://weibo.grid.sinaedge.com/973/homepage/slide.js
hxxp://weibo.grid.sinaedge.com/games/2016/home/modernizr.custom.28922.js
hxxp://weibo.grid.sinaedge.com/game/article/js/gametophtml.js
hxxp://beacon.sina.com.cn/a.gif?V=2.1.13&CI=sz:1276x846|dp:32|ac:Mozilla|an:MSIE|cpu:x86|pf:Win32|jv:1.3|ct:lan|lg:en-us|tz:-2|fv:10|ja:1&PI=pid:0-9999-0-0-1|st:0|et:1|ref:|hp:N|PGLS:|ZT:|MT:|keys:|dom:24|ifr:0&UI=vid:undefined|sid:2365770130630.8916.1449683920506|lv::1:1:1|un:|uo:|ae:|lu:|si:|rs:0|dm:0|su:&MT=&EX=ex1:|ex2:&gUid_1449683920506 219.142.78.243
hxxp://beacon.sina.com.cn/ckctl.html 219.142.78.243
hxxp://ara.sina.com.cn/js/ssologin.js?version20140415
hxxp://cms.sina.cn/games/gpapi/gethometopwrap.shtml?_=1449683921334
hxxp://weibo.grid.sinaedge.com/7f6aec65/20151103/50x50.png
hxxp://weibo.grid.sinaedge.com/default/SG_top_white2014.png
hxxp://weibo.grid.sinaedge.com/7f6aec65/20151103/shou50.png
hxxp://jtpool.grid.sinaedge.com/gm/home/2014/slogo1.jpg
hxxp://jtpool.grid.sinaedge.com/gm/home/2014/slogo2.jpg
hxxp://jtpool.grid.sinaedge.com/gm/home/2014/gray.png
hxxp://jtpool.grid.sinaedge.com/gm/project/netgame200/grey.gif
hxxp://jtpool.grid.sinaedge.com/gm/home/2014/slogo3.jpg
hxxp://weibo.grid.sinaedge.com/game/homepage/headbg.jpg
hxxp://weibo.grid.sinaedge.com/game/homepage/logo.png
hxxp://jtpool.grid.sinaedge.com/litong/zhitou/sinaads/release/sinaads.js
hxxp://sax.sina.com.cn/newimpress?adunitid=PDPS000000005326&rotate_count=67&TIMESTAMP=ihz4dodd&referral=http://games.sina.com.cn/&callback=_sinaads_cbs_wa46dx 180.149.136.49
hxxp://sax.sina.com.cn/newimpress?adunitid=PDPS000000005325&rotate_count=67&TIMESTAMP=ihz4dodd&referral=http://games.sina.com.cn/&callback=_sinaads_cbs_taiyx9 180.149.136.49
hxxp://jtpool.grid.sinaedge.com/litong/pengchunli/SinaDotBgSponsor_new.js
hxxp://sax.sina.com.cn/view?type=bottom&t=UERQUzAwMDAwMDAwNTMyNg==&_sinaads_sio_log_1lz6hl 180.149.136.49
hxxp://sax.sina.com.cn/view?type=bottom&t=UERQUzAwMDAwMDAwNTMyNQ==&_sinaads_sio_log_cs339c 180.149.136.49
hxxp://jtpool.grid.sinaedge.com/201511/23/1397020.jpg
hxxp://jtpool.grid.sinaedge.com/201511/25/1397333.jpg
hxxp://weibo.grid.sinaedge.com/default/close.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/icon_nav_trangle_w.png
hxxp://jtpool.grid.sinaedge.com/201511/23/1397019.jpg
hxxp://weibo.grid.sinaedge.com/games/2016/home/list-style-dot.jpg
hxxp://js.adm.cnzz.net/s.php?sid=401068 42.156.140.143
hxxp://weibo.grid.sinaedge.com/games/2016/home/list-style-video.jpg
hxxp://sax.sina.com.cn/newimpress?adunitid=PDPS000000057495&rotate_count=67&TIMESTAMP=ihz4dodd&referral=http://games.sina.com.cn/&callback=_sinaads_cbs_bl4w7a 180.149.136.49
hxxp://sax.sina.com.cn/newimpress?adunitid=PDPS000000057496&rotate_count=67&TIMESTAMP=ihz4dodd&referral=http://games.sina.com.cn/&callback=_sinaads_cbs_lf80xi 180.149.136.49
hxxp://common7.dpool.sina.com.cn/api/outdomain_user/user_popularity/?callback=jQuery17004132216354772744_1449683916271&uids=2297193711&_=1449683927693
hxxp://cms.sina.cn/games/gpapi/product/get_wy_cpk_test_today.d.html?callback=jQuery17004132216354772744_1449683916272&_=1449683928131
hxxp://common7.dpool.sina.com.cn/api/newgamerank.php?type=week&num=3
hxxp://js.adm.cnzz.net/aroute.php?sid=401068&width=1276&height=846&isf=1&domain=&proid=&pid=&fid=&mid=&floorid=&time=1449683928631631&referer=&href=http://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm&queueid=1 42.156.140.143
hxxp://weibo.grid.sinaedge.com/games/2016/home/list-style-img.jpg
hxxp://weibo.grid.sinaedge.com/games/2016/home/icon_search.png
hxxp://weibo.grid.sinaedge.com/default/20151020/jrmk-fxiwazu5649776.jpg
hxxp://sax.sina.com.cn/newimpress?adunitid=PDPS000000057497&rotate_count=67&TIMESTAMP=ihz4dodd&referral=http://games.sina.com.cn/&callback=_sinaads_cbs_56jou2 180.149.136.49
hxxp://sax.sina.com.cn/newimpress?adunitid=PDPS000000057498&rotate_count=67&TIMESTAMP=ihz4dodd&referral=http://games.sina.com.cn/&callback=_sinaads_cbs_eeflew 180.149.136.49
hxxp://weibo.grid.sinaedge.com/games/2016/home/ad_bg.png
hxxp://ara.sina.com.cn/blank/important/2015-10-29/doc--ifxkhqea2858028.js
hxxp://weibo.grid.sinaedge.com/default/20151105/Rkmz-fxkniur2906037.jpg
hxxp://action.adm.cnzz.net/bench.gif?sid=401068&type=js&loadtime=-1&rtime=302 42.156.162.53
hxxp://cache.adm.cnzz.net.a.hichinacdn.net/material/a8/2/e1537fea1e043634e7359bee6656a.jpg 195.27.31.250
hxxp://am1.adm.cnzz.net/stat.gif?sid=401068&aid=248688&mid=290330&ip=194.242.96.218&cookie=2c277e98b2408060b31dd3337925de03&showp=1276x846&href=http://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm&referer=&rtime=1449683930052&js=2 42.156.162.21
hxxp://security.weibo.com/visitor/visitor?from=iframe
hxxp://jtpool.grid.sinaedge.com/gm/2015/0420/U4662P115DT20150420103608.jpg
hxxp://weibo.grid.sinaedge.com/games/2016/home/nav_bigPic_mask.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/vip.png
hxxp://security.weibo.com/js/visitor/mini.js
hxxp://weibo.grid.sinaedge.com/games/2016/home/icon_close.png
hxxp://jtpool.grid.sinaedge.com/gm/2015/0701/U4662P115DT20150701155704.jpg
hxxp://weibo.grid.sinaedge.com/games/20151209/sT3X-fxmifzh4426979.jpg
hxxp://weibo.grid.sinaedge.com/games/transform/20151204/w3vk-fxmifze7596446.jpg
hxxp://weibo.grid.sinaedge.com/default/20151102/jkcH-fxkhcfq1061208.png
hxxp://jtpool.grid.sinaedge.com/gm/mgame/icon175x171.png
hxxp://weibo.grid.sinaedge.com/default/20150925/Ccwo-fxieymv7626767.png
hxxp://weibo.grid.sinaedge.com/blog7swf/fonts.swf
hxxp://weibo.grid.sinaedge.com/default/20150925/8X0v-fxifmki9508491.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/arrow_down.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_png.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img14.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/part1jpg.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/vip2.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/circle.png
hxxp://weibo.grid.sinaedge.com/game/homepage/kan.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/duan.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/amask.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/shou.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/sprite.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img2.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img15.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img6.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img7_2.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img7_1.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img7_3.gif
hxxp://weibo.grid.sinaedge.com/games/transform/20151209/5Vzm-fxmifzh4426786.jpg
hxxp://weibo.grid.sinaedge.com/games/transform/20151209/Z7tz-fxmisxu6320311.jpg
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img16.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img13.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img17.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img9.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/icon_kan.jpg
hxxp://weibo.grid.sinaedge.com/973/homepage/opacity.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img22.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/li_img11.gif
hxxp://weibo.grid.sinaedge.com/games/2016/home/icon_CGWR.jpg
hxxp://weibo.grid.sinaedge.com/games/7db3788e/20151126/203233800-652-2013-07-04-13-02-17.jpg
hxxp://weibo.grid.sinaedge.com/69acd7be/20150925/huan.png
hxxp://weibo.grid.sinaedge.com/games/2016/home/icon_date.jpg
hxxp://n.sinaimg.cn/games/2016/home/jquery-plugin-pop.js 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/icon_search.png 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/arrow_down.png 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/ad_bg.png 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/li_png.png 222.73.28.96
hxxp://cache.adm.cnzz.net/material/a8/2/e1537fea1e043634e7359bee6656a.jpg 195.27.31.250
hxxp://n.sinaimg.cn/games/2016/home/li_img15.gif 222.73.28.96
hxxp://d1.sina.com.cn/201511/25/1397333.jpg 115.238.190.239
hxxp://n.sinaimg.cn/7f6aec65/20151103/shou50.png 222.73.28.96
hxxp://n.sinaimg.cn/default/SG_top_white2014.png 222.73.28.96
hxxp://hm.baidu.com/hm.js?9f7c90c4f314eb12aa0ed7c4b4d9d002 220.181.7.190
hxxp://games.sina.com.cn/307/2014/7/jquery.inview.min.js 121.14.1.190
hxxp://n.sinaimg.cn/games/2016/home/modernizr.custom.28922.js 222.73.28.96
hxxp://sjs.sinajs.cn/blog7swf/fonts.swf 222.73.28.96
hxxp://d9.sina.com.cn/litong/zhitou/sinaads/release/sinaads.js 115.238.190.239
hxxp://n.sinaimg.cn/games/2016/home/li_img16.gif 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/icon_nav_trangle_w.png 222.73.28.96
hxxp://games.sina.com.cn/ 121.14.1.190
hxxp://n.sinaimg.cn/games/2016/home/icon_close.png 222.73.28.96
hxxp://n.sinaimg.cn/game/homepage/js/jquery.min.js 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/li_img7_3.gif 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/nav_bigPic_mask.png 222.73.28.96
hxxp://n.sinaimg.cn/default/20151020/jrmk-fxiwazu5649776.jpg 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/8.js 222.73.28.96
hxxp://n.sinaimg.cn/69acd7be/20150925/huan.png 222.73.28.96
hxxp://interface.sina.cn/games/gpapi/product/get_wy_cpk_test_today.d.html?callback=jQuery17004132216354772744_1449683916272&_=1449683928131 111.13.87.211
hxxp://n.sinaimg.cn/games/2016/home/li_img11.gif 222.73.28.96
hxxp://cache.adm.cnzz.net/material/8d/e/f97f5aec6423f2058a1ab68892cb5.jpg 195.27.31.250
hxxp://n.sinaimg.cn/games/2016/home/list-style-img.jpg 222.73.28.96
hxxp://n.sinaimg.cn/game/homepage/logo.png 222.73.28.96
hxxp://n.sinaimg.cn/973/homepage/slide.js 222.73.28.96
hxxp://n.sinaimg.cn/games/transform/20151204/w3vk-fxmifze7596446.jpg 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/vip2.gif 222.73.28.96
hxxp://n.sinaimg.cn/default/20151105/Rkmz-fxkniur2906037.jpg 222.73.28.96
hxxp://i2.sinaimg.cn/gm/home/2014/slogo2.jpg 123.126.157.222
hxxp://n.sinaimg.cn/games/2016/home/circle.png 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/li_img17.gif 222.73.28.96
hxxp://interface.sina.cn/games/gpapi/gethometopwrap.shtml?_=1449683921334 111.13.87.211
hxxp://n.sinaimg.cn/games/2016/home/list-style-video.jpg 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/shou.png 222.73.28.96
hxxp://i0.sinaimg.cn/gm/home/2014/gray.png 115.238.190.239
hxxp://www.sinaimg.cn/gm/2015/0701/U4662P115DT20150701155704.jpg 115.238.190.239
hxxp://n.sinaimg.cn/games/2016/home/li_img2.gif 222.73.28.96
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=401069&raid=248687&rmid=290329&rip=194.242.96.218&rcookie=2c277e98b2408060b31dd3337925de03&showp=1276x846&href=http://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm&referer=&rtime=1449683907834&view=1 42.156.162.21
hxxp://www.sinaimg.cn/gm/2015/0420/U4662P115DT20150420103608.jpg 115.238.190.239
hxxp://n.sinaimg.cn/games/7db3788e/20151126/203233800-652-2013-07-04-13-02-17.jpg 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/icon_date.jpg 222.73.28.96
hxxp://www.sinaimg.cn/gm/mgame/icon175x171.png 115.238.190.239
hxxp://n.sinaimg.cn/games/2016/home/jquery-plugin-slide.js 222.73.28.96
hxxp://d1.sina.com.cn/201511/23/1397020.jpg 115.238.190.239
hxxp://n.sinaimg.cn/games/2016/home/part1jpg.png 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/sprite.png 222.73.28.96
hxxp://i2.sinaimg.cn/gm/home/2014/slogo3.jpg 123.126.157.222
hxxp://n.sinaimg.cn/game/news/2015/js/Chart.min.js 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/duan.png 222.73.28.96
hxxp://d1.sina.com.cn/litong/pengchunli/SinaDotBgSponsor_new.js 115.238.190.239
hxxp://n.sinaimg.cn/default/20151102/jkcH-fxkhcfq1061208.png 222.73.28.96
hxxp://i3.sinaimg.cn/gm/project/netgame200/grey.gif 115.238.190.239
hxxp://n.sinaimg.cn/games/2016/home/li_img9.gif 222.73.28.96
hxxp://passport.weibo.com/visitor/visitor?from=iframe 203.90.242.119
hxxp://n.sinaimg.cn/games/2016/home/li_img7_1.gif 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/li_img13.png 222.73.28.96
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=1990573015&si=9f7c90c4f314eb12aa0ed7c4b4d9d002&st=1&v=1.1.20&lv=1&tt=vrbrothers-276*226 220.181.7.190
hxxp://n.sinaimg.cn/game/homepage/headbg.jpg 222.73.28.96
hxxp://kan.sina.com.cn/api/outdomain_user/user_popularity/?callback=jQuery17004132216354772744_1449683916271&uids=2297193711&_=1449683927693 123.126.42.251
hxxp://n.sinaimg.cn/games/2016/home/li_img14.gif 222.73.28.96
hxxp://n.sinaimg.cn/games/20151209/sT3X-fxmifzh4426979.jpg 222.73.28.96
hxxp://passport.weibo.com/js/visitor/mini.js 203.90.242.119
hxxp://n.sinaimg.cn/default/20150925/Ccwo-fxieymv7626767.png 222.73.28.96
hxxp://i2.sinaimg.cn/gm/home/2014/slogo1.jpg 123.126.157.222
hxxp://n.sinaimg.cn/games/2016/home/vip.png 222.73.28.96
hxxp://n.sinaimg.cn/game/homepage/kan.png 222.73.28.96
hxxp://games.sina.com.cn/blank/important/2015-10-29/doc--ifxkhqea2858028.js 121.14.1.190
hxxp://n.sinaimg.cn/games/2016/home/li_img6.gif 222.73.28.96
hxxp://n.sinaimg.cn/games/transform/20151209/Z7tz-fxmisxu6320311.jpg 222.73.28.96
hxxp://i.sso.sina.com.cn/js/ssologin.js?version20140415 121.14.1.189
hxxp://e.games.sina.com.cn/statistic/index/?url=28977c8f6d42a25dbcc2994418c60f0e 123.126.42.251
hxxp://n.sinaimg.cn/default/20150925/8X0v-fxifmki9508491.png 222.73.28.96
hxxp://hi.vrbrothers.com/xjl/mmcount.aspx?mm=000322F3B03368BC5DDF47F65E57B03959F01688D1C9E1002EB47ACB38B6637D25955DA074380AC8A6361945&randcode=00038B7CE0497B62E1017B9154FE484925E2B84176B79B2FD7C71945 117.27.139.156
hxxp://n.sinaimg.cn/games/2016/home/icon_kan.jpg 222.73.28.96
hxxp://n.sinaimg.cn/973/homepage/opacity.gif 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/list-style-dot.jpg 222.73.28.96
hxxp://n.sinaimg.cn/7f6aec65/20151103/50x50.png 222.73.28.96
hxxp://n.sinaimg.cn/games/transform/20151209/5Vzm-fxmifzh4426786.jpg 222.73.28.96
hxxp://d3.sina.com.cn/litong/zhitou/sinaads/release/sinaads.js 115.238.190.239
hxxp://d1.sina.com.cn/201511/23/1397019.jpg 115.238.190.239
hxxp://games.sina.com.cn/308/2014/0424/13/strandwhitetop.css 121.14.1.190
hxxp://n.sinaimg.cn/games/2016/home/icon_CGWR.jpg 222.73.28.96
hxxp://n.sinaimg.cn/game/article/js/gametophtml.js 222.73.28.96
hxxp://n.sinaimg.cn/default/close.png 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/li_img7_2.gif 222.73.28.96
hxxp://ka.sina.com.cn/api/newgamerank.php?type=week&num=3 123.126.42.251
hxxp://n.sinaimg.cn/games/2016/home/li_img22.gif 222.73.28.96
hxxp://n.sinaimg.cn/games/2016/home/amask.png 222.73.28.96
vipimg.51.la 222.187.225.123
down.vrbrothers.com 117.27.139.156
libai5313264.gicp.net 174.128.255.228


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY HTTP Request on Unusual Port Possibly Hostile
ET POLICY Outdated Windows Flash Version IE

Traffic

GET /gm/home/2014/gray.png HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i0.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Dec 2015 03:37:31 GMT
Content-Type: image/png
Content-Length: 1002
Last-Modified: Fri, 23 May 2014 02:18:08 GMT
Expires: Sat, 12 Dec 2015 03:37:31 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 524695
X-Cache: HIT from ctc.gz.2ae4.52.spool.sina.com.cn
Via: http/1.1 ctc.ningbo.ha2ts4.105 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.ningbo.ha2ts4.105,c=194.242.96.218
.PNG........IHDR..............2......tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:44BB2728D2C3E311AA21A5CC7C525087" xmpMM:DocumentID="xmp.did:C244
1F03C45411E38CD8DE15152DE3F1" xmpMM:InstanceID="xmp.iid:C2441F02C45411
E38CD8DE15152DE3F1" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:44BB2728D2C3E311AA21
A5CC7C525087" stRef:documentID="xmp.did:44BB2728D2C3E311AA21A5CC7C5250
87"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>9%v.....IDATx.b...?.1...H0..:.........j..\...
.IEND.B`.HTTP/1.1 200 OK..Server: nginx..Date: Sat, 05 Dec 2015 03:37:
31 GMT..Content-Type: image/png..Content-Length: 1002..Last-Modified: 
Fri, 23 May 2014 02:18:08 GMT..Expires: Sat, 12 Dec 2015 03:37:31 GMT.
.Cache-Control: max-age=604800..Accept-Ranges: bytes..Age: 524695..X-C
ache: HIT from ctc.gz.2ae4.52.spool.sina.com.cn..Via: http/1.1 ctc.nin
gbo.ha2ts4.105 (ApacheTrafficServer/4.2.1.1 [cRs f ])..X-Via-CDN: f=Ed
ge,s=ctc.ningbo.ha2ts4.105,c=194.242.96.218...PNG........IHDR.....
<<< skipped >>>


GET /api/outdomain_user/user_popularity/?callback=jQuery17004132216354772744_1449683916271&uids=2297193711&_=1449683927693 HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: kan.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Date: Wed, 09 Dec 2015 17:58:44 GMT
Server: Apache
Set-Cookie: ci_session=a:5:{s:10:"session_id";s:32:"68d82e4e05ff6b363e98903f5e2e992f";s:10:"ip_address";s:14:"194.242.96.218";s:10:"user_agent";s:120:"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; ";s:13:"last_activity";i:1449683924;s:9:"user_data";s:0:"";}17a934ed00408d0683357493b6183a21; expires=Wed, 09-Dec-2015 19:58:44 GMT; path=/
Cache-Control: max-age=60
Expires: Wed, 09 Dec 2015 17:59:44 GMT
DPOOL_HEADER: 10.73.48.77
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 128
Connection: close
Content-Type: text/html
SINA-LB:aGEuMTY1LmcxLnRjLmxiLnNpbmFub2RlLmNvbQ==
Set-Cookie: dpha=usrmdinst_30; path=/
SINA-TS:YmNkMjlhY2UgMCAwIDAgMTMgMjMK
..........E.K..0.F...#M.p..r.*\.i...QB....].9<'...2....U.f.......T=
......c.syn..e..`J[B...F.F..r.....-...z..@.{)...Zk=._#.........



GET /blank/important/2015-10-29/doc--ifxkhqea2858028.js HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: games.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: nginx
Date: Wed, 09 Dec 2015 17:58:20 GMT
Last-Modified: Fri, 30 Oct 2015 03:49:37 GMT
Expires: Wed, 09 Dec 2015 18:00:20 GMT
Cache-Control: max-age=120
Age: 25
Content-Length: 1285
X-Cache: HIT from ctc.gz.1cf2.43.spool.sina.com.cn
HTTP/1.1 200 OK..Content-Type: application/x-javascript..Vary: Accept-
Encoding..Content-Encoding: gzip..Server: nginx..Date: Wed, 09 Dec 201
5 17:58:20 GMT..Last-Modified: Fri, 30 Oct 2015 03:49:37 GMT..Expires:
 Wed, 09 Dec 2015 18:00:20 GMT..Cache-Control: max-age=120..Age: 25..C
ontent-Length: 1285..X-Cache: HIT from ctc.gz.1cf2.43.spool.sina.com.c
n.............VOo.E.?...0l#.n..&n.!..@....*z.."k.;.N...v.vR.. .......h
AjQ...(..B[.e..s.W....^oR.......{..w.l..Hrq:r4...[3......}.,VhU......~
..J.W#..m..E< V.[..>._.c....s......!.d..zeB5......y\.Y.....D.F.r
[...P.........o..=..8...].Vu1.....'}G{wEC>.-_&.Z.N......3H....^....
)p...$.......|(2$......t}.'.....pqD.....X.U.!..J...>[email protected]....
.K1u.......E..t...=..4.....8#...[......X......J..i.uX.0..Hn....Rj.....
.Z.Rc.......#...."y(.'..#?$ME....O.#.~CHZ....<S...Y-.!u._%.~.......
v.....NkL....C7.H.........>J...../g..~.E....iA.<..~y..UQ.F......
.......W.~...$.Hw=.Xv#...Rp..j|s7...!=.syG.P/....>.A..bI9 `..|...3.
$n..A....[.[.&.....;..../.G....a.2[...s.f..R..v.[.e..~.e6e.Y../...<
\cMn..gg.SO.fT.6.j.......?.K..:...........F.x.dg.....d].[=..]_:B......
..$=..^............o.gJP......>!m...........{..Q.TC.s......L&-....K
.L......^J&Xz...#6.E..].0......l).qI.2}I7 ..ty..Ut.t.}.lT...7.......AP
.t...a7.u..vJM;..HG............~....:.....,..=...o?...f.....&4......&l
t;o\..g..5..E.9,}..Z.(k.....^Z...v2.{..=.v;.I.........k.A=.........g9S
7...=}....t(...\./..0.y.\P...~.]&g.M....k.>3..........9A..y<....
.....<..0Or..{..f......7..q..!9.\.|...]d...J.<.Z...AV~....D.
<<< skipped >>>


GET /gm/mgame/icon175x171.png HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Content-Type: image/png
Last-Modified: Mon, 23 Mar 2015 05:37:05 GMT
Expires: Sun, 13 Dec 2015 07:04:40 GMT
Cache-Control: max-age=604800
X-Cache: HIT from ctc.gz.1be4.55.spool.sina.com.cn
Content-Length: 5074
Accept-Ranges: bytes
Date: Mon, 07 Dec 2015 14:20:25 GMT
Age: 298448
Via: 1.1 varnish, http/1.1 ctc.ningbo.ha2ts4.100 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Varnish: HIT from GZ236-222.sina.com.cn
X-Via-CDN: f=Edge,s=ctc.ningbo.ha2ts4.100,c=194.242.96.218
.PNG........IHDR...2...2......?......sRGB.........gAMA......a.....pHYs
..........o.d...gIDAThC.ZY.[...c..q..)...c.....[-..j.z.....b..p.......
[email protected][email protected].........;.;.?..m.......0&l
t;........~..G.}...wu.188j...V...]...W..i#...7.....C'1<..3cp...C..S
.G. f....G*.c........[.7..Qdw.....$.\....X.k7...!&....}..m.=.0.a9g=..`
:...dD>[email protected]=...f...\[.S.X..X....... a.S d.aJ...z..q#..:D.Yk
#...{.!C@.~.(X.eCzW..A.......b1.iY...Zw7..^..Q..%[email protected]..."C.{..
.....0...F...#.."..([.=..!...l[........W.n.....".QDx.......<.M&.7F.
.x.....y.O}.57 ....... ....L$..I...K.Vd........./.Y..>..l ....k..(.
.0..'0..@2$.%...rM>e.e.[..ZB.{.H....EQ...$?.h.]@W....{2.:;`........
8.X.v.`.1.._GDH.p.....L.u.H..ZR.P!Rk.A.....L..p...3.^,F[Q........H....
a....N..Eh.t.0r;.!.......ED.h.].vDEa................V....2..rW'.@..#.d
^..u.A$).d$..0.l.!......u..v.T.....C..Hu.D.Q.0..Fi...."[email protected]
...u......:.[..&.........V....s ..".. .....E...k...:.....C"s..Jh....Uq
....)..<fEB.$$f=n.}...)...C.JRn`..Y.e}.........b.;[email protected] ..
.d.x....f...g. 4.Q..\[email protected]..)@.\.<.&.-....L.2....5...D
G.../.....7..............w..nc.v5r.~.:H..,...T...Y.......s^OE......U..
z.d~5..|e..Q..A9.F`...[..791..d../.....W.......0O...s?....V..nF..uC""'
.....-.Dr.,[..rL$Z..N-.....Z.0..CH..1z,....sd.g..\r)R.W"9.......o.....
..#3...W...-..9...B.....gv.B..f...m.8..G..........Q.k..4R.M..B..X.....
.m.#.:.....>..;9....:.w.X3.w. ...4.."O.C...9...1..O...[Ga.Nc&u.....
n.9q...?...(.3..:.....58D.EY!..].4=.....F,......f;.Q.K.....0.8..v.
<<< skipped >>>


GET /321019.asp HTTP/1.1
Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.users.51.la
Connection: Keep-Alive


HTTP/1.1 302 Object moved
Date: Wed, 09 Dec 2015 17:58:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: hXXp://vipimg.51.la:82/go.asp?svid=2&id=321019&style=0&vpage=http://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm&7093.984.gif
Content-Length: 280
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>.<b
ody><h1>Object Moved</h1>This object may be found <a
 HREF="hXXp://vipimg.51.la:82/go.asp?svid=2&id=321019&style=0&
amp;vpage=http://ad.vrbrothers.com/qmacro/ad-mymacro8%
2Dp.htm&7093.984.gif">here</a>.</body>.HTTP/1.1 3
02 Object moved..Date: Wed, 09 Dec 2015 17:58:13 GMT..Server: Microsof
t-IIS/6.0..X-Powered-By: ASP.NET..Location: hXXp://vipimg.51.la:82/go.
asp?svid=2&id=321019&style=0&vpage=http://ad.vrbrothers.com%
2Fqmacro/ad-mymacro8-p.htm&7093.984.gif..Content-Length: 280..
Content-Type: text/html..Cache-control: private..<head><title
>Object moved</title></head>.<body><h1>Obje
ct Moved</h1>This object may be found <a HREF="hXXp://vipimg.
51.la:82/go.asp?svid=2&id=321019&style=0&vpage=http:/%
2Fad.vrbrothers.com/qmacro/ad-mymacro8-p.htm&7093.98
4.gif">here</a>.</body>.....


GET /321019.asp HTTP/1.1


Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.users.51.la
Connection: Keep-Alive


HTTP/1.1 302 Object moved
Date: Wed, 09 Dec 2015 17:58:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: hXXp://vipimg.51.la:82/go.asp?svid=2&id=321019&style=0&vpage=http://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm&7115.234.gif
Content-Length: 280
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>.<b
ody><h1>Object Moved</h1>This object may be found <a
 HREF="hXXp://vipimg.51.la:82/go.asp?svid=2&id=321019&style=0&
amp;vpage=http://ad.vrbrothers.com/qmacro/ad-mymacro8%
2Db.htm&7115.234.gif">here</a>.</body>.HTTP/1.1 3
02 Object moved..Date: Wed, 09 Dec 2015 17:58:35 GMT..Server: Microsof
t-IIS/6.0..X-Powered-By: ASP.NET..Location: hXXp://vipimg.51.la:82/go.
asp?svid=2&id=321019&style=0&vpage=http://ad.vrbrothers.com%
2Fqmacro/ad-mymacro8-b.htm&7115.234.gif..Content-Length: 280..
Content-Type: text/html..Cache-control: private..<head><title
>Object moved</title></head>.<body><h1>Obje
ct Moved</h1>This object may be found <a HREF="hXXp://vipimg.
51.la:82/go.asp?svid=2&id=321019&style=0&vpage=http:/%
2Fad.vrbrothers.com/qmacro/ad-mymacro8-b.htm&7115.23
4.gif">here</a>.</body>...



GET /newimpress?adunitid=PDPS000000057498&rotate_count=67&TIMESTAMP=ihz4dodd&referral=http://games.sina.com.cn/&callback=_sinaads_cbs_eeflew HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sax.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Server: openresty
Date: Wed, 09 Dec 2015 17:58:44 GMT
Content-Type: application/javascript
Content-Length: 135
Connection: close
Content-Encoding: gzip
SINA-LB:aGEuMTIzLmcyLnlmLmxiLnNpbmFub2RlLmNvbQ==
SINA-TS:ZDdiYWRlY2UgMCAxIDEgNiAyCg==
.........../..KLL).ON*.OMM.I-..V.M,.-.Q....QJL...J.@J).% ...L.M,-.t.J*
.R.2%[email protected],...y9....Vr~^Ij^.....ZM..................



GET /games/gpapi/product/get_wy_cpk_test_today.d.html?callback=jQuery17004132216354772744_1449683916272&_=1449683928131 HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: interface.sina.cn
Connection: Keep-Alive
Cookie: statuid=__194.242.96.218_1449683917_0.23966900; statuidsrc=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)`194.242.96.218`http://interface.sina.cn/games/gpapi/gethometopwrap.shtml?_=1449683921334`http://games.sina.com.cn/`__194.242.96.218_1449683917_0.23966900; ustat=__194.242.96.218_1449683917_0.23966900; genTime=1449683917; vt=99


HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Set-Cookie: vt=99; expires=Thu, 08-Dec-2016 17:58:44 GMT; path=/; domain=.sina.cn
Cache-Control: max-age=240
Date: Wed, 09 Dec 2015 17:58:00
Expires: Wed, 09 Dec 2015 18:02:00 GMT
Last-Modified: Wed, 09 Dec 2015 18:02:00 GMT
X-Comos-Header: 4
X-Comos-Cost: 0.005
X-Comos-ppByF: 66706
X-Comos-ppByR: 
X-Comos-cByF: 
X-Comos-cByR: c100751 c77791 c35727 c1713
Server_IP: 172.16.88.55
Content-Encoding: gzip
SINA-LB:aGEuMjguZzEueWhnLmxiLnNpbmFub2RlLmNvbQ==
SINA-TS:YzZiYWMzNjggMCAwIDAgMjQgNwo=
144...............j. .E....B.Fc.7....4G1..n....iJ.}.....}... .........
...."..1... BxQ......#p^[email protected]...:.?z....*.......#x~ZE\{.Q.
Ld[9(.:ce..C.X...q"3.US..........#.."..R1s.E ...\w$b..F......1)9....._
l..-b.....YYP.(.<f.....*.c..CN....[.m..Xu.U.y...~>J9a".M^......~
.VM%.9D...?...f.&...U....J..c.Y.w... <...^^....$.JH......0..



