MD5: 0b85b0a399ecb4d72970904b52515ddc
SHA1: 1be8f571d3c8c3aec33767babf54bea5d604c62b
SHA256: 73e96a4890b377f15959ef6efba19bac390a7ea841602517efde8435d948387b
SSDeep: 12288:NihDugaozZgCt0Vsm66hhzKU7I NaeIZOUfQhk3ToS:Ni5T3mVb66hh1XEZO
Size: 596992 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-06-26 13:16:21
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan-PSW. Trojan program intended for stealing users passwords.

Payload

Process activity

The Trojan creates the following process(es):

%original file name%.exe:652
UpDate.exe:1116

The Trojan injects its code into the following process(es):

%original file name%.exe:1536

Mutexes

The following mutexes were created/opened:

ShimCacheMutex
__DDrawCheckExclMode__
__DDrawExclMode__
DDrawWindowListMutex
DDrawDriverObjectListMutex
c:!documents and settings!adm!userdata!
CTF.TMD.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Layouts.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Asm.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Compart.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.LBES.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
ZonesLockedCacheCounterMutex
ZonesCacheCounterMutex
ZonesCounterMutex
WininetProxyRegistryMutex
WininetConnectionMutex
WininetStartupMutex
c:!documents and settings!adm!local settings!history!history.ie5!
c:!documents and settings!adm!cookies!
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
_!MSFTHISTORY!_
RasPbFile

File activity

The process %original file name%.exe:1536 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\login[1].htm (1318 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\prebat[1].php (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\core[1].php (765 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\monitor[1].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].php (1177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\icon_3[1].png (7 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (354 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\abase[1].js (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\load[1].gif (771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\login[1].com (3576 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ptui_ver[2].js (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\pull_2[1].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\qr_1_ie6[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\pic[1].gif (719 bytes)
C:\data\UpDate.exe (303 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ptui_ver[1].js (177 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\ptlogin2.qq[1].xml (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h_qr_login_1[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\load[1].gif (817 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\r[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\h_login_11[1].js (1829 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\shiyitop[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\17287617[1].js (25 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (8096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\tongji[1].htm (952 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ptui_ver[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\login[1].com (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)

The process %original file name%.exe:652 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\data\UpDate.exe (1641 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)

The process UpDate.exe:1116 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\data\Temp.gutou.cc (1850 bytes)
C:\%original file name%.exe (1850 bytes)