GET /litong/zhitou/sinaads/release/sinaads.js HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d9.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: nginx
Date: Wed, 09 Dec 2015 17:57:10 GMT
Last-Modified: Wed, 18 Nov 2015 09:49:30 GMT
Expires: Wed, 09 Dec 2015 18:02:10 GMT
Cache-Control: max-age=300
Age: 91
Content-Length: 19879
X-Cache: HIT from ctc.gz.28e4.220.spool.sina.com.cn
Via: http/1.1 ctc.ningbo.ha2ts4.113 (ApacheTrafficServer/4.2.1.1 [cHs f ])
X-Via-CDN: f=Edge,s=ctc.ningbo.ha2ts4.113,c=194.242.96.218
.............r.H.(...}......."/........i.},...K.......4Aj......F|/....
....P.....7.gZ.jI........9..K....3.........t.`~.......^<.a...l....e
.~:m.....I...........U...t.........[.=z......[J.=.2.....m.kK>j.<
z.......QM.Gu........{Z)x..t.....U .y..w.....*.WW..<.n..Q..m.I.....
>4%X{........Q.'`M....".....>.....5R.9($~..B..e..6...vDt.......w
5x..H...G..$..g......$.4i.....3DM*zp..U..O....s.GZO.i>@[email protected]
]....Z|.o.......0:...^...KXr&.=..Xea#[.b.i..........i.&.....^.........
;..Z...A....\(..>C..."...,.o>D.q~^..:.V..s....>......e.aS...i
.a.<...x...,....."].ei.B..T....82.._M......-...*q...$!>..}......
kS ./B..E..X%.e..8p=....I....4.Y...C...#...@..$.v....I..'K.q.;....,.&:
.....a.A...2...t..xy.....Dq....K..f.........9^..Y.|.EQ.:....)}..E.6LG.
../.(].._...E.|5.........Ob....~{."...^.\.S.7.i......|..'0Q......f.0.?
.N..........._].z.X...|.....<lgI...X..l1.fev.j_...4.4.l>.g......
f._...b...A`...~.1....k...v.$.6-;\,.E.e..Xw.....C..@....]}....8..Fkh..
\....,.6...5Z...f.....t:Og8...s.A...Y...c.f....:..&....W.........1g.*.
.e.h_. .f..$.Lk.s.P..,....2.E)[email protected].&\k.7FK%.... V....0[...?..c/.
.y....S.X.'.6...Fb...L......|...].Tk9Y...Yx.x..kz-3...ii..Pl.....0-...
P~c/`aU....r..e...zO.....gO~8........,..........|..."...c.....;d-D9{..
I.....D.m.........={ozH.'l.......Z-X.......O.C..5..........-..........
a.]...!..p.?P...$D...*O..&/.;...$...T1...... .Q...3(.....5._S..CZ2...}
.y.. 6.0..,^..~...K.\1...F^..9;...a...*...oB.._.s........|........j...
::A.C;.<.)....'._).Z.`^.Z:[email protected]./.....d...9........Q
<<< skipped >>>


GET /js/visitor/mini.js HTTP/1.1
Accept: */*
Referer: hXXp://passport.weibo.com/visitor/visitor?from=iframe
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: passport.weibo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Dec 2015 17:58:46 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 16 Apr 2015 03:25:58 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Expires: Wed, 09 Dec 2015 18:00:46 GMT
Cache-Control: max-age=120
DPOOL_HEADER: nyx67
Content-Encoding: gzip
SINA-LB:aGEuMTY5LmcxLmh5ZHMubGIuc2luYW5vZGUuY29t
SINA-TS:YjJlOTgyY2UgMCAwIDAgMTQgMQo=
2863.............}.r.H...P^l....E;...6..CRDd...Q$$!."Y.(.....a.4.1....
....m..#.l...p.TDdY.TVR........=_..p......K..\.V..U.L..........d....].
5........? Z..N...;....9.}..!...........z..O.................XeZp6..F&
gt;-.m.'.o~t{....i)mK....^O.....8./...........?...........U......b0..a
0..........cWKNug..c..........U.?.s.jv.h.................XAz..=..0...D
......i...N....8~.j....~..Uv...r...jVwJ...vi.j.J...a..S. U.. ..2XS6...
....p....]?..a._.*k6y...%.p..J..9.;.....Ai...)...S1 ....;..P.l<.~7|
}...p.....0.....C.6|.u...{.th.fi...X2......k.V...>.....`8...W ..#..
..F.gO..@..(.....G.l.G..}:....w......(.*@N.p8.a..............]...WK...
...VK.X......T...``.0....h2.}......7....A.R.TJ.m9...,.X....iV*.....P..
..bs.<.#.r.......[..{...R2...of...n...v...s.......f..w._)....{...]{
.z.T....*.#[email protected]..\.l.b..Ju..q_... ..9;.9..........=.>.:.
.Z.R;8`...V.1.......r ..D~y.D.k....0.D.........5..=.....*...VuK;;;....
;........ ._Z..m...;.."O.r`U.].R.i.....}.T.........k..)"g.5.wM.....@..
|.9..9w...C7..k..L.......C..F....e.JS;..A?...Z.j.^s.Z Y..._.......{...
w...s?:..............f...#..-.6....1....^m.gS..G#.d.9.u2n.'.}........p
>.....yh...-.y.....l.N...s0...Q..?xdx..rC. [email protected]..
...g0...&....}.V......r.Ft.......A.D.Y....G.dOF#`[email protected]...,.]N.....
.|[email protected]......  C..^....8..]Je.HO.......Z..T....BQ.t.j|.&g
t;.6/.(...q...a....._......?~.........N..'.........>.Q.0.......n...
F.......|.J.4G;......fi.F4..Z ....^...>..?..;.qH..3.2....o..z..8...
.1..D>...`..>..c..Ez49...3.......M.k.Om.=*...z.....u...j.~..
<<< skipped >>>


GET /bench.gif?sid=401068&type=js&loadtime=-1&rtime=302 HTTP/1.1
Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: action.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Wed, 09 Dec 2015 17:58:45 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Wed, 22 Jan 2014 06:28:11 GMT
Connection: close
Accept-Ranges: bytes



GET /view?type=bottom&t=UERQUzAwMDAwMDAwNTMyNg==&_sinaads_sio_log_1lz6hl HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sax.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Server: openresty
Date: Wed, 09 Dec 2015 17:58:43 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
SINA-LB:aGEuMTE5LmcyLnlmLmxiLnNpbmFub2RlLmNvbQ==
SINA-TS:ZDRiYWRlY2UgMCAwIDAgNiAxCg==
33............s.t..Ldd`d.....?Y.AL....a`brad....... .....0..



GET /newimpress?adunitid=PDPS000000005325&rotate_count=67&TIMESTAMP=ihz4dodd&referral=http://games.sina.com.cn/&callback=_sinaads_cbs_taiyx9 HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sax.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Server: openresty
Date: Wed, 09 Dec 2015 17:58:42 GMT
Content-Type: application/javascript
Content-Length: 337
Connection: close
Content-Encoding: gzip
SINA-LB:aGEuMTE5LmcyLnlmLmxiLnNpbmFub2RlLmNvbQ==
SINA-TS:ZTliYWRlY2UgMCAxIDEgNiAzCg==
...........Q[k.0../.e..&M/V(Cp{St.OVJ.f]f..6.^../.../.%......GN.rIH.f4
o3M.....AE.u#.d...R.<.n.,g.W.s...`...f....[~.q.G...=V..h[3.P..#..fR
_y.....Z...M..9V.CU.P...D.B...E8.0..g]...... R2[.\.n.Zr.e......Lr....:
Y?....i7...x........~5".t.<.x....s:"...4....L... &9....Q.F5..2...Z5
.g.....9..!.\..]w..d..1y..<B.....(".....1C.\.............#.......



GET /js/ssologin.js?version20140415 HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i.sso.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: nginx
Date: Wed, 09 Dec 2015 17:57:49 GMT
Last-Modified: Fri, 08 Aug 2014 05:57:32 GMT
Expires: Wed, 09 Dec 2015 17:59:49 GMT
Cache-Control: max-age=120
Age: 48
Content-Length: 13091
X-Cache: HIT from ctc.gz.1cf2.45.spool.sina.com.cn
...........}.w...._Itn.R..0...>x.8.m.$w.0...d......l.....z....7..7.
L,.R]]]{w..............$K..(J\..:L..&..|8.....#.].S.<...,.......p.%
l2..J.~.....x...f....y...t..&o..Ev.V.....65I.4=...pr.'7.C.`......U^...
.M|1.....^....=.4..N...d...,.vVVF....'a.......4^.C.x...r.H(|..w..\.x.=
.'...~6H.c..0....C.=..i.....'.x............K8...^7..,.. ..l8.V..3..E4.
....0.fqb...i:....A\S ...s.t.3L3.....Qv.....s.%.Q.l.c2...b.e....|xQ.|.
[email protected]]"._..
.(P.....9....p.....9>.D%].]...d8....^"........K..1.....&..".&.N..?.
a..b....&-...3%..B..8.3..Q..x8..A....=.....Y...b.<.....p.FTx.E.TF..
%A.08)[email protected]./...0....j...l..Y..........3#-..DdW.....M..X..".
....m.M....k.*l..z.....s.......t7..p..e....p...,..[C-[kH..\...........
....t..........9L.81.......I......z)..I...bM..;L....{tg.}.6.5k.....Y..
ld-l....^.......m?...l.jL..u?$.Yx6...;.3r-..Qx....h.z._... ..9.../Q..'
...K.NH.e.d..@v.[.^7..zs.{.j4...z..}.`.... B....a.n.?.B.g....!...S...&
lt;s.^.T.......s.. @7L.fc..Bk.1..g........Y<..;..\....B.F....JN<
......N..M].g([email protected].....
.V.K.. ..2.A.U.n:....M.........<.F.@.,.V*[email protected]..\....(...n.i.
gq?.=gL..g.z9p.aq.../..q.yN.z..`px..C7......3..8..T..o.v....2-U.(k..8(
...qK.!..o..w.PJ\x...yl..`..C,G...sd..!3>.......W.,L.h}M...l|....N.
..._]..[.../...'..B....4.Q...q...Os]..A...%.....:.. "[..{..p...L..n.[Z
.7...... .O3K..|....,7.... _w..GW.&N.....Q.l.i.......M..A.'..\.N.GGy8.
.([email protected].%..G.f!p.)..az..#..x;......r...9.'u..A.N
<<< skipped >>>


GET /stat.gif?sid=401068&aid=248688&mid=290330&ip=194.242.96.218&cookie=2c277e98b2408060b31dd3337925de03&showp=1276x846&href=http://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm&referer=&rtime=1449683930052&js=2 HTTP/1.1
Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: am1.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.2
Date: Wed, 09 Dec 2015 17:58:46 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=5
Last-Modified: Thu, 07 Jun 2012 02:47:58 GMT
Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: Tengine/1.4.2..Date: Wed, 09 Dec 2015 17:58:4
6 GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-al
ive..Keep-Alive: timeout=5..Last-Modified: Thu, 07 Jun 2012 02:47:58 G
MT..Accept-Ranges: bytes..



GET /qmacro/ad-mymacro8-b.htm HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ad.vrbrothers.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 09 Nov 2015 05:35:03 GMT
Accept-Ranges: bytes
ETag: "80dded61b01ad11:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 09 Dec 2015 17:58:18 GMT
Connection: close
Content-Length: 754
...........TOo.H.?7R..t"m.kO....;.m.v%v.P.p...I....3.&...ho ....p.....
QZA./....W`f....q....M..~...=.....d.L^.\.>.|...2............._..G..
.....ON..........{......l.^...:..BwJ...;mp...o7.e.@....".#."..;..."i 4
...a..Y.un....T.li.."M".T..q..#.......ixz.b...DH[_j.Q.#..S...2...`...q
$h$..^B!.R.....R.M...q*....5....b/[email protected]#.........5rkVY...f3fH.b 
...|[email protected])&.&.i..E.R...3BY.JF..a@@....x.iRMb..Kz.z2/...8..7..W......
....Qh....D..((Z.{;=.."..$.p..a..(Vh@>....Tg..rU^@.......l.(.......
...f....[..9h.T.@=}a..]..:.....&........?}x.P.1={9~.|ux|........s..*.d
.A"...uw...Nw..v.{n.d...3........oz...fD..f.'.< N.`...|K.A....$.T..
O*:x..TT.....iIi.hM..~..1..f. ..b.Z*Z....S..d.C..SnT-ZVS.Z..m.R.jk..z.
]. .......k...,jN)...W_..8.51O.\..9.......n.....l......U.p.......



GET /s.php?sid=401068 HTTP/1.1
Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: js.adm.cnzz.net
Connection: Keep-Alive
Cookie: ADM_USER=2c277e98b2408060b31dd3337925de03


HTTP/1.1 200 OK
Server: Tengine/1.4.2
Date: Wed, 09 Dec 2015 17:58:43 GMT
Content-Type: application/x-javascript;charset=gbk
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Last-Modified: Wed, 09 Dec 2015 17:58:43 GMT
Expires: Thu, 10 Dec 2015 05:58:43 GMT
Content-Encoding: gzip
6a7.............W.o.6......6.T$KvV.]R%.....4C..Cm/`d.. ..E.i....;=...i
.b..#.....d.'V...B..6.V|2Y...Y.s..l.D.*L.01 .....[Ns....Y.9F....Z.c...
.;j..[...-.~.Y...:a1...2......P>..\.`..j*[email protected]..`-.. ..U..p.1.T
....U.,[email protected]......~_H...#...r..T.C.L..0.4%[email protected].[.U..
L.)/.he..).p..6%^..".RMSt..h..<.c....../t..ppZh.D.#M.. ......D... .
.;..5;.Vzh...2U..b^TL...f.?...z.3.5.....?.N.z.........N.x.........d.0.
yx.A....s8....#?.....NN/Y...SG..a...1.b...j.MDVH.....K8.6Iy.Z...F.(.#.
Es..3..K^..*-..^.;.@jL>Qct....(9....A..".*&D.....P9...o..N..K:KhKq.
.(.().h J.!:...........}p....^.w*....L.U....U...S.....6.d>.i.\.3..q
..L...3........!..OM....6ev-g..(..\B............XIF..z.T.ii./..87F....
..=.....0S.......73.X.j..z!.(.zhK..uf.1.E.[)o.w*....O2..Jd...y .w.....
....2 ......\.g.m.}....%..b(.I.....[.eU.k...xX..`CU..o...........1....
x.">.u....../.#....~....#o.y.........r....Dt$..K9=.]...1E....Ma....
......A.[d".<......E...AUx.'..K(...dp <..K.x.2....S...3.r...oa.w
w.ea...J?..".....-..e...C)U......I...U{-..N..p.{T....a.?.=.?..zG..e..E
T.........P........P.h.......K...ZA...Z`?..I...k\U}......b..F/b[...~C.
._....yzt..b.I%<v.jUy.SrS.......SLx.d.F..............\....=Z...... 
..%\.e%...6.U..W.Zyk..X....$...6v.7{...\..b...V2}.q..D..D..:.......Q.n
...P..z.`R..C.....8..`.>...)%...o.!.o..M.........-(.>i..?~\'.L.^
.....^..K.>8w...V.,.2f.0S./.0.Y&%..3..[.O...FMA..4I!<.=....mj..Q
w...)...4........7}.......6..>..)...z..n...%....G0.K..rK/-.<.W.5
.r.*pN..>`=/..<x....hS.>.O5...-.o.4....~..u.*./.*....i.].
<<< skipped >>>

GET /aroute.php?sid=401068&width=1276&height=846&isf=1&domain=&proid=&pid=&fid=&mid=&floorid=&time=1449683928631631&referer=&href=http://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm&queueid=1 HTTP/1.1


Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: js.adm.cnzz.net
Connection: Keep-Alive
Cookie: ADM_USER=2c277e98b2408060b31dd3337925de03


HTTP/1.1 200 OK
Server: Tengine/1.4.2
Date: Wed, 09 Dec 2015 17:58:45 GMT
Content-Type: application/x-javascript;charset=gbk
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Encoding: gzip
390.............Wis.H.. ..$..".CJ..BX.uK....`..9.0.d...w..'r..Jy..~k..
.7...Mg..........{...8.S4.....gZ. i..1...L.o0..;@...k_..Q.fDL.#.F.}O.8
.~....q..<.....u..$N....y..EQ.....H.E..E..ZN.i..g...^z:.).$..(.]b.I
`u..x...(........J..".9..<.N...v..tN. ...P.B...(D)....,.0.....(....
.L/F...........k"y..<=....H....XI..w.......4....e..{..o/;\a....,..i
l>..Ug....h..'.j......<[email protected]...........,m.Y...m^dy..!r..
.0...$|8.f...:./....Q..~8.#.......$.E.{g%.^...s.. Y........&.eQ. .!'..
(AU.u.BE...^.B..D.$.T..z.....(......A{[email protected]:..$.:..,..)"..^...../
.P.e.....\ ..Z''..s-I.K.5nd.r:.O..G.(zC....a...?(. <........&g.eqeo
m.7..6v15.......*...R..."9..^..].....l.$.23w....3;X%.......u@!:.;MY..2
...J<.x^.%.Y...T...u...{V.xjE....#.P.I7T:x.> [email protected].%.]
qg..p.....n.s..v.......c>^..8....6K.XD....;?....~..uM..........|[.H
c.....d]p....2..".b p..x..%U.<W.;....ac.;..V..f.Y...%.wi.....?...bt
.|[...J.rR.~lL.{S.O...Qm.....c...q.....0..HTTP/1.1 200 OK..Server: Ten
gine/1.4.2..Date: Wed, 09 Dec 2015 17:58:45 GMT..Content-Type: applica
tion/x-javascript;charset=gbk..Transfer-Encoding: chunked..Connection:
 keep-alive..Keep-Alive: timeout=5..Vary: Accept-Encoding..P3P: CP="CU
Ra ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI
 DSP COR"..Content-Encoding: gzip..390.............Wis.H.. ..$..".CJ..
BX.uK....`..9.0.d...w..'r..Jy..~k...7...Mg..........{...8.S4.....gZ. i
..1...L.o0..;@...k_..Q.fDL.#.F.}O.8.~....q..<.....u..$N....y..EQ...
..H.E..E..ZN.i..g...^z:.).$..(.]b.I`u..x...(........J..".9..<.N
<<< skipped >>>


GET /7f6aec65/20151103/shou50.png HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 07:19:30 GMT
Content-Type: image/png
Content-Length: 3973
X-RequestId: 0f8fb24f-1512-0715-1929-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 03 Nov 2015 06:12:12 GMT
X-Filesize: 3973
ETag: "e5e7f46c1c0a87744c9ca530cbef02fd"
x-amz-meta-crc32: 24458FD0
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 211149
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
.PNG........IHDR...2...2......?......tEXtSoftware.Adobe ImageReadyq.e&
lt;...(iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2015 (Macintosh)" xmpMM:InstanceID="xmp.iid:E0FD35A27A1411E5A0
F7BB3EAA823768" xmpMM:DocumentID="xmp.did:E0FD35A37A1411E5A0F7BB3EAA82
3768"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E0FD35A07A14
11E5A0F7BB3EAA823768" stRef:documentID="xmp.did:E0FD35A17A1411E5A0F7BB
3EAA823768"/> </rdf:Description> </rdf:RDF> </x:xmpm
eta> <?xpacket end="r"?>........IDATx..Z{..G.?g....5.....jj..
..>b.CC...*P.l..o.mTR..L.ibbH*.......,}..D..411...X..5R..RmI(`.....
...93gv...ta..7;;3..;g.i..0....E|]....u..}nK..k.d..=..]..H......|...w.
...~...=..... [email protected]. ...w.WH...B?..(....#.6....-.2q..Bu.W.MC...:..
.(...]&....o....w""...J..H%..'2).<&....@,...dD2.a.).QYy.Ky......p;.
.CYGCE...m..%\ ;G-M..h..}...wY...y<".xO..(...c.t.jhw..%....8IaM|..p
......t...E.D...,2.......s..^.c...0....7..uR..3ed.*R_(....^.$...T.TT.2
w...d.l..23..M...A.........PZ..'.)..RJ4&.v....c..G8..X....l<.\.Y...
.I.X9....2.4.\u.2.: ,....g.3...LI.........V[pq../.R....\...}...~..
<<< skipped >>>

GET /default/close.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Sat, 05 Dec 2015 20:38:57 GMT
Content-Type: image/png
Content-Length: 1502
X-RequestId: 0f73bf6f-1512-0604-3855-f80f41f2a2c0
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Fri, 07 Nov 2014 07:00:53 GMT
X-Filesize: 1502
ETag: "35bd89838e3ed7c82eb1b816ad7d8aab"
x-amz-meta-crc32: 4AD112D9
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 335988
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
.PNG........IHDR...N...&.....j..*....tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:7D808CCB3503E31198E8FE26A545B9D3" xmpMM:DocumentID="xmp.did:7659
595F664711E48B0BB31BF4EEDFAE" xmpMM:InstanceID="xmp.iid:7659595E664711
E48B0BB31BF4EEDFAE" xmp:CreatorTool="AdobHTTP/1.1 200 OK..Server: Teng
ine/2.1.0..Date: Sat, 05 Dec 2015 20:38:57 GMT..Content-Type: image/pn
g..Content-Length: 1502..X-RequestId: 0f73bf6f-1512-0604-3855-f80f41f2
a2c0..X-Requester: GRPS000000ANONYMOUSE..Last-Modified: Fri, 07 Nov 20
14 07:00:53 GMT..X-Filesize: 1502..ETag: "35bd89838e3ed7c82eb1b816ad7d
8aab"..x-amz-meta-crc32: 4AD112D9..Cache-Control: max-age=31536000..Ac
cess-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Leng
th..Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEA
D..Access-Control-Max-Age: 31536000..Access-Control-Allow-Origin: *..A
ge: 335988..Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer
/4.2.1.1 [cRs f ])..X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.
242.96.218...PNG........IHDR...N...&.....j..*....tEXtSoftware.Adob
<<< skipped >>>

GET /default/20151020/jrmk-fxiwazu5649776.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 15:46:12 GMT
Content-Type: image/jpeg
Content-Length: 33727
X-RequestId: 14bb5196-1512-0923-4610-90b11c0435b5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 20 Oct 2015 11:10:26 GMT
X-Filesize: 33727
ETag: "867a620fab166555ce205442a06eee58"
x-amz-meta-crc32: 28853808
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 7954
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
......JFIF..............Exif..II*...........................b.........
..j...(...........1.......r...2...........i................'...'...'..
.'..Adobe Photoshop CS3 Windows.2015:10:20 19:09:12...................
......}...........}...........................................&...(...
....................................H.......H.............JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................}.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..o0V'...._....2M...l...........O.#
.Y... 8....=i.'.....f9nE.i.M~...z... @6#?M.f.....N.^..G......T.MM.:...
=..tr.Rs/n6]fYs$.....`..;....;k.~.....s......V<.^ ...K....5mt;A..u.
...........n.*.ml.....-'.V..I.....z..<dno.%4.=..A...8..J..?.....P..
.x.tv...y......8....c....H" ..c......e.$.>J....v4...^...}.}6..Z.5..
.;e..E.EB..p.}g{.....kG.....V.T..<...Z....q...q......6....=.@......
.{..G.*.c<......R.o..;.S$l.M.e....`Q .5.T}......O`w..-....c}G.\4...
.Xe#s..4...?..k.&Y..Q".6F..W..,l..:.V#.cv:[email protected]. ..h.~...m.~.
.<{..../w....V.i...... ...~?..4SM..X...M......._...NE....Z=0.7f.*..
8......Z.C..C.......p...I....s..w...we..(..]m......m/...W..Q..0K..
<<< skipped >>>

GET /games/2016/home/vip.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Tue, 08 Dec 2015 02:08:08 GMT
Content-Type: image/png
Content-Length: 1089
X-RequestId: 1088c43d-1512-0810-0808-f80f41f29525
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Thu, 15 Oct 2015 03:01:45 GMT
X-Filesize: 1089
ETag: "e7d5667a3860703b1978f800314235a6"
x-amz-meta-crc32: 71C0EAA2
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 143438
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
.PNG........IHDR...............o.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...qiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:bbd8d2d7-9c7a-5847-9d84-15e2cefcc153" xmpMM:DocumentID="xmp.did:
0C77F4A570CF11E59C13AB896C8D83A2" xmpMM:InstanceID="xmp.iid:0C77F4A470
CF11E59C13AB896C8D83A2" xmp:CreatorTool="Adobe Photoshop CC (Windows)"
> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:d7b30cf1-ab09-1a4
6-8473-05db39ea53ed" stRef:documentID="xmp.did:bbd8d2d7-9c7a-5847-9d84
-15e2cefcc153"/> </rdf:Description> </rdf:RDF> </x:x
mpmeta> <?xpacket end="r"?>.1.....fIDATx.b..........N.n..`...
..tFL>66:[email protected]|....`..2-..?.....@...:d.D.D.0.fXj.:Fj.8l>b.G.
1.#..i.G....... ........IEND.B`.....
<<< skipped >>>

GET /games/transform/20151204/w3vk-fxmifze7596446.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 09:54:28 GMT
Content-Type: image/jpeg
Content-Length: 4790
Last-Modified: Fri, 04 Dec 2015 10:14:13 GMT
ETag: "56616775-12b6"
Accept-Ranges: bytes
Age: 29060
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
......JFIF.............C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222......b....".....................................
.......................}........!1A..Qa."q.2....#B...R..$3br........%&
'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................
......................................................................
.............................w.......!1..AQ.aq."2...B.....#3R..br...$4
.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................
................................................................?..02.
T....8.p.......\v5)..0.".&.".F.H.G.OKb...~...a......z......btz...\c..U
.e%:.u.a..H...H.RE.)<......O.-C.$..-w(**.........X..k.R..U...Y...py
...>....uw:Z....j......I.....0.}..H.vA..<.yX.:....2...*...Ed.u.B
....(..A......N..".XUK._..s......F...e..SD...*....S.1.[.i.v%......^.?J
.p.602z.Z.............=.xi.... c.....QZ\...n6.0~.....Ks.....g..W`.`2.#
....9...}."..n.Ek... q.|6...(.....K..... .RGB]...Eqo.\?.8.j..\........
a...I..<[email protected]$....S.....HTTP/1.1 200 OK
..Server: Tengine/2.1.0..Date: Wed, 09 Dec 2015 09:54:28 GMT..Content-
Type: image/jpeg..Content-Length: 4790..Last-Modified: Fri, 04 Dec 201
5 10:14:13 GMT..ETag: "56616775-12b6"..Accept-Ranges: bytes..Age: 2906
0..Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 
[cRs f ])..X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.21
8........JFIF.............C................................... $.'
<<< skipped >>>

GET /games/2016/home/duan.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 00:10:58 GMT
Content-Type: image/png
Content-Length: 1477
X-RequestId: 0f13f800-1512-0708-1055-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:03 GMT
X-Filesize: 1477
ETag: "8a0ac063684c1cd6faaef4835dd50e2f"
x-amz-meta-crc32: 5F1B6EF9
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 236877
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
.PNG........IHDR...,.........J3......tEXtSoftware.Adobe ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:EF72D968560611E5B419
8A95AE2F4E02" xmpMM:DocumentID="xmp.did:EF72D969560611E5B4198A95AE2F4E
02"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EF72D966560611
E5B4198A95AE2F4E02" stRef:documentID="xmp.did:EF72D967560611E5B4198A95
AE2F4E02"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>.......5IDATx..W;H.A....i.....P..`.@@P.
V*6...X......E.O.`.....ja.PP.VAM!*F.GT.M.....96.........{...o...\.5.._
[email protected]....#...).ns#;..b#...9.0.`.K..9'..1,?...9...F.W.Kx.S..k....
..{.....a... sV....s0......^U........0%&...........;..K.....c.:.......
.)....y.L....19K.,Y.9..|s..&...j.. .G..Q2w.....C....} s......... .)..A
[email protected]......:S..FL.........C.X;s......&.keW...Ae...."v.|)..M
I.......!..}......\.*k...?..;...~lN..{....k...H0.@ .Z.g5....-.2.2...z.
yJ9...L?.....T..U....T.T.D.?~......wP.`.o....."..}*o.{<k..0..>..
.....s./............k..../J....gz.D .|..".k...[...R...........IEND
<<< skipped >>>

GET /games/2016/home/sprite.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 14:32:53 GMT
Content-Type: image/png
Content-Length: 13430
X-RequestId: 14a0a442-1512-0922-3251-90b11c0435b5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:26 GMT
X-Filesize: 13430
ETag: "3d2e7c34804d8eaf89d24b92b987658a"
x-amz-meta-crc32: 92914E0D
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 12362
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
.PNG........IHDR...,...,.....y}.u....tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:39A82158D04EE411840BF3756C36F675" xmpMM:DocumentID="xmp.did:3E8F
DB425AAF11E58F7DA916405274B6" xmpMM:InstanceID="xmp.iid:3E8FDB415AAF11
E58F7DA916405274B6" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EF4BE7D6536B11E48053
863C476F161C" stRef:documentID="xmp.did:EF4BE7D7536B11E48053863C476F16
1C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>.C.f..0.IDATx....xT...g.....C(. *\.....[...(.
.z-(..h..^."...^[email protected] .........=...l..9.....<_...93g..y.
.9S,6.M.BH0..[@..`.B....B."....!.P..!.,B..`.B....B."....!.P..!.4a.'99.
.........a;a.....................D...KD.^...F..a.u..a.,BH.T.?.....!...
F.......T.=R.....Z... ).c....j.m&...`..?..........y..?!...Ef......a..=
,BHqx...q..C...rxS..)V..3a?,B....B(X........*.f.;...!..[Ow..!.UBB..`.B
(X..B."....!..E.!.,B..`.B(X..B."....!..E.!.,B....B(X..B.".P..!..E.!.,B
....B(X..B.".P..!..E.!.,B....B(X..B."[email protected]..|...
<<< skipped >>>

GET /games/2016/home/li_img7_3.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 11:18:45 GMT
Content-Type: image/gif
Content-Length: 1103
X-RequestId: 0d9e7799-1512-0719-1844-f80f41f294cb
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:15 GMT
X-Filesize: 1103
ETag: "a864f3818f5dde85dea7dac629f6580f"
x-amz-meta-crc32: 0D2284D5
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 196813
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
GIF89a.......1.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC (Windows)" xmpMM:InstanceID="xmp.iid:9252F1CC579B11E5A7C2C6C8F
43D1983" xmpMM:DocumentID="xmp.did:9252F1CD579B11E5A7C2C6C8F43D1983"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9252F1CA579B11E5A7C
2C6C8F43D1983" stRef:documentID="xmp.did:9252F1CB579B11E5A7C2C6C8F43D1
983"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>............................................
......................................................................
................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJI
HGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .......................
..........!.......,..................c....;....
<<< skipped >>>

GET /games/2016/home/li_img13.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 06:48:13 GMT
Content-Type: image/png
Content-Length: 1315
X-RequestId: 13f90ec5-1512-0914-4811-90b11c0435b5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:17 GMT
X-Filesize: 1315
ETag: "3aa8c1c82413f2c9a8f4b092ed28b8ec"
x-amz-meta-crc32: 968AD700
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 40245
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
.PNG........IHDR...>...>.....s..D....tEXtSoftware.Adobe ImageRea
dyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5
M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:
xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "
> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns
#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com
/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe
 Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:5301B133586211E585A
FEA6D4AAC2762" xmpMM:DocumentID="xmp.did:5301B134586211E585AFEA6D4AAC2
762"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5301B13158621
1E585AFEA6D4AAC2762" stRef:documentID="xmp.did:5301B132586211E585AFEA6
D4AAC2762"/> </rdf:Description> </rdf:RDF> </x:xmpme
ta> <?xpacket end="r"?>........IDATx....J.P....tp.4.....:.T.q
..C}..&.*N.M..2(8h.WQ.]............gk...|.6m._n.n..`[email protected]...
Bf.Yd..!kH...QseH..eB.8Cm.53... ..G..>...V....r/~...#q.\gz.Ct..Y.|.
....-../.....D./5f..>.."r'6*An.~.......-N........z.w0x5..(.....<
.~~F.X.F.p..'.p..'.p..'.p..'.p..'.p..'.p..'.p..'.Ox..[....m..... |. ..
.m..^.m{..5......;............%.w)l".:`3.;../.....{V].......Sg..[.G...
.L..;s...a..........m.....[.v..M.......-..!......IEND.B`.....
<<< skipped >>>

GET /games/2016/home/li_img9.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 00:28:26 GMT
Content-Type: image/gif
Content-Length: 1174
X-RequestId: 00cae379-1512-0908-2826-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:15 GMT
X-Filesize: 1174
ETag: "ceaea629817d4761918a7f89d1ee6ca5"
x-amz-meta-crc32: 42546B7D
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 63031
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
GIF89a.............!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:a37e8960-2a02-da46-b41e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:
7E4FCB13579C11E5A7B2D1414341A60E" xmpMM:InstanceID="xmp.iid:7E4FCB1257
9C11E5A7B2D1414341A60E" xmp:CreatorTool="Adobe Photoshop CC (Windows)"
> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:a919d5ce-9dfb-6a4
5-afb5-fca74331422f" stRef:documentID="xmp.did:a37e8960-2a02-da46-b41e
-fbdd32e08f63"/> </rdf:Description> </rdf:RDF> </x:x
mpmeta> <?xpacket end="r"?>..................................
......................................................................
..........................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTS
RQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .............
....................!.......,..............;....
<<< skipped >>>

GET /973/homepage/opacity.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Tue, 08 Dec 2015 14:56:12 GMT
Content-Type: image/gif
Content-Length: 1163
X-RequestId: 0f5bd609-1512-0822-5611-f80f41f294cb
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Mon, 24 Nov 2014 02:24:14 GMT
X-Filesize: 1163
ETag: "722ff33468a4df19b229379cfc377710"
x-amz-meta-crc32: 78C80EEB
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 97367
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
GIF89a.............!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:82113031FB70E3119FC7906D12FE23B4" xmpMM:DocumentID="xmp.did:49C3
37B99E1511E3A0FC8DFD68F95481" xmpMM:InstanceID="xmp.iid:49C337B89E1511
E3A0FC8DFD68F95481" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F09BE3D0DB99E3118110
B73C1DB92609" stRef:documentID="xmp.did:82113031FB70E3119FC7906D12FE23
B4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>.............................................
......................................................................
...............~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIH
GFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! ........................
.........!.......,...........D..;....
<<< skipped >>>

GET /games/2016/home/li_img11.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Fri, 04 Dec 2015 07:15:29 GMT
Content-Type: image/gif
Content-Length: 1355
X-RequestId: 0d7c8228-1512-0415-1529-f80f41f2a2c0
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:16 GMT
X-Filesize: 1355
ETag: "190e9e8a8a484a81b5a7e3661f57af64"
x-amz-meta-crc32: 158BE8CF
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 470609
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
GIF89a..I....................................................!..XMP Da
taXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x
:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.
151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="http:/
/VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:abo
ut="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:
//ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.
com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:a37e8960-2a02-da46-b41
e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:391643E1579D11E591E29BF9206E
6269" xmpMM:InstanceID="xmp.iid:391643E0579D11E591E29BF9206E6269" xmp:
CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom s
tRef:instanceID="xmp.iid:14CE78D1579D11E5A50ECE03C8B71729" stRef:docum
entID="xmp.did:14CE78D2579D11E5A50ECE03C8B71729"/> </rdf:Descrip
tion> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
......................................................................
............................................................~}|{zyxwvu
tsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:98765
43210/.-, *)('&%$#"! .................................!.......,......I
......I..JQ%.MK"-.r...$.....,t2/...8...Pp....2...#:.......V...Y.(l..h.
.-:@.x.."f.."5&!...RY......pE.AMQ..OTe |iNc|.e4.Du.BC.SD.Z.P.$|J<c 
9q8.....=>.:^.N..;....
<<< skipped >>>

GET /games/7db3788e/20151126/203233800-652-2013-07-04-13-02-17.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 10:35:50 GMT
Content-Type: image/jpeg
Content-Length: 21737
Last-Modified: Thu, 26 Nov 2015 03:03:45 GMT
ETag: "56567691-54e9"
Accept-Ranges: bytes
Age: 26589
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
......Exif..II*...................1.......J...2......._...............
i.......s.......ACD Systems .........2015:11:26 10:39:24...........162
.............................defg...<CREATOR: gd-jpeg v1.0 (using I
JG JPEG v62), quality = 85.............!..............................
......................................................................
......................................................................
............................!..."1A..Qa2q..#BR...3...$b..4r..%&Cc.....
................................................!1..A"Q#2a..q.....B..$
R.3..............?.......qzSw.....|..ZW)y.E.G..9.W..&.sSc\....l.....T.
.c.....^..X.......~.q4...-..'...=......Nm...t~.rt...u....n.B..W..t.|U.
...W.?]4.r..v.X/...Sd.a^3.Jy....S.kq.q.yj6..<.r..M..X.<.,..C..:.
[email protected]?.....p.XV......Ti....0.).. .M......yw{W.:=!..yU..c18.
.........Ha.%.6t...3.......l...^7.N..L...q.A..............c..v.L.v6.q:
......f#[email protected]}...rR5.j._>`..u;..J.l...J.nN........b.o ...i..
:..XuiOnF=4m..T...m.%.'"....) mJ.^....[....RF@..:..G.S.(.w.b....3....9
'.....]z.R.:...Z.J...N.$.yP....$$..y<j.^S.F...:.B}....j9m.Y...N.ki.
..q..3X.^.u...%_.>!....o.p..8....c.....hF..j..}.8..!/!% .....Y...*c
....X........8....(Wo)#....t.....c?H..RP..)8B.9$}x.l.......f^...~.. ..
..`...Z./......mP!....*R.....W........6N./...9._...TzR.j.O..m...B.....
m {#.~.Xy&.*.Pz.%.x.........P.r.3_.......mj..{(......j..?..2.....3....
.6..J......5@.......(~......f..T...BR=.~....MR=pF.....~#....M....V..!U
..V....%IJ..s..~..t..kp.o\1g.ZP..iN..1..s..8...}c..p......{E/s....
<<< skipped >>>

GET /games/2016/home/icon_date.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 12:12:25 GMT
Content-Type: image/jpeg
Content-Length: 1368
X-RequestId: 108878fa-1512-0920-1225-f80f41f294cb
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:10 GMT
X-Filesize: 1368
ETag: "073e4dc7adc25562aab7d06f413f7a1e"
x-amz-meta-crc32: 0B8753A6
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 20795
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
......Exif..II*.................Ducky....



GET /game/homepage/js/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 10:35:25 GMT
Content-Type: application/x-javascript
Content-Length: 94020
X-RequestId: 1446e2c0-1512-0918-3524-f80f41f2a2c0
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Wed, 22 Oct 2014 05:35:48 GMT
X-Filesize: 94020
ETag: "25721ced154b3a99e818431446d7506d"
x-amz-meta-crc32: 01CCFFDA
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 26586
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
/*! jQuery v1.7 jquery.com | jquery.org/license */.(function(a,b){func
tion cA(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.pare
ntWindow:!1}function cx(a){if(!cm[a]){var b=c.body,d=f("<" a ">"
).appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cn|
|(cn=c.createElement("iframe"),cn.frameBorder=cn.width=cn.height=0),b.
appendChild(cn);if(!co||!cn.createElement)co=(cn.contentWindow||cn.con
tentDocument).document,co.write((c.compatMode==="CSS1Compat"?"<!doc
type html>":"") "<html><body>"),co.close();d=co.createE
lement(a),co.body.appendChild(d),e=f.css(d,"display"),b.removeChild(cn
)}cm[a]=e}return cm[a]}function cw(a,b){var c={};f.each(cs.concat.appl
y([],cs.slice(0,b)),function(){c[this]=a});return c}function cv(){ct=b
}function cu(){setTimeout(cv,0);return ct=f.now()}function cl(){try{re
turn new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ck()
{try{return new a.XMLHttpRequest}catch(b){}}function ce(a,c){a.dataFil
ter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.len
gth,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g  ){if(g===1)for(h in a.convert
ers)typeof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g
];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l " " k,n=e[m]||e["* " k];i
f(!n){p=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1]
 " " k];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error
("No conversion from " m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)
))}}return c}function cd(a,c,d){var e=a.contents,f=a.dataTypes,g=a
<<< skipped >>>

GET /games/2016/home/jquery-plugin-slide.js HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Tue, 08 Dec 2015 03:21:38 GMT
Content-Type: application/x-javascript
Content-Length: 4708
X-RequestId: 10a3e1c7-1512-0811-2137-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:47:29 GMT
X-Filesize: 4708
ETag: "64d2cc0c4c64bf3ad522b6990f826c0d"
x-amz-meta-crc32: 6188FB6C
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 139015
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
//[email protected]..//..............................................//
$('.Homeslide').homeslide(home_slide_data);..;(function($) {..    //gu
[email protected]..    $.fn.homeslide = function(data,auto,time) 
{..        var cur = 0;..        var self = $(this);   ..        var l
ength = data.length;..        console.log(length);..        var bigwra
p = self.find('.Homeslide_bigwrap');..        //.........dom..        
var Homeslide_bigpicdiv = self.find('.Homeslide_bigpicdiv');..        
var bigimg = self.find('.Homeslide_bigpicdiv a img');..        var mas
k = self.find('.Homeslide_bigpicdiv_mask')..        var biga = self.fi
nd('.Homeslide_bigpicdiv a');..        var detail = self.find('.Homesl
ide_detail p');..        var ralate = self.find('.Homeslide_ralate');.
.        var thumb= self.find('.Homeslide_thumb ul');..        var li;
..        //....................        var thumb_w;..        var Time
r;..        //...........        (function(){..            thumbcreate
();..            bigto(0);..        })();..        //........        f
unction bigto(n){..            var bgn = n>length?0:n 1;..         
   if(n>=length) n = n-length;..            var dat = data[n];..   
         Homeslide_bigpicdiv.removeClass('Homeslide_bigpicdiv_hover');
..            setTimeout(function(){..                Homeslide_bigpic
div.addClass('Homeslide_bigpicdiv_hover');..            },1);..       
     //bigimg.css({'opacity':1,'transform':'scale(1)'});..            
bigimg.attr('src', dat['image']);..           ..            mask.h
<<< skipped >>>

GET /games/2016/home/jquery-plugin-pop.js HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Fri, 04 Dec 2015 10:26:44 GMT
Content-Type: application/x-javascript
Content-Length: 1753
X-RequestId: 0c0602a8-1512-0418-2641-90b11c0435d5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:47:28 GMT
X-Filesize: 1753
ETag: "33d4c31a9c14d8f18eddd928c9e2d9cf"
x-amz-meta-crc32: B9B6C3CB
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 459109
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
//[email protected]..//..............................................//
$('.Homeslide').homeslide(home_slide_data);..;(function($) {..    //gu
[email protected]..    $.fn.popwindow = function(set) {..        
var self = $(this);  ..        var width = $(window).width();..       
 var height = $(document).height(); ..        var setting= {..        
    w:500,..            h:400,..            fixed:true,..            o
pacity:0.6,..            close:null,..            content:'nothing....
'//.........juqery........        }..        $.each(set, function(inde
x, val) {..             setting[index] = val;..        });..        va
r windwidth = setting.content.width();..        var winheight = settin
g.content.height();..        //console.log(typeof setting.content);.. 
       if(typeof setting.content==="object"){..            setting.con
tent.show().css({..                'position': 'fixed',..             
   'left': width/2-windwidth/2,..                'top':$(window).heigh
t()/2-winheight/2,..                'z-index':1000000..            });
..           // console.log(width '  ' $(this).width());..        }.. 
       var mask = $('<div id="homemask" style="width:100%;height:' 
height 'px;background:#000;position:absolute;left:0;top:0;opacity:' se
tting.opacity ';filter:alpha(opacity=50);z-index:999999"></div&g
t;');..        if($("#homemask").index()==-1)$('body').append(mask);..
        $("#homemask").show();..        function close(){..           
 setting.content.hide();..            //blur.removeClass('blur');.
<<< skipped >>>

GET /games/2016/home/8.js HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 10:45:10 GMT
Content-Type: application/x-javascript
Content-Length: 34122
X-RequestId: 018313d6-1512-0918-4507-90b11c0435d5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:47:26 GMT
X-Filesize: 34122
ETag: "d424a6a740af1d73da96a1f3ec058890"
x-amz-meta-crc32: E483A3AA
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 26004
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
//<![CDATA[..function GetObj(objName){...if(document.getElementById
){....return eval('document.getElementById("'   objName   '")');...}el
se{....return eval('document.all.'   objName);...}..}..function Show_S
ub(id_num,num){ //...........for(var i = 0;i <= 9;i  ){....if(GetOb
j("S_Menu_"   id_num   i)){GetObj("S_Menu_"   id_num   i).className = 
'';}....if(GetObj("S_Cont_"   id_num   i)){GetObj("S_Cont_"   id_num  
 i).style.display = 'none';}...}...if(GetObj("S_Menu_"   id_num   num)
){GetObj("S_Menu_"   id_num   num).className = 'selectd';}...if(GetObj
("S_Cont_"   id_num   num)){GetObj("S_Cont_"   id_num   num).style.dis
play = 'block';}..}..//....../* GetObj begin */..function GetObj(objNa
me){if(document.getElementById){return eval('document.getElementById("
' objName '")')}else if(document.layers){return eval("document.layers[
'" objName "']")}else{return eval('document.all.' objName)}}../* GetOb
j end */../* ..../............ begin */..function hiddenObj(ObjId){Get
Obj(ObjId).style.display="none"}function showObj(ObjId){GetObj(ObjId).
style.display="block"}../* ..../............ end */../* ....className 
begin */..function chgClassName(ObjId,className){GetObj(ObjId).classNa
me=className}../* ....className end */..function showTime(){var date=n
ew Date();var year=date.getYear();year=(year<2008)?(year 1900):year
;var month=date.getMonth() 1;var day=date.getDate();var time=year "." 
month "." day;return time;}../* ========== ............ begin ========
== */../* 081104001 ws begin */../*................SubShowClass(ID
<<< skipped >>>

GET /game/news/2015/js/Chart.min.js HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 09:19:18 GMT
Content-Type: application/x-javascript
Content-Length: 50937
X-RequestId: 1053cf33-1512-0917-1918-f80f41f294cb
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Mon, 02 Feb 2015 07:24:04 GMT
X-Filesize: 50937
ETag: "29d4011ab1647beeeabfb47b80338f5b"
x-amz-meta-crc32: 89C75075
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 31157
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
/*!. * Chart.js. * hXXp://chartjs.org/. * Version: 1.0.1-beta.4. *. * 
Copyright 2014 Nick Downie. * Released under the MIT license. * https:
//github.com/nnnick/Chart.js/blob/master/LICENSE.md. */.(function(){"u
se strict";var t=this,i=t.Chart,e=function(t){this.canvas=t.canvas,thi
s.ctx=t;this.width=t.canvas.width,this.height=t.canvas.height;return t
his.aspectRatio=this.width/this.height,s.retinaScale(this),this};e.def
aults={global:{animation:!0,animationSteps:60,animationEasing:"easeOut
Quart",showScale:!0,scaleOverride:!1,scaleSteps:null,scaleStepWidth:nu
ll,scaleStartValue:null,scaleLineColor:"rgba(0,0,0,.1)",scaleLineWidth
:1,scaleShowLabels:!0,scaleLabel:"<$=value%>",scaleIntegersOnly:
!0,scaleBeginAtZero:!1,scaleFontFamily:"'Helvetica Neue', 'Helvetica',
 'Arial', sans-serif",scaleFontSize:12,scaleFontStyle:"normal",scaleFo
ntColor:"#666",responsive:!1,maintainAspectRatio:!0,showTooltips:!0,to
oltipEvents:["mousemove","touchstart","touchmove","mouseout"],tooltipF
illColor:"rgba(0,0,0,0.8)",tooltipFontFamily:"'Helvetica Neue', 'Helve
tica', 'Arial', sans-serif",tooltipFontSize:14,tooltipFontStyle:"norma
l",tooltipFontColor:"#fff",tooltipTitleFontFamily:"'Helvetica Neue', '
Helvetica', 'Arial', sans-serif",tooltipTitleFontSize:14,tooltipTitleF
ontStyle:"bold",tooltipTitleFontColor:"#fff",tooltipYPadding:6,tooltip
XPadding:6,tooltipCaretSize:8,tooltipCornerRadius:6,tooltipXOffset:10,
tooltipTemplate:"<%if (label){%><$=label%>: <%}%><
;$= value %>",multiTooltipTemplate:"<$= value %>",multiTo
<<< skipped >>>

GET /973/homepage/slide.js HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Sun, 06 Dec 2015 23:35:45 GMT
Content-Type: application/x-javascript
Content-Length: 5208
X-RequestId: 0f0f52be-1512-0707-3543-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Mon, 24 Nov 2014 02:28:48 GMT
X-Filesize: 5208
ETag: "38ed0061f2a869fc60144218661bedb3"
x-amz-meta-crc32: CE4FA2A7
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 238972
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
//..............(function() {..    var $ = function(id) {..        ret
urn document.getElementById(id);..    };..    var wrap = document.getE
lementById('slid');..    //console.log(wrap.clientWidth);..    var Eve
ntUtil = {..        addHander : function(e, t, hander) {..            
if (e.addEventListener) {..                e.addEventListener(t, hande
r, false);..            } else if (e.attachEvent) {..                e
.attachEvent('on'   t, hander);..            } else {..               
 e['on'   t] = hander;..            }..        },..        removeHande
r : function(e, t, hander) {..            if (e.addEventListener) {.. 
               e.removeEventListener(t, hander, false);..            }
 else if (e.attachEvent) {..                e.detachEvent('on'   t, ha
nder);..            } else {..                e['on'   t] = null;..   
         }..        }..    };..    //........................... tag..
................tag..............    function getChildElement(e, tag) 
{..        var childArray = [];..        var tag = tag || false;..    
    if (e.nodeType == 1) {..            var e = e;..        } else {..
            return false;..        }..        var childlist = e.childN
odes;..        for (var i = 0; i < childlist.length; i  ) {..      
      //console.log(e "   " "len:" len "     " i ":   " e.childNodes[i
].nodeType);..            if (childlist[i].nodeType == 1 && tag == fal
se) {..                childArray.push(childlist[i]);..            }..
            if (tag != false) {..                try {..          
<<< skipped >>>

GET /games/2016/home/modernizr.custom.28922.js HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Tue, 08 Dec 2015 02:00:31 GMT
Content-Type: application/x-javascript
Content-Length: 29342
X-RequestId: 1082250e-1512-0810-0030-90b11c0435d5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:47:29 GMT
X-Filesize: 29342
ETag: "f09d1a34796649e9af3da089e1fba61c"
x-amz-meta-crc32: CC13BC4D
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 143884
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
/* Modernizr 2.8.3 (Custom Build) | MIT & BSD. * Build: hXXp://moderni
zr.com/download/#-fontface-backgroundsize-borderimage-borderradius-box
shadow-flexbox-hsla-multiplebgs-opacity-rgba-textshadow-cssanimations-
csscolumns-generatedcontent-cssgradients-cssreflections-csstransforms-
csstransforms3d-csstransitions-applicationcache-canvas-canvastext-drag
anddrop-hashchange-history-audio-video-indexeddb-input-inputtypes-loca
lstorage-postmessage-sessionstorage-websockets-websqldatabase-webworke
rs-geolocation-inlinesvg-smil-svg-svgclippaths-touch-webgl-shiv-csscla
sses-addtest-prefixed-teststyles-testprop-testallprops-hasevent-prefix
es-domprefixes-load. */.;....window.Modernizr = (function( window, doc
ument, undefined ) {..    var version = '2.8.3',..    Modernizr = {},.
.    enableClasses = true,..    docElement = document.documentElement,
..    mod = 'modernizr',.    modElem = document.createElement(mod),.  
  mStyle = modElem.style,..    inputElem  = document.createElement('in
put')  ,..    smile = ':)',..    toString = {}.toString,..    prefixes
 = ' -webkit- -moz- -o- -ms- '.split(' '),....    omPrefixes = 'Webkit
 Moz O ms',..    cssomPrefixes = omPrefixes.split(' '),..    domPrefix
es = omPrefixes.toLowerCase().split(' '),..    ns = {'svg': 'hXXp://ww
w.w3.org/2000/svg'},..    tests = {},.    inputs = {},.    attrs = {},
..    classes = [],..    slice = classes.slice,..    featureName, ... 
   injectElementWithStyles = function( rule, callback, nodes, testname
s ) {..      var style, ret, node, docOverflow,.          div = do
<<< skipped >>>

GET /game/article/js/gametophtml.js HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Sun, 06 Dec 2015 16:10:42 GMT
Content-Type: application/x-javascript
Content-Length: 10406
X-RequestId: 0caeb954-1512-0700-1042-f80f41f294cb
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 20 Oct 2015 11:19:20 GMT
X-Filesize: 10406
ETag: "efc32b59072d6df2feea92304a60efff"
x-amz-meta-crc32: EFDF9A58
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 265675
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
document.write("<div id='SG_top_wrap_div'></div>");..jQuer
y.getScript('hXXp://interface.sina.cn/games/gpapi/gethometopwrap.shtml
',function(){...if(data.code == 1){....$("#SG_top_wrap_div").html(data
.result);....SG_hover("#SG_top_nav","#SGtn_box_wrap");....SG_hover("#S
G_top_phone","#SGtp_box_wrap");....SG_hover("#Sselect","#Sselect_menu_
wrap");....SG_hover("#SG_login","#SG_Login_wrap");....SG_hover("#SG_lo
gined","#SG_Logined_wrap");....$('#SG_form_closed').bind('click',funct
ion(){.....$('#SG_Login_wrap').hide();....})....$('#username').focus(f
unction() {.....if($('#SG_Login_detail').css('display') == 'none')....
.{......$('.SG_Login_detail').slideDown(500);.....}....});......var ui
d = 0;....var cookie = '';....$(document).ready(function() {.....$('#u
sername').focus(function() {......if($.trim($('#username').val()) != '
' )......{.......$('.SG_Login_detail').slideDown(500);.......if(docume
nt.getElementById('clear_username').style.display == 'none').......{..
......$('#clear_username').show();.......}.......$('#tipMsg').hide();.
.....}.....});.....$('#username').blur(function() {......if($.trim($('
#username').val()) != '' ){.......check_prelogin();......}......$('.SG
_Login_detail').slideUp(500);.....});.....$('#password').focus(functio
n() {......//$('#password').html('');......$('#tipMsg').hide();.....})
;.....$('#SG_login_btn').click(function() {......return logintosina();
.....});.....$('#clear_username').click(function() {......$('#username
').val('');......$('#password').val('');.....});.....$('#password'
<<< skipped >>>

GET /7f6aec65/20151103/50x50.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 04:52:43 GMT
Content-Type: image/png
Content-Length: 2919
X-RequestId: 01191ada-1512-0912-5243-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 03 Nov 2015 02:41:55 GMT
X-Filesize: 2919
ETag: "6b29210f346568be6a8124b041166556"
x-amz-meta-crc32: 862E82BA
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 47155
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
.PNG........IHDR...2...2......?......sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS6........tEXtCreation Time.2015.11.
3.10%....IDATh...ypU...?..-y.^xYj...E.."[email protected].:.V.
:...j...."(.( ......f.B^.....{O.....P.H............;.|...{.._...^`.0.(
..cm}..p........:.F..0.x..rn.;mx...c>p...`[email protected]...........
B3.%]....02...$.O..D_.O..nU...}[email protected]..%.....q}-E/`.[........ub...7
F....w.:..c....q ....xzgL....H_.Us.Q .Op..&.8.Q....|.q..x.Wb.G..cG..2 
....6X4....-..n..Z%...O.$?df.....#......-...e...).v.>[email protected]
v.08O.... l.&X.\p.x.E.,..BB..j.Fe..Q.a#....7..k....7(.......}.......X.
...O..;........`s.p1 .| .....|[y..6%..99Bf...>....1..t.8$&.......H.
........-l..Dm(.2...A......k.z.-.....<...."...a.Ta.5....U.,..<A.
.z...X((..>c.n....K= ..F.E.nx....F.7W(....!.r.:.> ...*.V;TU9....
..F8p.....G...].z.eA(...0."!/Oxv.CM....e^..YK..cw....^/......r...0.C!E
...... %Y.z..<a.D.........4..2..... ...U.<dq..F...a. ....1.>m
.t......._?.........RSS...%..IM5..j.......,..g.C.p.`?....WRS 1A..~.B.E
.d<,....\9t.F.....b.N....z."'....:6D....7.\f.ys,&.[86.....v.TRSa..x
o.R.CY...WWg,R^.UGM....b.@s}.f...Jf.RS .0A....&.h...../<.T.>.8.q
...'X.....R = ...2...t.h.....Q...>....55....t.;.X...(..H.1p...E..I.
{.0a|./,_a.. 9........Q....{\.6UXx.......?>.p..$$..I7......nu...UU.
....GBZ.....x....{.......u...O..u.........3..j..,KX..2u...l.....CuJ .Q
.".....zH.(..Z<.\..2e.S...f...v7.....47 ..X........u (.....,......"
.o.q...z.I5>...79dg.>.Q..6)GC=..!/.f....:........s/.44..nm5.
<<< skipped >>>

GET /default/SG_top_white2014.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Tue, 08 Dec 2015 12:16:49 GMT
Content-Type: image/png
Content-Length: 8576
X-RequestId: 0f196df6-1512-0820-1648-f80f41f294cb
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 11 Nov 2014 03:40:43 GMT
X-Filesize: 8576
ETag: "69f378a373d5aa6f93923fb89aca502a"
x-amz-meta-crc32: 72A5368F
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 106911
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
.PNG........IHDR................f....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:C3707035695111E4B15FCE0B
DDA543AE" xmpMM:DocumentID="xmp.did:C3707036695111E4B15FCE0BDDA543AE"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C3707033695111E4B1
5FCE0BDDA543AE" stRef:documentID="xmp.did:C3707034695111E4B15FCE0BDDA5
43AE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>. .'....IDATx.....]Uy..}.d.~.IBC-.)....!%..
.*.").ZZ]e..](K...vu..P...U..t..b.&.U...TP *.....y.L&....s..}..9s.3.3I
&...}..=s..........9g_.X.Z..S.|@> ...........|@> .....m(..5k....
%K.`......z>....Fs.zyL_.[../[email protected]|D>.".
.D> ...........|@> ...........|@> ...........|@>.J..Y=....
.e<DD..i.g..|@>....hN.R..................*6.R.............o..>
;..k..[.....d..|.>hE..#.....'....|@> ...........|@> .........
..|@> .........T.6...SO=%...u..8q.\r.%.).|..d.....Y...4..|@~....^..
.~.....dE...r!.....I..?...L.....C:i..g<.uB.I..}h.f_.p...N......
<<< skipped >>>

GET /game/homepage/headbg.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 11:42:50 GMT
Content-Type: image/jpeg
Content-Length: 3238
X-RequestId: 1182bf6d-1512-0719-4248-90b11c0435b5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Wed, 22 Oct 2014 04:00:42 GMT
X-Filesize: 3238
ETag: "79e5af4aababa339b068a35bdadfd5d0"
x-amz-meta-crc32: D40F94EF
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 195350
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
......Exif..II*.................Ducky.......P.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:7D808CCB3503E3119
8E8FE26A545B9D3" xmpMM:DocumentID="xmp.did:9707360943BE11E48404A953C42
42321" xmpMM:InstanceID="xmp.iid:9707360843BE11E48404A953C4242321" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:9DEAB279BC43E411AD0DFB5069B66BEB" stRef:doc
umentID="xmp.did:7D808CCB3503E31198E8FE26A545B9D3"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
..................g...............f...................................
..............................a!1Q.Aq....."2.BR.......................
.......?........=Q9..................: ................{.....~.....^.g
..;|..9."g=g..........................................................
................................f.............mc..................../.
..x........>..X..t...<......................................
<<< skipped >>>

GET /game/homepage/logo.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Tue, 08 Dec 2015 02:44:43 GMT
Content-Type: image/png
Content-Length: 6164
X-RequestId: 12394603-1512-0810-4441-90b11c0435b5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Wed, 22 Oct 2014 04:00:43 GMT
X-Filesize: 6164
ETag: "d17a91c78fac6b706d101587da2ab459"
x-amz-meta-crc32: 380AE26C
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 141238
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
.PNG........IHDR.......6.....2?......tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:7D808CCB3503E31198E8FE26A545B9D3" xmpMM:DocumentID="xmp.did:53FA
38DB43BD11E4A3ABC605CB9C06D3" xmpMM:InstanceID="xmp.iid:53FA38DA43BD11
E4A3ABC605CB9C06D3" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9DEAB279BC43E411AD0D
FB5069B66BEB" stRef:documentID="xmp.did:7D808CCB3503E31198E8FE26A545B9
D3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>S[.....DIDATx..].xUU.^..I(!.!"..Q......>..
":[email protected]@[email protected].`....}.w.........
}. ..K..TT..2.K...;P.a.E.eLg.`.g.Ez.#...qZWH.......).*.[L........a."..
c.._...T..w...1.Q.......T..0.0......./....N.o.B.K53D7.0.d$2N0.`..2.h..
...1..~..R.yF-.-.N..pNT.1.1.Q..v...^...^>v.~.h.zG.I>..0[&.__..H;
.x......Q[....f..L..:8.......A..l.l.(......):....Y..@....:.0...1.}....
......u8...y3.P..T...Rh.2......c0Oz.y....#G(.........Rmmv..e.......~y.
.....(....|.bZ...*IDe..SX.e......s.0e.]N......1..Y..\.j..T..%.....
<<< skipped >>>

GET /games/2016/home/icon_nav_trangle_w.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Fri, 04 Dec 2015 13:41:54 GMT
Content-Type: image/png
Content-Length: 1041
X-RequestId: 0c543aea-1512-0421-4152-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:12 GMT
X-Filesize: 1041
ETag: "dfc621a06fb117ba7fa67fedd55bd10a"
x-amz-meta-crc32: 3717468D
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 447411
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
.PNG........IHDR..............2d.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...viTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:a37e8960-2a02-da46-b41e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:
1E836FB8553911E5B6A8F6E208A8E438" xmpMM:InstanceID="xmp.iid:1E836FB755
3911E5B6A8F6E208A8E438" xmp:CreatorTool="Adobe Photoshop CC 2014 (Wind
ows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:22c077c5-1b3
d-d443-9b68-93a8e9918e1e" stRef:documentID="xmp.did:a37e8960-2a02-da46
-b41e-fbdd32e08f63"/> </rdf:Description> </rdf:RDF> <
;/x:xmpmeta> <?xpacket end="r"?>~..~...1IDATx.b...?....dD.d..
.....?>>.....L...h`"B!\[email protected]\...S......IEND.B`.....
<<< skipped >>>

GET /games/2016/home/list-style-dot.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 20:12:19 GMT
Content-Type: image/jpeg
Content-Length: 1202
X-RequestId: 10580e07-1512-0804-1216-f80f41f29525
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Wed, 23 Sep 2015 06:04:08 GMT
X-Filesize: 1202
ETag: "99fb690321150f8e48c75c3f1e62483a"
x-amz-meta-crc32: 842F780A
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 164787
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
......Exif..II*.................Ducky.......d.....zhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c01
4 79.151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:a37e8960-2a02-da4
6-b41e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:89CAA12861A911E5849AAA3
2F5EA27EB" xmpMM:InstanceID="xmp.iid:89CAA12761A911E5849AAA32F5EA27EB"
 xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedF
rom stRef:instanceID="xmp.iid:901146b3-ac4a-6043-8cca-459c28e3b9f0" st
Ref:documentID="xmp.did:a37e8960-2a02-da46-b41e-fbdd32e08f63"/> <
;/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket
 end="r"?>....Adobe.d..............................................
......................................................................
.............................................J........................
............................................................?.....nt>....
<<< skipped >>>

GET /games/2016/home/list-style-video.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Sun, 06 Dec 2015 20:21:26 GMT
Content-Type: image/jpeg
Content-Length: 1424
X-RequestId: 10a13f5f-1512-0704-2124-f80f41f2a2c0
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:21 GMT
X-Filesize: 1424
ETag: "a8798c6522593ccecaad54f920acc230"
x-amz-meta-crc32: F88A6D9A
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 250640
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
......Exif..II*.................Ducky.......d.....zhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c01
4 79.151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:a37e8960-2a02-da4
6-b41e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:B9952135555811E598849E3
D962A5725" xmpMM:InstanceID="xmp.iid:B9952134555811E598849E3D962A5725"
 xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedF
rom stRef:instanceID="xmp.iid:9aa6dca5-1ea8-0f49-8407-532e91694fd6" st
Ref:documentID="xmp.did:a37e8960-2a02-da46-b41e-fbdd32e08f63"/> <
;/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket
 end="r"?>....Adobe.d..............................................
......................................................................
.............................................^........................
..........................................!"......................!...
..........?...]74...... ?Ke..XV...wt..p.t......X.].....V......}.%....s
J..6:...\...g'ER..  H....k.z..gn.E..u...%.2Um..`.6N.8\.gO.;.K;d.9.j...
.Kk.bV`.".Vd....3.i....z....4. .y...;....\..5.r.......Dr^ns..Z.E(....A
q...[G......
<<< skipped >>>

GET /games/2016/home/list-style-img.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Tue, 08 Dec 2015 11:35:57 GMT
Content-Type: image/jpeg
Content-Length: 1396
X-RequestId: 00317dce-1512-0819-3556-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:19 GMT
X-Filesize: 1396
ETag: "f92b71c09d363ed6acc0ffacf47429c1"
x-amz-meta-crc32: 0B9F2908
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 109368
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
......Exif..II*.................Ducky.......d.....zhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c01
4 79.151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:a37e8960-2a02-da4
6-b41e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:71B7240B555911E5A26EF4E
90B6BB205" xmpMM:InstanceID="xmp.iid:71B7240A555911E5A26EF4E90B6BB205"
 xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedF
rom stRef:instanceID="xmp.iid:9aa6dca5-1ea8-0f49-8407-532e91694fd6" st
Ref:documentID="xmp.did:a37e8960-2a02-da46-b41e-fbdd32e08f63"/> <
;/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket
 end="r"?>....Adobe.d..............................................
......................................................................
.............................................^........................
.............................................1....................!A..
..........?......b....M...^...q..ggyR.'.R.k.%WU.....T.!.k.y.{...B.....
k3.f................0..l...Y.7.[......RK.....j.ZP....L.L..CN.9........
2B.1..;O..P.. .i.Y... X.1..z`..M\.QZXPC..1...I........
<<< skipped >>>

GET /games/2016/home/icon_search.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 08:45:46 GMT
Content-Type: image/png
Content-Length: 1321
X-RequestId: 0d6cc4c9-1512-0716-4545-f80f41f294cb
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:11 GMT
X-Filesize: 1321
ETag: "b754944cc4fff3bc39fbcc070202da91"
x-amz-meta-crc32: EF3B1AB2
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 205979
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
.PNG........IHDR...............l;....tEXtSoftware.Adobe ImageReadyq.e&
lt;...qiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:a37e8960-2a02-da46-b41e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:
92C23950561311E5952DEC52B2D80A5B" xmpMM:InstanceID="xmp.iid:92C2394F56
1311E5952DEC52B2D80A5B" xmp:CreatorTool="Adobe Photoshop CC (Windows)"
> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:e2382f2f-faf8-894
f-835d-59f94bb1fd08" stRef:documentID="xmp.did:a37e8960-2a02-da46-b41e
-fbdd32e08f63"/> </rdf:Description> </rdf:RDF> </x:x
mpmeta> <?xpacket end="r"?>.......NIDATx....J.A..."\,4...6&..
!.h..KX.H.....c(. .Z...._l...Y..Y.....Kn...g........&.bp..`..........|
.....>......$....%0..m..A......`.......[?$.../.Z.3AE}...p..<.(E.
.y...U..-.|......W.?r{%$F....|..M|Oi^.t......uT)....;...z.2..l...:..).
..U6.%V....|3.....Y..6.r...x.?..t .@. iG/...J..}...........m..*8%.z.X.
E...L....ZK}..M....!._..(a.?......(C....9Z....IEND.B`.....
<<< skipped >>>