Registry activity

The process %original file name%.exe:1536 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1440117447"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 0F A0 D6 38 49 CD F5 3C 5B 6B 08 75 C4 4B 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 40 94 96 5C 45 A7 EF E6 DA 6C 31 72 CE 45 D5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Multimedia\DrawDib]
"vga.drv 1276x846x32(BGR 0)" = "31,31,31,31"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process UpDate.exe:1116 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF A7 88 0D 64 DE 9F A3 3E 86 00 36 FE E7 68 12"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: ??
Product Name: ??QQ????????
Product Version: 1.8.0.0
Legal Copyright: ????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.8.0.0
File Description: ????
Comments: ???????????????,??????
Language: English (United States)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://temp.p23.tc.cdntip.com/up/shiyimiaozan.txt
hxxp://d.gutousoft.com/公共软件下载/失忆秒赞秒评软件.exe	120.24.75.226
hxxp://temp.p23.tc.cdntip.com/up/tongji.htm
hxxp://temp.p23.tc.cdntip.com/ad/shiyitop.htm
hxxp://gutou.cc/ad/shiyi/dingyue.htm	203.195.236.181
hxxp://ui.ptlogin2.qq.com/cgi-bin/login?appid=549000912&s_url=hxxp://qun.qzone.qq.com/group&style=12.com	112.90.83.106
hxxp://js.adm.cnzz.net/js/abase.js	42.156.140.143
hxxp://vip.gutou.cc/	119.29.32.56
hxxp://js.adm.cnzz.net/prebat.php?url=http://www.gutou.cc/ad/shiyitop.htm&excludeid=&fn=CNZZ_ADD_BATCH&width=1276&height=846&time=1445663161196&domain=&referer=&href=http://www.gutou.cc/ad/shiyitop.htm	42.156.140.143
hxxp://imgcache.qq.com.cdngc.net/ptlogin/v4/style/11/images/icon_3.png	151.249.89.220
hxxp://imgcache.qq.com.cdngc.net/ptlogin/ver/10137/js/h_login_11.js?max_age=604800&ptui_identifier=000E010D35E941CFEC71A582B9FFEC02C10296A5EF4013A61D4B7961A3	151.249.89.220
hxxp://all.cnzz.com.danuoyi.tbcache.com/stat.php?id=1252975436&show=pic
hxxp://vip.gutou.cc/sale.php	119.29.32.56
hxxp://imgcache.qq.com.cdngc.net/ptlogin/v4/style/12/h_qr_login_1.css?max_age=604800	151.249.89.220
hxxp://imgcache.qq.com.cdngc.net/ptlogin/v4/style/0/images/load.gif	151.249.89.220
hxxp://imgcache.qq.com.cdngc.net/ptlogin/v4/style/11/images/pull_2.gif	151.249.89.220
hxxp://imgcache.qq.com.cdngc.net/ptlogin/v4/style/11/images/qr_1_ie6.png	151.249.89.220
hxxp://oz.cnzz.com/stat.htm?id=1252975436&r=&lg=en-us&ntime=none&cnzz_eid=1388215460-1445663153-&showp=1276x846&p=http://www.gutou.cc/up/tongji.htm#shiyi&t=tongji&h=1&rnd=459593528	198.11.132.200
hxxp://all.cnzz.com.danuoyi.tbcache.com/core.php?web_id=1252975436&show=pic&t=z
hxxp://vip.gutou.cc/kss_inc/style/sale_style.css?version=M09-P136	119.29.32.56
hxxp://am1.adm.cnzz.net/stat.gif?sid=317353&aid=193078&mid=227176&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&js=2&hx=123	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?sid=317352&aid=193077&mid=227177&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&js=2&hx=123	42.156.162.21
hxxp://ui.ptlogin2.qq.com/cgi-bin/report?id=326046	112.90.83.106
hxxp://imgcache.qq.com.cdngc.net/ptlogin/ver/10137/js/monitor.js	151.249.89.220
hxxp://am1.adm.cnzz.net/stat.gif?rsid=317353&raid=193078&rmid=227176&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?rsid=317352&raid=193077&rmid=227177&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1	42.156.162.21
hxxp://vip.gutou.cc/kss_inc/js/jquery.1.3.2.pack.js?version=M09-P136	119.29.32.56
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=64926055	42.120.219.171
hxxp://am1.adm.cnzz.net/stat.gif?sid=317354&aid=193079&mid=227174&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&js=2&hx=123	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?sid=317355&aid=193080&mid=227173&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&js=2&hx=123	42.156.162.21
hxxp://ui.ptlogin2.qq.com/style/0/images/load.gif?v=0.5662742633235497	112.90.83.106
hxxp://ui.ptlogin2.qq.com/ptui_ver.js?v=0.3521985679219176	112.90.83.106
hxxp://all.cnzz.com.danuoyi.tbcache.com/img/pic.gif
hxxp://js.users.51.la/17287617.js	113.107.42.34
hxxp://am1.adm.cnzz.net/stat.gif?rsid=317354&raid=193079&rmid=227174&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?rsid=317355&raid=193080&rmid=227173&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?sid=317356&aid=221632&mid=257928&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&js=2&hx=123	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?sid=317332&aid=201980&mid=227172&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&js=2&hx=123	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?rsid=317356&raid=221632&rmid=257928&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1	42.156.162.21
hxxp://ui.ptlogin2.qq.com/cgi-bin/report?id=358342&t=0.5075673314516665	112.90.83.106
hxxp://am1.adm.cnzz.net/stat.gif?sid=320044&aid=194902&mid=227174&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&js=2&hx=123	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?sid=320045&aid=202403&mid=227174&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&js=2&hx=123	42.156.162.21
hxxp://vip.gutou.cc/kss_inc/js/jquery.form.js?version=M09-P136	119.29.32.56
hxxp://isdspeed.qq.com/cgi-bin/r.cgi?flag1=7808&flag2=6&flag3=1&2=859	119.147.195.15
hxxp://am1.adm.cnzz.net/stat.gif?rsid=317332&raid=201980&rmid=227172&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1	42.156.162.21
hxxp://vip.gutou.cc/kss_inc/js/jquery.pngFix.js	119.29.32.56
hxxp://icon.51.la/icon_11.gif	42.236.73.3
hxxp://am1.adm.cnzz.net/stat.gif?sid=320046&aid=202404&mid=227174&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&js=2&hx=123	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?sid=320047&aid=202402&mid=236641&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&js=2&hx=123	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?rsid=320044&raid=194902&rmid=227174&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1	42.156.162.21
hxxp://vip.gutou.cc/kss_inc/js/admin_pub.js?version=M09-P136	119.29.32.56
hxxp://am1.adm.cnzz.net/stat.gif?rsid=320045&raid=202403&rmid=227174&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?sid=320048&aid=202401&mid=236642&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&js=2&hx=123	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?sid=320049&aid=202400&mid=236640&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&js=2&hx=123	42.156.162.21
hxxp://vip.gutou.cc/kss_inc/images/salelogo.png	119.29.32.56
hxxp://am1.adm.cnzz.net/stat.gif?rsid=320046&raid=202404&rmid=227174&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?rsid=320047&raid=202402&rmid=236641&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1	42.156.162.21
hxxp://vip.gutou.cc/kss_inc/images/sale_bg.jpg	119.29.32.56
hxxp://am1.adm.cnzz.net/stat.gif?rsid=320048&raid=202401&rmid=236642&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1	42.156.162.21
hxxp://vip.gutou.cc/kss_inc/images/sale_search.gif	119.29.32.56
hxxp://am1.adm.cnzz.net/stat.gif?rsid=320049&raid=202400&rmid=236640&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1	42.156.162.21
hxxp://vip.gutou.cc/photo/miaopingmiaozan.png?mode=open	119.29.32.56
hxxp://vip.gutou.cc/kss_inc/images/sale_le.gif	119.29.32.56
hxxp://vip.gutou.cc/kss_inc/images/sale_btn1.gif	119.29.32.56
hxxp://vip.gutou.cc/photo/qqxiangche.png?mode=open	119.29.32.56
hxxp://vip.gutou.cc/photo/quanrenmiaozan.png?mode=open	119.29.32.56
hxxp://vip.gutou.cc/photo/shuoshuofabu.png?mode=open	119.29.32.56
hxxp://vip.gutou.cc/photo/zhuanfachongfa.png?mode=open	119.29.32.56
hxxp://vip.gutou.cc/photo/renqikongjian.png?mode=open	119.29.32.56
hxxp://vip.gutou.cc/photo/miaozanfenxiang.png?mode=open	119.29.32.56
hxxp://all.cnzz.com.danuoyi.tbcache.com/stat.php?id=1253155700
hxxp://wpa.qq.com/pa?p=2:10347904:51	112.90.83.87
hxxp://temp.p23.tc.cdntip.com/wp-content/uploads/2014/10/防圈最新教程.jpg
hxxp://temp.p23.tc.cdntip.com/wp-content/uploads/2014/09/quan2.png
hxxp://oz.cnzz.com/stat.htm?id=1253155700&r=&lg=en-us&ntime=none&cnzz_eid=1428304560-1445663166-&showp=1276x846&t=骨头软件工作室软件销售平台&h=1&rnd=774735084	198.11.132.200
hxxp://cnzz.mmstat.com/app.gif?&cna=s/ xDknQKHcCAcLyYNr/GNhv	42.120.219.171
hxxp://all.cnzz.com.danuoyi.tbcache.com/core.php?web_id=1253155700&t=z
hxxp://vip.gutou.cc/kefu/kf.js	119.29.32.56
hxxp://vip.gutou.cc/kefu/287364_code.js	119.29.32.56
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=157414404	42.120.219.171
hxxp://webproxy-sz.qplus.com/getonline?Type=1&10347904:10347904:10347904:10347904:
hxxp://vip.gutou.cc/kefu/skin/42/skin.css	119.29.32.56
hxxp://vip.gutou.cc/kefu/skin/42/top.gif	119.29.32.56
hxxp://vip.gutou.cc/kefu/skin/42/bottom.gif	119.29.32.56
hxxp://wpa.qq.com/pa?p=1:10347904:4	112.90.83.87
hxxp://vip.gutou.cc/kefu/theme/3/style.css	119.29.32.56
hxxp://temp.p23.tc.cdntip.com/wp-content/uploads/2014/09/quan1.png
hxxp://vip.gutou.cc/kefu/theme/3/btn_2.gif	119.29.32.56
hxxp://p21.tcdn.qq.com/qconn/wpa/button/button_111.gif
hxxp://temp.p23.tc.cdntip.com/wp-content/uploads/2015/08/fenzu1.png
hxxp://vip.gutou.cc/kefu/theme/3/btn_1.gif	119.29.32.56
hxxp://p21.tcdn.qq.com/qconn/wpa/button/button_old_41.gif
hxxp://temp.p23.tc.cdntip.com/wp-content/uploads/2015/08/fenzu2.png
hxxp://vip.gutou.cc/kefu/skin/42/middle.gif	119.29.32.56
hxxp://temp.p23.tc.cdntip.com/wp-content/uploads/2015/08/fenzu3.png
hxxp://temp.p23.tc.cdntip.com/wp-content/uploads/2015/07/yanzhengxinxi1.png
hxxp://vip.gutou.cc/kefu/skin/42/l.gif	119.29.32.56
hxxp://vip.gutou.cc/kefu/theme/3/bg.gif	119.29.32.56
hxxp://temp.p23.tc.cdntip.com/wp-content/uploads/2015/07/yanzhengxinxi2.png
hxxp://temp.p23.tc.cdntip.com/wp-content/uploads/2015/07/yanzhengxinxi3.png
hxxp://temp.p23.tc.cdntip.com/wp-content/uploads/2015/07/yanzhengxinxi4.png
hxxp://temp.p23.tc.cdntip.com/wp-content/uploads/2015/07/yanzhengxinxi6.png
hxxp://js.adm.cnzz.net/s.php?sid=311845	42.156.140.143
hxxp://js.adm.cnzz.net/js/s.js?v=20140108	42.156.140.143
hxxp://js.adm.cnzz.net/aroute.php?sid=311845&width=1276&height=846&isf=1&domain=&proid=&pid=&fid=&mid=&floorid=&time=1445663183258258&referer=&href=http://vip.gutou.cc/sale.php&queueid=1	42.156.140.143
hxxp://js.adm.cnzz.net/s.php?sid=317594	42.156.140.143
hxxp://js.adm.cnzz.net/aroute.php?sid=317594&width=1276&height=846&isf=1&domain=&proid=&pid=&fid=&mid=&floorid=&time=1445663184977977&referer=&href=http://vip.gutou.cc/sale.php&queueid=2&excludeid=	42.156.140.143
hxxp://js.adm.cnzz.net/s.php?sid=317595	42.156.140.143
hxxp://cache.adm.cnzz.net.a.hichinacdn.net/material/cf/c/df32015041f34b9146b8696c892cd.gif	80.231.126.250
hxxp://cache.adm.cnzz.net.a.hichinacdn.net/images/duilianclose.jpg	80.231.126.250
hxxp://cnzz.mmstat.com/9a.gif	42.120.219.171
hxxp://js.adm.cnzz.net/aroute.php?sid=317595&width=1276&height=846&isf=1&domain=&proid=&pid=&fid=&mid=&floorid=&time=1445663186149149&referer=&href=http://vip.gutou.cc/sale.php&queueid=3&excludeid=317594,	42.156.140.143
hxxp://cache.adm.cnzz.net.a.hichinacdn.net/material/35/f/401280028c1bd68e3b13a33e64424.gif	80.231.126.250
hxxp://am1.adm.cnzz.net/stat.gif?sid=317595&aid=193177&mid=227329&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://vip.gutou.cc/sale.php&referer=&rtime=1445663186758&js=2	42.156.162.21
hxxp://am1.adm.cnzz.net/stat.gif?sid=317594&aid=193176&mid=227328&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://vip.gutou.cc/sale.php&referer=&rtime=1445663185586&js=2	42.156.162.21
hxxp://cache.adm.cnzz.net/images/duilianclose.jpg	80.231.126.250
hxxp://s23.cnzz.com/stat.php?id=1252975436&show=pic	1.99.192.16
hxxp://www.gutou.cc/up/tongji.htm	183.95.154.13
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=317352&raid=193077&rmid=227177&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1	42.156.162.21
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=320049&raid=202400&rmid=236640&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1	42.156.162.21
hxxp://www.gutou.cc/up/shiyimiaozan.txt	183.95.154.13
hxxp://cache.adm.cnzz.net/material/cf/c/df32015041f34b9146b8696c892cd.gif	80.231.126.250
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=320044&raid=194902&rmid=227174&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1	42.156.162.21
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=320046&raid=202404&rmid=227174&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1	42.156.162.21
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=317332&raid=201980&rmid=227172&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1	42.156.162.21
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=317353&raid=193078&rmid=227176&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1	42.156.162.21
hxxp://imgcache.qq.com/ptlogin/v4/style/12/h_qr_login_1.css?max_age=604800	151.249.89.220
hxxp://s13.cnzz.com/stat.php?id=1253155700	1.99.192.16
hxxp://www.gutou.cc/wp-content/uploads/2015/08/fenzu2.png	183.95.154.13
hxxp://www.gutou.cc/wp-content/uploads/2014/10/防圈最新教程.jpg	183.95.154.13
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=317354&raid=193079&rmid=227174&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1	42.156.162.21
hxxp://cache.adm.cnzz.net/material/35/f/401280028c1bd68e3b13a33e64424.gif	80.231.126.250
hxxp://pcookie.cnzz.com/app.gif?&cna=s/ xDknQKHcCAcLyYNr/GNhv	42.120.219.171
hxxp://c.cnzz.com/core.php?web_id=1252975436&show=pic&t=z	195.59.70.248
hxxp://www.gutou.cc/wp-content/uploads/2015/08/fenzu1.png	183.95.154.13
hxxp://www.gutou.cc/wp-content/uploads/2015/07/yanzhengxinxi3.png	183.95.154.13
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=317355&raid=193080&rmid=227173&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1	42.156.162.21
hxxp://www.gutou.cc/ad/shiyitop.htm	183.95.154.13
hxxp://www.gutou.cc/wp-content/uploads/2015/07/yanzhengxinxi1.png	183.95.154.13
hxxp://www.gutou.cc/wp-content/uploads/2014/09/quan2.png	183.95.154.13
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=320047&raid=202402&rmid=236641&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1	42.156.162.21
hxxp://imgcache.qq.com/ptlogin/v4/style/0/images/load.gif	151.249.89.220
hxxp://c.cnzz.com/core.php?web_id=1253155700&t=z	195.59.70.248
hxxp://imgcache.qq.com/ptlogin/ver/10137/js/monitor.js	151.249.89.220
hxxp://imgcache.qq.com/ptlogin/v4/style/11/images/pull_2.gif	151.249.89.220
hxxp://www.gutou.cc/wp-content/uploads/2015/07/yanzhengxinxi4.png	183.95.154.13
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=317356&raid=221632&rmid=257928&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1	42.156.162.21
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=320045&raid=202403&rmid=227174&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1	42.156.162.21
hxxp://imgcache.qq.com/ptlogin/v4/style/11/images/icon_3.png	151.249.89.220
hxxp://imgcache.qq.com/ptlogin/ver/10137/js/h_login_11.js?max_age=604800&ptui_identifier=000E010D35E941CFEC71A582B9FFEC02C10296A5EF4013A61D4B7961A3	151.249.89.220
hxxp://ex.am1.adm.cnzz.net/stat.gif?rsid=320048&raid=202401&rmid=236642&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://www.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1	42.156.162.21
hxxp://imgcache.qq.com/ptlogin/v4/style/11/images/qr_1_ie6.png	151.249.89.220
hxxp://webpresence.qq.com/getonline?Type=1&10347904:10347904:10347904:10347904:	103.7.30.103
hxxp://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif	103.7.30.169
hxxp://www.gutou.cc/wp-content/uploads/2015/08/fenzu3.png	183.95.154.13
hxxp://pub.idqqimg.com/qconn/wpa/button/button_111.gif	103.7.30.169
hxxp://www.gutou.cc/wp-content/uploads/2014/09/quan1.png	183.95.154.13
hxxp://www.gutou.cc/wp-content/uploads/2015/07/yanzhengxinxi2.png	183.95.154.13
hxxp://www.gutou.cc/wp-content/uploads/2015/07/yanzhengxinxi6.png	183.95.154.13
hxxp://icon.cnzz.com/img/pic.gif	195.59.70.249
web.51.la	117.21.224.31
pcookie.cnzz.net	42.120.219.171
log.wtlogin.qq.com	113.108.6.148

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY HTTP Request on Unusual Port Possibly Hostile
ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5.
ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /17287617.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/up/tongji.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js.users.51.la

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: max-age=300

Content-Length: 1969

Content-Type: application/x-javascript

Last-Modified: Fri, 07 Aug 2015 04:19:32 GMT

Accept-Ranges: bytes

ETag: "489ce542c8d0d01:32d1"

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 04:51:15 GMT

Connection: close
document.write ('<a href="hXXp://VVV.51.la/?17287617" target="_blan
k" title="51.La 网站流量统计ߏ
B;统"><img alt="51.La 网站流量
EDF;计系统" src="hXXp://icon.51.la/icon_11.gif" styl
e="border:none" /></a>\n');..var a7617tf="51la";var a7617pu="
";var a7617pf="51la";var a7617su=window.location;var a7617sf=document.
referrer;var a7617of="";var a7617op="";var a7617ops=1;var a7617ot=1;va
r a7617d=new Date();var a7617color="";if (navigator.appName=="Netscape
"){a7617color=screen.pixelDepth;} else {a7617color=screen.colorDepth;}
..try{a7617tf=top.document.referrer;}catch(e){}..try{a7617pu =window.p
arent.location;}catch(e){}..try{a7617pf=window.parent.document.referre
r;}catch(e){}..try{a7617ops=document.cookie.match(new RegExp("(^| )a76
17_pages=([^;]*)(;|$)"));a7617ops=(a7617ops==null)?1: (parseInt(unesca
pe((a7617ops)[2])) 1);var a7617oe =new Date();a7617oe.setTime(a7617oe.
getTime() 60*60*1000);document.cookie="a7617_pages=" a7617ops  ";path=
/;expires=" a7617oe.toGMTString();a7617ot=document.cookie.match(new Re
gExp("(^| )a7617_times=([^;]*)(;|$)"));if(a7617ot==null){a7617ot=1;}el
se{a7617ot=parseInt(unescape((a7617ot)[2])); a7617ot=(a7617ops==1)?(a7
617ot 1):(a7617ot);}a7617oe.setTime(a7617oe.getTime() 365*24*60*60*100
0);document.cookie="a7617_times=" a7617ot ";path=/;expires=" a7617oe.t
oGMTString();}catch(e){}..try{if(document.cookie==""){a7617ops=-1;a761
7ot=-1;}}catch(e){}..a7617of=a7617sf;if(a7617pf!=="51la"){a7617of=
<<< skipped >>>

GET /js/abase.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:52 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Tue, 16 Jun 2015 08:20:30 GMT

Vary: Accept-Encoding

Expires: Sat, 24 Oct 2015 06:05:52 GMT

Cache-Control: max-age=3600

Content-Encoding: gzip
2097.............\.s.8..}...=k.-.r...B.rvg .I%.....h...P...,.-.......%
9...U...H..q<..{\l...Y.z)oD.N...e.u..\..<m.Y.Y..._f...-....T..p.
Nn.... nSx.u&.....G..Bw.ne.g[....^....,J.../.wm..|.s.'(....:...6..U...
.:.[e...h7..,gw2...N..b..-v....Q....vC.H....Z..(....R,.......,.U.e1.\.
5.me\..`.-..Z.\.}.r%.#...e..w...w..*..?....dalU.[.(J2.1 $m......(.....
.....%............l.JpA..n%...S...#M.\.BE..3...wY..{z-..s.P.Gc......{s
..L0....w..&b.OPZzj..#.S...2.J..eXFKj'.B.....UZ.0FCoB{....{."o....,..y
.....E..8..)....P.:.hI...su..ia....f..3}<@.N...S.....g.h...Y.H..dQH
[email protected]%.z..Y.Zg)h..<?5.e\X.....S....Hz.....%zW.8..Y{4v.j.>.q
<...ry8e.z{...#[oi..f!.p......-....q..L[.k......o.oX....a..$. .../c
\[email protected]....".i,..8....B.#.c.m..T.$#..LC.\.....lS...
. ..w...Q......c...~..~..(X#......^... 3..,....."uI..8#..H...K..P.B.@.
.uy.T..t.t9..b%''n....R.~.Nd.:=..._......BM......$p6k....g.W........?y
.._.'.Dq=?...k..D..._.3.~....e.M.s.~.p7.V7X..m.~W.....w.u....:s..0...D
...ON27.GLL...........ODzU..C...6:[email protected]
s..3./.4...s....-...a.....V..u0...%._e..BDY.....OU..$N-.i..V......e?K.
..../... ..Y.T... .t.$.hOlRX/Jd,......'....$..D.!1.*v..........>Q..
{.B...:.T.ywuO..f...].sU4.z#[email protected]=.*.L[.$......-..M[.....~.....
....|.U!..X.......|.`.S.$...H......6..8;......T..~....." .A.o..?A V2X.
.GX....O.....X{........96..n2.....8....o&...u..j...t....N..E8..x....\'
..`..o.{.^.....I../e..t.Ch...<..>...v...u...=..v..1..r....,g..f.
..V.i.&N.g.L.n|...q`J...<....3.........Lq.~.... 5d.._....!.4...
<<< skipped >>>

GET /prebat.php?url=http://VVV.gutou.cc/ad/shiyitop.htm&excludeid=&fn=CNZZ_ADD_BATCH&width=1276&height=846&time=1445663161196&domain=&referer=&href=http://VVV.gutou.cc/ad/shiyitop.htm HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:54 GMT

Content-Type: application/x-javascript;charset=gbk

Transfer-Encoding: chunked

Connection: keep-alive

Keep-Alive: timeout=5

Vary: Accept-Encoding

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: ADM_USER=ae165f0f4d1d5b496521f90bd5f05e1a; expires=Thu, 10-Aug-2062 10:11:48 GMT; path=/; domain=.js.adm.cnzz.net

Content-Encoding: gzip
62e..............mo.J........&........ju..TPbb..aE......~gP[k.^.*.1..3
.2#s.....L..i....@,..7...P..(2....]..gH..<..ft;...L.?....d..P.k.r..
...........d.y..i....`...i. c........"#c...sbt...A....M.....9s.X.&V.np
.....#i2'.9.....v..o.u/...8.'.m.....<g<....s#9.....S.....Cw.Ntoe
..9.R.....?.w...Z....3..k.r.O.....N...6..L..M.;.V...Y..?..Rd.%....}Y.f
...:1.J..Z.k..G.w..X_..(5..x.Z.5...8tF..<*;U....D....X..V|u10<}2
.........i..a>.]4....=t....].hn_#wa....//..OY...S...$...G..)m.:....
.p.Dm.2...Y..c........=...7.~!..7_.....$....[:.Y..#..>.=.7.f.O.....
...W......E.~f.......se..^Y.....lp..G~7....1...o..;...._,.E....Zn.....
%-n.k.r...d.&.E2o1(.:...(z..<......)...-p.?.X.F..9eM... *?v..9=.R..
.....O. hf3V.4A}....2....=..Z.].5....Og..9....ex..*..L>.....<.R.
.'..'.1....\.Bv.*.m>j.^ ...s.(....|*.O>....K..........X..sK'.-..
.W...I.>....\T.....k. .k...` .kJJ..5..]X.}.^.!...2..v..............
?Y.bp...$56Q.. ....P.U.{.o98...@......{....g....X.:....MO)....y...C.^2
..I...p..w...kz.O.....V)...#..X...h..Y...6..U{g...!..2....%..%~w..K...
NT.;.T}... ..Q.....?.......4..t.\.?6.n.;/[email protected]./K....y.`.....
O."Vp7."...u5.._.........3.6.{.N."....p%.#q5E.tB....F5..X.y.'.j"......
...}.....f1.w..E.......q.q.W6.....Z.u..5.....1..=[..ETMI.........>.
.#..S...|.QM.....v...9...O,... ......x<......4.l.O.*..X.[..P~:y..d.
.B......x..|..X.".,..R'...V..O...`.....#t.......T.w........To...:M.`..
6.....[.D..\i.4.....z.Z..BAS........".u...y.......yVZ18.ac......6.0..]
i.....O.=.s.p.....S.q.JI.t..Lyd8..1=..kB....{.[..te...C>.......
<<< skipped >>>

GET /qconn/wpa/button/button_111.gif HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: pub.idqqimg.com

HTTP/1.1 200 OK

Server: X2S_Platform

Connection: keep-alive

Cache-Control: max-age=2592000

Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT

Content-Type: image/gif

Content-Length: 3534

Keep-Alive: timeout=60 

X-Cache-Lookup: Hit From MemCache
......JFIF.....`.`.....C..............................................
......................C...............................................
..........................O.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...u...k
...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4......
..[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..
^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2
...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....
}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;
.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(..
..F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o
]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x.......
.m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.
. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?....
...P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.
b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..
$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.
<<< skipped >>>

GET /stat.gif?rsid=317352&raid=193077&rmid=227177&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ex.am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:55 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT

Accept-Ranges: bytes
....


GET /stat.gif?rsid=317354&raid=193079&rmid=227174&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ex.am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:57 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT

Accept-Ranges: bytes
....


GET /stat.gif?rsid=320045&raid=202403&rmid=227174&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ex.am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:57 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT

Accept-Ranges: bytes
....


GET /stat.gif?rsid=320047&raid=202402&rmid=236641&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ex.am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:58 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT

Accept-Ranges: bytes
....


GET /stat.gif?rsid=320049&raid=202400&rmid=236640&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ex.am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:59 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT

Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: Tengine/1.4.2..Date: Sat, 24 Oct 2015 05:05:5
9 GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-al
ive..Keep-Alive: timeout=5..Last-Modified: Wed, 18 Dec 2013 05:49:28 G
MT..Accept-Ranges: bytes..

GET /stat.htm?id=1252975436&r=&lg=en-us&ntime=none&cnzz_eid=1388215460-1445663153-&showp=1276x846&p=http://VVV.gutou.cc/up/tongji.htm#shiyi&t=tongji&h=1&rnd=459593528 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/up/tongji.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: oz.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.6

Date: Sat, 24 Oct 2015 05:05:53 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 09 Mar 2015 09:01:02 GMT

Connection: close

Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..

GET /stat.gif?rsid=317353&raid=193078&rmid=227176&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ex.am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:55 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT

Accept-Ranges: bytes
....


GET /stat.gif?rsid=317355&raid=193080&rmid=227173&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ex.am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:55 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT

Accept-Ranges: bytes
....


GET /stat.gif?rsid=317356&raid=221632&rmid=257928&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ex.am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:56 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT

Accept-Ranges: bytes
....


GET /stat.gif?rsid=317332&raid=201980&rmid=227172&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&view=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ex.am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:56 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT

Accept-Ranges: bytes
....


GET /stat.gif?rsid=320044&raid=194902&rmid=227174&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ex.am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:57 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT

Accept-Ranges: bytes
....


GET /stat.gif?rsid=320046&raid=202404&rmid=227174&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ex.am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:57 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT

Accept-Ranges: bytes
....


GET /stat.gif?rsid=320048&raid=202401&rmid=236642&rip=194.242.96.218&rcookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&view=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ex.am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:59 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Wed, 18 Dec 2013 05:49:28 GMT

Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: Tengine/1.4.2..Date: Sat, 24 Oct 2015 05:05:5
9 GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-al
ive..Keep-Alive: timeout=5..Last-Modified: Wed, 18 Dec 2013 05:49:28 G
MT..Accept-Ranges: bytes..

GET /up/shiyimiaozan.txt HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/up/shiyimiaozan.txt

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

Content-Type: application/x-www-form-urlencoded

Host: VVV.gutou.cc

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: NWS_Appimg_HY

Connection: keep-alive

Date: Sat, 24 Oct 2015 05:05:31 GMT

Cache-Control: max-age=600

Expires: Sat, 24 Oct 2015 05:15:31 GMT

Last-Modified: Fri, 21 Aug 2015 00:41:40 GMT

Content-Type: text/plain

Content-Length: 236

X-Cache-Lookup: Hit From Disktank

Accept-Ranges: bytes
..........4.5..(....................)............hXXp://d.gutousoft.co
m/公共软件下载/失å%
BF†ç§’赞秒评软件.exe.......
.....................!....HTTP/1.1 200 OK..Server: NWS_Appimg_HY..Conn
ection: keep-alive..Date: Sat, 24 Oct 2015 05:05:31 GMT..Cache-Control
: max-age=600..Expires: Sat, 24 Oct 2015 05:15:31 GMT..Last-Modified: 
Fri, 21 Aug 2015 00:41:40 GMT..Content-Type: text/plain..Content-Lengt
h: 236..X-Cache-Lookup: Hit From Disktank..Accept-Ranges: bytes.......
.....4.5..(....................)............hXXp://d.gutousoft.com/å
…¬å…±è½¯ä»¶ä¸‹è½½/失忆
秒赞秒评软件.exe............
................!......