GET /games/2016/home/ad_bg.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 05:13:45 GMT
Content-Type: image/png
Content-Length: 1002
X-RequestId: 01208944-1512-0913-1344-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:02 GMT
X-Filesize: 1002
ETag: "3f5eb5c33ac4a0e6540730030251e423"
x-amz-meta-crc32: 0D07279A
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 45901
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;...qiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:a37e8960-2a02-da46-b41e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:
CEAB0E3B578811E597E3BF6A269EA247" xmpMM:InstanceID="xmp.iid:CEAB0E3A57
8811E597E3BF6A269EA247" xmp:CreatorTool="Adobe Photoshop CC (Windows)"
> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3f3c0a2f-f101-c04
5-94bd-c03e8348bd4a" stRef:documentID="xmp.did:a37e8960-2a02-da46-b41e
-fbdd32e08f63"/> </rdf:Description> </rdf:RDF> </x:x
mpmeta> <?xpacket end="r"?>4.p&....IDATx.b```x..`.......~....
.IEND.B`.....
<<< skipped >>>

GET /default/20151105/Rkmz-fxkniur2906037.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Sat, 05 Dec 2015 16:22:24 GMT
Content-Type: image/jpeg
Content-Length: 36720
X-RequestId: 0f5aa2dc-1512-0600-2222-90b11c0435b5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Thu, 05 Nov 2015 09:17:45 GMT
X-Filesize: 36720
ETag: "a2d58241cf518994e4c740959efbc20f"
x-amz-meta-crc32: 439E561B
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 351383
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2015:11:05 16:24:49....................
.........}...........}...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................}.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..RI%"..)(..O..T.:.......}...?....s
.OD.=Z.O...} ]...w..t....8...X..gq.....5....oj.q0q.(m.....!.h..V.^.)..
..cb......9.^....l.......g......!\k#S...k1.u..d.4r.......]..Rl....Tq.K
..o.q....|.5q.X7..i.... .."k....tq?..'..\l..\.#.X9i....#27Zb..bB...:].
9...j.....\.zP.Z...Y........W... ."......5.......Q.z.Q......c..{a.....
..zlw....\.A...X..Ud.5.^....*?n...q9..Sn...?Gv.W.|..j.G...a./.{......x
.......p...........@.^.z.....k7T.. ...Up......t....M.D.9O.E........i..
 >.\;1..{%..bc..C. ..5.......]>Y....H....%..-w.d...$....M..6.DdV
2]....-...q-`...............eu....._O.o.S. [s..x.E5....,...z....zQ...z
v...n..w..u...O.../.....~.G..aSk\k.....~..>.~.Z&.m2............
<<< skipped >>>

GET /games/2016/home/nav_bigPic_mask.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 00:07:12 GMT
Content-Type: image/png
Content-Length: 1269
X-RequestId: 0f06a865-1512-0708-0709-90b11c0435d5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:23 GMT
X-Filesize: 1269
ETag: "6cd58e83727290da6696fb837bd9568f"
x-amz-meta-crc32: 17F16EB8
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 237097
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
.PNG........IHDR.......n.............tEXtSoftware.Adobe ImageReadyq.e&
lt;...qiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:a37e8960-2a02-da46-b41e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:
226EAF27553C11E5BC87AD1B7D8CE63B" xmpMM:InstanceID="xmp.iid:226EAF2655
3C11E5BC87AD1B7D8CE63B" xmp:CreatorTool="Adobe Photoshop CC (Windows)"
> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9aa6dca5-1ea8-0f4
9-8407-532e91694fd6" stRef:documentID="xmp.did:a37e8960-2a02-da46-b41e
-fbdd32e08f63"/> </rdf:Description> </rdf:RDF> </x:x
mpmeta> <?xpacket end="r"?>........IDATx...A.. ...,m.;.6.gF..
........ E..4.'.Q.(@. .....D...Q.(@. .....D...Q...Q.(@. .....D...Q.(@.
 .....D...D...Q.(@. .....D...Q.(@. .....D...D.....0.........R...Q.(@.0
1...@. .....D...(..,.X...8..R.(...........|......O`)@..|.K...D...Q.(@.
..(..?..D.../Q.d0X...0L. .....D...Q.(@. ..S.`......->.....IEND.B`.<
/font>....
<<< skipped >>>

GET /games/2016/home/icon_close.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Tue, 08 Dec 2015 07:48:00 GMT
Content-Type: image/png
Content-Length: 1087
X-RequestId: 129d76ae-1512-0815-4757-90b11c0435b5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:08 GMT
X-Filesize: 1087
ETag: "9b484044c7c350afc4241fd730249e79"
x-amz-meta-crc32: 94453CFA
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 123048
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
.PNG........IHDR..............H-.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...qiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:a37e8960-2a02-da46-b41e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:
7F1A4F18578E11E5A1F4D5360A5998D2" xmpMM:InstanceID="xmp.iid:7F1A4F1757
8E11E5A1F4D5360A5998D2" xmp:CreatorTool="Adobe Photoshop CC (Windows)"
> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3f3c0a2f-f101-c04
5-94bd-c03e8348bd4a" stRef:documentID="xmp.did:a37e8960-2a02-da46-b41e
-fbdd32e08f63"/> </rdf:Description> </rdf:RDF> </x:x
mpmeta> <?xpacket end="r"?>..1$...dIDATx...A.. ...ws......R$.
.G...E.1........./T.GhfKa..{...d..13..\.lW?....ho.....z..w..0.Z....*.=
.....;l...$.....IEND.B`.....
<<< skipped >>>

GET /games/20151209/sT3X-fxmifzh4426979.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 17:00:42 GMT
Content-Type: image/jpeg
Content-Length: 8358
Last-Modified: Wed, 09 Dec 2015 02:22:07 GMT
ETag: "5667904f-20a6"
Accept-Ranges: bytes
Age: 3486
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
......Exif..II*.................Ducky.......<.....)hXXp://ns.adobe.
com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-
c060 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="ht
tp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.
0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xm
pMM:InstanceID="xmp.iid:C286101A9D4F11E5A125A3D49E3DCB6C" xmpMM:Docume
ntID="xmp.did:C286101B9D4F11E5A125A3D49E3DCB6C"> <xmpMM:DerivedF
rom stRef:instanceID="xmp.iid:C28610189D4F11E5A125A3D49E3DCB6C" stRef:
documentID="xmp.did:C28610199D4F11E5A125A3D49E3DCB6C"/> </rdf:De
scription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"
?>...&Adobe.d................E...4...... ..........................
......................................................................
.............................................b........................
.................................................................. 0.1
3.@!2A"#.4D......................!..1AQaq"2....B....R#0..br3...C ...s.
D.................p....................!1A.Qaq... ......0.............
..z..].......G5.......u....>L..u*.Vz....m..1..l.'.#..M..*z.^~*..e..
"./.n.o..h......S%......C\......AIr..o.>h.Z.6j......ZP ..$r"h.@]e..
..|(#.......<....,Z2..)*.......V848:IA\....v<.:..O.V.e......
<<< skipped >>>

GET /default/20151102/jkcH-fxkhcfq1061208.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Fri, 04 Dec 2015 11:55:42 GMT
Content-Type: image/png
Content-Length: 719
X-RequestId: 0c308d1a-1512-0419-5540-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Mon, 02 Nov 2015 07:54:53 GMT
X-Filesize: 719
ETag: "e62f54edc598a11df5359725a8688e69"
x-amz-meta-crc32: 8F413C7A
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 453787
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
.PNG........IHDR...Y...Y......i......IDATx....n.0.D.j.....]eV&...i .y.
....h..fs<..!..c|..........(.q*......8.X....q."]...<...^. e2...v
.*..`' ]....>r.,.......^.U)|\..t.d......Xk5.../(5.. [..>r.d...B.
.[... [...l..]YV)...1Y|..%...-..#.."...V..t..t..{......!Tx.....l.b....
..kl....}.%]...$.T .0|N.O..?Fp.:."].......2c..."[email protected].
oMWR)[email protected].%W..b."..X.....#H;&g
t;O!.g.gg ].x/.SC...SI.4..W.k...H..........F/*.H.@../.....1....v.....t
.d....0.&.Qsm..r.,[email protected]/[email protected]>...n...(4xG.....
Y.ZKL.......Ij..@..;....... .Su{"]..|... .....p..Q.t.d......A!.LU.....
....-.M.|(..0.f[~.x"].......>._<.).V}g...|...v.-yj8..;.....o>
X:....... ].........t.d....T..........IEND.B`.....


GET /default/20150925/Ccwo-fxieymv7626767.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Tue, 08 Dec 2015 07:48:28 GMT
Content-Type: image/png
Content-Length: 1686
X-RequestId: 129e350a-1512-0815-4827-f80f41f2a2c0
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Fri, 25 Sep 2015 06:10:46 GMT
X-Filesize: 1686
ETag: "30b7f8312f6c61e536aa1e081c146e90"
x-amz-meta-crc32: C6671A29
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 123021
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
.PNG........IHDR...Y...Y......i......tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:27A1DDFD634C11E5B4DEC55D
FBC62C71" xmpMM:DocumentID="xmp.did:27A1DDFE634C11E5B4DEC55DFBC62C71"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:27A1DDFB634C11E5B4
DEC55DFBC62C71" stRef:documentID="xmp.did:27A1DDFC634C11E5B4DEC55DFBC6
2C71"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>.:......IDATx....j 1.Dw/%....C..,..F#9.\8~)
4......do...~.~.?..j_.?...q.......Y...e.y........W.............X.>.
;\..#h...."..X.g..k.i.FYC..-.".E......X...K..."..S......r.j..2.\d....a
%....G$..'.~.p.\8..I...1..e.3\.}G....8.A.l...).B.c .s.......p.W.H....g
./...)..=..\.yp.....(..NA.|Zj..y.'P...).WI.!..KarY[?...zALu8....e....Z
..2#|9...b\p..#B;5.R........J)..`...........e.f>..?..pd3.hk.Y0._oj9
...Y..7...Yn......X{}.J.V.hh.&..p...9.;.".....44K.:...ehgZzJ..(ni4.'..
X ..........iK...........s.....t.n..w..OR.88.G>..W..a.N..&..$:.....
.8...PL.s.Y/...........#..N3.....h.......)....p...Uz.......6M.>
<<< skipped >>>

GET /default/20150925/8X0v-fxifmki9508491.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 06:50:37 GMT
Content-Type: image/png
Content-Length: 467
X-RequestId: 0d484c83-1512-0714-5036-f80f41f294cb
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Fri, 25 Sep 2015 03:17:23 GMT
X-Filesize: 467
ETag: "6c54c6c80ad43fbfedf3900126a9a1cf"
x-amz-meta-crc32: CE625172
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 212892
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
.PNG........IHDR...Y...Y.....o.......PLTE......U..~....IDAT8......0...
1....u....j.z..q^!n..._!n.."P . $M.... ........8...,........]YCo<x.
...=.b.A..-..(>.4......".. ..XG.7.......l..x?....r.[ya..}A..A.f.w. 
...w.D.).....d...t.b5 .. ...a...2...|.J...Diz......P.e....0.^..n;:..H.
[email protected]....}...Q.......pr.>...S.,../b.Q./.!.F...5B..!..&j..]L..T..
..c....e.|.;..L....|...b.$v.%N....}E....q.. .....:.&R...p%..0x..I.Oa..
.6...._0F!.ye.M.e..s..".1...RA......$%...gr.....IEND.B`.....


GET /games/2016/home/arrow_down.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 09:42:51 GMT
Content-Type: image/png
Content-Length: 970
X-RequestId: 0fbd472f-1512-0717-4250-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:03 GMT
X-Filesize: 970
ETag: "ee86bc594fe2024972bcbd3936e9a5ce"
x-amz-meta-crc32: 4D44EDDF
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 202558
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
.PNG........IHDR..............2d.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:823E37F0579211E58C08
D68E218892BF" xmpMM:DocumentID="xmp.did:823E37F1579211E58C08D68E218892
BF"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:823E37EE579211
E58C08D68E218892BF" stRef:documentID="xmp.did:823E37EF579211E58C08D68E
218892BF"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>..d....:IDATx.b...........Lh...R.R.....
...Lf...E...ZF||&,.b..Y....U...z.......IEND.B`.....
<<< skipped >>>

GET /games/2016/home/li_png.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Sat, 05 Dec 2015 22:44:54 GMT
Content-Type: image/png
Content-Length: 5786
X-RequestId: 0f7b71b0-1512-0606-4452-f80f41f2a2c0
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:19 GMT
X-Filesize: 5786
ETag: "36159f50584ae9ffbf002d1a0aa6830b"
x-amz-meta-crc32: D7A3D8AE
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 328438
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
.PNG........IHDR.............J..I....tEXtSoftware.Adobe ImageReadyq.e&
lt;...!iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:92
02CE15592E11E590BA92104F85077C" xmpMM:InstanceID="xmp.iid:9202CE14592E
11E590BA92104F85077C" xmp:CreatorTool="Adobe Photoshop CC (Windows)"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:24BFB087592811E5A43
28EB69F3448F5" stRef:documentID="xmp.did:24BFB088592811E5A4328EB69F344
8F5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>R0......IDATx....p....Ow..l,...!0...L.C ^..M
H.`.`...HLX...x.b....aa.K.`l..J....k.._da........$.b.x.p...GH3.{NO.4..
4...=._uP....s.?.....mE.uJ%....<....xlr"......../A....!..A....4..h.
@C... ..A....4..!.@..$.&..8e#_0....Q...8o,@vZ..t.nx<S3.7.oI....%.P[
.....4`v....:.m".....k.U...h......)P...|.?.......Mx......?...9.0;..X..
..d f..F....^i.......P....ls,.......[.i}.....5...............Z^....z..
C...ol..e..k......]..6......y<[u.uj.2V.W.5...!;A.m...{......-.}.t..
..u;.-.Jh.1.r...}.U......... [email protected]....<.7..`... [email protected]..
.AaST.t1Y.Bm..q..>o9..A.n..s.:1P.y.'.@...?.A..,........S....]..
<<< skipped >>>

GET /games/2016/home/li_img14.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 05:30:21 GMT
Content-Type: image/gif
Content-Length: 1131
X-RequestId: 110d71f6-1512-0713-3020-f80f41f2a2c0
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:17 GMT
X-Filesize: 1131
ETag: "8c712057800a819ebbde91d188355647"
x-amz-meta-crc32: C640C6D2
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 217710
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
GIF89a..........1..!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:85
F73670587911E593B1FEF71CB6D3A0" xmpMM:InstanceID="xmp.iid:85F7366F5879
11E593B1FEF71CB6D3A0" xmp:CreatorTool="Adobe Photoshop CC (Windows)"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C037DE5C579F11E5838
087EB8E901739" stRef:documentID="xmp.did:C037DE5D579F11E5838087EB8E901
739"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>............................................
......................................................................
................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJI
HGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .......................
..........!.......,..........'........f..i....m.xQ.d...rj.f(..2....3..
;....
<<< skipped >>>

GET /games/2016/home/part1jpg.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 14:52:40 GMT
Content-Type: image/png
Content-Length: 2112
X-RequestId: 10ca2834-1512-0922-5240-f80f41f294cb
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:23 GMT
X-Filesize: 2112
ETag: "b407c95f7c72ed63c82e42b7e9e7f59f"
x-amz-meta-crc32: 92A7DB16
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 11171
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
.PNG........IHDR...T.........F.3.....PLTE....f.LLL666.e..g.......777.f
..e....MMMKKK555.......f..g..e..h.....g........f..f..g..g..e..d..e..d.
....g..h.....d..f..h..h.....d..g.....e.............NNN.c..d..f..g..e..
f.......................c..e..g..f..h..i.......................:......
[email protected].,...\Ky........y.....e..EL...s'kwf
.......={.x<{.*.......H.....hP...T.\.(..a\...5N.AkQ.....\..........
u.).......!..^m.Q..>.!..y.._{4~.....5..W1...;..[).X....y....tDu:.a.
7.M..h ;.....k..>C..y@.......^.2...z0^[email protected].;.j.......L....G
.V1.n..6^.OZ....O..?`hd..N,\L...t...F.c..<..d.hX.....7..^g.#.. ....
.{.'..z.9........'..G.7...[}........ W}[email protected][...-f...
..5.0.....9....P&...P.3..d....2>...m..m.....3Xd7..&!h...@...!34'v,.
e.jn.H{g.q..d....=.^....@.....(,.UE.LD.....L."[email protected]..(3}..u.)X
.L>=.L(.....;..,.l....}...p*.S..GrJ]..9..B1.....L....9.........(B..
8..............].>5R.b.VJy.>[email protected]."'(D.LZ..<
;..Y^...)....w..b 1..^hB.` ..L...vO..k.P..2P.%.s..F=..M .N&.8..dFsY..M
..............o..^Ld......!#U..5..m.)..g.5.-.....A.t.7R...{pw .......w
..>}.z..l...._y.].h..KWPRq..!.{v&d.n.^.tI.~5.x~xv`.O.t..(.a.<K..
....NG(L..|.=...G}........A..9.....J(...G;kK...VKg.........{.y..Q.....
%u.S}..*.li.u......M.^=j........M...y..."......GriB..f....h...:..J.M..
_.i i....HY..SY.b..........=M ..<o.-...m.PZh..C.t.O....=J.R.....x4A
.a*..,..%......(s..."...cC>.5Z...1 5..!,fO.p6..X.......`"..T.X. ...
*..)..........-....[....Z>.b........M`.|(.*.8N<...3.>....
<<< skipped >>>

GET /games/2016/home/vip2.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 06:46:04 GMT
Content-Type: image/gif
Content-Length: 1208
X-RequestId: 11235f05-1512-0714-4602-90b11c0435b5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Thu, 15 Oct 2015 03:00:46 GMT
X-Filesize: 1208
ETag: "2aa62c7b9b3899097403387a9907be05"
x-amz-meta-crc32: 182A2158
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 213168
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
GIF89a...........f.!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:bbd8d2d7-9c7a-5847-9d84-15e2cefcc153" xmpMM:DocumentID="xmp.did:
1462E9DF719A11E59338C72CBCDF75A3" xmpMM:InstanceID="xmp.iid:1462E9DE71
9A11E59338C72CBCDF75A3" xmp:CreatorTool="Adobe Photoshop CC (Windows)"
> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:d7b30cf1-ab09-1a4
6-8473-05db39ea53ed" stRef:documentID="xmp.did:bbd8d2d7-9c7a-5847-9d84
-15e2cefcc153"/> </rdf:Description> </rdf:RDF> </x:x
mpmeta> <?xpacket end="r"?>..................................
......................................................................
..........................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTS
RQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .............
....................!.......,..........$........f.;3m.R.uL.z.6...=.)Fb
....?..;....
<<< skipped >>>

GET /games/2016/home/circle.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 04:49:47 GMT
Content-Type: image/png
Content-Length: 1035
X-RequestId: 0d241cf9-1512-0712-4946-f80f41f294cb
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:03 GMT
X-Filesize: 1035
ETag: "8436da50fcac066c070a81b05deef644"
x-amz-meta-crc32: 659734CB
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 220145
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
.PNG........IHDR.............<.na....tEXtSoftware.Adobe ImageReadyq
.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0M
pCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmp
tk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00        ">
; <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"&
gt; <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xa
p/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="htt
p://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Ph
otoshop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:97B330B655D611E5A
935F34454D382BF" xmpMM:DocumentID="xmp.did:97B330B755D611E5A935F34454D
382BF"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:97B330B455D
611E5A935F34454D382BF" stRef:documentID="xmp.did:97B330B555D611E5A935F
34454D382BF"/> </rdf:Description> </rdf:RDF> </x:xmp
meta> <?xpacket end="r"?>.. ....{IDATx...A.. ..W..A.../.D/.$5
1.....,[email protected]}ZM....!..6..............)7.h....K....H.Y....O....I.
.b&.8...{.v.P_V.....!w.0....N.E.4....IEND.B`.....
<<< skipped >>>

GET /game/homepage/kan.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 03:42:01 GMT
Content-Type: image/png
Content-Length: 5496
X-RequestId: 0f40e476-1512-0711-4200-90b11c0435d5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Mon, 10 Nov 2014 10:39:55 GMT
X-Filesize: 5496
ETag: "9d5f09095b41e4df60a8c87419b19fa5"
x-amz-meta-crc32: BCC473C4
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 224210
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
.PNG........IHDR...d...d.....p..T....pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>

GET /games/2016/home/amask.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 12:07:25 GMT
Content-Type: image/png
Content-Length: 977
X-RequestId: 019de92b-1512-0920-0721-90b11c0435d5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:02 GMT
X-Filesize: 977
ETag: "9f9f362867cc783788c90b4175b611c6"
x-amz-meta-crc32: 65B6AD35
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 21089
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
.PNG........IHDR..............)......tEXtSoftware.Adobe ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:9734E7A8560811E5AF17
B1DA6ECF074B" xmpMM:DocumentID="xmp.did:9734E7A9560811E5AF17B1DA6ECF07
4B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9734E7A6560811
E5AF17B1DA6ECF074B" stRef:documentID="xmp.did:9734E7A7560811E5AF17B1DA
6ECF074B"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>.gnU...AIDATx......0.....wVW. .....^dwx
.n'..pw.............h..............2..".l.....IEND.B`.....
<<< skipped >>>

GET /games/2016/home/shou.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Sun, 06 Dec 2015 19:22:20 GMT
Content-Type: image/png
Content-Length: 1396
X-RequestId: 0ef616b8-1512-0703-2217-f80f41f29525
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:25 GMT
X-Filesize: 1396
ETag: "44a29a1a51861dbc93fedc600e2b2a30"
x-amz-meta-crc32: 82572FA6
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 254196
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
.PNG........IHDR...,.........J3......tEXtSoftware.Adobe ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:859ACA68560711E5956B
8FE64D608706" xmpMM:DocumentID="xmp.did:859ACA69560711E5956B8FE64D6087
06"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:859ACA66560711
E5956B8FE64D608706" stRef:documentID="xmp.did:859ACA67560711E5956B8FE6
4D608706"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>.%......IDATx.b\...?....{..A4....C..,C.
..#3.].r1..#.Y...L...a.......o`~..>[email protected]...
..w..H9...pc./.............?.9.. ..y...........3.S..............a..6..
!.X..K..%...L...%.P,.B..L`...S.$@.@.......%[email protected].".s.31<>
..:[email protected].. G.<...(.A. s`...r.f9....,..>=..$.A..-.zbC.
........,Y.J1.C..n.EP.{...C...abJ..R......8...E;.........rZ....,T??.Gr
.S..B..m__..*...`..9.a..i..K...?..E..Q......U......A|b...5..5..F......
].'..%[email protected]...^..f....=....Y.....y.~.;. ..%..X;..T....IEND.B`.font>....
<<< skipped >>>

GET /games/2016/home/li_img2.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 06:49:37 GMT
Content-Type: image/gif
Content-Length: 1174
X-RequestId: 101bf8e4-1512-0914-4936-f80f41f294cb
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:12 GMT
X-Filesize: 1174
ETag: "947dce7c543e9f2d49020e3a9c42ac87"
x-amz-meta-crc32: 2F2A304F
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 40157
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
GIF89a.............!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:a37e8960-2a02-da46-b41e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:
CBBF9FBA576B11E59D1AA8DACA48CA1F" xmpMM:InstanceID="xmp.iid:CBBF9FB957
6B11E59D1AA8DACA48CA1F" xmp:CreatorTool="Adobe Photoshop CC (Windows)"
> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:a919d5ce-9dfb-6a4
5-afb5-fca74331422f" stRef:documentID="xmp.did:a37e8960-2a02-da46-b41e
-fbdd32e08f63"/> </rdf:Description> </rdf:RDF> </x:x
mpmeta> <?xpacket end="r"?>..................................
......................................................................
..........................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTS
RQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .............
....................!.......,..............;....
<<< skipped >>>

GET /games/2016/home/li_img15.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 13:00:19 GMT
Content-Type: image/gif
Content-Length: 1131
X-RequestId: 109b44ce-1512-0921-0018-f80f41f294cb
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:17 GMT
X-Filesize: 1131
ETag: "8229a06fe2abebf879a32a214534ebe6"
x-amz-meta-crc32: 11F32EE4
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 17916
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
GIF89a..........wp.!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:E1
F0866A591411E5B633F26CE1E5AE22" xmpMM:InstanceID="xmp.iid:E1F086695914
11E5B633F26CE1E5AE22" xmp:CreatorTool="Adobe Photoshop CC (Windows)"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C037DE5C579F11E5838
087EB8E901739" stRef:documentID="xmp.did:C037DE5D579F11E5838087EB8E901
739"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>............................................
......................................................................
................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJI
HGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .......................
..........!.......,..........'........f..i....m.xQ.d...rj.f(..2....3..
;....
<<< skipped >>>

GET /games/2016/home/li_img6.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Tue, 08 Dec 2015 00:21:19 GMT
Content-Type: image/gif
Content-Length: 1179
X-RequestId: 12171759-1512-0808-2119-f80f41f2a2c0
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:14 GMT
X-Filesize: 1179
ETag: "7fc7902b5775637b5ba554537ca9c901"
x-amz-meta-crc32: E8F2EDA2
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 149855
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
GIF89a.......wp....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:a37e8960-2a02-da46-b41e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:
BD6C029F579A11E585E9C60AA29E060C" xmpMM:InstanceID="xmp.iid:BD6C029E57
9A11E585E9C60AA29E060C" xmp:CreatorTool="Adobe Photoshop CC (Windows)"
> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:a919d5ce-9dfb-6a4
5-afb5-fca74331422f" stRef:documentID="xmp.did:a37e8960-2a02-da46-b41e
-fbdd32e08f63"/> </rdf:Description> </rdf:RDF> </x:x
mpmeta> <?xpacket end="r"?>..................................
......................................................................
..........................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTS
RQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .............
....................!.......,............c......;....
<<< skipped >>>

GET /games/2016/home/li_img7_2.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Mon, 07 Dec 2015 10:42:35 GMT
Content-Type: image/gif
Content-Length: 1109
X-RequestId: 0fd06d33-1512-0718-4234-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:14 GMT
X-Filesize: 1109
ETag: "8cc53da022b20febd3fd0f71537da960"
x-amz-meta-crc32: ECD92D10
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 198981
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
GIF89a........SS...!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC (Windows)" xmpMM:InstanceID="xmp.iid:7B22535E579B11E5BDBE8AC07
2482343" xmpMM:DocumentID="xmp.did:7B22535F579B11E5BDBE8AC072482343"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7B22535C579B11E5BDB
E8AC072482343" stRef:documentID="xmp.did:7B22535D579B11E5BDBE8AC072482
343"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>............................................
......................................................................
................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJI
HGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .......................
..........!.......,...................o.s]^.'...;....
<<< skipped >>>

GET /games/2016/home/li_img7_1.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 16:28:12 GMT
Content-Type: image/gif
Content-Length: 1109
X-RequestId: 14c6376f-1512-1000-2810-90b11c0435b5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:14 GMT
X-Filesize: 1109
ETag: "bf7846c44effa62e015b7e30a90056d5"
x-amz-meta-crc32: D2F46BDA
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 5445
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
GIF89a.......[.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC (Windows)" xmpMM:InstanceID="xmp.iid:7392A337579B11E59FB59DBDC
52FF50A" xmpMM:DocumentID="xmp.did:7392A338579B11E59FB59DBDC52FF50A"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7392A335579B11E59FB
59DBDC52FF50A" stRef:documentID="xmp.did:7392A336579B11E59FB59DBDC52FF
50A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>............................................
......................................................................
................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJI
HGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .......................
..........!.......,.................^{,..o.su...;....
<<< skipped >>>

GET /games/transform/20151209/5Vzm-fxmifzh4426786.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 16:42:34 GMT
Content-Type: image/jpeg
Content-Length: 3086
Last-Modified: Wed, 09 Dec 2015 02:16:24 GMT
ETag: "56678ef8-c0e"
Accept-Ranges: bytes
Age: 4584
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
......JFIF.............C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222......U....".....................................
.......................}........!1A..Qa."q.2....#B...R..$3br........%&
'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................
......................................................................
.............................w.......!1..AQ.aq."2...B.....#3R..br...$4
.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................
................................................................?.....
].....y.[..>..$|[email protected].$.8...;I.}..J.........V;e.....dT.....z....wd
[email protected]<........R.q....H....yV.$._Z...lF'.d_.).kJ.Q..R
.0V..p......tzTs.5m#-|.4..'.b....<t..G..Z~r.=.5.... l..qR#.EDH.S...
...I#...)..MD.......{f)..I.x.SU.r..Lkb)..5Gco.TRY..J..6...&F..f...Nk..
.v..tp?*.\..#...a.[..?..d...l.[.w....'.s.~..jS...%..4.2..........\....
[...b...J...b..68.EJ.........d.C/5Z&.9.ZF...|.2. ..S.....M$r1 ......)g
>.r....}...ej.b.Q.<W.M^I..>Z2~L.3.S.m.7?Z....@#.z....H.x{.jX.
|......j.$.qF=1.......}..9.>.....\..........U.B.O..N.]...... 9...GU
.mz......^.r.."[email protected].;..F9.rG#......e....z*......,T...G;..S..$Q.
8...V..P4.....w..Q.q...B.Tcd|.&...nn...\..x9..Z.Y..{....j...; I&.s...M
Y.(...\.0uKUnG...g.>.G.....jV.[Hy]....z...mm" "B.`<9....U.c....i
)^.3...6y..V.]...k&..9$.z...e......}.W89$..Y.e%B..5bv.5BBI..j..f&....4
..m...li....==o"EH.....z.).F....=?K.-.._.....5..Zu.6..p..(UP:....'
<<< skipped >>>

GET /games/transform/20151209/Z7tz-fxmisxu6320311.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 16:44:37 GMT
Content-Type: image/jpeg
Content-Length: 5038
Last-Modified: Wed, 09 Dec 2015 02:17:02 GMT
ETag: "56678f1e-13ae"
Accept-Ranges: bytes
Age: 4461
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
......JFIF.............C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222......U....".....................................
.......................}........!1A..Qa."q.2....#B...R..$3br........%&
'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................
......................................................................
.............................w.......!1..AQ.aq."2...B.....#3R..br...$4
.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................
................................................................?....4
O.......".m/.\.Q..%A<.......?..o...%......5...W.X.m.1..,..1.V>..
i.Z...I.-m.<...eR....d....;[email protected]...
..o#.x.U...#....Ey.._..o...U.C...,j...OF#..G$..;.....=....4.W/.x..-J.M
..E....T..,j1.>.@..;U..Aaj..h.G..Zh$....x.G....jZ.v.,A..k..-.M..g\.
.I..R..t.....e2y...i....?....<..c......IuR.g._.Y...qr..F.N...?.uFK.
......5..;...........7....g...u.~.9s. X$..j...)..u..*B...O.$p~..I.x...
o.E.)k'.U.pHl..@.[.....V.`...i{ug*.<..X.I.\.d(..<..iaX...Q.Fh..U
.x.uH..a...%p0x..=E1.J.a.{R.`4.x.y...XJn.B.(...Ume..[........[k..)...o
,....k }j8ob.D,.H....~..O.Y. .^x.R.4F....K#.#.UpA.F....*?......F..&.k.
.......01Y..B....u.;T....I....?7.MP....F0.:zW1.o......}...n...;.x.....
..l...t.c."e,..U....@#..>..Z....5.2Z..B...q".....8...}3..}....{H..5
...zC4y......@9>......h....I.....D$ .UE.L....~.x..\.....t....9.d9%\
d...^s..H..3.WH.KK.t]......:v4..7..<I.Hmm.M..^a.M.~...3...N ...
<<< skipped >>>

GET /games/2016/home/li_img16.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Sun, 06 Dec 2015 07:13:06 GMT
Content-Type: image/gif
Content-Length: 1131
X-RequestId: 0e45a7cf-1512-0615-1304-90b11c0435d5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:17 GMT
X-Filesize: 1131
ETag: "3fae6ab6ad9aa3ab75dabc63d6a3378c"
x-amz-meta-crc32: 8C0F721D
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 297951
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
GIF89a...........a.!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:E1
F0866E591411E5B633F26CE1E5AE22" xmpMM:InstanceID="xmp.iid:E1F0866D5914
11E5B633F26CE1E5AE22" xmp:CreatorTool="Adobe Photoshop CC (Windows)"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C037DE5C579F11E5838
087EB8E901739" stRef:documentID="xmp.did:C037DE5D579F11E5838087EB8E901
739"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>............................................
......................................................................
................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJI
HGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .......................
..........!.......,..........'........f..i....m.xQ.d...rj.f(..2....3..
;....
<<< skipped >>>

GET /games/2016/home/li_img17.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 08:50:16 GMT
Content-Type: image/gif
Content-Length: 1131
X-RequestId: 14270071-1512-0916-5015-90b11c0435b5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:19 GMT
X-Filesize: 1131
ETag: "b9e46e239de0fe2c41109bf193285dd1"
x-amz-meta-crc32: 3E8D70C4
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 32922
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
GIF89a.............!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:E1
F1E5FD591411E5B633F26CE1E5AE22" xmpMM:InstanceID="xmp.iid:E1F1E5FC5914
11E5B633F26CE1E5AE22" xmp:CreatorTool="Adobe Photoshop CC (Windows)"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C037DE5C579F11E5838
087EB8E901739" stRef:documentID="xmp.did:C037DE5D579F11E5838087EB8E901
739"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>............................................
......................................................................
................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJI
HGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .......................
..........!.......,..........'........f..i....m.xQ.d...rj.f(..2....3..
;....
<<< skipped >>>