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Content-Type: text/html;charset=utf-8

Location: hXXp://vip.gutou.cc/sale.php

Server: Microsoft-IIS/7.5

X-Powered-By: PHP/5.2.8

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:49 GMT

Connection: close

Content-Length: 0

GET /wp-content/uploads/2014/10/防圈最新教程.jpg HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gutou.cc

Connection: Keep-Alive

Cookie: CNZZDATA1252975436=1388215460-1445663153-|1445663153; a7617_pages=1; a7617_times=1

HTTP/1.1 200 OK

Server: NWS_Appimg_HY

Connection: keep-alive

Date: Sat, 24 Oct 2015 05:06:04 GMT

Cache-Control: max-age=600

Expires: Sat, 24 Oct 2015 05:16:04 GMT

Last-Modified: Fri, 10 Oct 2014 02:15:25 GMT

Content-Type: image/jpeg

Content-Length: 504376

X-Cache-Lookup: Hit From Disktank

Accept-Ranges: bytes
......JFIF.....`.`.....C..............................................
......................C...............................................
........................`. ...........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..~.$.PI
$..$.N..d.OA....k...J.z..P.R.j.!J..P.J.j...:t..Js.RmF..r...S.....&....
K]^.|/.G...Y....Z.1O.x;...3*.3Xhz..r ..*.[H.:....9.._oO.>:.B.'....U
h.....eX9.U"..J./.B.%o...jS..V..h...e0.Jr..q.JN.).E.xM6.e.~d. .....j..
......<..|p.q....c8 .v.j...~b1...\_..[............o.h.Z..vN....2...
/.-....U....JT..6.].m..ky..?...~.x..9...sS..x.>O.8.s...^.qc.a2...Sp
..................^....]..?..V.n..........D..?.L....W........ .....?..
[email protected]..?.L....G.C.....L...........le.....K........#.
_.......3....5...x...2..J8S............../.....(....J.s...........9...
.....(.O.~...]..?.......P...>5... ....:...#Q........ .....?.....w..
[email protected]..?.L....G.C.....L...........le.....K........#._.....
..3....5...x...2..J8S............../.....(....J.s...........9........(
.O.~...]..?.......P...>5... ....:...#Q........ .....?.....w........
[email protected]..?.L....G.C.....L...........le.....K........#._.......
<<< skipped >>>

GET /wp-content/uploads/2015/08/fenzu3.png HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gutou.cc

Connection: Keep-Alive

Cookie: CNZZDATA1252975436=1388215460-1445663153-|1445663153; a7617_pages=1; a7617_times=1

HTTP/1.1 200 OK

Server: NWS_Appimg_HY

Connection: keep-alive

Date: Sat, 24 Oct 2015 05:06:09 GMT

Cache-Control: max-age=600

Expires: Sat, 24 Oct 2015 05:16:09 GMT

Last-Modified: Wed, 05 Aug 2015 01:58:08 GMT

Content-Type: image/png

Content-Length: 14053

X-Cache-Lookup: Hit From Disktank

Accept-Ranges: bytes
.PNG........IHDR................m....bKGD..............pHYs.......... 
.... .IDATx....l.e.._W..;6....p..8N.4....@ .&....i3.;...d..R....,YmfGZ
......IoN...=.......!3..n..f7Qr........@LB`tm.c.......o......U..~.B...
.TuU}..y...X\\$..B..._o}v'!...N^x.9B11.e}.m.....o.{.A.@EE..`.f.......D
}}=.....S..6.pk.D..$.x..k.....MfO.R~{..3.:./]...W..n..G..^.o{.._.. c..
s....o...Q....H.|.G.._>........C...0..,...?.%.L.{...ok.....^...pD..
.P./.{.Y..{!E..W....:..a....."....:....:......7./:e............"...E1.
OG..e..fF.=/G............?..5.ext.%...g...k....N`[email protected].).....X..
....(-....e.Y..J....f..H..Y;..X.2.....q..d..c.8..u....(?.....2@t:..8..
.l..{...,......(K.....m....9>.2... H.. W:.......\,.=.....x......<
;e...jaa.0....-........... .?.e..`.............3.....fnn...Z.O(K 0GU..
................x.~~~I..,A..U.Z.....o..QSSc.&F\....bqqq~~.....J(...GU.
......=..........B}........z.....?.{.............933.......(,.........
..l.................>........@y }...v.MR.T.&x'.L.m...,S\._...%.%...
T*.J.....P....HE..lD...b.r..e2.\>?...D.]..TdiG........,........D.*.
.. ...{......|.r ..g2.~YX@..{=].^[email protected]<T.........WF..3..m....
A....^[email protected]) .H.L....q.H..2.......B......r3q9
S.^O....v.kA.......fmm..j..12.K~1..e.i.$.T..... D.7.%..2.....l.wL.;..!
...D......2.r../....$.6i..pn....?........V.....5LE;..d...@... .x.{:n..
eFt.....U./q..@..>O`7.c.#.6....r..=...N.a...0...=.......[.%L>..5
]..A??BO..:&1A9...SY..............z}m.....}.]....e...I~.o..X......,a.#
..YIuS....%..HO..c}Q.......>.......{>..7....=.>..........
<<< skipped >>>

GET /wp-content/uploads/2015/07/yanzhengxinxi2.png HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gutou.cc

Connection: Keep-Alive

Cookie: CNZZDATA1252975436=1388215460-1445663153-|1445663153; a7617_pages=1; a7617_times=1

HTTP/1.1 200 OK

Server: NWS_Appimg_HY

Connection: keep-alive

Date: Sat, 24 Oct 2015 05:06:09 GMT

Cache-Control: max-age=600

Expires: Sat, 24 Oct 2015 05:16:09 GMT

Last-Modified: Fri, 17 Jul 2015 02:08:48 GMT

Content-Type: image/png

Content-Length: 15869

X-Cache-Lookup: Hit From Disktank

Accept-Ranges: bytes
.PNG........IHDR..............lw.....bKGD..............pHYs.......... 
.... .IDATx...ql.......J1boD..p..k..#...{..-....".6..wB../....ND...K .
..p...M;dt......._...?O...X..>.Q6...&..4./.:Y`..a.................&
.....=..U.=......S o.!^}......B.!..={n.......o..O..bPn...g....n..U.A..
u..e..............".K..]........b.........o>.w.....................
...... /.x...y....B... .....Ho......Q....qjaQ).....i.ZV.*.V...Pe.....@
iJ.UU.[[email protected]]D.......OY./[email protected]
..V.j..V......$v..U.[V.k{.|kp\...Z..T..T..;...dl...~...7..............
.......].U.W\.`.8.....SV......U...T..*.....=n....T..%.....*o5.P5...`.b
$..........6........{.*7....0...RF.......V...P]]~y...`...g...7.].|....
.i.b.l!5.D...`.{...~...^.....;..}K9..!.J..h..q#......?t....Y.....RSA..
...1)..[?...w?....Z.$.`nd...L...md.&..BH!.!~..;?~.'O|..!...K..j.^j*.V.
.D.o.Sn...{.....&....w..}.K)..iTW..<RJ!..../_y#...).z.lEk*.V..\.z..
.........v,)eT..HD".ET ..B*.HjQ....KU.^.b5.y.......dW..d.l!h...-..[H.E
R.$N..q..qR.nH)e..HF*...[.x.l.j*...^..q5.I.EQ.E.Z..E.Z-.d.E...........
.Y..<..........*YV>...i.......y..R......Z.V......}.?.`.5.m..J..4
K....Wx....Q....-..gx.m... ...=........I..$o..4....Z'...P].q .....f...
.o..(G.E$.D.3l..z.K.{..L..,[email protected]..&;C....~..Ul}.YQoVar...Y.j.%...Y.
(....."......6..z@/..R.(g.2...............i..Q[[email protected] .........Y)C.
i........8...I..q...f.4/..........O...!....R....2G.....3Z=..../-~m..v.
...m....v..9.#C.}..U...X..<I..K..........e.s...3P....m.?..Q#b....&l
t;.j..Q=.J.vv.I..Q.......z4.'s..X...a...a...l....h.......1 ...TV..
<<< skipped >>>

GET /wp-content/uploads/2015/07/yanzhengxinxi4.png HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gutou.cc

Connection: Keep-Alive

Cookie: CNZZDATA1252975436=1388215460-1445663153-|1445663153; a7617_pages=1; a7617_times=1

HTTP/1.1 200 OK

Server: NWS_Appimg_HY

Connection: keep-alive

Date: Sat, 24 Oct 2015 05:06:10 GMT

Cache-Control: max-age=600

Expires: Sat, 24 Oct 2015 05:16:10 GMT

Last-Modified: Fri, 17 Jul 2015 02:08:49 GMT

Content-Type: image/png

Content-Length: 17947

X-Cache-Lookup: Hit From Disktank

Accept-Ranges: bytes
.PNG........IHDR.............3.U.....bKGD..............pHYs.......... 
.... .IDATx...}x..}/....l....w.....@@...S.&...:*m.Di...(...{......}...
}.......S..J.'M.R.I.k)o..7j....T.%$4../.......cvg...93;..#}?..Y..9s...
3.9sv.ZYY....._.......{...g...vtt,//{........o.fY^^...h....T}..]lk=..5
..O._.....l_.~.i.j}.R..R]L....&.Sx..G.t.VU.?<.."..}..}..'O......T..
...k......_W.s.9......mmmmmm..bW.....................q......@Z!.......
B,.....i..'..~.......%U.fn..Z..vG..>..Z..T..T.......u>...l3.....
..gra[kC.[..R......z....Xo.mM.....O?......:...?=..r..D.~..`....rO...H.
.%............B,.....i.X.......!":.s... .=.D.. ....K..@&..j.....x./...
.s..... ..C...'.....k.^.ML..y.....L...... C.|....>.Zgv.......5...1.
...,..............V.~..... .:::.|...K.. ^...4i......J,{...=.m...q.....
..<..S/.tf....g.f....R.M.T......J..M.6tw.q..sL.m.z.....{..ew=.2.E.{
.c*$...@..,..w........{m&c.n9.s.LM2.._6...e..E..}..g....\..KM.5..%T5N=
5..6t|.....h..G..7.....7C......^>{..7Y.ED~..*..X.E........m...M.^/Q
...0_..........:...qe..nY.eg,.\r..Pk.}.Y....m{.i.Z-_/Q.....e/..w.${.On
.g ...6-.I....m..Yn.%..[*..V...,..-...`.|\...%.VSQ...'.....-..m..3.L..
3..m[.mo...l..........h......?..K.%S.....F.<p.....ox/..k.N&..d.....
.... .a.J .'6i..)C./.F#.Y.....OJ..y...O....f;........I..$lJU.ia.7..,.\
../K../l&.._w....} D...l...l-.z.KX...LTyF..(.9..S.>......N.......U1
..0.6T.U ..../.W#....s.. F.................\.hG....bk:>>..'.r]}.
..J6[..J.B...eiL).T.4)...F..*..%.DD.[*.J......qgp.U*..o.p}.'4..gY.eQ..
.V.qY...4.....w.9~`.ub.......Wf......!.>...VSQ......sw~..7..}*.
<<< skipped >>>

GET /ad/shiyi/dingyue.htm HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: gutou.cc

Connection: Keep-Alive

HTTP/1.1 307 Redirect

Content-Type: text/html; charset=UTF-8

Location: hXXp://vip.gutou.cc

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:54 GMT

Content-Length: 142
<head><title>Document Moved</title></head>.<
;body><h1>Object Moved</h1>This document may be found &
lt;a HREF="hXXp://vip.gutou.cc">here</a></body>HTTP/1.1
 307 Redirect..Content-Type: text/html; charset=UTF-8..Location: http:
//vip.gutou.cc..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date
: Sat, 24 Oct 2015 05:05:54 GMT..Content-Length: 142..<head><
title>Document Moved</title></head>.<body><h1&
gt;Object Moved</h1>This document may be found <a HREF="http:
//vip.gutou.cc">here</a></body>..

GET /公共软件下载/失忆秒赞秒评软件.exe HTTP/1.1

Host: d.gutousoft.com

Accept: */*

Referer: hXXp://d.gutousoft.com/公共软件下载

User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)

Pragma: no-cache

Cache-Control: no-cache

Connection: close

HTTP/1.1 200 OK

Server: nginx/1.6.2

Date: Sat, 24 Oct 2015 05:05:33 GMT

Content-Type: application/octet-stream

Content-Length: 568832

Last-Modified: Fri, 21 Aug 2015 00:37:28 GMT

Connection: close

ETag: "55d672c8-8ae00"

Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$..........Y.f...f..
.f...z...f...y...f...y...f...z...f...y...f...y...f...f..Fd...n...f...@
[email protected]`...f..Rich.f..................
PE..L....r.U.....................@...`.......p........@...............
...........0...............................................#..\.......
.3....................................................................
......................................UPX0.....`......................
[email protected][email protected]
..............@.......................................................
......................................................................
......................................................................
......................................................................
......................................................................
.......3.08.UPX!.....o.H\........e......&&.\......h.~.........b..dk...
;.=..oy...4B_..8WNH$x.......n..v."....S...X.f..."T.....*......j.(.F..%
|M..Y..............2......PFD .l..2....4.D...v6C.:.r.>$d....A...6 .
.bU/..4E.a..,~.CE....w...BQL..e..(s....H..V.j|pS....nJ.T3.t.......W..(
c.k$#....:sk.0....7 .g....#..t..s.a.T.#......0....|Q1.:.....b.1..rG...
.R.V%..<K.6*...Hd...f..^@.N Z in......m..FX.x{4.5.Q./D&..q.....Stuq
.........m..4....N.....f;...=..A3.4..7$*....|........l..P.W...1.3.....
!..3.d.d...... .AM.be...R.e....Cz....I.q9T.?0(.8J...-.q..Z....~Uu.
<<< skipped >>>

GET /9.gif?abc=1&rnd=157414404 HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cnzz.mmstat.com

Connection: Keep-Alive

Cookie: atpsida=69d515a513b829ba72d2a8d1_1445663155; cna=s/ xDknQKHcCAcLyYNr/GNhv

HTTP/1.1 302 Found

Server: Tengine

Date: Sat, 24 Oct 2015 05:06:08 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: sca=7c565289; path=/; domain=.cnzz.mmstat.com

Set-Cookie: atpsida=69d515a513b829ba72d2a8d1_1445663168; expires=Tue, 21-Oct-25 05:06:08 GMT; path=/; domain=.cnzz.mmstat.com

Location: hXXp://pcookie.cnzz.com/app.gif?&cna=s/ xDknQKHcCAcLyYNr/GNhv

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server:
 Tengine..Date: Sat, 24 Oct 2015 05:06:08 GMT..Content-Type: image/gif
..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CUR
a ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: sca=7c565289; 
path=/; domain=.cnzz.mmstat.com..Set-Cookie: atpsida=69d515a513b829ba7
2d2a8d1_1445663168; expires=Tue, 21-Oct-25 05:06:08 GMT; path=/; domai
n=.cnzz.mmstat.com..Location: hXXp://pcookie.cnzz.com/app.gif?&cna=s/ 
xDknQKHcCAcLyYNr/GNhv..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-C
ontrol: no-cache..Pragma: no-cache..GIF89a.............!.......,......
.....L..;..

GET /ptlogin/v4/style/11/images/icon_3.png HTTP/1.1

Accept: */*

Referer: hXXp://ui.ptlogin2.qq.com/cgi-bin/login?appid=549000912&s_url=hXXp://qun.qzone.qq.com/group&style=12.com

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: imgcache.qq.com

Connection: Keep-Alive

Cookie: pt_clientip=33d4c2f260da0507; pt_serverip=da7b0a82584bc9f9

HTTP/1.1 200 OK

Date: Sat, 24 Oct 2015 05:05:52 GMT

Server: PWS/8.1.20.22

X-Px: ht h0-s1177.p11-fra.cdngp.net

ETag: "5506987d-1d59"

Cache-Control: max-age=7200

Expires: Sat, 24 Oct 2015 05:46:56 GMT

Age: 4736

Content-Length: 7513

Content-Type: image/png

Last-Modified: Mon, 16 Mar 2015 08:46:53 GMT

Connection: keep-alive
.PNG........IHDR.......c.......tu....tEXtSoftware.Adobe ImageReadyq.e&
lt;....PLTE....................Bt......./..-..&.....".... .....oX.....
.........$....N1.........YZb..~.........y.*..............}.........n..
A..{....................u.)[...........}.,..........o....../[email protected]
....~....gf0/;...........`............................E&...?AP....:,..
..........."....R.,~.5........=......k.&........................~..j..
lnr.<... j.2Q....[I..p.&..7..G..................h....tRNS..........
......................................................................
................................................8.Kg....IDATx....C....
a..N./N.>.G@Eiw_4h....M.(G 1-,K.S..v..q..4...}......Pl....|*.~<.
.Z3...R.|....L..D.e..t(..........X....."aK!QH...D!QH...D!QH...D!QH...D
!QH...D!QH...D!QH...D!QH...D!QH... Q;fY.;f.C.. .w......B@D...,@bjJ.L@.
@.l...(....O.....n)....g5..D.._Q"]..&>...W9.i.......].....d.."a....
...Hn.WH...D!QH...D!QH...D!QH...D!QH...D!QH...D!QH...D!QH...D!Q...]n.H
.^HYEB(.H...... 2....N.j.N!..S.... ..a.i.q.o.M.V.rj.|......^?.g=..<
<..Oo...z.i.^_.[o..o.4..#..D..._{.7...O..KO..O4..D.:.......z....X.:
.......B..l....C|.. ?)$.....z.#.19..I..@..=..KL...8W]..W.u.H...Y.V.s..
|..?....VH.....~. $...j.9.. ....sG.>.D!9...z,......X..B.5...F..^..k
$_...Dr..B$..c)$..B........:Dr.......k$......./..B.1.W..-....._._.....
K....?>..%_{K..BGH._^..C..R....9;@.L.zyp.P:X...sv..Z-Y..L.$...W....
[email protected]. ...z......%.J3.`....>D......OL.Db.iC..#
)..n..X."..I.u.GH...#.f.m..n$.. ......v$.;....E....j&.....%5....u.
<<< skipped >>>

GET /ptlogin/ver/10137/js/h_login_11.js?max_age=604800&ptui_identifier=000E010D35E941CFEC71A582B9FFEC02C10296A5EF4013A61D4B7961A3 HTTP/1.1

Accept: */*

Referer: hXXp://ui.ptlogin2.qq.com/cgi-bin/login?appid=549000912&s_url=hXXp://qun.qzone.qq.com/group&style=12.com

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: imgcache.qq.com

Connection: Keep-Alive

Cookie: pt_clientip=33d4c2f260da0507; pt_serverip=da7b0a82584bc9f9

HTTP/1.1 200 OK

Date: Sat, 24 Oct 2015 05:05:52 GMT

Server: PWS/8.1.20.22

X-Px: rf-ht h0-s1177.p11-fra ( h0-s1210.p11-fra), ht h0-s1210.p11-fra.cdngp.net

ETag: "561f4fcd-14440"

Cache-Control: max-age=600

Expires: Sat, 24 Oct 2015 05:09:18 GMT

Age: 394

Content-Length: 26807

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Thu, 15 Oct 2015 07:03:41 GMT

Connection: keep-alive
.....O.V....m...q .}.E7...X.j..^..r.Ij(....Hr...t...d.P.P.l...d[.$K.w-
{m....[{..c....d..~...........$^.I..}.N..................^.o,f..._u..U
{.M..K.(...........]-..._......;w.R.U[..xt....U...i..j................
..j........3.M]....k.4U...Co.....z.88....,cu...T............-.....~...
.$......2>.._Uc...G...KT..N(._..E.b?kT%f...p......5........|...s..k
. .G..ami.N...]I.<..UW......Ou.^>?.mQ6.]...pf..(.............i..
.....V......(vC[...I..;.X.q..o....4.~...).b."g..g..8..R...l.......B...
..QS..;.(.Y....S;....I.W.q.Pz.O..B0..{....):v'.r...[eK..c.% F:...z.=O.
B S\:8....(..x.R..,=....Tlz.....?`....m......5.......kr..PI7.tm...P...
..v...k...........o.@>.........g........!.........#.5..I913k.6.mE}(
.o.........J'.Q...s.4...Y...X.p..9...4..e .9sX.%K1.,.Ly..Dl*=  .5.n..D
..37..}(.D....j..Y...&...........!x......u..kG..m..&}.../..c.klme...F.
.}.<uA....{c...D...R....>nP{....V....=X....w.8.W pij....kkk.|...
.V...?M.?......I..Zg...-C#f0..lkK...2...~..t..Pj....).B....Oi.n..)....
..."..ON.~..1,....moG....)....".^l..^..........JP..k.1.:..............
...2v...9#W..(0.l..t....c;...s{...O..C..*.a....E.s.r\Q..1..........(..
p......i..,.y4..>[email protected]..
..c.NF.P.J...,`vh|3...{.f"RY.i9..(:...u...r^.. ..(.....e%_u...........
..$.,Z..-..n..7..;..E....>...r.......z6.N...K.i.....;..BB.........8
...F....!g..& [email protected]...\....... ..8.xt...x.....X....
....b'5...F.......1......ihZ..\....YRE..kb.R9..Z$...O-'.S...$....|....
...(.......v ....r.|...XWh|.....(.A.<.._.zJ]..Z...i./Rm..*.9.]N
<<< skipped >>>

GET /ptlogin/v4/style/12/h_qr_login_1.css?max_age=604800 HTTP/1.1

Accept: */*

Referer: hXXp://ui.ptlogin2.qq.com/cgi-bin/login?appid=549000912&s_url=hXXp://qun.qzone.qq.com/group&style=12.com

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: imgcache.qq.com

Connection: Keep-Alive

Cookie: pt_clientip=33d4c2f260da0507; pt_serverip=da7b0a82584bc9f9

HTTP/1.1 200 OK

Date: Sat, 24 Oct 2015 05:05:53 GMT

Server: PWS/8.1.20.22

X-Px: ht h0-s1177.p11-fra.cdngp.net

ETag: "5506987d-aa1"

Cache-Control: max-age=600

Expires: Sat, 24 Oct 2015 05:06:51 GMT

Age: 542

Content-Length: 829

Content-Type: text/css

Content-Encoding: gzip

Vary: Accept-Encoding

Px-Uncompress-Origin: 2721

Last-Modified: Mon, 16 Mar 2015 08:46:53 GMT

Connection: keep-alive
...........U...:.~...QgF.l..q4.JU.J.].g......&...M..5.&..sZM.......7.k
m6..jW .-W...Q..l.yYY.._}.)."...@...\.|.................q..o8....[V..M
S.^`.,.j$E.....5.C.*.&......UX..?|...~.,..}.Kf..."....w.T.f5.v.. .d..}
.)..E..........V.................#x.4..K1x1K.?b..N..#OQ:25}.S.(.L.....
.(........m.....f.[.......&JZ.BI....!..=Cx7."7..............J...n.._.2
.O..........N.^.k....m.../%"LZ....k.q....0.wD...M..i4.[....JP..~..[...
?...,y..X.....\q.....pS......</[email protected].#'Z.U.... ..~R.
9.5.<....9.9KZ.......|d.R....._.]......G...\k..n..n.(.T#74=........
...S.:.....U.;...wz.....w."..<.>L"......~!..>.m.......lG....,
.....n...&.ff29k......g.....n{....,#q.....i_[Q2.i....v.".......,:U_1&l
t;.g#..z...0.]...(NZ..T^..{......1..D....x.j..POL.Bm...(.......cy..^..
...^N..4.......Q.s...V......Z<'N.....m....o$.g...........h......4..
..x..V........