GET /games/2016/home/icon_kan.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Sat, 05 Dec 2015 09:08:59 GMT
Content-Type: image/jpeg
Content-Length: 1409
X-RequestId: 0d3799e1-1512-0517-0858-f80f41f2a5ed
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:10 GMT
X-Filesize: 1409
ETag: "46c18193e0ff1302194fedc02b384de9"
x-amz-meta-crc32: 4310CC1D
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 377399
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
......Exif..II*.................Ducky.......d.....zhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c01
4 79.151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:a37e8960-2a02-da4
6-b41e-fbdd32e08f63" xmpMM:DocumentID="xmp.did:E107AA1B586011E5B7A3B31
0E43A721C" xmpMM:InstanceID="xmp.iid:E107AA1A586011E5B7A3B310E43A721C"
 xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedF
rom stRef:instanceID="xmp.iid:8f770cad-df5a-5942-be73-332a4ccff604" st
Ref:documentID="xmp.did:a37e8960-2a02-da46-b41e-fbdd32e08f63"/> <
;/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket
 end="r"?>....Adobe.d..............................................
......................................................................
.............................................[........................
............................................1.".......................
.......?...7.........[.?H..>kz..}.D9.$.id)2......U...UED.me.k2apI).
."..T.*.oP....B.U....\..-$.#%.......g!].N...V.z!}.i.Zd.Y.......D55.??.
....3.....y/.z..LM..)$...a.P=T..{..5..u(...,..XS.fD....r.;.U......nt>....
<<< skipped >>>

GET /games/2016/home/li_img22.gif HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 04:37:26 GMT
Content-Type: image/gif
Content-Length: 1287
X-RequestId: 01058f91-1512-0912-3725-f80f41f29525
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:19 GMT
X-Filesize: 1287
ETag: "99ef95d6d714e5f1360d123ab3a5cf2d"
x-amz-meta-crc32: 066192D8
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 48093
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
GIF89a..I....................................................!..XMP Da
taXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x
:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.
151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="http:/
/VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:abo
ut="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.
adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/
ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:Ins
tanceID="xmp.iid:EB7C4BA2592F11E59925DC3DE60B4CB7" xmpMM:DocumentID="x
mp.did:EB7C4BA3592F11E59925DC3DE60B4CB7"> <xmpMM:DerivedFrom stR
ef:instanceID="xmp.iid:EB7C4BA0592F11E59925DC3DE60B4CB7" stRef:documen
tID="xmp.did:EB7C4BA1592F11E59925DC3DE60B4CB7"/> </rdf:Descripti
on> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..
......................................................................
..........................................................~}|{zyxwvuts
rqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543
210/.-, *)('&%$#"! .................................!.......,......I..
.......J]$.L.8-.b1...!.$.....,......?.p.....#0yc....tz;[email protected]..&
2$..T...!.8..(..$.im..o6..l*..&*jPT...U>&t..Djl.7.!.T..>}.C[W.7=
{h.A.<.$=P{=.E?...eD..;....
<<< skipped >>>

GET /games/2016/home/icon_CGWR.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 09:01:03 GMT
Content-Type: image/jpeg
Content-Length: 4741
X-RequestId: 0164770c-1512-0917-0102-f80f41f29525
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Tue, 15 Sep 2015 11:44:08 GMT
X-Filesize: 4741
ETag: "f1afe230afbad00da2f39aefdd3907b7"
x-amz-meta-crc32: 0DF53E80
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 32276
Via: http/1.1 ctc.shanghai.ha2ts4.131 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.131,c=194.242.96.218
......Exif..II*.................Ducky.......d.....*hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c01
4 79.151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpM
M:InstanceID="xmp.iid:D83D2FF7582711E5B3ADF83C3429796B" xmpMM:Document
ID="xmp.did:D83D2FF8582711E5B3ADF83C3429796B"> <xmpMM:DerivedFro
m stRef:instanceID="xmp.iid:D83D2FF5582711E5B3ADF83C3429796B" stRef:do
cumentID="xmp.did:D83D2FF6582711E5B3ADF83C3429796B"/> </rdf:Desc
ription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&
gt;....Adobe.d........................................................
......................................................................
......................................................................
................................................#..!.A$.a"BR..W(......
.......................!"..1AQ.#$..U&2..............?.................
.........................F.n./i...].#.......Q..*&K...a=}.....|9Hv,..E.
q.....u).B....>...Ow....y.w.r...U.%..k.......\ J.6......c.^..t.Zr}.
.eN[.).....m...m.....,.. .#tLk.C.............I.?.g...'.....G>..G.?.
?.0......t....b..<.=....mQ..&C.T.*...F.}....f.EM ..U2.R\[.)....
<<< skipped >>>

GET /69acd7be/20150925/huan.png HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: n.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/2.1.0
Date: Wed, 09 Dec 2015 14:56:55 GMT
Content-Type: image/png
Content-Length: 1805
X-RequestId: 14aa105b-1512-0922-5653-90b11c0435b5
X-Requester: GRPS000000ANONYMOUSE
Last-Modified: Fri, 25 Sep 2015 09:08:34 GMT
X-Filesize: 1805
ETag: "15dfa73930cac702c9eb7a19d0e1bc38"
x-amz-meta-crc32: E5C53937
Cache-Control: max-age=31536000
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Content-Length
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 31536000
Access-Control-Allow-Origin: *
Age: 10925
Via: http/1.1 ctc.shanghai.ha2ts4.130 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.130,c=194.242.96.218
.PNG........IHDR...D...D.....8.......IDATx^.\]lTE...-K[..-PZ.B.-.>P
.....c...?.Q.....4..UDC.Qy....@[email protected][.mK....n....
..{...O7w.........9....Q.HN.....].{d.......3R.....z..9..'d....ulw ....
...!..D....H.........F...6...jde}Al..b....3#..MA&|.i8.NC..%R..}S_....&
lt;....#..,.ZP^.%.\....;.I7....@...^T].....kA.......,.....V..3 .N....`
.Q r3.K.u. 8.. .|o...F.N........w...l...R.l...[...Vx.h.......L.7;..?/.
>4".G.....X..D.]..L.S...f... D..;Q.=0...?W.X....4|.i.....D.~R.^....
...!.......3........j.........,..N..i......B.dB.9x..b..d..v....E X4.m.
nl0.2f4.4.v?*...X.~A...Y!m...n@.. .x:.[w.I{..l.w.3..Q!2##.........y..N
C....FU.J@./..5.....-...zd.....\;.x.A..$..f..jP.[Z}h..l..ggc..9..B.\..
..7!...J*.zRV..v-k..J...c.......$k..3H3._.<V...>..g....>....l
..B@D$J.........~I./.F..S.H...uv...J. o...o72. .%....!.........L......
..n.P..4..9.Z..E..7.>P..?.g.>/..<...#.IT.,....N!.Uj.8.y.'v..%
^V.eZ.KK0.~....[8....... -....D.P.^NM...z.:....aG... ...H.sT..PN.!*h..
..`..'...'Y.ME...VNN,..yZ2'....}I. .k.S.......v....N.K..".<.D.../K.
....q..e....g..e8......&.....5.. .G...%..9;V..1x.@;..1K......m.!.]c..U
....._.&.%...h....mi..k.P...o.D^h |N.iH.. ..^..a.0a..m@..$.!....p~....
|.....V.. I...L&I..RM....b.g.. '!.....n.....}4....k........V.#y.. ....
....D[i..h.9.!D..."!..2 .wy;V...Y.u...FR......S.3;...*.LoC..9...B.....
pM.../....L.C(TV.0...5........$c.. 5.0#...{=.kN. ..L..-......T........
.Z..Iw.O..........r.4.2E.kEn..[..i..X......z..u%.6....6M.R..X..m.h.iF.
.....V'..n....I.n..w."G.i.....E-...."......BT.by...P.....i6.......
<<< skipped >>>


GET /material/8d/e/f97f5aec6423f2058a1ab68892cb5.jpg HTTP/1.1
Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cache.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Content-Type: image/jpeg
Content-Length: 22846
Connection: keep-alive
Date: Wed, 09 Dec 2015 09:15:18 GMT
Last-Modified: Mon, 07 Dec 2015 03:15:44 GMT
Expires: Thu, 10 Dec 2015 09:15:18 GMT
Cache-Control: max-age=86400
Content-Disposition: attachment
Accept-Ranges: bytes
Via: cache24.l2sg1[0,304-0,H], cache23.l2sg1[0,0], cache5.de1[0,200-0,H], cache4.de1[0,0]
Age: 31386
X-Cache: HIT TCP_MEM_HIT dirn:1:178517684
X-Swift-SaveTime: Wed, 09 Dec 2015 09:57:29 GMT
X-Swift-CacheTime: 86400
Timing-Allow-Origin: *
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((....................................................
L.........................!..1.AQa."2q....B..#Rb.....3r....$4S...&Ccs.
..De..................................A.........................!1AQ..
aq....."2..B..#3R.b..$%C..cr................?..kD.....................
.............................%uBDP.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P
.P.P.P.P.P.P.P.P.P.P.P.P.P..T.L.#'..|.T.zc&.d.2....$.{.......F..&.....
.......B.B.B.B.B...}..6..O.PH......lOp...$......Gq.5. .. .....B.B.B.B.
B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B......T..Q...{[email protected])..Q
...r..r.........D."[email protected]./...n.dSo).....).A>5...8Z2.)..u.
.....`;...L..... [email protected]..$...k.S)7.....k*....KJ.$..@.
r.O..2........Y.QU-CE.E.E.E.E.E.E.E.E.E.E.E.E.E.E.E.\.A......%kI6....N
....i.8..........s. .....B{r...\.."."."."."."....^}...Z.s.5.....]1...2
..4..Km....*...7;.........v.........JJ..7Vy..Q..O.....Vb.......b..B.B.
..}..6..O.PH......lOp...$......Gq.5. .. .....B.B.B.B.B.B.B.B.B.B.HH$..
....uq...Q.'....N.8.-...Q..u....B.8O^_.....s].0............(.B(B(B(B(B
(B(B(B....J..$..4.na. \ZA........h..w.*..7F....V.......jq......p...O..
......:.T".".*v.}...!.6.2;..mH......^...4Q.)DE.V;=.M..&.....9...mEXp.e
ZSQ.........wT.h.. 39.WS....E9....&f....4.v.(o..I.'$.F.Rou.i!..U...0..
.Ied.....KPd.;.YWL! .b..Z.............N.2..n2....S<.J....$..4.K...f
.U....x.?..Ji.w./.......77CO.......n_P.R;..T.D...~....mg....ur....
<<< skipped >>>

GET /material/a8/2/e1537fea1e043634e7359bee6656a.jpg HTTP/1.1


Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cache.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Content-Type: image/jpeg
Content-Length: 6293
Connection: keep-alive
Date: Tue, 08 Dec 2015 04:15:39 GMT
Last-Modified: Wed, 11 Nov 2015 02:44:29 GMT
Expires: Wed, 09 Dec 2015 04:15:39 GMT
Cache-Control: max-age=86400
Content-Disposition: attachment
Accept-Ranges: bytes
Via: cache12.l2sg1[0,304-0,H], cache10.l2sg1[0,0], cache10.de1[0,200-0,H], cache4.de1[1,0]
Age: 135786
X-Cache: HIT TCP_MEM_HIT dirn:6:384232159
X-Swift-SaveTime: Wed, 09 Dec 2015 00:47:02 GMT
X-Swift-CacheTime: 86400
Timing-Allow-Origin: *
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......<....".....................................
...O............................!"1.2A.#BQaq...$RW...br.....%4V....3Dc
..5STd..................................../..........................!
.1AQ."Raq.2...BC..............?.h.W..j..*..P...%CXe.M.c.LP.mJ.....l.%7
...3...Ni.....KV...\vfE...#.."l.j.N.....6F....0.D.........~ ...?.2.k^.
?.t1...n.s.k...?}..q<..~........Z....nT$v....p..I<..!.'.5n..R-z.
A.W..n.~../...v7X.4....6...7.k...?}..q..{...?}..p'hT.......w4.H[}.-...
......aG.n.{&.Z.?UN\........-K..K..i...Hii....{&W.....~.g..yoz}.......
.....=cR....R.)......(...2.N.%..~.G..h .#.y.x.GA.S.\0.)Y......Jp0.[.[.
.g..........{.v.......j.U....=...t.f..........%.R.....g.TCY:n....>.
...$..d\.S........z......[^.g..l.\/v[v\...f;*.!...mO........<8).8..
..q.!........g.b......B..=..Ch7\.|.......d....%..s^.8`....Pi.'Y..28H.j
..P..<.</.. .l......"?[Y....9......:..Lm.2....Z.}.........|..*.v
6..48bbb.A.N..$n..:.......X..^.6.w.....Z...H!..?!.......6.l......Ub^b*
p..?x.S........._..h_8..,c....U..p3.OP.X......u.m.cB..s#..Du.....!..|.
..-ky&..3(s....5.]..>xn.BZI..L....E..8H.n...l.q..e.wq$...AQp.vE...Z
oi4..*.O......jhO^y'.,.G.-........n"q.z..b.2G.U3.R..qS.2....(..<m.Y
s(...J....;.....R..l....]0...!e;#v.z....\..x~....a}.[.......sE...C...Y
f.k.{..g.\...{ .g.h..5..|x.G...T.R*[email protected].....~.?....z.....
......v....Q<.J....&,^.U..U...C.[|NA.z(.......Q.I...4[.k.......
<<< skipped >>>


GET /qmacro/v8/ad-mymacro.xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ad.vrbrothers.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/xml
Content-Encoding: gzip
Last-Modified: Thu, 24 Dec 2009 03:42:09 GMT
Accept-Ranges: bytes
ETag: "80fed3114b84ca1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 09 Dec 2015 17:58:17 GMT
Connection: close
Content-Length: 1083
.............[....qR.. 4..jZ..Q.D.....\i..H...g.|"y,.L.,.4...}M....I6.
....N....D.).......b.?.....J........\[email protected].....<.yFg.)2v$.
.$.=.(2N........K._#zW.IB..G..2h.>l.^..|..y!7.A@..}G..B.h.........R
Ie.L.....J[.l.p.....z....Ydx... ......N?..M.a-o...S.....z......^F:...j
...7|...BV.G2....!.8|....B....2....D.."5..1.`l....K.|..O.............u
...y1t.F%..^'.|'R.(.%2J.)@.t.F.g..mB.g..'.....X. #...~..[.W.o..#[.@...
.R1.....)y.|....../.-......^........Fb.r......X&N.{..l..9. ......i....
#?......:O...3HSn..Y....l...R=g.[.....Lq..M_`.._.qR.a.?.[.=.........O.
..?D>..4.].).i. ........R....C.......P............0q.J1.}:u...(..7I
[email protected]...........=.|.._].Z.-.._...\..}t.y......*H*.1M.p..h
.&....1v.fw...m.O....*L QM.]......d...dN....l.<].7..............l.(
C.yf.....nq)e....C62Q.. [email protected]*9.t.u..d.V^....C.....{e..K
.u..<..:G.d~ .;F\[n..I.p..c.....z~..'.....v..a....e {..}....T.].`..
[email protected].../ ..=.8h.>~;H..|.u.E...,.AJj..M...dW...
..k....@$B..A.... .fN....5.....@.!...6......J.rU..v?V.x..1...$........
B.Oo.c... ...v...../...GK.K.z.......u....7..q........



GET /visitor/visitor?from=iframe HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: passport.weibo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Dec 2015 17:58:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Pragma: no-cache
DPOOL_HEADER: nyx68
Content-Encoding: gzip
SINA-LB:aGEuMTY4LmcxLmh5ZHMubGIuc2luYW5vZGUuY29t
SINA-TS:YjVlOTgyY2UgMCAwIDAgMTYgNQo=
6f7.............X.O.W.... ...f6..h."..R.M.6B.4.l.......83.nt..J[-!..P.
....<.......C..6~.......y...P;....{..s............#e..u............
....y.]...".5t...!.f2Jd..H.v......e...#...>[email protected]
X.K.H...S.5l(5x....U.i...4.hw..kH.-.t....>'.J.*%.%.T8g..."...*..v..
{....<...1.WmV,.D$....}u.A k..On..^[}tcns..w.....d....~.{.2.T.t.\..
..j.. .K..>NY.y.."W..9...f.b .2.x.C.V ..l1.a}.._...)t&8m.]G......l.
.4...j..G...2H...!.pY3$..E.AO.".QK......h...Q6i..Q&Sh.Y6*...F.)....9UK
O%.SWQ. ..W5.3S oJ..;m(........j...Bgf...<...>.........$5}.a..'.
[email protected].}..L........Nd....cq.Z..V....Q..h .........W.Z....1.3..-
.Br....S.......".z..97..x.gT.."2`..........n..j|..1..].8.2..de|.......
....1..B[?.....'.f2.c......Bj..-.... ...z0=....[Kw|.Sv#es.........4>
;......!G...&.6...pw..l.q.3..Y.a.........."t..o....aI>...Ar...=H_..
....J...$cef..8FJ..t.e.....&.}...w.l.NL-...A.I`_.....kL...#.e...K....e
j...[....,.%p'@....?zHBle...`.r........R..N]Kf=.x...........da{.....vB
..k...H..cMC.Y..X..a....}...H..{O...ui.......=B...........v..........1
....5..n.,4B.g......><5...r...J..a. ...?....'!.d....bT$U.;..Q...
Z..,..1....D.uM.,(...;....U.m8..0.yY../...... .3..-..c..S3..e8.lh....@
..P......{$1.-/..!..m..d.bh........#...'.V...... ....AT..M..o63.....n.
q.hI......2........W..%...........4...>.Nb..k.?..........#....r0j".
0.."...!..Z*....b.......wR........X...`x{..=.H%...H&g.H_.........m4.&g
t;9..`~~>.ve......Up..8=..f_..&9..........u..K.........<.....}.y
...(..:.....S.qy.....C.......P%..P...:.Jn..Q.^.R...8 ...pn%.......
<<< skipped >>>


GET /games/gpapi/gethometopwrap.shtml?_=1449683921334 HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: interface.sina.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Set-Cookie: statuid=__194.242.96.218_1449683917_0.23966900; expires=Fri, 11-Dec-2015 16:00:00 GMT; path=/; domain=.sina.cn
Set-Cookie: statuidsrc=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)`194.242.96.218`http://interface.sina.cn/games/gpapi/gethometopwrap.shtml?_=1449683921334`http://games.sina.com.cn/`__194.242.96.218_1449683917_0.23966900; expires=Fri, 11-Dec-2015 16:00:00 GMT; path=/; domain=.sina.cn
Set-Cookie: markpt=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.sina.cn
Set-Cookie: ustat=__194.242.96.218_1449683917_0.23966900; expires=Sat, 06-Dec-2025 17:58:37 GMT; path=/; domain=.sina.cn
Set-Cookie: genTime=1449683917; expires=Sat, 06-Dec-2025 17:58:37 GMT; path=/; domain=.sina.cn
Set-Cookie: vt=99; expires=Thu, 08-Dec-2016 17:58:37 GMT; path=/; domain=.sina.cn
Cache-Control: max-age=180
Date: Wed, 09 Dec 2015 17:58:00
Expires: Wed, 09 Dec 2015 18:01:00 GMT
Last-Modified: Wed, 09 Dec 2015 18:01:00 GMT
X-Comos-Header: 3
X-Comos-Cost: 0.005
X-Comos-ppByF: 65220
X-Comos-ppByR: 
X-Comos-cByF: 
X-Comos-cByR: c77791 c35727 c1713
Server_IP: 172.16.88.57
Content-Encoding: gzip
SINA-LB:aGEuNDkuZzEueWhnLmxiLnNpbmFub2RlLmNvbQ==
SINA-TS:YzhiYWMzNjggMCAwIDAgMTEgNwo=
d1b..............ko...{......P.|?....M....$..E..\.%.....l_....]R\.K.t.
C{0t..r........;R.BR...].,d.7../.Vn....bQ-..0..hB..~q..w.*..O......).P
....)6,....ad..X.c.U..,...OOO.2N..f.9M..... V..e....!q.0.,...h..:d..}.
.O......nqM>(......$.0..OC.z.[..a..w}.D..8F.........l...`.K{.[. .3.
...&....#'#-...._..9I....).y`0bO.....)..Wq."9..]}.m...........v....3..
...~.=s.....}..U ...`Y.p.a\..y...Y.n;"*.J....3 .:.\o^....K..BO)Q...e!.
....U..qL..$}0S.S...G_..B..&NC.</..&9....z.P..Y..6.qA..5j..^N...q.S
'Ml..(....A.APN........];....z..}!(...8......~.......=.....`.].i..J...
........r.....r.yM....J.2.mb..n.I....,z.......8b....o....AYoaZ. ...m..
......&d.<...@0.....,....U.y..q....W...f0|<.A.<......`.:.....
......{...Wz."...S.d$<)...........vD.:,.PSbb....$..I.....2.km-j...p
TJ:.7..p3...h.......45x>.....XhQSX`e..U9=K.......!..&e..j.?$ID.....
..A.......\....P..gv2..'.....Q`....R.W..........lH...U.:...cDM.e..SW.*
......~b.s...Q..WDoj.....r.5..ZC..H.............j.{ .L....j.!f.z;"8..q
.S.F.fb..Y...a-j..8.X...j.j..0..I...M..e%......D.<...?"."......;_..
o.w..w....L...j3.%....-.W..B!...gv..`..Sm...F.....z.......6\5j.y..I...
(.a'.pG........H...K.D/OU..S.....^.x.oK......X.d.N..:...R...SAD.z0m...
{.......Q.N..L...~....0.........xj..W.f.-........./...g....:3....s...&
lt;....h5..G...#........44....?.W.C].... .M.v....rT.:.p....d..vOy.!.$.
..m.v.O?..l....,.LMll.......(.......c...g[......F.Y...V...x...K.......
..T._...d...qlq.q[$..m..a1.6..D....#..9.cG.F....X;WcP..].vF`8...!.....
......#..}. zDtOc...$z.9,d.....)..,.U..(.N.V..v...(..E..`..B.O....
<<< skipped >>>


GET /newimpress?adunitid=PDPS000000057496&rotate_count=67&TIMESTAMP=ihz4dodd&referral=http://games.sina.com.cn/&callback=_sinaads_cbs_lf80xi HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sax.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Server: openresty
Date: Wed, 09 Dec 2015 17:58:44 GMT
Content-Type: application/javascript
Content-Length: 135
Connection: close
Content-Encoding: gzip
SINA-LB:aGEuMTIxLmcyLnlmLmxiLnNpbmFub2RlLmNvbQ==
SINA-TS:ZTRiYWRlY2UgMCAxIDAgNiAzCg==
.........../..KLL).ON*..I.0....V.M,.-.Q....QJL...J.@J).% ...L.M,..t.J*
.R.2%[email protected],...y9....Vr~^Ij^.....ZM........2|........



GET /newimpress?adunitid=PDPS000000057497&rotate_count=67&TIMESTAMP=ihz4dodd&referral=http://games.sina.com.cn/&callback=_sinaads_cbs_56jou2 HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sax.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Server: openresty
Date: Wed, 09 Dec 2015 17:58:44 GMT
Content-Type: application/javascript
Content-Length: 135
Connection: close
Content-Encoding: gzip
SINA-LB:aGEuMTE5LmcyLnlmLmxiLnNpbmFub2RlLmNvbQ==
SINA-TS:ZDBiYWRlY2UgMCAxIDEgNiAzCg==
.........../..KLL).ON*.75../5..V.M,.-.Q....QJL...J.@J).% ...L.M,..t.J*
.R.2%[email protected],...y9....Vr~^Ij^.....ZM..................



GET /xjl/mmcount.aspx?mm=000322F3B03368BC5DDF47F65E57B03959F01688D1C9E1002EB47ACB38B6637D25955DA074380AC8A6361945&randcode=00038B7CE0497B62E1017B9154FE484925E2B84176B79B2FD7C71945 HTTP/1.1
User-Agent: ........V4.1
Host: hi.vrbrothers.com


HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=gb2312
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 09 Dec 2015 17:58:17 GMT
Connection: close
c..Open..Open..0..



GET /s.php?sid=401069 HTTP/1.1
Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: js.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.2
Date: Wed, 09 Dec 2015 17:58:22 GMT
Content-Type: application/x-javascript;charset=gbk
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Last-Modified: Wed, 09 Dec 2015 17:58:22 GMT
Expires: Thu, 10 Dec 2015 05:58:22 GMT
Content-Encoding: gzip
6a7.............W.o.6......6.T$KvV.kR%.....4C..Cm/`d.. ..E.i....;=...i
.b..#.....d.'V...B..6.V|2Y...Y.s..l.D.*L.01 .....[Ns....Y.9F....Z.c...
.;j..[...-.~.Y...:a1...2......P>..\.`..j*[email protected]..`-.. ..U..p.1.T
....U.,[email protected]......~_H...#...r..T.C.L..0.4%[email protected].[.U..
L.)/.he..).p..6%^..".RMSt..h..<.c....../t..ppZh.D.#M.. ......D... .
.;..5;.Vzh...2U..b^TL...f.?...z.3.5.....?.N.z.........N.x.........d.0.
yx.A....s8....#?.....NN/Y...SG..a...1.b...j.MDVH.....K8.6Iy.Z...F.(.#.
Es..3..K^..*-..^.;.@jL>Qct....(9....A..".*&D.....P9...o..N..K:KhKq.
.(.().h J.!:...........}p....^.w*....L.U....U...S.....6.d>.i.\.3..q
..L...3........!..OM....6ev-g..(..\B............XIF..z.T.ii./..87F....
..=.....0S.......73.X.j..z!.(.zhK..uf.1.E.[)o.w*....O2..Jd...y .w.....
....2 ......\.g.m.}....%..b(.I.....[.eU.k...xX..`CU..o...........1....
x.">.u_........?..h.E.F..7....nt.dhea...Xc":........._.."M........X
..c]....-2.H....n...i...*.....%.\]f2...S.%..n.SBK.)....V9w......;...z~
...RO..ZNv..{...R....V...b.$a.....`C.G|..=*d|..0.......w.#..2.."...NlU
...\(W..F.UG[.Z...K..[....G. |~.-....$[..5..>.....c..]...-.KM.!../S
se.<=:k.1.....~....)..].y....)&<.2U#A......IH..hVD..c......UYW..
.......w.@..*K. v....L.DIuY..SH.......{......k .>...o".G..O.V.Ox...
._..Jq(Re.e0)m.!....i..|0..............7k.&....M.|....|.4H..?..T&_.gE.
.A/..%w...Akv......K.)..E..,..a....-....e.............k.6....;pa..Y.f.
{a.@hf...>N.~.Kcq..p.p..x.^=.p..B..^.R.#.........?.. ......8..w....
.......X.)......~....V..C.^.G.:R.......g.4...L.3.r..MC#..b.....S..
<<< skipped >>>

GET /js/s.js?v=20140108 HTTP/1.1


Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: js.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.2
Date: Wed, 09 Dec 2015 17:58:22 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Last-Modified: Thu, 20 Mar 2014 10:21:59 GMT
Vary: Accept-Encoding
Expires: Wed, 09 Dec 2015 18:58:22 GMT
Cache-Control: max-age=3600
Content-Encoding: gzip
1e73.............\.s.F.. $2 .!x9N2C.d.....lM.!iU .$......RD.....n\...L
vkwRc...>.......A....J........dg;w...i...`..q..'....W2..X.}...n....
%....:.ak.......].;.....3..W.'..Y.R[.y1..L\..6.x.s(.o.4...._g.p.....{k
..v.=.|v'....../...b.o....x..~?t.(.Oo7.%Y._Wfs.HR*.$.j...Q..TrI.T..a..
....r.......Z.G....>=..?...M....R5C7J..Re^.. J..$.t..>.s.A.D.M8.
.MY.G*YGb..Y_.....F....$.J<Z..,..GZ.y.....3...w..8{..~.;.(K..e..w..
l......".....D...JsG.R{Do...L..H\..<XQ;.e.Nx|.o...1.:.:...,>..9.
..Ke....l...-:H...M>.._...j. .'.....ja....&..5}[email protected]..&.l....
.H..%.O.._.b.JO.D%....y..$1h.N.76.e.U...3C...y....B.K.K...8....hl..b]j
c9..........^{hX.<R?..F.s......-.....IK.-...Y..............8Yz.Ku}.
...>....)...yJf...</...z-.. ...T..H?..5-1..G..Qm....%.....bf.FN.
..6/..s.a.O..[.....aM...H7vS7ln..Hz.g.4.ne{.....6..r4-H]...xD..t...$.3
..Z.........$N...hJ......,....l....z 1S. ..Y./.5>.^.U.&...p.....HU.
..3a........d.k..q.-... V....%}....,._..d...j..<.t....Z..e..dc;..;(
Lm..._B`P. JPFxr..a9c.jTdVM......~$.e...."o:h..........b.8#.Tq....e..z
 d..d(n>,lkf93k.^.q.Yc.D?...u.w~....J....0k....;.E2.A....8.S....SkC
.......3]7.'1..G..<Is~.i..^.......Qt@{...2P$C..t.}..$.C5.b?.]......
..P.."...*G.......d.S."q.........v ...i.....-=.%...4.....:m%..=.u61G..
.[.......5..X.4Jl~.T.D?.`.......,.b.... ..=.Y......d....'.L..p}/...f.!
...!{....d0..O.c.......Lg.^0. .N.....{......P......f..[N...F#....U.w..
...s.2...l .....Q..4:M.E....x%.P..0a.G.x..}Ng.t..~..Vt<..w=...nY]{.
.V../..|.(.t.... ..V7<[]..09f........hrI.QxC,E.`.....z.!34.m.N]
<<< skipped >>>

GET /aroute.php?sid=401069&width=1276&height=846&isf=1&domain=&proid=&pid=&fid=&mid=&floorid=&time=144968390702121&referer=&href=http://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm&queueid=1 HTTP/1.1


Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: js.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.2
Date: Wed, 09 Dec 2015 17:58:23 GMT
Content-Type: application/x-javascript;charset=gbk
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: ADM_USER=2c277e98b2408060b31dd3337925de03; expires=Sat, 11-Nov-2062 11:56:46 GMT; path=/; domain=.js.adm.cnzz.net
Content-Encoding: gzip
397...............n.F.._..M.@../R...Ek.v)*.a8..6.......{[email protected]{7.y
...Y>.;..noX..4..........3....<.....h*.`.....S...":O.}I.T..C....
G.5..2..W?..q.` .VPPU.k. q..p..{.(......D./......r.N.$<............
@C.%V..VWX...ZD~..w...".. -|...J...IL.W.N.DA.A.....P.,..(....f)F)..=..
s..p.......O.u..~..?'..p=.... ....L...X..Q..l.^.......{4F.dh-&....fY..
...$.nc.ScnN;..^o..Y..".Wv..yAw>.....kZ..hl.Y... ..&.....wD!E...0:.
.<....(K[i..6...,o....6o;...Q....Y...6...e...E..pl.(.B.".A...."..9.
0D..u.. n#.;M.s..i.....AE.D_.d...U4M.. .....H..#)\......sg..........XU
..ZW.*...T.%I..!^$..E.....t_D...(.2K.......4...&.D.....P.... I..~..p#.
..ap..o....a...%.. <..........u/...f....w.H.,...EW.n.r&.3....]m....
.W.`.i=~=R..WR(...B..&.4eA.DE.eU.9.../........-PT=z.E.............s3.l
nhO.A...Sn.b..... O...i:....7V....2;s#..v.3.......WX.~.,Kkl..O.w.Y...:
\l.I....W.1.}.......xYT}.x.I...REYw.R.Y..8.^../:...._....v..y.......2J
..d ....1..M.?...Fu.......l.q.....0..HTTP/1.1 200 OK..Server: Tengine/
1.4.2..Date: Wed, 09 Dec 2015 17:58:23 GMT..Content-Type: application/
x-javascript;charset=gbk..Transfer-Encoding: chunked..Connection: keep
-alive..Keep-Alive: timeout=5..Vary: Accept-Encoding..P3P: CP="CURa AD
Ma DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP 
COR"..Set-Cookie: ADM_USER=2c277e98b2408060b31dd3337925de03; expires=S
at, 11-Nov-2062 11:56:46 GMT; path=/; domain=.js.adm.cnzz.net..Content
-Encoding: gzip..397...............n.F.._..M.@../R...Ek.v)*.a8..6.....
..{[email protected]{7.y...Y>.;..noX..4..........3....<.....h*.`...
<<< skipped >>>


GET /gm/project/netgame200/grey.gif HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i3.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Content-Type: image/gif
Last-Modified: Thu, 17 Apr 2014 04:38:01 GMT
Expires: Sun, 13 Dec 2015 15:50:58 GMT
Cache-Control: max-age=604800
X-Cache: HIT from ctc.gz.28e4.217.spool.sina.com.cn
Content-Length: 1163
Accept-Ranges: bytes
Date: Sun, 06 Dec 2015 15:50:58 GMT
Age: 317037
Via: 1.1 varnish, http/1.1 ctc.ningbo.ha2ts4.99 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Varnish: HIT from GZ236-221.sina.com.cn
X-Via-CDN: f=Edge,s=ctc.ningbo.ha2ts4.99,c=194.242.96.218
GIF89a.............!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:82113031FB70E3119FC7906D12FE23B4" xmpMM:DocumentID="xmp.did:49C3
37B99E1511E3A0FC8DFD68F95481" xmpMM:InstanceID="xmp.iid:49C337B89E1511
E3A0FC8DFD68F95481" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F09BE3D0DB99E3118110
B73C1DB92609" stRef:documentID="xmp.did:82113031FB70E3119FC7906D12FE23
B4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>.............................................
......................................................................
...............~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIH
GFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! ........................
.........!.......,...........D..;..
<<< skipped >>>


GET /litong/zhitou/sinaads/release/sinaads.js HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d3.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 64272
Vary: Accept-Encoding
Accept-Ranges: bytes
Server: nginx
Date: Wed, 09 Dec 2015 17:55:44 GMT
Last-Modified: Wed, 18 Nov 2015 09:49:30 GMT
Expires: Wed, 09 Dec 2015 18:00:44 GMT
Cache-Control: max-age=300
Age: 181
X-Cache: HIT from ctc.gz.28e4.219.spool.sina.com.cn
Via: http/1.1 ctc.ningbo.ha2ts4.113 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.ningbo.ha2ts4.113,c=194.242.96.218
/*!. * sinaads. * @author acelan<xiaobin8[at]staff.sina.com.cn> 
zhouyi<zhouyi3[at]staff.sina.com.cn>. * @version 1.0.0. * . *   
                       $$!   ;$;. *                    !$  $$$$  !$$$ 
  ;;. *                 $ *$$;$$$$$$$$$$;*$$$. *                $$$$$$
$$$$$$$$$$$$$$$. *               $$$$$$;         o$$$$$o. *           
   *$$$   *#####;     $$$$$. *              $$$   &#$*!###     $$$$!. 
*              $$$;  $#!!###$   ;$$$$. *                $$$o  ;**   !$
$$$!. *          !$&&&&$!  o$$$$$$o;   ;$&###&!     ;o$&&##&$;. *     
  ###########$ o####*  #############!  o############. *     ;#####;   
     #####  $####    *####;          ####*. *      ###########  o#### 
  ####;    ####$  $######;o####. *          ;*#####o ####$  ####&    !
#### o####     ####. *    ####$**&####$ ;####  o####     ####o &####$o
$#####. *   ;o########$    *###   ####!    &####   ;######&!. *       
          ###;. *                  ##o. *                 ;#!. *      
           ;. */..!function(a,b){"use strict";var c=a.sinaadToolkit=a.
sinaadToolkit||{VERSION:"1.0.0",mode:-1!==a.location.href.indexOf("__s
inaadToolkitDebug__")?"debug":"release",debug:function(){var b="sinaad
ToolkitDebugContainer",d=a.console||{log:function(a){if(document.body)
{var c=document.getElementById(b);c||(c=document.createElement("ul"),c
.id=b,c.style.cssText="z-index:99999;overflow:auto;height:300px;positi
on:absolute;right:0;top:0;opacity:.9;*filter:alpha(opacity=90);backgro
und:#fff;width:500px;",document.body.insertBefore(c,document.body.
<<< skipped >>>


GET /newimpress?adunitid=PDPS000000057495&rotate_count=67&TIMESTAMP=ihz4dodd&referral=http://games.sina.com.cn/&callback=_sinaads_cbs_bl4w7a HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sax.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Server: openresty
Date: Wed, 09 Dec 2015 17:58:44 GMT
Content-Type: application/javascript
Content-Length: 142
Connection: close
Content-Encoding: gzip
SINA-LB:aGEuMTE4LmcyLnlmLmxiLnNpbmFub2RlLmNvbQ==
SINA-TS:ZWJiYWRlY2UgMCAwIDAgNiA0Cg==
.........../..KLL).ON*.O.1)7O..V.M,.-.Q....QJL...J.@J).% ...L.M,M.t.J*
.R.2%...E...@...*[email protected]...........(..
....