GET /ptlogin/v4/style/11/images/pull_2.gif HTTP/1.1

Accept: */*

Referer: hXXp://ui.ptlogin2.qq.com/cgi-bin/login?appid=549000912&s_url=hXXp://qun.qzone.qq.com/group&style=12.com

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: imgcache.qq.com

Connection: Keep-Alive

Cookie: pt_clientip=33d4c2f260da0507; pt_serverip=da7b0a82584bc9f9

HTTP/1.1 200 OK

Date: Sat, 24 Oct 2015 05:05:53 GMT

Server: PWS/8.1.20.22

X-Px: rf-ht h0-s1177.p11-fra ( h0-s1194.p11-fra), ht h0-s1194.p11-fra.cdngp.net

ETag: "5506987d-3204"

Cache-Control: max-age=7200

Expires: Sat, 24 Oct 2015 06:48:31 GMT

Age: 1042

Content-Length: 12804

Content-Type: image/gif

Last-Modified: Mon, 16 Mar 2015 08:46:53 GMT

Connection: keep-alive
GIF89a2.M..}..............................|..............}............
..mzzz....................e..............Z.....V..Y.....f...........v.
.......v....................{.....p.....i........_...........q.....h..
h..................***........`..d.....n..o...........................
..........................h..............y........v........t.....bVVV.
.w..............onnn...........R...............!..XMP DataXMP<?xpac
ket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns
:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/0
2/06-14:56:27        "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/19
99/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xm
pMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com
/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" 
xmpMM:OriginalDocumentID="xmp.did:2336235B7A84E2119D7AF1E9672BE443" xm
pMM:DocumentID="xmp.did:F20BAEBA86F311E29B8BD1B719BA0A29" xmpMM:Instan
ceID="xmp.iid:F20BAEB986F311E29B8BD1B719BA0A29" xmp:CreatorTool="Adobe
 Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="
xmp.iid:A47C10E03086E211A15BD926BCF1919E" stRef:documentID="xmp.did:23
36235B7A84E2119D7AF1E9672BE443"/> </rdf:Description> </rdf
:RDF> </x:xmpmeta> <?xpacket end="r"?>.................
......................................................................
...........................................~}|{zyxwvutsrqponmlkjihgfed
cba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)(
<<< skipped >>>

GET /ptlogin/ver/10137/js/monitor.js HTTP/1.1

Accept: */*

Referer: hXXp://ui.ptlogin2.qq.com/cgi-bin/login?appid=549000912&s_url=hXXp://qun.qzone.qq.com/group&style=12.com

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: imgcache.qq.com

Connection: Keep-Alive

Cookie: pt_clientip=33d4c2f260da0507; pt_serverip=da7b0a82584bc9f9

HTTP/1.1 200 OK

Date: Sat, 24 Oct 2015 05:05:54 GMT

Server: PWS/8.1.20.22

X-Px: rf-ht h0-s1177.p11-fra ( h0-s1213.p11-fra), ht h0-s1213.p11-fra.cdngp.net

ETag: "561f4fcd-116c"

Cache-Control: max-age=600

Expires: Sat, 24 Oct 2015 05:07:24 GMT

Age: 510

Content-Length: 1625

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Thu, 15 Oct 2015 07:03:41 GMT

Connection: keep-alive
.....O.V...XKo.F.. ......H.N.1..N.:..p..!.kr%.C.2. ...C.E.(.c...-rL.=.
.$M.Eg..D...uz.....vfv...Y.(g;QB0;...X...`....G..a......O.^Y.....d..0T
.L...[.v...jX.YJ..gR.....(7.R...\<..^.v. E.*.........e..g.9...x|..4
%,>..$..=..r.jL.k..n.*W/[email protected]..."..w.F.-TOx.5.;..o;. .9..H.-.
.....3L 3..j ...*0.2*.F!.{......a5t.f1.Y.G4UeMK...t.......*T?.O.4.KF..
d.G.u...^...._....o{.w<.d.saix.z..Y..........8dd.s4...6:.....w.i.2.
q..\*.Q*.....\.....#I...t&.T.a!u....f(..>...]@B4..v.Ae,SBb..K7..F4.
{g.5..........;......}...[(......,...D......]*w,...Z.8..I...k....%.SLS
L-.\...>....!..j.nu.........o...$.d.1\..p..c.s..1.7Dh6...f.C......u
.........lf.z.j....2.....o..>FK.NM...b..`.ZM....r.X.B.2..I...G.E...
...!.,..r..,2.bxB.&.. ,.r...p|...q..>.. HL.....:......-..S.....t.-;
.q.Jx.2..$..r..J...rLdI..r&..:.. u....-.."....d..W..f"U.7n.P..(M..(kv.
X...p5wp8...S..J.u.....m.q..L.....h.;bY!D...*.>a'...a..a....^.gC.X1
{....D#..h...z .7.w....I.v..|......lS......T..f.=..8m..m.jb...3:"..U.o
-`>.~....c...7._......o.G.u...TG.m.:Z.#...`.7`m..s P.}..\QB..MC#..&
lt;...Bn....[.....8.......4.U.....(vKA.. 1.{W. ..{J..3.(9O..z..S.~.Ya.
E..........)).... ......n.D..%.....j4...j.C..L.D...=.E. /~P...n*...Of.
.....'.DY.v..jb.]........rh....4.v3....t7......c..P......*`.9p.^.T..-.
e.e1......[..&|..8..o)[email protected][email protected].)... Z..}U9a...
.D...7.S.W.L\......$;^./... .wr......7............8...`.y..(..e..s.Y.}
.D......U...w.......e.`.....T..)y..rx.....?C..O.f...h.T..Z5.G..(JN)...
.......'x.(k....e:!h.M";6..U.1..w.........q...s.....s%r.....n..?..
<<< skipped >>>

GET /app.gif?&cna=s/ xDknQKHcCAcLyYNr/GNhv HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/up/tongji.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: pcookie.cnzz.com

HTTP/1.1 200 OK

Server: Tengine

Date: Sat, 24 Oct 2015 05:06:07 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=s/ xDknQKHcCAcLyYNr/GNhv; expires=Tue, 21-Oct-25 05:06:07 GMT; path=/; domain=.cnzz.com

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: Te
ngine..Date: Sat, 24 Oct 2015 05:06:07 GMT..Content-Type: image/gif..C
ontent-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa A
DMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=s/ xDknQKHcCA
cLyYNr/GNhv; expires=Tue, 21-Oct-25 05:06:07 GMT; path=/; domain=.cnzz
.com..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache.
.Pragma: no-cache..GIF89a.............!.......,...........L..;..

GET /kss_inc/images/sale_bg.jpg HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Wed, 29 Jul 2015 22:47:41 GMT

Accept-Ranges: bytes

ETag: "3ce3a79350cad01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:54 GMT

Content-Length: 8051
......JFIF.....H.H.....C..............................................
!........."$".$.......C...............................................
..........................z........................................:..
.................!1....AaqQ.."2..B.Rb......r.#S3.c.C..................
.....................................!...a............?....{..gv.ov..n
..K..w..A.YU>fP...h.[..fjEE..R....[../}.&[U2.....n..c......Uc|..*|.
VK..^...*..-H.......%...E.*..g.H...4.^K........H .{.*.?@...]...[..R..H
.\...V..~......U.. ,.7..g..e./8.I....T...`.....E...e.......^.....K.S._
k.U.....Eyl.%L....w.....T..V..}.|N.U....pg...%.E....U......SV7.Z......
.J,.........W/.....W..N./7.*.u|a......m..r..Y...0...}e..j.l.....^o..Z.
.D.)w/-z...........V..e.YQ\...@^.w....7.Z.D...z.gv7.*......".....iQ...
P.3|R..>e..R..}....%.d..2./hU...U9......W..o./3.(j".M...}/cUn3..]..
7.....T.R..y......$K.%...%Z...]....o.U..?7R."...{B....,......}..\..j.J
.9.../}.[.\./Q.....Z.D........F....gy..[W.y....y...n..y.'TW...HU.....r
.~..rF..............._.......b.j...r....e(=\K.$,.&........^.B..fL..L..
.R..y..)w..!V..TMNP.3...d..R... ..."..U.z.(.]...n..<.........s.P..n
._.....z..y........fY|..E.T..^o...S..T..}.5.f._Yy.{B.g?.U~.-}..R.L..j.
l*.Up...3...u.QQ|.......^.Ey...I....H.._..ZT.'.]...s?2.T.U"....j......
..V.S.O(...;....w.....z..z.e..R.WW..w.g.^o..h...*..^f..iW.Uw.gy.*.....
2...j......7...:..eY.^o..i...V.`.].^.j.....R* ...%[..z.}..o.U.....w.i.
d.EEy...mU.Yn..zVP..V..^Z...*.7%..y...W.VOR..^..W... 2...H...K........
...5"..{..H..H..}/jU.zW ,....2......2I.r.r....Zl..'..|....j....*,.
<<< skipped >>>

GET /photo/quanrenmiaozan.png?mode=open HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 19 Nov 2014 11:24:27 GMT

Accept-Ranges: bytes

ETag: "8027cd60eb3d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:57 GMT

Content-Length: 17642
.PNG........IHDR.......N.......6m....bKGD..............pHYs.......... 
.... .IDATx...m.$W}.......>.^.H..KB..x.-.c..U.....KeC%.......d.T...
..2H.....!.E.cW....)[.D.H....L.....G...]..>.;}...m.{......33.Omm...
>}.....................5....-_y.......O_...w.q.g~..?8q.......;~../.
.TJ&.L.L*..|.;........o.x..O.<U..Qc....o ..p*.................8PH.&
lt;{.....d........_.-#dL..hsgi.......{D....L...........U....#g.....90.
*.....{.<.....R;.T...}..,........9p...m..9".HQ._........"J.M.6e.!..
LNK.!.......T.W..g=a..w...5..`.....YWa....K.}......{{..........=R.RMdr
B.?,'...I.6D)Y.%..HY.....z..EO"H..0....5w.v.%W.f.U.Z....."c...o...&...
...r..y......x......."r...?......}.../.."[_F.}...oO|...}`..".y.g..1...
@.p.[g.T..\.u.z..l.E..7..Xo.:8..:.<2z[....o.K...l..%..g.a...}....W.
.>..RJ........B....(..?wz...j)_....T'O..^.Vx.w......K}...p.y.......
"...s.....<z.}......}.9...........AJDI5..G_.....}...="r.?~s}..s.Z.W
?...}...x..?..>..K$.[H.q.i.}...l.,....*..X#.t-.)$mA.......=...v3.G~
.....~...'....x..|[email protected].:Hm......_....{..^...v...|a......
Z....<..?.........<.....?...E......M..8...?.o.{`...~.....o|..n.l
....{....\.C.~. ~..;.6i.._L.....hJn.......#.....1%r<....h|Ro..D..x.
/.<~. 69..4...}M0b..=.5...,c8..........s...8..|...0..2 SJ..... ...(
 H.RR.EQ..R...EU......^.JIU...c..G..G.DD.... u..S...J._v..S..........v
............/.Wd....._...w......O.......;&e..>...f'..=...1.X...=Fe.
-...Z5m......g...H.%..._..E.N.%p.#:.G.......(\..]M'.......!..7P..%K\?.
......|[P.YF.0..Ru..*..t....u..(.U.R.[..T..#g.U..........U/VU%.I..
<<< skipped >>>

GET /kefu/287364_code.js HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423; CNZZDATA1253155700=1428304560-1445663166-|1445663166

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Sun, 26 Jul 2015 01:19:10 GMT

Accept-Ranges: bytes

ETag: "07ba1341c7d01:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:06:04 GMT

Content-Length: 5429
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"....:_/.mQ-.V.l4......._..f?...
.u..k..q.{|...|k..M~.l..w.;w.|..5.l..gw....=^.u.......d..'.,..~.......
....{....K.........u.*.i.u...;......W.............;...............g...
.....~..|....|.....^}../9.~..K.=.........V..e~.../N........P.;...../&g
t;.3.W~./.....l}.`|...G..]..^~..............=.{...=.b.........../.}...
...G..~.V..9..?.>...............{.G./../...x.2.}~......../y|.....y.
Mz....Z.'}._...ww....G...M.r.......0..x......^..........u.;.....T.?.O.
_... .G...E......-........!t:..I. ....b.9.#/..G.p.=......D!.......c..}
?......{/...>..........O.....o.....~..O.......;.;.{.....^....G?..9.
r._.............W.W.._...1......A.....<..]Bg.%..p......zM..=..o....
.27...`V.=.=.?...w..v..w.}...j.._..........pw...}z.t.}..w..BR....c....
...._....O....?.o..........x.3.}.Ow......f...G.E.....C.......%...PQP..
.lnE.{SB......V8./.u...?.?............ ..~1|..}......../...?.../......
k..../.....K@...@v.!}...@...............?.........=......[....{.!.&...
..>..D-z.~j|......K.;.A1&.3".......E.k...d.I.}.~..7 5...\F.....{...
........7.lN........|..x.'.`.v/..hoo.{..oo.........d..D.d.C...{.......
....?........../....?...........Eu......_.q...........'.W...Lm..?.o...
.=4.........d../...tk.........Q......g.>.......[.*............7....
.D......._.............W........}..3._............... ....'......HFA..
..C......#e8........._.......M....g......W......?.}....7......G.......
3|er.~...{..x........bHJ......g._.<nfn..B..S......h..........{.
<<< skipped >>>

GET /kefu/skin/42/top.gif HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423; CNZZDATA1253155700=1428304560-1445663166-|1445663166

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sun, 26 Jul 2015 01:19:10 GMT

Accept-Ranges: bytes

ETag: "07ba1341c7d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:06:06 GMT

Content-Length: 5180
GIF89an. ....i..)..............v...c.L~.......H...z............"n..2..
7........c..V......\.._..........V..c........Y....,...'x.h...s....F...
|....X...Dv.uKh..8z..e....K../ 3.t.q.....D.....-...S........u.......M.
....T..............Q... ..........v...........7..#e.......y...j.Y..=..
....I....$..I.......r.......k.;........\J.......r...W.~.....M..9..rmo.
m...:.y.......s........7Tk......=t.}............e.....l. }.EDN........
.t.........wq...Tk~......~...z.)\. ..z..s.........\....6EXt..a..f.....
\.....8l........|....X.....)a.i........S[g.>!.....w.\./........]...
..D......r....&j..u.8c.|............x..k..y...................4}..c...
.....g.n...b.!...p....lLG....d..q..#..o..e..c..Q.3......}.........8...
....<2......8:G......-.....R..1q......... ......_.....|............
......w..b.......!.......,....n. .....k..."T.d..PP....o.....'A.N...2..
........c..*.L.9r...h..QX....!..A..K[.Y.p. .`S..'|.......>...J.....
<......*KX...i..f....Rk...Z.......L..1.CIW....a$..F.z7......4.$BT1.
[email protected]'.(mJ........-C.....a..b..ZQ.t.....|..q
b...%-Z.. .n.$-"....f...yz(............m....Bd..J..<........C73.S..
....,.<3...x...* ...SY..?...aS\....%....,...<"L..7.xBE..%.A.....
%Fpp.*-X..2...Fdv........)6.....h...!.0O*C.rI.Cd....d [email protected]...`1.
.^. .S.D..TNqH...H....L`.-:DS..5.#...X.........$...j..C*..b.A&....H...
=.......y...7..............G......#...\.A.~dPB1.PP....Q..Vd.@$.Z%.)S..
...,...m`.F;m,P...N:.X2....Zp..1.8..v).A.9;ha.#..".;.(...8...9$XP@...!
.$.`P..,..L....N;b8.H;.x`....B."....n"*..'"..K.:pq..L|........eXP.
<<< skipped >>>

GET /kefu/skin/42/l.gif HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423; CNZZDATA1253155700=1428304560-1445663166-|1445663166; kfpopwintimes=1

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sun, 26 Jul 2015 01:19:10 GMT

Accept-Ranges: bytes

ETag: "07ba1341c7d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:06:09 GMT

Content-Length: 2488
GIF89a................T..k........F......s.i...........p..{..h.....o..
............t..V..............Z...........v..............c............
..!z.......R.....S.....~...........H...............j.?.._..?.....?..7.
....~..2..1..t..n..^[email protected]..{.<...y.-..&..1..#~.5..8..
.....................e...........\..W..U..S..........................$
|.H..[...........O..b..-..K..............A..6..j.....p...........I....
....M..e.....f..[..].....{.....f..j..N...........c..m........4..X.....
z...........X.....A.....S..... ..r..............Z..8.....1.....z.....s
........G..\.. .................:.....D.....a..L..o...........^.......
.I...........L..d..A../..8..?.....|.........r....d..!|.P..?..K..K.....
.........P........D...............q.J...c..o..l.N...e..f..j..h.X..[..T
..Q..*........!.......,...................%[email protected]...~S.<..$.;y....P.
.@...*d...D..1j.........l.0....3..W....2I.<.S..z.~..I....:y&Q*rfI.(
s....jP....pQ....]..D...:.p........ ..a......F..[.T..<.......~.#G..
....\....-.............>......sw_6..k..].,.V..5.;c..#...&........8.
.......*.z6Q..........D...dY.....O.).....'.9.Z........~...B?G(aC?....}
....3.y..?9........5......)..?..@[email protected].$.....e..A.....qi..Y.)..\..p..
p.................THTTP/1.1 200 OK..Content-Type: image/gif..Last-Modi
fied: Sun, 26 Jul 2015 01:19:10 GMT..Accept-Ranges: bytes..ETag: "07ba
1341c7d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date: 
Sat, 24 Oct 2015 05:06:09 GMT..Content-Length: 2488..GIF89a...........
.....T..k........F......s.i...........p..{..h.....o..............t
<<< skipped >>>

GET /img/pic.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/up/tongji.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: icon.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/gif

Content-Length: 719

Connection: keep-alive

Date: Fri, 23 Oct 2015 08:48:00 GMT

Last-Modified: Thu, 12 Feb 2015 08:15:09 GMT

Expires: Sat, 24 Oct 2015 08:48:00 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

Via: cache1.l2de1[878,304-0,H], cache27.l2de1[878,0], cache8.uk1[0,200-0,H], cache4.uk1[0,0]

Age: 73075

X-Cache: HIT TCP_MEM_HIT dirn:4:724952854

X-Swift-SaveTime: Fri, 23 Oct 2015 08:48:01 GMT

X-Swift-CacheTime: 86400
GIF89a2.........f..3...33.............................................
.......................................!..NETSCAPE2.0.....!..Powered b
y AFEI.!.......,....2...... !.di.hjBl..p,....x......`P.(...GR.D6...CH.
...,..@8.... -..EQc.8...........`...."....................~"..H.......
.H......"...$....#.........."..........."Z.......*...%!.!.......,....2
...... !.di.hjBl..p,....x..|....p r..H.C.\&.H.tJu...#b......7..W.h....
...7..l..v..-....."....................~"..I........I......"...$....#.
........."..........."\.......*...%!.!.......,....2...... !.di.hjBl..p
,....x..|....p r..H.C.\&.H.tJu...#b......7..W.h.......7..l..v..-....."
....................~"..I........I......"...$....#..........".........
.."\.......*...%!.;HTTP/1.1 200 OK..Server: Tengine..Content-Type: ima
ge/gif..Content-Length: 719..Connection: keep-alive..Date: Fri, 23 Oct
 2015 08:48:00 GMT..Last-Modified: Thu, 12 Feb 2015 08:15:09 GMT..Expi
res: Sat, 24 Oct 2015 08:48:00 GMT..Cache-Control: max-age=86400..Acce
pt-Ranges: bytes..Via: cache1.l2de1[878,304-0,H], cache27.l2de1[878,0]
, cache8.uk1[0,200-0,H], cache4.uk1[0,0]..Age: 73075..X-Cache: HIT TCP
_MEM_HIT dirn:4:724952854..X-Swift-SaveTime: Fri, 23 Oct 2015 08:48:01
 GMT..X-Swift-CacheTime: 86400..GIF89a2.........f..3...33.............
......................................................................
.!..NETSCAPE2.0.....!..Powered by AFEI.!.......,....2...... !.di.hjBl.
.p,....x......`P.(...GR.D6...CH....,..@8.... -..EQc.8...........`...."
....................~"..H........H......"...$....#..........".....
<<< skipped >>>

GET /cgi-bin/report?id=358342&t=0.5075673314516665 HTTP/1.1

Accept: */*

Referer: hXXp://ui.ptlogin2.qq.com/cgi-bin/login?appid=549000912&s_url=hXXp://qun.qzone.qq.com/group&style=12.com

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ui.ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_user_id=4091448311087695990; login_param=appid=549000912&s_url=http://qun.qzone.qq.com/group&style=12.com; ptui_identifier=000D8BEFC7884986F2F28157558DAD0AE796988A54020153E6760446; ptui_version=10137; pt_login_sig=pC*6ch5aOIZixeT8gnj7iibJE3SguWgc0y3sZ*XEMnnEzvSUj0b6Uo3b8eCwupYX; uikey=040a575580a0c4502157d2df72f2cb8921484dbb909193a8d76385c7d2ec6520; pt_clientip=33d4c2f260da0507; pt_serverip=da7b0a82584bc9f9

HTTP/1.1 200 OK

Connection: keep-alive

Keep-Alive: timeout=50, max=1024

Server: QZHTTP-2.38.20

Date: Sat, 24 Oct 2015 05:05:56 GMT

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Content-Type: image/bmp;

Content-Length: 66
BMB.......>...(...................................................H
TTP/1.1 200 OK..Connection: keep-alive..Keep-Alive: timeout=50, max=10
24..Server: QZHTTP-2.38.20..Date: Sat, 24 Oct 2015 05:05:56 GMT..Pragm
a: no-cache..Cache-Control: no-cache; must-revalidate..Content-Type: i
mage/bmp;..Content-Length: 66..BMB.......>...(.....................
................................

GET /up/tongji.htm HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gutou.cc

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: NWS_Appimg_HY

Connection: keep-alive

Date: Sat, 24 Oct 2015 05:05:49 GMT

Cache-Control: max-age=600

Expires: Sat, 24 Oct 2015 05:15:49 GMT

Last-Modified: Sat, 04 Jul 2015 23:52:47 GMT

Content-Type: text/html

Content-Length: 952

X-Cache-Lookup: Hit From Disktank

Accept-Ranges: bytes
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xml
ns="hXXp://VVV.w3.org/1999/xhtml">.<head>.<meta http-equiv
="Content-Type" content="text/html; charset=gb2312" />.<title>
;tongji</title>.</head>.<script type="text/javascript"&
gt;var cnzz_protocol = (("https:" == document.location.protocol) ? " h
ttps://" : " hXXp://");document.write(unescape(""));</script>..<script language="javascript
" type="text/javascript" src="hXXp://js.users.51.la/17287617.js">&l
t;/script>.<noscript><a href="hXXp://VVV.51.la/?17287617" 
target="_blank"><img alt="我要啦免࣓
9;统计" src="hXXp://img.users.51.la/17287617.asp" style="b
order:none" /></a></noscript>.<body>.</body>
;.</html>.HTTP/1.1 200 OK..Server: NWS_Appimg_HY..Connection: ke
ep-alive..Date: Sat, 24 Oct 2015 05:05:49 GMT..Cache-Control: max-age=
600..Expires: Sat, 24 Oct 2015 05:15:49 GMT..Last-Modified: Sat, 04 Ju
l 2015 23:52:47 GMT..Content-Type: text/html..Content-Length: 952..X-C
ache-Lookup: Hit From Disktank..Accept-Ranges: bytes..<!DOCTYPE htm
l PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/T
R/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://w
<<< skipped >>>