GET /qmacro/ad-mymacro8-n.htm HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ad.vrbrothers.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 09 Dec 2015 17:58:18 GMT
Connection: close
Content-Length: 1163
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=gb2312"/>..<title>404 - ..
................</title>..<style type="text/css">..<!--
..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, 
sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} .
.h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0
;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;
} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family
:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#55
5555;}..#content{margin:0 0 0 2%;position:relative;}...content-contain
er{background:#FFF;width:96%;margin-top:8px;padding:10px;position:rela
tive;}..-->..</style>..</head>..<body>..<div i
d="header"><h1>..........</h1></div>..<div id=
"content">.. <div class="content-container"><fieldset>.
.  <h2>404 - ..................</h2>..  <h3>........
..............................................</h3>.. </field
set></div>..</div>..</body>..</html>....



GET /stat.gif?sid=401069&aid=248687&mid=290329&ip=194.242.96.218&cookie=2c277e98b2408060b31dd3337925de03&showp=1276x846&href=http://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm&referer=&rtime=1449683907818&js=2 HTTP/1.1
Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: am1.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.2
Date: Wed, 09 Dec 2015 17:58:25 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=5
Last-Modified: Thu, 07 Jun 2012 02:47:58 GMT
Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: Tengine/1.4.2..Date: Wed, 09 Dec 2015 17:58:2
5 GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-al
ive..Keep-Alive: timeout=5..Last-Modified: Thu, 07 Jun 2012 02:47:58 G
MT..Accept-Ranges: bytes..



GET /litong/pengchunli/SinaDotBgSponsor_new.js HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d1.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: nginx
Last-Modified: Mon, 30 Nov 2015 02:28:36 GMT
Expires: Mon, 07 Dec 2015 11:10:51 GMT
Cache-Control: max-age=300
X-Cache: HIT from ctc.gz.28e4.219.spool.sina.com.cn
Content-Length: 834
Accept-Ranges: bytes
Date: Mon, 07 Dec 2015 11:05:51 GMT
Age: 197573
Via: 1.1 varnish, http/1.1 ctc.ningbo.ha2ts4.101 (ApacheTrafficServer/4.2.1.1 [cSsNfU])
X-Varnish: HIT from GZ236-222.sina.com.cn
X-Via-CDN: f=Edge,s=ctc.ningbo.ha2ts4.101,c=194.242.96.218
...........U[o.0.~...`UbI.-M;.XBA.&....I{D..&^.;.N....c;...(..%...}.9&
gt;v.%C.p.\..>>..[B.xa......JAC0..*..8...0.#.......r2.O/.....`r.
?....3..-:k..0.r...B....\.S..T......'[email protected]!x....%.@.<YkD
.Ge.....>6K_.5.>...?)p:.N.C.H./Y.....N.n|..;......?......0~.p...
......8S.0,...X.Pl._.............I.V.LM. K.,.....M.%1i..S...G ."%,.t..
.L....hQ.."...!.)G...9`.........s....F.k,..[.F..X}VJ..T.u2...YK...W...
. ....)[email protected]`Q`.|..M\......k{.;V.pzv....
V......`.....Q.q..A,5.>a.....[....S ..5......f.$x.K..../X:......6W.
u.5......Gg.pge.G....R.p.I..^.......7,W$oW.....?.......(n...Q..:....k.
.9....o...f7....(..n.veV$..........<.~R..*.....Cq.w.T..z.Pm.t...=0.
...s..h .....v.d.mw7....`.Bj..n..jgwPe>...m....}...r.zN9......i.x..
;W..6...X.....O...w........R..%Ra..[...s.*....._......a..(...F.T.q...g
mkU..a..g...?...`........


GET /201511/25/1397333.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d1.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Server: nginx
Content-Type: image/jpeg
Last-Modified: Wed, 25 Nov 2015 05:45:09 GMT
Expires: Wed, 09 Dec 2015 18:02:21 GMT
Cache-Control: max-age=300
X-Cache: MISS from ctc.gz.28e4.217.spool.sina.com.cn
Content-Length: 14911
Accept-Ranges: bytes
Date: Wed, 09 Dec 2015 17:57:21 GMT
Age: 84
Via: 1.1 varnish, http/1.1 ctc.ningbo.ha2ts4.114 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Varnish: MISS from GZ236-221.sina.com.cn
X-Via-CDN: f=Edge,s=ctc.ningbo.ha2ts4.114,c=194.242.96.218
......Exif..II*.................Ducky.......<.....1hXXp://ns.adobe.
com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-
c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRe
f="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://n
s.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:E36E42CC929811E5BD24D9
C54A492352" xmpMM:InstanceID="xmp.iid:E36E42CB929811E5BD24D9C54A492352
" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:
DerivedFrom stRef:instanceID="xmp.iid:D3F2DA2386B111E5A9C598318944CA5C
" stRef:documentID="xmp.did:D3F2DA2486B111E5A9C598318944CA5C"/> <
;/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket
 end="r"?>....Adobe.d..............................................
......................................................................
.............................2........................................
......................................................!1..A.Qaq"2...BR
#3.U.b4.....5..r.$%6...CS..D8......................!1..AQa."..q.....2R
.S...B..3.br.#...............?....8B.P..@(........pXLvV\.b.."<.....
.e...H.66.T;.N.mm'S...rX...x.d ...c.d....C.......o...........t0....:K~
.'...4.....b.u.dH.....8..n..F...)..4.hi$.(....arA...f.y..l]{....q....~
...y(....S."k=......m...KK...!i ....9..u(i.Fr.....P..@(......P..@(
<<< skipped >>>

GET /201511/23/1397019.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d1.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 239100
Accept-Ranges: bytes
Server: nginx
Date: Wed, 09 Dec 2015 17:55:51 GMT
Last-Modified: Mon, 23 Nov 2015 08:21:48 GMT
Expires: Wed, 09 Dec 2015 18:00:53 GMT
Cache-Control: max-age=300
X-Cache: HIT from ctc.gz.1be4.55.spool.sina.com.cn
Age: 172
Via: 1.1 varnish, http/1.1 ctc.ningbo.ha2ts4.116 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Varnish: MISS from GZ236-221.sina.com.cn
X-Via-CDN: f=Edge,s=ctc.ningbo.ha2ts4.116,c=194.242.96.218
......Exif..II*.................Ducky.......d......hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c02
1 79.155772, 2014/01/13-19:44:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:7D808CCB3503E3119
8E8FE26A545B9D3" xmpMM:DocumentID="xmp.did:93B8EA2B853411E58E85A4B82B6
CC0B3" xmpMM:InstanceID="xmp.iid:93B8EA2A853411E58E85A4B82B6CC0B3" xmp
:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:Deriv
edFrom stRef:instanceID="xmp.iid:8132f96d-ac38-4342-9ac6-dac6732d993b"
 stRef:documentID="adobe:docid:photoshop:da9cc4b3-c9b4-1178-9d44-f22ba
0e1ecfe"/> </rdf:Description> </rdf:RDF> </x:xmpmeta
> <?xpacket end="r"?>....Adobe.d.............................
......................................................................
.............................................. ...............(.......
......................................................................
.........!a.1AQ..q.."....2#.5u..6....BRb3.T.....r.Ss.$4t.Ue....W....h.
.CcD..&F.7...%'(8.dVv..).Ef.gw9:....GHX.I..........................!..
1AQa".q.2...56.....BRr..#.t....b.3Ss.Tdu...c....$4.....Ue.CD.E...f...%
&7...V8............?...>z......................................
<<< skipped >>>


GET /a.gif?V=2.1.13&CI=sz:1276x846|dp:32|ac:Mozilla|an:MSIE|cpu:x86|pf:Win32|jv:1.3|ct:lan|lg:en-us|tz:-2|fv:10|ja:1&PI=pid:0-9999-0-0-1|st:0|et:1|ref:|hp:N|PGLS:|ZT:|MT:|keys:|dom:24|ifr:0&UI=vid:undefined|sid:2365770130630.8916.1449683920506|lv::1:1:1|un:|uo:|ae:|lu:|si:|rs:0|dm:0|su:&MT=&EX=ex1:|ex2:&gUid_1449683920506 HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: beacon.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::


HTTP/1.1 200 OK
Date: Wed, 09 Dec 2015 17:58:36 GMT
Content-Type: image/gif
Content-Length: 35
Last-Modified: Mon, 27 Jan 2014 06:57:57 GMT
Connection: keep-alive
Set-Cookie: SINAGLOBAL=194.242.96.218_1449683916.429710; expires=Tue, 19-Jan-2038 03:00:00 GMT; domain=.sina.com.cn; path=/
Set-Cookie: Apache=194.242.96.218_1449683916.429714; domain=.sina.com.cn; path=/
P3P: CP="CAO DSP COR LAW CURa ADMa DEVa PSAa PSDa OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT STA",policyref="/w3c/p3p.xml"
Server: Suda/1.4.2
Accept-Ranges: bytes
GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Wed, 09 Dec 
2015 17:58:36 GMT..Content-Type: image/gif..Content-Length: 35..Last-M
odified: Mon, 27 Jan 2014 06:57:57 GMT..Connection: keep-alive..Set-Co
okie: SINAGLOBAL=194.242.96.218_1449683916.429710; expires=Tue, 19-Jan
-2038 03:00:00 GMT; domain=.sina.com.cn; path=/..Set-Cookie: Apache=19
4.242.96.218_1449683916.429714; domain=.sina.com.cn; path=/..P3P: CP="
CAO DSP COR LAW CURa ADMa DEVa PSAa PSDa OUR DELa BUS IND PHY ONL UNI 
PUR COM NAV INT STA",policyref="/w3c/p3p.xml"..Server: Suda/1.4.2..Acc
ept-Ranges: bytes..GIF89a.............,...........D..;..



GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: games.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491


HTTP/1.1 200 OK
Content-Type: text/html
Vary: Accept-Encoding
X-Powered-By: schi_v1.02
Content-Encoding: gzip
Server: nginx
Date: Wed, 09 Dec 2015 17:58:19 GMT
Last-Modified: Wed, 09 Dec 2015 16:19:55 GMT
Expires: Wed, 09 Dec 2015 17:59:19 GMT
Cache-Control: max-age=60
Age: 10
Content-Length: 95354
X-Cache: HIT from ctc.gz.1cf2.44.spool.sina.com.cn
............k....0....-..Djx.n...td.lkc.Z].[.2.I69...4/3.s...M..8.7.'.
M.g.<......d..#....g$}z..[.K7........u.l4P(...B.P8{r...7_.v...n...8
{2...t......sg1.j......| . .sgO.....{7.;g.....U......_3.......{SC....X
r.....n.^...:..O=....'....M.9. |.1..r.k.`..z)w.B..pk.M.V.OY..`.....KM.
......p.o:..4...s.?....~y...._.{...7.....}....|.&....>.........u...
....3.w&BE.L....>..].p............$.....9........../...!_.}........
..p.............o..r........?|.............^...8....2P...~7........*.y
...?...d.....7......|.[....q..;...'.?.Z..?....|.......................
.<..?f...-`~.................O.~..O...OPA.(.....C.*[email protected]
........?~.i......].....Hwx.)..@......_...o.A.......}....G.`[email protected].~..
..t.7o.|.....t..........?...............o..^.....}..G...Go.....~......
1......|....r.~...s.E....i.. ....Aa.ME.}.-.{.....|......~..w_}..G.....
.UJX.[N.>..O........C...}U%.m $......>..-%r(>.Ja.w..G.|.&P...
o.|.}$...t...... [email protected]..}.... ...7-.'.xS
8....=x....._..V:..Gg.'Z..n6..f.lk6.........,......z s.].j.)..Y. A{<
;...S.e.y?He.....>.............`....o>|..7...5u..l...L..Nv......
..'..f7...Rv....dGc.j......[.n..; &.}.."...b8......k....N7..Nvc.....A.
.g.I..:@..?....G.#...."(=..x...x8.e...,;...(m.l...q/............?...l.
.y.d.?&/(.hB.=....._.?...d..9( ..?...i.t..`8.!=..........a........*d..
Z..v0..~'..n......A..}k.es..=.{..U........k..o^y.l...k.~.)...&o'.....*
.P.y.....7..&.m.b........zFNm.y}8.Zu.........?.......f......x...R.....
..twu#.t.AC...?GHi7..[M...Fk8.hl.AocJz.........._.....jy.Ml...j=..
<<< skipped >>>


GET /api/newgamerank.php?type=week&num=3 HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ka.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Date: Wed, 09 Dec 2015 17:58:44 GMT
Server: Apache
Cache-Control: max-age=120
Expires: Wed, 09 Dec 2015 18:00:44 GMT
DPOOL_HEADER: 10.73.13.105
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2358
Connection: close
Content-Type: application/json
SINA-LB:aGEuNzAuZzEudGMubGIuc2luYW5vZGUuY29t
Set-Cookie: dpha=usrmdinst_31; path=/
SINA-TS:OThlZjlhY2UgMCAwIDAgMTcgMTcK
.............o.7............6=.............$.V,K.$[N...73\.W..$N...2..
......&..lV.'.......r....&....qn.8...,\..,A........L...arm....,O.Un...
......|s..d5YL6.k...|...S...F...%.\;n..5.ZL.....o.\<........i.-.z5o
...0.mY...%i....~......K..r..T.(QC.g.4...,...Zq....Ep(K.D.j^..)...... 
.]z.8*^.keA......Sl...-.G...#...[...#..,.9.M&.?7Us..~ .r.....].......b
.bh..B....}..v....5...8.X..C,x....;.K..r.%..G...M.u]i7.......6.AG..w`.
..... ...........#.:.!W..a......*.%w-"....R.ECD..6....F.".n..:..m.s>
;.ez.0d."=m..uS..*...t..o&..o....M^.):.l..N...v.=^..avyv......d....d,.
.#.G..._8....\...;.G..........s..7....:.Gz....i...XX.......:l.y;/.|Cg-
...6y.....^S....'..N\.....n...g.y.._w.-v..9....FZ.2...C../).t.....s..1
;bj.?......Y....j>\.".u.........[..2r2.J8!t?......z..."3..&[8..1m.Y
;...k..*.)D.n.....G-w......O...../..>...y;.B..~....%.r../C.n.|.v.N.
......9......|..M...LO.....o....5.q/=..=....^^m`.U.......M7...hZ.U..z`
.w....H%.....wWi3....{..........6...d$...O....~..m..M....7op.d......:.
W8.......%.6.6.....Vd..1.........t.........GD.........'^....qp.....^c.
[email protected].;!.0.}.Y....-bA.....g...bKB........
2......v.g....t.b...=...`..... ...ncd.e%....[....J....c.....tRs.=...%.
.5.2....om..e$....8.-..]..L..h/........m(........9DJkl.}....:h.....Q.:
.v..).#Y.~. ......s.._._...5..b......c. [email protected]`;<.,.)d.Q
..6"...b..j.L.\,.v..<.MF.}(.....*.a.4......n.t7.....2.....-.w.)....
.5.^....[...0......M.a..j.VE......r.DN.*C.. .}..vSk.m..o......O.}.z..^
...[%..N..2.M...Ob.{....I... .....!.D.'c.....".......4.=.^.r....H.
<<< skipped >>>


GET /hm.js?9f7c90c4f314eb12aa0ed7c4b4d9d002 HTTP/1.1
Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 8702
Content-Type: application/javascript
Date: Wed, 09 Dec 2015 17:58:25 GMT
Etag: dfb42ffe0b4ea6e378c5ae9a18351bca
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=CA3A2F494FF49E55; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
...........%...(function(){var h={},mt={},c={id:"9f7c90c4f314eb12aa0ed
7c4b4d9d002",dm:["ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm"],js:"ton
gji.baidu.com/hm-web/js/",etrk:[],icon:'',ctrk:false,align:-1,nv:-1,vd
ur:1800000,age:31536000000,rec:0,rp:[],trust:0,vcard:0,qiao:0,lxb:0,co
nv:0,med:0,cvcc:'',apps:''};.;kw..... h4...LI....F.i..i..7I.{....$(1.H
..$......|.....n....13.....ZdV..i.X}...> x..c....wQ8.........y$-.&.
.8.C{.S........H3g....T&..kV.?Z4.R....S5^...n.......y0.f.....H>O...
.7.Z.z.G.....^.$6..t%...Uum.M.......#C.]^....Uk.!..S..M......L...DA1.n
..KnIwop&.......q.}'....'6.0..j..(O.7'...W._Dib......A..7t~.tl`..X..B.
.'......i..].F.[..D"......C..BD....nA..9$....(f8..j..z0.~y..2..P..../.
.).(...../..r..2I.s.l.i5.H.3Y.2hq.P6..o-J.H.=~.N...n.PB.y }{oo....b2,.
.My46.o....^.T<.%6..{...r.?E...>L3...l...Rf.D.lv.\.l.`..p.h.3...
@...R.4.m..b..XH.=Z..n..rOl........%......[z.?<w..T........dZ.\.Z.^
.K..7..nW...D......r......8.I,........../U ]......z.D....oX...&.U.A.|.
._"8p..F..W=-..t-[3m.........T.2 L..u...AP.....p.Z......,$....Dp.....'
.f....$M...'.30..PS.....l.@Y.(....K.....si.....~v..ON.).4 ..b.F.@.."nx
g..... ..]{j....8.....2ya.Z_*..E.V...}Q.;....P..]..U..SGa....Y.....v ,
`....D.K.....`O........If".._..Ac..Cq..N....M.r..].....;..U...bop..a#^
..w"^I.Q.....h....(.*:.....%7mbu.<]e.....).Z..;.2.Qx.............?.
[email protected].../..iSf.Y..p,&..im.=....~.30.O.Z.....'.....0N.*...)....
.K...k.oG ...Cp*.kZ..5..O.m..1....'7.....e..P....j&..U3.f...a.c....<
;........6...Dx4...ihA....".$.a......oz\=%Y-<.U.V...%Q.........
<<< skipped >>>

GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=1990573015&si=9f7c90c4f314eb12aa0ed7c4b4d9d002&st=1&v=1.1.20&lv=1&tt=vrbrothers-276*226 HTTP/1.1


Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=CA3A2F494FF49E55


HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 09 Dec 2015 17:58:25 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Content-Length: 43..Content-Type: i
mage/gif..Date: Wed, 09 Dec 2015 17:58:25 GMT..Pragma: no-cache..Serve
r: apache..X-Content-Type-Options: nosniff..GIF89a.............!......
.,...........L..;..



GET /qmacro/ad-mymacro8-p.htm HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ad.vrbrothers.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Wed, 09 Dec 2015 09:36:40 GMT
Accept-Ranges: bytes
ETag: "04351b6532d11:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 09 Dec 2015 17:58:17 GMT
Connection: close
Content-Length: 1359
...........V[o.....#..........;.z...-.....TQ...c{a/..8..H.S)-.V*..R..Z
.....".|...'.B...^'......gg..........O*..o/..?UCm....... .....^~Y...*:
s.~.8RD..}....<...T;..n3....^.'.......;....p..S`)K.d&^8x.."n8...S.(
.r92..)1.t(#.k.......e.e.eB......H..n0.[k.h.?.L...0....0..ta.o..kS?..R
.... R.'Ar.Cul.........]....~...`..4.3......t...v..JM.9].0.R ........h
xf."r....yY..s.)._..8q=.Mk..C.............[..~...........~....;?~9.z..
.M$.!`.^. .z&..9.N...(..VC. j....g....Db:..^. ..I..iw......"......:...
.A.p..m ...?.\...^.@.|..(.YE....W.Y)c. ....m..=.&..B......QT.E.9W....l
..J.P....2..Z..p.tT.p.........$..pE.tp......<...V..8.a.........H\..
V.4.'..../.l.]...q.....gt.....).D..|...c.."..#._......b.]...>8.,..%
.,..f^)...."S.d....l....1l.F.....R.NZ'........"K.2.A..gR.r!Vl.6=.f....
"...l.1...<.e.w....8.e.;oQ z1...1.hz.%.DY..3`bwA..........\..?.$.~.
....H._....8.r;..b(.k.*....;...x}.2.r[x!r:.~."../...f.'.n.K'.X$.V\....
..........?..M.W...g.........>.~uy:.O....HAz8.:......(..lH...$...;.
.?...ep...{....K3....(.^.Z@...&.Lh.N..P.>.....uD.....w8h...'..:..EY
....<....L.!.Z...I....N.#.=.6'... ...........2.3^..v>.?.v.u4A.11
........&.X{d)..b...!.;..W.,7..@.@T.>D..-...#G.-4..........xZ..*.m.
D...J...u}.;YU.^\..*..d..6e..I....g..y]..Y...{..O.4..>.mU....qJ6...
.&....f.yY........!..HDl4:......x..4t.rM.'z..f.....*.1.\.O......n.....
......m]. .J.\.h.T.....P..BA.3.rS...)^..y.\-....?...=3.E.....
<<< skipped >>>


GET /stat.gif?rsid=401069&raid=248687&rmid=290329&rip=194.242.96.218&rcookie=2c277e98b2408060b31dd3337925de03&showp=1276x846&href=http://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm&referer=&rtime=1449683907834&view=1 HTTP/1.1
Accept: */*
Referer: hXXp://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ex.am1.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.2
Date: Wed, 09 Dec 2015 17:58:25 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=5
Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT
Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: Tengine/1.4.2..Date: Wed, 09 Dec 2015 17:58:2
5 GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-al
ive..Keep-Alive: timeout=5..Last-Modified: Wed, 18 Dec 2013 05:49:28 G
MT..Accept-Ranges: bytes..



GET /newimpress?adunitid=PDPS000000005326&rotate_count=67&TIMESTAMP=ihz4dodd&referral=http://games.sina.com.cn/&callback=_sinaads_cbs_wa46dx HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sax.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Server: openresty
Date: Wed, 09 Dec 2015 17:58:42 GMT
Content-Type: application/javascript
Content-Length: 345
Connection: close
Content-Encoding: gzip
SINA-LB:aGEuMjE5LmcyLnlmLmxiLnNpbmFub2RlLmNvbQ==
SINA-TS:ZWJiYWRlY2UgMCAxIDAgNyAzCg==
...........Qkk.0../.e..&}N....Mq.?Y)i.v.&...'..K....`y..{.'..L1.q.2..l
...8........h...\.<.f.,&...=B.....cC..k. v.12.].-IyScm..V.Jv..BS./.
.%.....(uS.@......"R..(D.................`.W.&j&.Wb....H.....&..Z..N..
.O..x?.t{.:;...?1..........75.:..T....?mZ.1..\....X%..... .HY.a..G....
.K..l.?nv...1...ipi[viYW..1..A8.H..a..x......e......_........n........



GET /blog7swf/fonts.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://passport.weibo.com/visitor/visitor?from=iframe
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sjs.sinajs.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Sun, 06 Dec 2015 20:14:39 GMT
Content-Type: application/x-shockwave-flash
Content-Length: 1014
Last-Modified: Thu, 21 Nov 2013 02:25:21 GMT
ETag: "528d6f11-3f6"
Expires: Tue, 05 Jan 2016 20:14:39 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 251049
Via: http/1.1 ctc.shanghai.ha2ts4.132 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=ctc.shanghai.ha2ts4.132,c=194.242.96.218
CWS.....x.}S[o.D...m.ksi.6.eii.%.....u#B.."h..>......'.:vdOnO._.. !
..S. ....^..elg7........s...........`..fv...C.W...g..g....g;~....t)...
e4.UG.U..(.'''.z...U...O......=...M.........5n.....`.j..E....%.]!6....
.a....z.t...u......9e\...~7.CR1m.wO.90.P....0.6)].d\.....Ct.....h..1q.
..nO.{.1..'.I....@.?h...%^}..9.(.b..0.G0u...bA..Ng.;.~~....C.....;,}^.
...... x.|P.Y......?.Sp............../@...x...k./........`.....{..d@5.
U.0t-#...J.A...`.n.g9.!....a.}.O...gQ.L...'X.EE..$t&.O|Jz.....8.O....Q
..1.|8.r. K...SV..6.p.o-.w..n4.....[/o.7......C.....S.9....&W..M...C.E
`4.....m.......x...,..4q.=.....G..3.,..c.HU.P.......P.ZT...`3.[.WD.gL.
..x;...-..5$.p..D6....V#.c...(.M.f..... .....,..\.."......z._^..}.\...
.Z.DPH.V.E..By.(...;.R.Q.#.).X<!$S..Lv.A.q.."...e$...Gb.I).... .E0.
`..e....!.....77`l........... .1.. .S........!.d.L.>z...bL..go....N
.A..P. ..A..S...xf.:[email protected])..8^...M...w.%N..W
....r..or.u.7-...._.~....I..{..-. f.......[sm.........:.JL..........]s
...T%@ ....m....m...~...........<|._..?{$.7..



GET /view?type=bottom&t=UERQUzAwMDAwMDAwNTMyNQ==&_sinaads_sio_log_cs339c HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sax.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Server: openresty
Date: Wed, 09 Dec 2015 17:58:43 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
SINA-LB:aGEuMjIwLmcyLnlmLmxiLnNpbmFub2RlLmNvbQ==
SINA-TS:ZTRiYWRlY2UgMCAxIDAgNCAyCg==
33............s.t..Ldd`d.....?Y.AL....a`brad....... .....0..



GET /gm/home/2014/slogo1.jpg HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i2.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Dec 2015 15:21:31 GMT
Content-Type: image/jpeg
Content-Length: 5321
Last-Modified: Fri, 23 May 2014 02:18:08 GMT
Expires: Wed, 16 Dec 2015 15:21:31 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
X-Cache: MISS from xidan-101.sina.com.cn
Age: 9429
Via: http/1.1 cnc.beixian.ha2ts4.214 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=cnc.beixian.ha2ts4.214,c=194.242.96.218
......Exif..II*.................Ducky.......d.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:7D808CCB3503E3119
8E8FE26A545B9D3" xmpMM:DocumentID="xmp.did:EDAA3B6EC39F11E3A325BBF002B
538FD" xmpMM:InstanceID="xmp.iid:EDAA3B6DC39F11E3A325BBF002B538FD" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:9866C1DE4FC1E311922D836587AA6A21" stRef:doc
umentID="xmp.did:7D808CCB3503E31198E8FE26A545B9D3"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
..................2.2.................................................
............................................!..1a.7..A.."b.456.Q.2R#3d
Vf..$TU.vW..........................!...1AQa"2B3..456q..R#ScTd....btU.
7.$DE.............?.x.Gu'..^kxe{c...c../.D..j......}.FH..k=.G.u.p..[..
.E.~.o...]ErM...x.e..V .IX.wP@y\.vg. .U..0.vke.....U..........Z^.(/.nj
c.2y.S.0^v..8....._.X.S.cl..........g...2..o.Z.h...a.Ed..d.*..D..I
<<< skipped >>>

GET /gm/home/2014/slogo3.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i2.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Dec 2015 13:48:54 GMT
Content-Type: image/jpeg
Content-Length: 4635
Last-Modified: Fri, 23 May 2014 02:18:08 GMT
Expires: Wed, 16 Dec 2015 13:48:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
X-Cache: MISS from xidan-100.sina.com.cn
Age: 14992
Via: http/1.1 cnc.beixian.ha2ts4.212 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=cnc.beixian.ha2ts4.212,c=194.242.96.218
......Exif..II*.................Ducky.......d.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:7D808CCB3503E3119
8E8FE26A545B9D3" xmpMM:DocumentID="xmp.did:EDAC5E4BC39F11E3A325BBF002B
538FD" xmpMM:InstanceID="xmp.iid:EDAC5E4AC39F11E3A325BBF002B538FD" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:9866C1DE4FC1E311922D836587AA6A21" stRef:doc
umentID="xmp.did:7D808CCB3503E31198E8FE26A545B9D3"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
..................2.2.................................................
...............................................!.8.1.56"b4d..V7g.aq2R#
3c$T.W..........................!1.A..Qa"23.4qBRSc6..b#Cd.5U....s.$Tt.
7..............?..........nQK|.n........6E... .]..6fj5..7.....9p..,tN.
......P5...jK....jW"(.!zA.3.....Nyg...1........m.oE.....SG%}|[email protected].
..CO...q...([email protected]`.......s.[#....b..G.E..L....*'....S..3
<<< skipped >>>


GET /qmacro/ad-mymacro8-b.htm HTTP/1.1
User-Agent: ........V4.1
Host: ad.vrbrothers.com


HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 09 Nov 2015 05:35:03 GMT
Accept-Ranges: bytes
ETag: "80dded61b01ad11:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 09 Dec 2015 17:58:17 GMT
Connection: close
Content-Length: 1295
<!--body ......... vrbrothers.ad ..................-->..<!DOC
TYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.
w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="htt
p://VVV.w3.org/1999/xhtml">..<head>..<title>vrbrothers&
lt;/title>..<meta http-equiv="Content-Type" content="text/html; 
charset=utf-8" />..<style type="text/css">..td,td a{color:#B1
4141;}...left_img img{ width:72px; height:54px;border:1px solid #fff;}
..</style>..<base target="_blank">..</head>..<bod
y style="margin:0; padding: 0px; background:#fff;" scroll="no">..  
  <table width="468" height="60" border="0" cellpadding="0" cellspa
cing="0">..  <tr>..    <td width="234" bgcolor="#FFFFFF"&g
t;....<!-- .....................-.................. -->....<s
cript type='text/javascript' charset='gb2312' src='hXXp://js.adm.cnzz.
net/s.php?sid=401066'></script>.....</td>..    <td w
idth="234" bgcolor="#FFFFFF">....<!-- .....................-....
.............. -->....<script type='text/javascript' charset='gb
2312' src='hXXp://js.adm.cnzz.net/s.php?sid=401068'></script>
.....</td>..  </tr>..</table>..<br><br>&
lt;a href="hXXp://VVV.51.la/?321019" target="_blank"><img alt="&
#x6211;要啦免费统计" src="hXXp://i
mg.users.51.la/321019.asp" style="border:none" /></a>    ..&l
t;/body>....
<<< skipped >>>


GET /ckctl.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: beacon.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::


HTTP/1.1 200 OK
Date: Wed, 09 Dec 2015 17:58:36 GMT
Content-Type: text/html
Content-Length: 1078
Last-Modified: Mon, 27 Oct 2014 07:47:04 GMT
Connection: keep-alive
P3P: CP="CAO DSP COR LAW CURa ADMa DEVa PSAa PSDa OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT STA",policyref="/w3c/p3p.xml"
Server: Suda/1.4.2
Accept-Ranges: bytes
<!DOCTYPE html>..<html lang="en"><head>..<meta ht
tp-equiv="content-type" content="text/html; charset=UTF-8">...<m
eta charset="UTF-8">...<script type="text/javascript">...(fun
ction(){function a(c){document.cookie=c "=; domain=.sina.com.cn; path=
/; expires=Thu, 01 Jan 1970 00:00:00 GMT;"}function b(){cklst=document
.cookie.split(/; */);wlist=",,ALF,Apache,ArtiFSize,ArtiVAuto,LUE,LUP,S
GUID,SINABLOGNUINFO,SINAGLOBAL,SINA_NEWS_CUSTOMIZE_city,SUE,SUP,SUS,Se
ssionID,ULOGIN_IMG,ULV,UOR,U_TRS1,U_TRS2,VBLOG_LOGIN,__utma,__utmb,__u
tmc,__utmz,_ipuba,_s_upa,hqEtagMode,lxlrtst,lxlrttp,mvsign,rotatecount
,sso_info,vjlast,vjuids,wapparam,admin_house_ticket,user_info,public_u
ser_id,admin_id,dummy_ip_local_index,dummy_ip_location1,dummy_ip_locat
ion2,ustat,sinaads_entry,SUB,SUBP,sina_sc_is_first,sinaLoginReward2014
,user_survey,";for(var e=0,c=cklst.length;e<c;e  ){var d=cklst[e].s
ubstring(0,cklst[e].indexOf("="));var f=cklst[e].substring(cklst[e].in
dexOf("=") 1);if(wlist.indexOf("," d ",")==-1){if(d.indexOf("directAd"
)!=0){a(d)}}}}b()})();...</script>..</head>..<body>.
.</body></html>HTTP/1.1 200 OK..Date: Wed, 09 Dec 2015 17:
58:36 GMT..Content-Type: text/html..Content-Length: 1078..Last-Modifie
d: Mon, 27 Oct 2014 07:47:04 GMT..Connection: keep-alive..P3P: CP="CAO
 DSP COR LAW CURa ADMa DEVa PSAa PSDa OUR DELa BUS IND PHY ONL UNI PUR
 COM NAV INT STA",policyref="/w3c/p3p.xml"..Server: Suda/1.4.2..Accept
-Ranges: bytes..<!DOCTYPE html>..<html lang="en"><h
<<< skipped >>>


GET /201511/23/1397020.jpg HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: d1.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491; UOR=,games.sina.com.cn,; ULV=1449683920506:1:1:1::; SINAGLOBAL=194.242.96.218_1449683916.429710; Apache=194.242.96.218_1449683916.429714


HTTP/1.1 200 OK
Server: nginx
Content-Type: image/jpeg
Last-Modified: Mon, 23 Nov 2015 08:22:13 GMT
Expires: Tue, 08 Dec 2015 15:56:25 GMT
Cache-Control: max-age=300
X-Cache: HIT from ctc.gz.2ae4.52.spool.sina.com.cn
Content-Length: 29412
Accept-Ranges: bytes
Date: Wed, 09 Dec 2015 17:58:31 GMT
Age: 269
Via: 1.1 varnish, http/1.1 ctc.ningbo.ha2ts4.107 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Varnish: HIT from GZ236-222.sina.com.cn
X-Via-CDN: f=Edge,s=ctc.ningbo.ha2ts4.107,c=194.242.96.218
......Exif..II*.................Ducky.......K.....1hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c02
1 79.155772, 2014/01/13-19:44:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh
)" xmpMM:InstanceID="xmp.iid:FCF551F9850311E58E85A4B82B6CC0B3" xmpMM:D
ocumentID="xmp.did:FCF551FA850311E58E85A4B82B6CC0B3"> <xmpMM:Der
ivedFrom stRef:instanceID="xmp.iid:FCF551F7850311E58E85A4B82B6CC0B3" s
tRef:documentID="xmp.did:FCF551F8850311E58E85A4B82B6CC0B3"/> </r
df:Description> </rdf:RDF> </x:xmpmeta> <?xpacket en
d="r"?>....Adobe.d.................................................
......................................................................
..........................F...........................................
....................................................!.1A.Qa"..q.2..B#.
...Rbr.t....3C5V.7..Ss4.u6....$.c.T...%&........................!1..AQ
aq.".......2B.Rr...b#34.....Ss5....C..$............?....B...%.(.....O'
Uo`.?`.].x....;..}N.#..q!e.7<.(.s..fP.=..k.......u-.k[...{.......d.
....&...-....V.<..j..).Ki...g..|.c[.).d..zH...m.g.. {.qT}.`..M.aoR.
....J..o..Z<..t.uv.K..al.......{KM.as.k...:662.L_..`[email protected]
<<< skipped >>>


GET /308/2014/0424/13/strandwhitetop.css HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: games.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491


HTTP/1.1 200 OK
Content-Type: text/css
Vary: Accept-Encoding
Content-Encoding: gzip
Server: nginx
Date: Wed, 09 Dec 2015 17:58:23 GMT
Last-Modified: Fri, 24 Apr 2015 03:43:51 GMT
Expires: Wed, 09 Dec 2015 18:00:23 GMT
Cache-Control: max-age=120
Age: 7
Content-Length: 2071
X-Cache: HIT from ctc.gz.1cf2.44.spool.sina.com.cn
...........ZM..4.>/.......h.&i.1.8s...8...m.I.(Igf.......,.8 ..iA..
 q...c'.;.EL......}..3~..MC.....Gp..f..0.>[.5Lo..9..(%9...|...JR...
".P..|.V.#\d.!.......<{6......A...;...&..%{.......a....W8.HM6......
  ..3....V[\$ .........8...........V.zhF.JI.9.. .Z..$;r..n..f.......Qq
8.MN . G.f...)..UB..........A..2.....Iz.R....F........j.E.Y....(..O..g
.*......o.....D'*.w.j..^..XU....Q...JN.....XP..>..J%....>.%.u.&.
....aC..#.......=....kFH..v.A.)9.D.......j....FYG2....k.N...x..u...&..
.....i.d2).5. .6N.I.6..7..m;..(..qYl_RS.U.DP3.J".I%[n>rH2b..L... ..
.m.......b...kAJG....6....;R!...`...z..=...0.p.e....p..9..3R.}y ..\..B
G.\.$?4.4F4u<./.)..".;6.zT.....]...I...{)....<[email protected].....
`.`$."...QB..;F.Ab....D.0...'.. 1]._.....M.. ..H..Q...=.....I.S....1..
..T.....|!...../.<&.....G3X.p`n...f..,.....}lO.NysS.G6.f......fm.P.
.....rh..L....7p..... ..u(......;`..'w.&j.8~....L].;.NO..h1.y?......td
.q..B...r..x..g......OB.B...h.:.GB.IxbZ.7.G....x.s.<m>..)....`..
.4.&...4..:...[...x...b...z...}<[email protected]/..|....9k.S...
mo.....".b8;.6J............3..C..c..'D...u.'.r`d0....P.xQ....w...B.E..
(.K..~La...8.^...!{.#[email protected]..%..E..B..g...7].r.40.I...2EV)V. ....|.f.
.......$.=....-.2Z..Z..\...X.x....Hp..Q......^.p..xM.H........I.6....a
.y.$.N....l[J-..:.......*~p..7...s.$..j.j.%%$b.A".n."0...%6.eu(...G...
..a..y6.i.l.z.O.=Nq{..Q..)..........v.......zbl.....f..'[email protected]
.!...1..2?........j..`\_k&y..s..^.....b...F.....A...#[email protected]...
..q..G.u.......@N.%CQ<.Nb.M....#wZ[KV..!TU...h..{f.:cw.....>
<<< skipped >>>

GET /307/2014/7/jquery.inview.min.js HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: games.sina.com.cn
Connection: Keep-Alive
Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; U_TRS2=000000da.f5181d30.56686bc2.30f52491


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 1266
Accept-Ranges: bytes
Server: nginx
Date: Wed, 09 Dec 2015 17:58:28 GMT
Last-Modified: Tue, 25 Mar 2014 07:07:01 GMT
Expires: Wed, 09 Dec 2015 18:00:28 GMT
Cache-Control: max-age=120
Age: 4
X-Cache: HIT from ctc.gz.1cf2.44.spool.sina.com.cn
HTTP/1.1 200 OK..Content-Type: application/x-javascript..Content-Lengt
h: 1266..Accept-Ranges: bytes..Server: nginx..Date: Wed, 09 Dec 2015 1
7:58:28 GMT..Last-Modified: Tue, 25 Mar 2014 07:07:01 GMT..Expires: We
d, 09 Dec 2015 18:00:28 GMT..Cache-Control: max-age=120..Age: 4..X-Cac
he: HIT from ctc.gz.1cf2.44.spool.sina.com.cn..(function(d){var p={},e
,a,h=document,i=window,f=h.documentElement,j=d.expando;d.event.special
.inview={add:function(a){p[a.guid "-" this[j]]={data:a,$element:d(this
)}},remove:function(a){try{delete p[a.guid "-" this[j]]}catch(d){}}};d
(i).bind("scroll resize",function(){e=a=null});!f.addEventListener&&f.
attachEvent&&f.attachEvent("onfocusin",function(){a=null});setInterval
(function(){var k=d(),j,n=0;d.each(p,function(a,b){var c=b.data.select
or,d=b.$element;k=k.add(c?d.find(c):d)});if(j=k.length){var b;..if(!(b
=e)){var g={height:i.innerHeight,width:i.innerWidth};if(!g.height&&((b
=h.compatMode)||!d.support.boxModel))b="CSS1Compat"===b?f:h.body,g={he
ight:b.clientHeight,width:b.clientWidth};b=g}e=b;for(a=a||{top:i.pageY
Offset||f.scrollTop||h.body.scrollTop,left:i.pageXOffset||f.scrollLeft
||h.body.scrollLeft};n<j;n  )if(d.contains(f,k[n])){b=d(k[n]);var l
=b.height(),m=b.width(),c=b.offset(),g=b.data("inview");if(!a||!e)brea
k;c.top l>a.top&&c.top<a.top e.height&&c.left m>a.left&&c.lef
t<a.left e.width?..(m=a.left>c.left?"right":a.left e.width<c.
left m?"left":"both",l=a.top>c.top?"bottom":a.top e.height<c.top
 l?"top":"both",c=m "-" l,(!g||g!==c)&&b.data("inview",c).trigger(
<<< skipped >>>


GET /statistic/index/?url=28977c8f6d42a25dbcc2994418c60f0e HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: e.games.sina.com.cn
Connection: Keep-Alive


HTTP/1.1 302 Found
Date: Wed, 09 Dec 2015 17:58:26 GMT
Server: Apache
Set-Cookie: U_TRS1=000000da.f4f61d30.56686bc2.2659e1fb; path=/; expires=Sat, 06-Dec-25 17:58:26 GMT; domain=.sina.com.cn
Set-Cookie: U_TRS2=000000da.f5181d30.56686bc2.30f52491; path=/; domain=.sina.com.cn
Location: hXXp://games.sina.com.cn/
Cache-Control: max-age=60
Expires: Wed, 09 Dec 2015 17:59:26 GMT
DPOOL_HEADER: 10.73.48.26
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Connection: close
Content-Type: text/html
SINA-LB:aGEuMTg5LmcxLnRjLmxiLnNpbmFub2RlLmNvbQ==
Set-Cookie: dpha=usrmdinst_3; path=/
SINA-TS:ZWJkMjlhY2UgMTIyIDEyMiAwIDggMjIK
......................



GET /gm/2015/0420/U4662P115DT20150420103608.jpg HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Content-Type: image/jpeg
Last-Modified: Mon, 20 Apr 2015 02:36:09 GMT
Expires: Thu, 05 Nov 2015 02:53:32 GMT
Cache-Control: max-age=604800
X-Cache: HIT from ctc.gz.1be4.55.spool.sina.com.cn
Content-Length: 21266
Accept-Ranges: bytes
Date: Sun, 06 Dec 2015 07:37:20 GMT
Age: 565091
Via: 1.1 varnish, http/1.1 ctc.ningbo.ha2ts4.108 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Varnish: HIT from GZ236-221.sina.com.cn
X-Via-CDN: f=Edge,s=ctc.ningbo.ha2ts4.108,c=194.242.96.218
......JFIF.....H.H.....C..............................................
......................C...............................................
.............................!........................................
..@...........................!1."A..Q2a.#q...B.Rb..3....MS...r.....
............................:........................!.1A."Qa..q.#2...
..Bbr.....$34.R............?..E...;..m.GS=.fQ$.S.g..x.<...H.x..[}..
66..U.X...}.......4...=...45Q q.P2....L.:.=......(..5...9_"S..........
m..R.]J.\..U...c.i.d@8...#|.'......D....j]...r= ...4..K.ePA!..rs...=..
..?.....t.....v].%..%......!$k.a...<....0...x...7.. .w....b......B.
.g.5oi.D..$.....H.f.R2..J.c.-.{lB . *.."..`0G....#.".nlS3.!?.....3.s..
..^...T..cQ..L...5lV3&.z....0Z.(i..WK{..#.N..Q..)'.F....nO...B.a..qnI 
...{...QTU..\o.S..e..#.......s.K]DW.z.cWH..`[..;.}).n.,V......L..CTR.c
j...D.....f........ ...(......w.F.;..Gp3..Y.... .....#E....=.*...1f<
;[[email protected].,...*.|..7.Ur.....%..U.K.......7=XM.E]o......
..=..fv........-..]Dj..]#....;..qVcp|....O........F...U......P...}@<
;......}E.h.5-'..S....n...U. q8cO.-..*H.... ......4.......n..m;...*c.:
../-=.*.fDX.J.bY..........`q.3E.5f..u..{k^....p..j .e......1.yrB....y.
O.GU3QRQ.. h...c.3...5....../E.q..~........=>.1R.6..|`..#.[.6".....
.......ej....b.6......).....Mt.2S$)...'...n&C^.......N8.c.v..#Y...V"..
.rs.Tw.<......r...*.`...#...Z........lT....N(.G.j...6.<.........
...uz......UO....KO..KE|...Z;.;-.fL..X...Q.,........^.l....Q..}<..i
Yh*...IM!..q.@>.J..T....%.M...t6.../Y.{....n..{....*.....](.i.@
<<< skipped >>>

GET /gm/2015/0701/U4662P115DT20150701155704.jpg HTTP/1.1


Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Content-Type: image/jpeg
Last-Modified: Wed, 01 Jul 2015 07:57:05 GMT
Expires: Sun, 13 Dec 2015 08:55:58 GMT
Cache-Control: max-age=604800
X-Cache: HIT from ctc.gz.1be4.55.spool.sina.com.cn
Content-Length: 18274
Accept-Ranges: bytes
Date: Sun, 06 Dec 2015 08:55:58 GMT
Age: 524139
Via: 1.1 varnish, http/1.1 ctc.ningbo.ha2ts4.101 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Varnish: HIT from GZ236-221.sina.com.cn
X-Via-CDN: f=Edge,s=ctc.ningbo.ha2ts4.101,c=194.242.96.218
......JFIF.....`.`.....C..............................................
......................C...............................................
.............................!........................................
.E.........................!..1.A"Qa..2q..#B..3Rb....$r......4D..ESc..
................................B........................!1..AQ.aq....
."2.....#3br...$R...Bs..%&.............?.."...^....5.`.\V....D"....f.I
..?CB.E....(l. UU..g...G..k'..Tl.Q.2E2.$`....e..OO.<`!>x.t.E..Y.
1T.p8...,Q.....FA...N1......u.8$.$*>....8.{~.........a.$.N.z.V.....
{....~..N.U!.'..=|...#-..k..N?...T.....S...M...o.....0va...N;.9,..tp..
...Cw.|M....jc6.....YNnV.3...3..I.'..b...1.I@K.>.>O...Jr.e.SO..i
i....7.........<`dk..|....W.FN.C. c\.5..dZ*l.F.);.q..j.4....m-0.8.1
.e....!....G.........gl_..;...*/..Z.qKUA....b.v.O2..'...:..c.....]x..D
~.[.cm]....n...Z..]U..B..nIY".#.0.3....B.....D.W..A...........a..3..&g
t;..g.,..... .. ..^..#..5I....e...v.HQ.....n.x'..Z...U-)..BP...|c....K
]..}"....t....J...6.%dV..........!...l..D....f..0...........1....p.u0.
....z..>..0W-./]S..]..s_U=.Q.2..9J.XN2X..^.o.8.5...t........]..{]k.
5..^..Od.."[email protected]...`6I.'.F_.'.....kf.o.][.f...M..
n4..........?.<[email protected]~..3.[U...L.W5]J..A.._.vs.9.u........D.E#.O
.E.w......KW...{.}.CG...k..........[../..d.F..{...X.c..:.t...g.....uu.
..z.O.........#MS.,S.}..,.d.Bw..9.....i.....}...>.4]...r}R.J.......
hT...gQl}.wy.l....7...Hb.zA.F*..w............i.F..:.Ee.;jYW..[....]T.P
.3G[N..7.3..F...|[email protected]._....d..V..f..#Qa.k..._.Z.H.i#.
<<< skipped >>>


GET /gm/home/2014/slogo2.jpg HTTP/1.1
Accept: */*
Referer: hXXp://games.sina.com.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: i2.sinaimg.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Dec 2015 09:35:29 GMT
Content-Type: image/jpeg
Content-Length: 5880
Last-Modified: Fri, 23 May 2014 02:18:08 GMT
Expires: Wed, 16 Dec 2015 09:35:29 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
Age: 30195
X-Cache: HIT from xidan-103.sina.com.cn
Via: http/1.1 cnc.beixian.ha2ts4.214 (ApacheTrafficServer/4.2.1.1 [cRs f ])
X-Via-CDN: f=Edge,s=cnc.beixian.ha2ts4.214,c=194.242.96.218
......Exif..II*.................Ducky.......d.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:7D808CCB3503E3119
8E8FE26A545B9D3" xmpMM:DocumentID="xmp.did:EDAA3B72C39F11E3A325BBF002B
538FD" xmpMM:InstanceID="xmp.iid:EDAA3B71C39F11E3A325BBF002B538FD" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:9866C1DE4FC1E311922D836587AA6A21" stRef:doc
umentID="xmp.did:7D808CCB3503E31198E8FE26A545B9D3"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
..................2.2.................................................
.............................................!1..ab34.57.Aq.2R#U.6.Q"B
$TdVf......W..........................!...1Aa2Q"3.4q.#S56..BRcTd.U..b.
t.7r...s.E...............?.|<.....&evKwa...a*&3.D..j......t...7:.s`
....d.j....m...c.=u.Mq^._Q./a..:.....N.V9f.HYj%P$w.9R.8.........w..r.E
,2j.!W..u./...H..R$'".e..f..;W.....[..../.. .....-o.....5M*..m...7
<<< skipped >>>






The Backdoor connects to the servers at the folowing location(s):







×Ô¶¯ÊÕ»õV4.1.exe_140:




.text
`.rdata
@.data
.rsrc
@ SShf
V SSh
F SSh
SSShl
!66"#$$6%&''()* ,-6./012345
L$tSVSSh
hhctrl.ocx
CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32
F%D,3
?456789:;<=
!"#$%&'()* ,-./0123
KeyPress
KeyDown
KeyUp
KeyPressH
KeyDownH
KeyUpH
KeyPressS
KeyDownS
KeyUpS
WaitKey
GetLastKey
Import
}}}}}}}}}}}}}}}}-8}}1|x}
l}m-l}m=l}m-l}m
P}m!P}m P}m-P}m7P}m9P}mCP}mEP}mmo}mOP}mQP}m[P}m]P}mgP}miP}msP}muP}m
i}m-l}m=l}m-l}m
P}m]h}m!P}mMh}m-P}m7P}m9P}mCP}mEP}m
c}m-9}m}}}}}}}}}}}}}}}}}}}}}}}}
e}m-l}m=l}m-l}m
e}m!P}m}d}m-P}m7P}m9P}mCP}mEP}m
}m}}}}-b}m}}}}}}}}}}}}
`}m]c}m-l}m=l}m-l}m
c}m-P}m7P}m9P}mCP}mEP}m-:}m
d|}}}-5}m}}}}}}}}}}}}}}}}}}}}
-K}m]x
d|}}}-7}m}}}}}}}}}}}}}}}}}}}}
==(<8=%'}}#
/}}|}}}~}}}~}}}
}!>1.49!
}}}!>1.49!
==}}}},09
}]}>}2}0}]}
}}}]}}}|}-}
}}}9}}}|} }
|}}!|}}%
}}|~}}}}
E|D\DUDPDOD<D/D
].dyMp{tW
(.LvMt{~(yun
](.8/)/(.)]3
(.LhMn{~(ywnq*
G<-M}}}}}}}}-8}}1|x}
-q}}$
-s}}$
..=..- ..
|}}} "#&
}}}})'}}:
}}}-u}}|}M}E}M}I}M}I}
}]}3}2})}]}
}]}<}-}4}]}/}
}]}9}1}1}]}
}]}8}%}8}]}
.CA\&>9<)<&
.CpwA6
.CpwpwA1
.CpwA/
.CpwA0
.CpwA1
.CpwpwA0
/.CA\&>9<)<&
/.CpwA0
.CpwpwA.
CpwA68$-/8..CA\&>9<)<&,01
QYOT CAR68$-/8..CpwA68$92*3CA\&>9<)<&,01
UYLQLT CAR02(.8*58815CpwpwA68$-/8...CA\&>9<)<&,01
UYLQOQYOT CAR68$-/8...CpwA68$92*3.CA\&>9<)<&,01
UYLQOQYOT CAR68$92*3.CpwA68$(-.CA\&>9<)<&,01
UYLQOQYOT CAR68$(-.CpwpwA18;)>14>6.CA\&>9<)<&,01
UMQOQYLT CAR18;)>14>6.CpwA/4:5)>14>6.CA\&>9<)<&,01
UOQOQYLT CAR/4:5)>14>6.CpwA049918>14>6.CA\&>9<)<&,01
ULQOQYLT CAR049918>14>6.CpwA18;)92(?18>14>6.CA\&>9<)<&,01
UDQOQYLT CAR18;)92(?18>14>6.CpwA18;)92*3.CA\&>9<)<&,01
UNQOQYLT CAR18;)92*3.CpwA18;)(-.CA\&>9<)<&,01
UKQOQYLT CAR18;)(-.CpwA/4:5)92*3.CA\&>9<)<&,01
UHQOQYLT CAR/4:5)92*3.CpwA/4:5)(-.CA\&>9<)<&,01
UEQOQYLT CAR/4:5)(-.CpwpwA02 8)2.CA\&>9<)<&,01
UYLQYOQOQMT CAR02 8)2.CpwA02 8/.CA\&>9<)<&,01
UYLQYOQOQLT CAR02 8/.CpwA02(.8*5881.CA\&>9<)<&,01
UYLQOT CAR02(.8*5881.CpwpwA.< 802(.8-2.CA\&>9<)<&,01
ULT CAR.< 802(.8-2.CpwA/8.)2/802(.8-2.CA\&>9<)<&,01
UMT CAR/8.)2/802(.8-2.CpwA12>602(.8CA\&>9<)<&,01
UYLT CAR981<$CpwA08..<:8?2Ê\&>9<)<&,01
ULQYLT CAR08..<:8?2%CpwA.<$.)/43:CA\&>9<)<&,01
]@]YL CAR.8).400298PPCpwpwA:8)>(/.2/-2.CA\&>9<)<&:
UY[LQY[OT CAR:8)>(/.2/-2.CpwA;439>212/CA\&>9<)<&;
UYLQYOQYNQYIQYHQY[KQY[JT CAR;439>83)8/>212/CpwA;439>212/8Ê\&>9<)<&;
UYLQYOQYNQYIQYHQYKQYJQY[EQY[DT CAR;439>212/8%CpwA/8<90802/$CA\&>9<)<&/
UYLQYOQYNQYIQYHQYKQY[JQY[ET CAR;439-4>CpwA;439-4>8Ê\&>9<)<&;
UYLQYOQYNQYIQYHQYKQYJQY[EQY[DT CAR;439-4>8%CpwpwAR,01
}}}}}}}}}}}}}}}}}}}}}}}}-8}}1|x}
4}_]|}?]|}4]|}
n|}-t}}
/C|}%C|}E/}}}}}}}}}}
}!}.}2};})}*}<}/}8}!}0}
}|}}}=|}
~}}}}}}}}}}}}}}}}|}yu}}}y}}}}}}}}}}}}}}}}|}yu}}my}}}}}}}}}}}}}}}}|}yu}}]y}}}}}}}}}}}}}}}}|}yu}}My}}}}}}}}}}}}}}}}|}yu}}=y}}}}}}}}}}}}}}}}|}yu}}-y}}
]}4}3}4}]}
]}9}1}1}]}
GtFsF]FXFVFKFFF0F/F%F
DuDrDhDLD@D6D%D
}}}}}}}}}}}}}}}}}}}}}}}}-8}}1|u}
}}}}=}}}
434)}}}}
GAF%F
inflate 1.1.3 Copyright 1995-1998 Mark Adler
D:\brothers\codelib\ANTLR\QMScript\QMScript.g
iphlpapi.dll
MFC42.DLL
MSVCRT.dll
_acmdln
GetCPInfo
GetProcessHeap
GetWindowsDirectoryA
WinExec
KERNEL32.dll
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExA
ADVAPI32.dll
ShellExecuteA
ShellExecuteExA
SHELL32.dll
COMCTL32.dll
ole32.dll
OLEAUT32.dll
URLDownloadToFileA
urlmon.dll
MSVCP60.dll
SHDeleteKeyA
SHLWAPI.dll
WS2_32.dll
PSAPI.DLL
RPCRT4.dll
IMAGEHLP.dll
WININET.dll
UxTheme.dll
MapVirtualKeyA
GetAsyncKeyState
SetWindowsHookExA
UnhookWindowsHookEx
RegisterHotKey
UnregisterHotKey
keybd_event
EnumWindows
RegCreateKeyExA
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyA
WINMM.dll
mymacro.exe
QMScriptLexerNew
QMScriptLexerNewSSD
antlr3LexerNew
antlr3LexerNewStream
%*[^-]-%[^*]*%[0-9]
.PAVCInternetException@@
clickurl
newswndurl
downloadurl
pluginlist.txt
adurl
curl
Windows Classic.theme
hXXp://VVV.vrbrothers.com/cn/qmacro
hXXp://VVV.vrbrothers.com/cn/qmacroqmacro/mymacro.htm
hXXp://VVV.vrbrothers.com/cn/antivir.htm
hXXp://VVV.vrbrothers.com/cn
hXXp://c.xdrj.cn/vrb/leaveword.aspx
StopHotkeyMod
StopHotkey
PauseHotkeyMod
PauseHotkey
BeginHotkey
\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HotkeyMode
LastLoginServer
mmupgrade.exe
HttpDownload/2.0
.PAVCFileException@@
.down
hXXp://
Range: bytes=%d-
HTTP/1.1
\winhlp32.exe
ntdll.dll
XX
\\.\PhysicalDrive0
Windows cannot access the specified device, path, or file. You may not have the appropriate premissions to access the item!
%swin.ini
%s|%s|%s|%s
EndHotkeyMod
Hotkey
EndHotkey
uservar.ini
mymacro.zip
plugin.zip
{WindowsDir}\
hXXp://VVV.vrbrothers.com/cn/qmacro/qkbase/FAQ/UploadEx
hXXp://VVV.vrbrothers.com/cn/qmacro/qkbase/FAQ/Read/
8.00.6786
\QMDispatch.dll
hXXp://ad.vrbrothers.com/qmacro/v8/ad-mymacro.xml
bro.mymacro
background.bmp
mymacro.htm
RegisterSupport\ErrMessage
%s|%s
notepad.exe "%smmlog.txt"
exit.exe
mmlog.txt
%s?mm=%s&randcode=%s
hXXp://hi.vrbrothers.com/xjl/mmcount.aspx
00 00 00 00 00 00 00 00
00 00 00 00
00 00 00
00 00 00 00 00 00 00 00
CWebBrowser2
<%s> attribute has error
'<%s> ... </%s>' is not wel-formed.
it must be closed with </%s>
%s must be closed with </%s>
WM_XCOMBOLIST_KEYDOWN
comctl32.dll
password
If IsEmpty(%s) Then : Set %s = CreateObject("%s") : End If : %s %s.%s(%s)
kernel32.dll
qdisp.dll
VBScript.dll
MSScript.ocx
user32.dll
Script Error%x%x.
:%x%x.
IDispatch error #%d
(([^:\|\}"] )(:([^:\|\}] ))?\|?
]*(("[^"] ")|([^"\{\} ] ))
((((\([^\(\)]*\))|("[^"]*")|([^",])) ,)*((\([^\(\)]*\))|("[^"]*")|([^"\),]))*\))(@<([^<>] )>)?
]*(((\([^\(\)]*\))|("[^"]*")|([^"\),])) ))|\))
]*((((\([^\(\)]*\))|("[^"]*")|([^"\),])) )|\))
& CStr(Param%d)
CallCommand = "%s.%s("
Param%d,
Function %s(
Class CLASS_NAME_%s
ScanKeyMouse
QMDispatch.QMLibrary.Inner
Dim %s : Sub Set__Variable__(var_value): %s = var_value: End Sub
\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\LocalServer32\
Thread:%d - %s
%s=%s
QMLibrary_Inner.SetGlobal "%s", %s
%s=QMLibrary_Inner.GetGlobal("%s")
CLng(%s)
On Error Resume Next: QMLibrary.SetRunTimeParam %u: QMVBSRoutine.SetRunTimeParam %u: On Error Goto 0: Dim %s
CStr(%s)
On Error Resume Next:QMEngine.SetRunTimeParam %u:QMRoutine.SetRunTimeParam %u:On Error Goto 0
QMRoutine.VBSRoutine %u
%s=%d
QMDispatch.QMFunction
CStr(%s.%s)
Dim %s
Set %s = New CLASS_NAME_%s
%s = QMEngine.PluginCall(CallCommand)
Param%d
%s = %s.%s(
If IsEmpty(%s) Then
Set %s = CreateObject("%s")
.PAVCException@@
cfgdll.dll
NTDLL.DLL
ntoskrnl.exe
qmdispatch.dll
qmhelper.dll
winio.dll
dummy.dat
\system32\win32k.sys
win32k.sys
\hknm_tmp.sys
\drivers\mouclass.sys
\drivers\kbdclass.sys
Gdi32.dll
Webdings
error.log
[email protected]
dbghelp.dll
[X] = X
Name = %s, Base = 0x%X, Top = 0x%X, Size = %d
ESI=X EDI=X ESP=X EBP=X
EAX=X EBX=X ECX=X EDX=X
Address = 0x%X
Type = 0x%X
Software\Microsoft\Windows NT\CurrentVersion
Your program raised an exception and should be closed. Please email [email protected] and report the error message. Thanks!
%s%s%X
Environment = %s|%d|%s
%dx%d
%s&Ex=%s
Incorrect key length
%s%s:
%s%X:%s%X
qmsd.sys
\\.\tc
\\.\hkSymbolicLink
DeviceIoControl(JDY_HOTKEY_CLEAN) Error! code:%u
DeviceIoControl(JDY_GETLASTKEY) Error! code:%u
failure: CreateService! error code:%u
Press any key to Exit
code %d bits %d->%d
gen_codes: max_code %d
bl code -
opt %lu(%lu) stat %lu(%lu) stored %lu lit %u dist %u
last_lit %u, last_dist %u, in %ld, out ~%ld(%ld%%)
1.1.3
%s%s%s
c3.xdrj.cn
c2.xdrj.cn
c1.xdrj.cn
c.xdrj.cn
&pass=
%d|%s|%s|%s|%d|%s|%s
/vrb/chkolv10.aspx
hXXp://SERVERNAME
524:14: ( '(' )?
306:1: simpleStatement : ( dimStatement | globalStatement | optionStatement | eraseStatement | ( reference '=' )=> assignmentStatement | callStatement | setStatement | randomizeStatement | constStatement | exitStatement | beginThreadStatement | remStatement | gotoStatement | endScriptStatement | userVarStatement | importStatement | commentStatement | obsoleteSyntaxStatement | simpleForStatement | simpleIfStatement | simpleDoStatement | simpleWhileStatement | simpleSelectStatement );
262:1: singleLineStatement : ( dimStatement | globalStatement | optionStatement | eraseStatement | ( reference '=' )=> assignmentStatement | callStatement | setStatement | randomizeStatement | constStatement | exitStatement | beginThreadStatement | remStatement | gotoStatement | endScriptStatement | userVarStatement | importStatement | commentStatement | obsoleteSyntaxStatement | ( 'PRIVATE' | 'PUBLIC' ) constStatement | ( 'PRIVATE' | 'PUBLIC' ) arrayDeclaration ( ',' arrayDeclaration )* | onErrorStatement | singleLineDoStatement | singleLineWhileStatement | singleLineForStatement | singleLineIfStatement | singleLineSelectStatment | singleLineSubStatement | singleLineVbsBlockStatement | singleLineWithBlockStatement );
IGNORED_KEYWORD
OPERATOR_IS
OPERATOR_GET
OPERATOR_LET
OPERATOR_NE
OPERATOR_GT
OPERATOR_LT
OPERATOR_NOT
OPERATOR_AND
OPERATOR_OR
OPERATOR_XOR
OPERATOR_EQV
OPERATOR_IMP
OPERATOR_EXP
OPERATOR_INTDIV
OPERATOR_MOD
OPERATOR_EQU
OPERATOR_DIV
OPERATOR_MUL
OPERATOR_SUB
OPERATOR_ADD
STATEMENT_IMPORT
token OPERATOR_EQU
1:1: Tokens : ( STATEMENT_SET | STATEMENT_CALL | STATEMENT_GOSUB | STATEMENT_CONST | STATEMENT_DIM | STATEMENT_REDIM | STATEMENT_GLOBAL | STATEMENT_DO | STATEMENT_LOOP | STATEMENT_WHILE | STATEMENT_UNTIL | STATEMENT_EXIT | STATEMENT_FOR | STATEMENT_NEXT | STATEMENT_SUB | STATEMENT_FUNCTION | STATEMENT_BEGINTHREAD | STATEMENT_REM | STATEMENT_GOTO | STATEMENT_ENDSCRIPT | STATEMENT_USERVAR | STATEMENT_IMPORT | STATEMENT_WEND | STATEMENT_ENDWHILE | STATEMENT_ERASE | STATEMENT_TO | STATEMENT_STEP | STATEMENT_EACH | STATEMENT_IN | STATEMENT_ENDFOR | STATEMENT_IF | STATEMENT_IFCOLOR | STATEMENT_THEN | STATEMENT_ELSEIF | STATEMENT_ELSE | STATEMENT_ENDIF | STATEMENT_SELECT | STATEMENT_CASE | STATEMENT_ON | STATEMENT_ERROR | STATEMENT_RESUME | STATEMENT_RANDOMIZE | STATEMENT_OPTION | STATEMENT_RETURN | STATEMENT_VBS_BEGIN | STATEMENT_VBS_END | STATEMENT_WITH | CLAUSE_END | DECORATOR_PRIVATE | DECORATOR_PUBLIC | DECORATOR_BYVAL | DECORATOR_BYREF | DECORATOR_EXPLICIT | DECORATOR_PRESERVE | DECORATOR_NEW | CONST_NULL | CONST_EMPTY | CONST_NOTHING | CONST_TRUE | CONST_FALSE | OPERATOR_ADD | OPERATOR_SUB | OPERATOR_MUL | OPERATOR_DIV | OPERATOR_EQU | OPERATOR_MOD | OPERATOR_INTDIV | OPERATOR_EXP | OPERATOR_IMP | OPERATOR_EQV | OPERATOR_XOR | OPERATOR_OR | OPERATOR_AND | OPERATOR_NOT | OPERATOR_LT | OPERATOR_GT | OPERATOR_NE | OPERATOR_LET | OPERATOR_GET | OPERATOR_IS | AUX_SYMBOL_COMMA | AUX_SYMBOL_DOT | AUX_SYMBOL_LPARENTHESIS | AUX_SYMBOL_RPARENTHESIS | AUX_SYMBOL_AND | AUX_SYMBOL_COLON | T__130 | T__131 | T__132 | T__133 | T__134 | T__135 | T__136 | T__137 | STATEMENT_END | IGNORED_KEYWORD | ID | FLOAT | DATE | STRING | HEX_INT | OCT_INT | DEC_INT | IGNORED | COMMENT );
right-curly-bracket
left-curly-bracket
0123456789
lexer->mTokens(): Error: No lexer rules were added to the lexer yet!
is also the end of the line, so you must check your lexer rules
The lexer was matching from line %d, offset %d, which
This indicates a poorly specified lexer RULE
near '%c' :
: lexer error %d :
%s at offset %d,
: expected %s ...
: Missing %s
: Missing token (%d)...
: Extraneous input - expected %s ...
near %s
, near %s
, at offset %d
: error %d : %s
replaceChildren call: Indexes are invalid; no children in list for %s
ANTLR3_EXCEPTION: %s
ANTLR3_EXCEPTION number %d (X).
.sTFXf
)))...---'''
tWxJ%xJ%xJ%
uxJ%xJ%xJ%xJ%xJ%xJ%xJ%
xJ%xJ%xJ%
xI%xI%xJ%xJ%xJ%xJ%xI%xI%xI%xI%
xJ%xJ%
xJ%xJ%xJ%xJ%xJ%xJ%xJ%xJ%xJ%
l@%l@%l@%l@%l@%l@%l@%l@%uK2
l@%l@%l@%l@%l@%uK2
U3yR2|R4~P3zP1wN.uL-|Q2{N/{N0
T5yQ3yQ3}R1yN1tK.uM-|R1yO/yO.
S4zP1{Q2{Q2wO/uL,uL,yP0wM.zN/
U4~R3wO3zP1{P/xN0sK.uK.zQ2vN-zN/
U5}Q2|R3uN0yP0zO/tL,rJ*tL,wN.vL,yN.|Q0}Q0
R3{Q3wN/xO/xN.uL,rK sJ,xN/uL,wM-{P0|Q/
U4~R3}Q2~Q0|Q1uM/vM/xN.vK-qI,qJ,wN.tL,wM-{P/}P0
T3~R3}Q0|Q0zQ2tK,sL,uL,tK,pH rJ,vM.sJ*wM-{O.|P.
T3}R1|Q0}P/zN0xP9wN2vL*rJ,oG*rI,vM.tK vM-zO.{O.
y`{Q0vL.rJ.rK,rK,oH nF*rJ tK-qH*uK-zN.{N-}Q1
o[l@%l@%l@%uK2
l@%l@%l@%uK2
R0xL,vK*yM,zO/tL.qI sL-qI,nF)lD(rI,rJ,nF)vL,yN-xL ~P/
T3}O/zO/xM.zO0uK-pH,rK-qJ oG*lE(pI*sJ,qH)uK-yM,yL ~Q0
U4yO0zN.xN-xN.sJ-pH)qJ,qH,nG*lF'rJ qI,oF*uK-xM-xM,}P/
_BxP0yM.wK*
T2zN-yN-yM,yN.sL-oH qI,qI,mF)kE'qI,qG*nF(uL yM,zM,~P/
T7}T8{S7xP4tL0vN0vN1zR5vN1uM0uM0sL0tM1vO3vN1uM0uM0uM0yP3yO2zP1wO/wN.wM.
R2zO.xM,xL-wN.rI oH qI,oH*mE(mE(oG*qI)oF&tK xM,xL |P/
V9|U8xQ4uO4rN5sO5wP7xR8uP6uP6uQ7tP5xR7yS7~W;{T9yS6|V9xQ5uO2sM1tN1xQ6wP6tO5sN4tO5oL2pL2vP5yR6xQ4wP4xP5yQ4uM/wP4{T7|T7|S7zR5wO2sK.uM0wO2yQ4vN1sK/rK/rK/tM0vN1uM0sL/tL/uM0wN1wN/zP0xN.xM-vL.
W;~V:|V:yS8zT8{T9}U;}U:~W;~U9{S6yR5yR6xT8{U9}V:zS7zS7{T8|T8}U8|T7xQ4uN5rM4rM5wQ6wR7tO4sP6uQ7uO5wR8yS8~W:{T9yQ7{U8xQ4uN2rM1sM1wQ5uP6sO6tO5tO5pL2oK3uO5yQ5xP4vO3uP4yR6wO4wO2zR5{S6{S6yQ5vN2tL0vN1vN1wO2uM0sK.rL.rL.sL/tL0tM1sL-tL.vM/wN2vM1vN/tL-wL/tL.
V:|V:zU9yT8yS7|T:{U9|U9}V:~V:|U9zS7vQ5xR6{T8}V:{T8yR6{S7{T6|T7{T7wP5tO5pM3rN4vQ7vQ7tO5tP6tP6tO5wR7yS7~W;{T7yR6{T8xP4vO3sM2sN3vQ6vP6sN5rM3sN4nJ2oK1tO5wP4wP4sN2tO5yR7vO3wO2zR5zR5{S7zR6uL1sK/sL/uO1wP3tL0qJ.pJ.qJ-rK.sL/rK.oI,oI,sK-uL-tL,vK uI*sI)tJ 
X;~W;~V8}V9|V9{U9{U9|T8zS8xS7vQ6wS8zT8zS7{T8|U8zS7xQ6vP6wR7yS7|U9yR6yR6yR6zS7{T8xQ6sN4pL3nJ2nK2rO5sP6pM3pL4pL4pM3tP6vQ7|U:yR6wP4zS7uN3rL3oK1qL1uP6sM4oK3nJ2lJ2kH/mI0rO5uP4sN3rM3sN4wQ5tM1uN2xP4yQ5yQ5wP4qJ.pJ.qJ.rK/tM1qJ,pH oH,mG*nH*oI oH)oG(nG(sH)tI)pE'rI-
gpD$oF%rH'tJ)uI)xL,yL,vK vK xM-yN.xM,}P/
W:|T:}V:|V:|U9zU9zR9yS9vR7wR8yS7{T7yR6{T7{U8{T8vQ6tP6vQ6yS7zS7yR6xQ5yR6yR6zS7xQ6rM3oL2nK1nK1qN4rO5oK2oK3pM3pM3tO5uO4zU9vQ5vQ4xR5vN3rK2mK1rM3tO5pL4nJ2lJ2oK3kG.kI/rN2tO3tO5rM3sN2vQ5uN2uM1xP4xP4wP4vN3rK/pK-rK-uM0uM0rJ.qI.oJ-nI,oJ-rL/pJ.oI-pI,pI-sM1
bIsJ-sJ*tL,vN-wN-{Q0yP/vM,xO.yO/xN.xN.~R1
T4{N0|P1}R1}R1{O/|N0yM.uK tK sK*oE$
W;~V:|U:|U:|T9zS8zS8zS7zR7wR8uR6wS7zS7zR8zS7zS7yS8uO6tO5uP6xS7zS7xP5xP7yQ8xP7{S7wP4qM1mL1nJ2nJ2rM4rM5mJ2nK3oK3pM3sO5uP6zT9uP4uQ7wQ7tL3oK1mJ0oL2sN4oL3lJ2nJ2oK3jG.mH0pM3sO2sN3qL2rM3vP5sL0tL0wO2xP4xP4vN3qK.qJ-qJ.tM0uN0pJ-pI,pI-oI-oJ-pK-rL,qH*oJ.
_EuI qI*vK vL-vM/{O/zO/wM/vM.xO/xO/xN.|P1
S2zO/zO0|Q0{P/zN.zO.yN-tL tK rJ(wP2
X;~W;~V:}U:}U9|U:|U9{T9zS7zS7yS9uQ7uR8wR8zR9zR8zS7zS7yR7uO6sN4tP6wQ7yQ8xP7xP7xP7yR6yR6uP4pL2mJ1lH0mI1pL4rN6nJ2oK3oL2oL2rN4tO5yT:tP6vP6vQ7rM3oK1mI/nK1rO5pL3mI1mI1mI1hE.jG.pM2sO4sN5pK1rM3uP4rL0sL0vO3wP4vO3uN2pI-pI-qK-sL.tN/pJ-oH,nH,mH,mH-pJ-mJ/
\A}ZBsK sJ)tK tL-wL,zM.xN.uM-vM-vM-wN.wN.}Q1~R2yM.yO.zP/{P/yN-{P/xN-tK*tL qI(tF)kE&iB$nE(lD(kD'nF(rI(oF&qH(rI(tJ)vJ)}O.
{xS6nF)sI oH)|Z<{V;qI,rI)uK*uK,vK,{O/xN-uL,vN-wM/vM/wL-|P/~R1wN.xP/|Q0zO.yN-{O.xM-sJ pJ rK(pH'lD&kF(nF)lB&mE&qH(pH(nH(rI(rI(uK vJ)}O.
X;}V:|U:|V8|U9}U9}S9yS8xS7wR6vR8sQ6sL5wP8xR7xR6yS7yR6wQ7rN5oK2qM4wR7yR8vO4uO5xP6yP6yR5tO3nK1kJ0iH.lI0pL4oK3mJ1mJ2kI1mK2oL4rN5yS9sM2sO5tO4rL0mJ/jG.nJ1qL4nJ1jH0jH/jH0fD,jG.pL2pL2pL2mJ0pM3sO3pK/rL0vO2vN2uN2sL0oI-oI,oJ.qJ.rK0oH,oI,lG uS9vR8oH-nH oH,kE'~Y?
vwQ5pH*pI rI,oG)yS7yR6qI rI)tJ-tK,vL,yN.wM-tL,vM.wM.vM-wL,{P/|Q0wL,xO0zO/{O.zO.zO.wM-tJ*rK*sJ pH,jD'lE'mE(lD'oG'qJ)pH'qI)rI(sI*uI*vI*|O.
W<~W;}U:{U9|S:{U8}T9{S9xS8yS6wR8tQ7sN5rM5vQ7wR7vQ8yR8xQ8vQ7qM4nJ2qM3uQ6wR7uN5wN6xP7wP4wQ4rM2lJ0kI/hG-lI0oK3oJ3mJ2lJ2jH0mK2oL2tP6wS8rM3tO4uP4pK0mJ0kG.mI1pL4lI1iG/iG/iG/hE,jG.oK2oL2oL2lJ0oL2rN2oJ.qK/uN2uN2uN2tL1nH,mH,oI-qI-rI-nG,uP4rN4kE nG oI-oH-jE(zU;
puO5pH)pI oG*qI,pH vO2wO2pI pG*tK sK vL xO.vM-uL,uL,vM-uM-vL,|P/|Q0wL-zN/zO.zO.xM,zO.wL-sJ*qI)pI)pH kD&lE'mE(mE&pH(rI)rI)qH(rI)uI*tH)tI({N-~P/
V;}U:}V:{U9{S7|T8{T8|T9zT8wS7vR7vO7oK4qL4sO6vQ6uP6xQ7xQ7vQ7qM4lJ2pM4uQ7xP7sM4tP6vO5wP4wP4sM3nJ0iI/iF-kG/mI1lI1kI1jH0kH0mI1nK2rO5xQ8qL3rN5tO5pK0mI.hF-lI1pK3kH0gE-hG/iG/gD,hF.mJ1oL1oL2kH.oL1qM1pJ.rK/uM1vN2sM1qK/lG lG nH,qJ.uP3pL/kF*lG,kF,lG nG,jF'yS:
|isN3pH)pI qI,nF)pH pI*rK.rK.pH,oH)rK sK tK yN-vM,sJ*vM-vM-vM-vL,{P/}Q1vL-wN.zN-yN,wL xL,vL,rI)rI)rI)oH*kC'lD(oG'oG'rJ*tK rI(sJ*tH)tH)tI)vJ)|N-~P.
X<~W;~V:{U9{T8zT8|T8{T7{T8zS9vR7uP7rO6oJ3pL4tO6uP6vP6wQ7wR7uP6nK3nJ2nK3tO5vQ7rM2tN4uO4wP3xP4sM3lI0kH/iF-kG/lJ2kJ2jH0jH0jH0kI1mK1sN4vQ8pK1rM4rN4oK/jH.hD,lI1nK2kH/iE.hF.hF.fD,hE,mJ0oL2nK1kH.oL1qM2oI.qK/tM1uM1sL0pK/mH,mH,pJ.sL0pI-mF*mG-kF-kF,lF,lF)uR8
xbpK1oG*oH*oG*oG*oG)rH*pG*qI oH pH*pG'sJ*tK tK*xM-vM-tK,tL-uL,tK vK,yN/{N/uL,vM.yN-zM,xL-yM.vK,qI(qI)qI)pH)jC$nG'oH(pG'sJ*uK sJ)uJ*tI)sJ)uJ)uJ)|N-~O/
V;~V:}T:{U9zT8{T8{T8{T7{T8yS9wQ7tP6qL4oL3qL5rN5tP7tP6vQ6vQ6sO6mI2lI1oL2sO6uP5rM3sN3uO3vO3vP5pL3kH.jG.hD,iF.kI1lJ2jH0iG/hF.jH0nK1rN4uP6nJ2pM3qO4nJ0kG.gD,lI/mJ0kG/gD,gE-gE-gD iF-lI0oK2mJ0jG-nK2pL2mH-oJ.tM1tM1rK/oK/lG mH,nG qJ.pI-kF*kF jE kF,kD)sQ7
r[mJ/kE)pH oG*oG*pH nE)pG*pI)oG*nF)qH)pG'rI)sK uK vM-uL,rJ uL,tK tK uK {N/zO.rK vM,yM-xL-wK,yM.uK*qH(rI)qI(oH'kD&mF'oG'qH(uK wL uJ)wL uJ)vK*uJ)vI({N-~P.
W;~W;|U:{T:zT9zT8zT8{T7{S7{S9xS8wR7tQ6qL5nJ3pL4qM5rN6rN5vQ7vQ7rN5mI1lI1nK2sP6rO5pL2sN3sN2tO3uP4oL1iF.jE.gD,hF.jH0kI1jH0iH0hF.kH0mI0qN4tQ6nJ1oL3rM2nI/jF-hD lH0mJ0hF-fD,fD,hE-hD,iE-kH0mK1kI/iG-mK0oL1nI-pJ.sL0tL0pK/pK/jE)kF,lG,qJ-oI,lE*mF hD iD)qN5
lVmH.iD(mG)oG*oG*oG*nG*lD(oG*pH(mF(mE)qI)pG'sJ*qI*sK vL,tK rI)tK uL,tL,tL {O.zN.tK uM.yM-xL-wK,yM,tJ*pG'pG'rJ*nF)kC&mE'pG(sI)vK*xM,vK*vK*vK*uJ)vJ)wK){N,}O.
W;~V:|T:|T9{T9zT8zT8zS7zS7|V9yS:vR7sN7oJ4pK4pK3pL4sO6rN5tO6tO6rN6mJ2lI0nK2rN5rN5pK1rM2rM1tN2tN3oJ0kG.hE-eC,gF-iH/jH1jH0hF.iF/kG/mJ0qO4rO5mI0pM2pL1lI.iE,fC*kH.kI0gF-fE-fD,iF.hE-gE,jI/lK1iH.iF-mI0oK2kG,oJ.sL/rL0qK/nH,jE kF mH,pJ-pH,lE)jE gB'nK3
eOlH-kE)kE(lE(oG*nF*oG nE)mE(pG)oG(mE(nE&pG(oG'qI*qI)tJ*wL,tJ*rI*tK,sK rJ*vL yN-xM-rJ vL.xM.xL,xK wL,tJ*qH(pH(qI*pF)jB&mE'rH'vJ)xL xL wK*yL xL wK*wJ)xK){N,}N,
V;}U;{T9|T9zT8zT8zT8{T8{T8|U9yT9uR6qM5oK3oK3oK3pL4qM5qM5tO7tN6pL4mI1jH0mJ0rO4rO5oK1qL2rM1tN1sM1nK1hF-fD,fD,fD,iG/kI1kI0jF-iE-lH0kJ0pN4rO5kI/nL2pL2lH.hE,dB*iH.iI/fD,fE-fD,fD,gE,fE hG.lJ1lG0hD,lI1mJ1lG,pI-rJ.rK/qJ.nH,iD)jE,mG pI,oH,jE(jD(lH1}^GiH-kE*lD(jD(lE)mF*oG*nG)nF)lD(pH qG)mE'lE(nG'oG'rI)rI)tJ*vL,sJ,pG*sJ*sJ*rJ*qJ*yN-vM,qJ uL,xM,wK,uI*xL-uK qH(pG'tJ*nF(jC&oF&tJ)uJ)xL yL xK*yL zM xK*wK*vJ){N-}O-
W:~V;{U9zT9yR8zS8zS8{T8zS8zT8|U9wT8tR6qL3oK2oK3oK3oK3pM5oK3rM5qM5oK3jH0jI/mK0pM3oL3mI0qM2rM2rM2rM1kH.fD,fD,fD,fD,hF/lJ1lG/hD,gD,iG/kG/pL3rM5lH/oL2nK1kG.fC dB*hF.iG.fE,fC,fD,gE-gE-eC,iF.lH0kG/hD,lH0mI0kH pI-rK.sL0oI-mH,jD*jE kF pI-lH*hC'mH0yX?iE,iE kF jD(jD(kD(mG)mG(nH*mF)lD'oG*oH(kD&lD'oF'qH(rI(qH)rI vM-sJ*qH(sJ*sI*qI*rK*xN-yN-sJ*tK,xL-wK,uI*wL,rI)oH(pH)sJ*mD%f=!kB$tJ*wK*zM,zM,xK*zM,zM,wJ*yK xK*zM,|O-
V;~V<~V;}V:}V:|V:xS8yS9zS8zT8{S8zS7zT8}U:xR8sP6pM5nJ3nK3oL4nK3oL4pL4qM5pM5nK3kI/iH.lI0oL4oL3nJ1pK2pL2qM1pL1jH.fD,fD-fD,fD,hF-kH0kH0hE-gE-kG/kG/pK3qM5jG/mJ1nJ1hF-eB*cA)gF-iH/fD,fD,dB*fD,hF.fD,iF.jF.hE-gC kH/kI/lG oH-pJ.qK/oI.lH-hC*jE lF*mI lF lF-vT;gC*fC)hE*jE*iD(kD(kE'lF(mG)mF)lE(kD&oH(oH(mD&mE'oG'pG'oG(nG)rI)uK rI)qH)sJ,qI,oI*sJ {N-wL,pI*uK,vK,vK,uJ*vK rI)nF(pF&|U7
r\|Y@mE%uK*yL {N-{N-yK |M-{L,yK xK*wL*zN 
U<}V<}V;}V:}U9yT9yS8yR8yT9zT8zT8zT8{T8}U:vS8uO6qL4mI2lJ3pL4oK3oK3oK3pM4pM3nJ2kG/jF.jH0oK4nJ2lH/nL2oL2qL1qL0jH/eC fD,fD,eC gE-kI1lH0hD,hD,jF.iG/mK3oK3jG-nK1lI/iF-fB*dB*hE-gE-eC fE,dB*fD,hF.eC gE-iG/fD,dC iG0kH/hE mH-oI-pJ.mI-kG,iD*iE iE*nG,lG.oN5gD*eB(eB(fD*jE*jD(jC'lD)lF(lF(mG)kF(kD'oG(qH'lD%lD(nF'oG'oH(mG'qJ*uL pI)nF)pH pH oG*rI*wM-vL pH*tK,uL vK tH)wK,sH'nE%
tO2oE%xK yL |O.~O/zK }N.{N,yL*yL*wL)
V:}V;}U;}U:}S8zS8xS8yR8xS8yT8zT8{S9zT8|U:xS8sQ6nK3mJ1nK3oK3oK3oK3oK3oL2oL4mI1kF.hF.kG/oK3oK2lI/oK2qL2qL2pL2iF-dC eC fD,eC hF.nI1lH0hD,hE-hF.hF.oK3oK2iE-mI1mI1iD,eB*dA)hF.gE-fE,fD,dB*gE-iG/eC gE-hF.eC eC jG/jG.iF,mH-nI-pJ.nI.kF,jE gC)iD*oI/pN4hD*gC)gB(eB(gC)iE*iC(jC(kD(lF(lF(mG)lE'kC&nF'pH(lD&lD'oG(qH(oG&oF'qI*tL,qH)nF)pH nG)nH(qI*yM,uK qH)tL,vK vI*vJ uJ)pH(
W;~W;~U:~U;}U:|U:|T8zS7wR7wQ8xS8yT8zU8zU8{T8|U:wR7sP6pK4mH1nK3oK3nJ2oK3nK1pL3oK3mI1iG/iF.kG/oK3lH0kF/oJ1pK1pL1pL1hF-dA)fD,fD,eC hD,lH0lH0iE-fD,hF.jG/nK3nJ2hD,mI1lH0fC dB*dA)gE-eD,gE-gE-cB)hF.iG/eC gE-hF.eC eC kH0iF-iE*lG,pI-oI.mH-kF,fB)hC)kE pM2kF*hC'gB(eA)fC)fC*hC*hC(hC'kE'lF(kE'lE(kD'lD'pH)qH)lD'lD&pG'rH(pG(mE(rI)sJ*oF)oG*pH pG(oG'pJ)wM,tJ*oG*uJ,wK,vJ sJ*sH'
X<~V:~W;{T8zS7yR6yQ8yQ7zT8{T7zR9yQ9zR9{T8|U9~W;~W;~W;{T8{T8}V:|V:yS7xS7wR6{V:}V:zS7yR7xS9xS9xS9zS7zS7zS7vQ7tP6rO6vQ8zU9zS7{T8}V:{T8|U:|V;vQ8sP6qM5oJ2pK3oL4oK4oK3oK3oK3oK2lK/kH0lK0jI0lI0oK3sO3tQ6wP5uQ6xR8zT7zS8yQ9zR8zT8{T8zT;{U:{V9|T9{S9zT:|T9|U9}T9|U:|V:}V:}V9~V:~V:~W;}W:}U:}U:}U:|T9{T8yS7xR7wQ7xS8yT8zU9{T8{T9|V;vS8sO7pL4lI0nK2pK4oK3nK3nK1oL2nK1jH/hF.hF.iG/lJ2jH0iF-mK0nJ0pK/pK/hE dB*fD,gE-fC hD,nI1mI1fD,gE-hF.iG/oK3mI1gE jI/hH.fD eA)c@(fD,fD,gE-gE-dC iF.jF.dB*fD,fD,eB*eB*jG.hD,gD*lG-mH-nI-mH.kF,iD*gD*kH-kF)jE*hD)gC(fC)fC)gC*iD)gC%iC'kD'lE(kD'kE'jE'kD&qH)rI)nE&kD(pG(rI(oG'mE&qH*sJ*pG(pF)oG*oG*nF)sH*vM,rI)pH*sJ,tK*uJ*uH*sF'nB"nC#uI*vJ qI)rJ*vL,{M,|N,
W;|U9}V:{T8zS7yQ8xP7xP7zS7{S:yQ8zR9zS7{T8|U9}V:~W;~W;zS7zS7~W;{U9xS7wS7xS7|U9|U9yS7wR8wR8wR8yR8zR8zR8yS8wR8sO5tO5vQ6zT9{T8zS7}V9{T8zU9{V<wQ8sO6pM4oJ3oK3oK3oK2oJ2nK2oK3nJ2lI1iI/kG0iJ1qP5tS5vR8wR8wQ7xR7zT7{R8yR8zR9zS8{T8{T:|U;{U9|U:|T9|T9|T:|T9|U9}V9|T9|U:}V:~V:}U:}U;~U;}V9}U:}U:}U9|U:{R7xQ7xQ7vR7wS8zS8{T9{U9zU9|V:xR7tO6pK3lH1nK3oK3oK3nJ2mI1oK2kI1iG/iG.hF.iG/kI1iG/iF.nK1mJ/oK0mJ0gD cA)fD,hF.eC fD,lI1jH0fD,gE-hF.jH0mJ2jH0eC iG/hE-gB*c@(cA)eC eC hE-hE-cB*hE.iG/dB*dB*eC dB*dC*iE-hD,gC*lG-mH-mH-lG-jE fC)hE hD)kF jE*hC'gC(fC)eB(gC)hC(hC'hB'kD'kE'lF(kE'kD'lC'pG(sJ*nF&nE&pH'rI(qH(oF&qH)tK pF(nF)pH nF)nE)rH uM sJ*pG'sJ*uJ vI uI*tJ*sI*tH)wJ*xJ*sI)qJ)xM,{N,~P.
_?~]?|\>}\>}\>
`@}^>{]?{]?{]?}\?}\?~]@
]@~]?~]>~[=|]<~Y<~X<}X;|W:|U9|T:|T9|T:{T9|V9}U:|U:}U:}V9}V:}U:|U9}U:}V:}V9|U:|U9|T9zS8wQ7xQ7vQ7wS8yT8zT9|U9zV:}X<wX;wT9sT:pR8tW;sV:tV;sV:rU9qW9oV7nT6nS7mR7nS7pU9mR6nR5qU7qU7rV8qU7jO3iN1lQ5lQ5jO3lQ5qV:oT8kP4kQ5lR6oT8qV:nS7jO3nR6mP4jN2iN1iN2iN2jO3oR6mR6kO3oT8nS7jN3jN4kO4jN3jO4nQ6mO4nO3qS5qT4pS4oQ3mQ3mQ3jN0nP0pQ1mP0mO/lO1jN1iN/kM2lN1kM.mM/mO-nO.nO.nN.nN-nN-sQ/uT/pP-qQ/vU0wV2uT0tR1uT0uV/pR/qS0qS0oS/pR.sT/xX1tU.pR-uU1yU2yU2xU2yV4zU3zU3
version="5.1.0.0"
name="mymacro.exe"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
!"#$%&'()* ,-./0123456789:;<
BeginHotkeyMod
QMDispatch.QMLibrary
VVV.ajjl.cn
{8856F961-340A-11D0-A96B-00C04FD705A2}
msctls_hotkey32
HotKey1
8, 0, 0, 6786
Windows98
WindowsME
Windows
[email protected]
setup.exe

svchost.exe_508:




.text
`.data
.rsrc
msvcrt.dll
KERNEL32.dll
NTDLL.DLL
GDI32.dll
USER32.dll
IMAGEHLP.dll
rundll32.pdb
.....eZXnnnnnnnnnnnn3
....eDXnnnnnnnnnnnn3
...eDXnnnnnnnnnnnn,
.eDXnnnnnnnnnnnn,
%Xnnnnnnnnnnnnnnn1
O3$dS7"%U9
.manifest
5.1.2600.5512 (xpsp.080413-2105)
RUNDLL.EXE
Windows
Operating System
5.1.2600.5512
YThere is not enough memory to run the file %s.
Please close other windows and try again.
9The file %s or one of its components could not be opened.
0The file %s or one of its components cannot run.
MThe file %s or one of its components requires a different version of Windows.
UThe file %s or one of its components cannot run in standard or enhanced mode Windows.3Another instance of the file %s is already running./An exception occurred while trying to run "%s"
Error in %s
Missing entry:%s
Error loading %s

iexplore.exe_912:




%?9-*09,*19}*09
.text
`.data
.rsrc
msvcrt.dll
KERNEL32.dll
NTDLL.DLL
USER32.dll
SHLWAPI.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
rsabase.dll
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
watson.microsoft.com
IEWatsonURL
%s -h %u
iedw.exe
Iexplore.XPExceptionFilter
jscript.DLL
mshtml.dll
mlang.dll
urlmon.dll
wininet.dll
shdocvw.DLL
browseui.DLL
comctl32.DLL
IEXPLORE.EXE
iexplore.pdb
ADVAPI32.dll
MsgWaitForMultipleObjects
IExplorer.EXE
IIIIIB(II<.Fg
7?_____ZZSSH%
)z.UUUUUUUU
,....Qym
````2```
{.QLQIIIKGKGKGKGKGKG
;33;33;0
8888880
8887080
browseui.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
Windows
Operating System
6.00.2900.5512

ctfmon1.exe_1952:




.text
`.data
.rsrc
msvcrt.dll
ADVAPI32.dll
KERNEL32.dll
NTDLL.DLL
USER32.dll
MSCTF.dll
MSUTB.dll
ctfmon.exe
Software\Microsoft\Windows\CurrentVersion\Run
SetProcessShutdownParameters
kernel32.dll
\ctfmon.exe
keyboard layout
Keyboard Layout\Toggle
keyboard layout\Preload
\IME\sptip.dll
internat.exe
RegNotifyChangeKeyValue
advapi32.dll
ntdll.dll
ole32.dll
ctfmon.pdb
_acmdln
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegOpenKeyExA
GetSystemWindowsDirectoryA
MsgWaitForMultipleObjects
EnumWindows
TF_PostAllThreadMsg
<assemblyIdentity name="ctfmon" processorArchitecture="x86" version="5.1.0.0" type="win32"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
5.1.2600.5512 (xpsp.080413-2105)
CTFMON.EXE
Windows
Operating System
5.1.2600.5512






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    ctfmon1.exe:1952
    %original file name%.exe:464
    Server.exe:1328
    

    2. 

  2. Delete the original Backdoor file.
    3. 

  3. Delete or disinfect the following files created/modified by the Backdoor:
    

    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ad-mymacro8-p[1].htm (3 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (197 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\mymacro.zip (22 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@ad-mymacro8-p[1].txt (240 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\go[1].htm (846 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\85e4.tmp (17716 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (3856 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\s[1].js (38 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\s[1].php (3 bytes)
    %Documents and Settings%\%current user%\Application Data\qmacro\qdisp.dll (6532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\mmcount[1].htm (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@qmacro[1].txt (151 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\s[1].php (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ad-mymacro8.xml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aroute[1].php (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\e1537fea1e043634e7359bee6656a[1].jpg (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\2.tmp (896 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (162 bytes)
    %Documents and Settings%\%current user%\UserData\2Z89WTQV\ad.vrbrothers[1].xml (266 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\plugin.zip (6740 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\hm[1].js (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f97f5aec6423f2058a1ab68892cb5[1].jpg (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aroute[2].php (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\3.tmp (28844 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\hm[2].js (315 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ad-mymacro8-b[1].htm (755 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ad-mymacro8-b[1].htm (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\adcon\mm\tmpad.xml (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Program Files%\wi520468nd.temp (159649 bytes)
    %Documents and Settings%\svchost.exe (33 bytes)
    %System%\ctfmon.exe (673 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe" = "%System%\ctfmon.exe"
    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 

  6. Reboot the computer.
    7. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now