GET /sale.php HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html;charset=utf-8

Content-Encoding: gzip

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: PHP/5.2.8

Set-Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; path=/

Set-Cookie: pagecook_ver=7efa9d80597f206b70424247efe47423; path=/

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:50 GMT

Connection: close

Content-Length: 12597
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"...O.<y...<M...L_~....I..
.....wr...7O....o.x...w.7u.l....Yy........m.zt........../..yu..`..e.u.
......GG.q.._......,.g......4...~.E[.G.._.W......_...............g....
......._.i....................4...y...~.....O|u...}tR-.|.n..^...'_.xs.
..g......z=L...n...u{.}.Qz..Yf....~2....G.T }...;.._......x....k._....
.........'.....g...$X2.W..xZ-.XY,..-..(N.......>j..2o.y.~.........m
...XN..Ww......uLo.....g.l.i].Z.....3.........n.../Z...xw|o.7^e......6
4.H.x...@..=.W.....jy..xG.}.....X............Y...x.......o.M.~t(......
g;..O7.b......m...zA\yg\..]o...S.j.u'...qR..[..xRWWM^..M..............
;..........uU,g...1.W....u...n[.....u;..}t.|..Q[.>....{o....o.~...s
.....B.e............5..P.[./.u.W..... @..q.n[..h......>.Y.x....b.].
....]../......8.%..#..n?.}}.....wZ....(..........-........;4.B.-..w2].
.........o.k...O..O>.. .jZUo.S"...?...Y.ug....7....?......_._.m....
.....?........?.}......q....G...._._.i.~...........O.xt..3........m...
..$..c....07..h.....(.....r. t....._.:;...jIL....&......Rh`.G/....4.}.
_......7.%....7......_.........2...........\M..u...y....b..G;....._..U
1k..........!.`...G......&e..[$..b:.!..t...*.......!5m....b.......N...
G...EGgy,[V..D.x.<Byg.Z.Z...Y.T.-iS"....yM_.W...^........W.'....O..
.'.^= ...W_Q/.d.;...F....O.;..7.i....GB.G;.L.G{;;.w.B.G{...........o..
.0..h7Q.....X J...qWh}.g.../.S...d.].D*^.-......K..T.mY4-..Kz}.&c....o
.....S..>.... ....o.......l..._......G..?...!............?....H
<<< skipped >>>

GET /ptlogin/v4/style/0/images/load.gif HTTP/1.1

Accept: */*

Referer: hXXp://ui.ptlogin2.qq.com/cgi-bin/login?appid=549000912&s_url=hXXp://qun.qzone.qq.com/group&style=12.com

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: imgcache.qq.com

Connection: Keep-Alive

Cookie: pt_clientip=33d4c2f260da0507; pt_serverip=da7b0a82584bc9f9

HTTP/1.1 200 OK

Date: Sat, 24 Oct 2015 05:05:53 GMT

Server: PWS/8.1.20.22

X-Px: ht h0-s1177.p11-fra.cdngp.net

ETag: "5506987c-331"

Cache-Control: max-age=7200

Expires: Sat, 24 Oct 2015 06:33:48 GMT

Age: 1925

Content-Length: 817

Content-Type: image/gif

Last-Modified: Mon, 16 Mar 2015 08:46:52 GMT

Connection: keep-alive
GIF89a.....................................wul..y............!..NETSCA
PE2.0.....!.......,..........O.......{....Y..`....I.D8.. S.....(......
.D..(.I~.. .H`....Z.f....k.N..q...;'.L..!.......,..........N.......{..
@.1....Q]AiN.:..)S.T...,........b....$?...Q(0.).j.f....{....n.-~N....!
.......,..........M.........,Eeu......%5..E...f3. ......g(..<...L..
.D".X`.RJ.J.N..........9...=..!.......,..........N...J..Z.'B. ..q`....
.P)8./,S&.$.$.......y....D...."..`.R.ak.b.........m..^S....!.......,..
........M......Z.gJ.....}.H..I...b$.(.t..}.......~9..@Y,2..........i00
......|......t;..!.......,..........M...R..Z..R.. ..}.H..I.l....t.P0..
..B....v>.CG1.2...i.P....J.0.R-.....J....t;..!.......,..........M..
....Z..Z..$..}.H..I.l...at..0..........8..B d..L.I.B)...q80...&..t....
...3..;/*  |xGv00|a0977a7e1f04529fe4ad7ac9aebd6177 */....


GET /ptlogin/v4/style/11/images/qr_1_ie6.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: imgcache.qq.com

Connection: Keep-Alive

Cookie: pt_clientip=33d4c2f260da0507; pt_serverip=da7b0a82584bc9f9

HTTP/1.1 200 OK

Date: Sat, 24 Oct 2015 05:05:53 GMT

Server: PWS/8.1.20.22

X-Px: ms h0-s1177.p11-fra ( h0-s1176.p11-fra), ht h0-s1176.p11-fra.cdngp.net

ETag: "5506987d-7df"

Cache-Control: max-age=7200

Expires: Sat, 24 Oct 2015 06:57:43 GMT

Age: 490

Content-Length: 2015

Content-Type: image/png

Last-Modified: Mon, 16 Mar 2015 08:46:53 GMT

Connection: keep-alive
.PNG........IHDR.......^........;....tEXtSoftware.Adobe ImageReadyq.e&
lt;...SIDATx..._h.E..g.......$)W.m%.X..1...._*.ZP.}......A./>...C..
.A.Z....})...Z..K..p-..P..zMLo...{e;........../..^7..7..ofg.rffF.....i
7.q.&..k..H....s.....'@..i................I:@:.......{Ig.7U...]{...G,.
T.I...JE..u166&FGG.....t........h.Z.c....].\...p.T.....h....7C0...j...
n.*...h...k...1t{>.pg/.q.LMM9k*.n....q.^{A....;..W.VK.@n....~t{>
...;....h...n..XwF.\....].t{>..&..k.S.N....T...|zz.JA.c..=.........
..n....."..0..........0*<v..S..B>D,.c.`9..t.VJ.(3...R!..IQ...0..
.H_..0.../...4.T.l.).Q.X.&.H/.x.6y.......X.....3.~`L...m.o..}.w^z...$E
..|..28..{..o..>.-.....9...>.9...>i.'..}K....S[...-M.{.y...:R
.........K..n8.Z....|v......9799.... ......d..$.IiFT!.U!&R..k..... ...
.I.GD.. .......aTXb... .$. .....fT.ue.na,G..._E\.1.V..JF.:.cd..!..b}8.
=T.qT..TL.......U...D...b......#."..0GT.S.F..X.........&.h....1.I.il..
.|....$........4Q......&...u....J.7A....O..I........O&.r... .\O}..WiF~
Q.Q!.I.|VZ..0......`9.WS....B>.b..F..f.3U=.iL..n.....1..58x.^.-[&.N
.....T.........x...*....d......6..P!.H..3....l..a4......[.V6.P).i....a
........,.3l...S..R.....G........%[email protected]...(...&.>.0}..|_.
.`...fkT....f...'.".".#pJ.hiT.g0...<...B.X....). ..).>RK.2.P.3.0
V......Z ....E..H....T.*....l.:J.0....3B....{q."V.....`.x.k1}..I....}.
0V1....-KQ .y...Z...(..<\#=#6f.M.]...........6&..{......J.9....]X*.
v...V&........./.....X.u A....4...RW!....H..>/.....:...G.....h....'
.J.? [email protected]!...^1.j
<<< skipped >>>

GET /pa?p=2:10347904:51 HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: wpa.qq.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Server: tws

Date: Sat, 24 Oct 2015 05:06:06 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: close

Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif

Pragma: no-cache

Cache-Control: no-cache; must-revalidate
0..

GET /stat.gif?sid=317595&aid=193177&mid=227329&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://vip.gutou.cc/sale.php&referer=&rtime=1445663186758&js=2 HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:06:18 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Thu, 07 Jun 2012 02:47:58 GMT

Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: Tengine/1.4.2..Date: Sat, 24 Oct 2015 05:06:1
8 GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-al
ive..Keep-Alive: timeout=5..Last-Modified: Thu, 07 Jun 2012 02:47:58 G
MT..Accept-Ranges: bytes..

GET /stat.gif?sid=317353&aid=193078&mid=227176&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&js=2&hx=123 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:55 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Thu, 07 Jun 2012 02:47:58 GMT

Accept-Ranges: bytes
....


GET /stat.gif?sid=317354&aid=193079&mid=227174&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&js=2&hx=123 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:55 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Thu, 07 Jun 2012 02:47:58 GMT

Accept-Ranges: bytes
....


GET /stat.gif?sid=317332&aid=201980&mid=227172&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163102&js=2&hx=123 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:56 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Thu, 07 Jun 2012 02:47:58 GMT

Accept-Ranges: bytes
....


GET /stat.gif?sid=320045&aid=202403&mid=227174&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&js=2&hx=123 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:56 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Thu, 07 Jun 2012 02:47:58 GMT

Accept-Ranges: bytes
....


GET /stat.gif?sid=320047&aid=202402&mid=236641&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&js=2&hx=123 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:57 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Thu, 07 Jun 2012 02:47:58 GMT

Accept-Ranges: bytes
....


GET /stat.gif?sid=320049&aid=202400&mid=236640&ip=194.242.96.218&cookie=ae165f0f4d1d5b496521f90bd5f05e1a&showp=1276x846&href=http://VVV.gutou.cc/ad/shiyitop.htm&referer=&rtime=1445663163118&js=2&hx=123 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/ad/shiyitop.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: am1.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:05:57 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=5

Last-Modified: Thu, 07 Jun 2012 02:47:58 GMT

Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: Tengine/1.4.2..Date: Sat, 24 Oct 2015 05:05:5
7 GMT..Content-Type: image/gif..Content-Length: 0..Connection: keep-al
ive..Keep-Alive: timeout=5..Last-Modified: Thu, 07 Jun 2012 02:47:58 G
MT..Accept-Ranges: bytes..

GET /images/duilianclose.jpg HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cache.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/jpeg

Content-Length: 14115

Connection: keep-alive

Date: Fri, 23 Oct 2015 09:44:23 GMT

Last-Modified: Wed, 01 Aug 2012 04:34:24 GMT

Expires: Sat, 24 Oct 2015 09:44:23 GMT

Cache-Control: max-age=86400

Content-Disposition: attachment

Accept-Ranges: bytes

Via: cache19.l2hk1[0,304-0,H], cache25.l2hk1[125,0], cache8.es1[0,200-0,H], cache3.es1[0,0]

Age: 69714

X-Cache: HIT TCP_MEM_HIT dirn:9:472055907

X-Swift-SaveTime: Fri, 23 Oct 2015 10:28:57 GMT

X-Swift-CacheTime: 86400
......JFIF.....H.H.....?Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i....................'.....
..'.Adobe Photoshop CS4 Windows.2012:07:31 14:37:59...................
.........7.......................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
..................................7.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...lmU>.......5.t...UA.X...:..gc
.f.9."[email protected]..;Z....S.xqmm.pc\[email protected]
[email protected].}tz_..?...O..S.X...C...G9...}Os.YsO
...{k.c..~..3..6u.Jr.7]Up.Iu....}n-sw1.}../.~..f7;....m....r uV......s
^..c...Z..U.ouX.o.e...k.c.p..om......}........!).Newb.".VCC.. -l..m...
g.o.........oc...k..o..P"#{H}..os7....}../<...ch..U..}gc.she.O.l...
.5...uQ..l......m...)..a...m..........*R...l..?n.z^...7m..DN..........
.......J........$......$......$......$......DPhotoshop 3.0.8BIM.......
.........8BIM.%........\./....{g..d..8BIM.........H.......H......8BIM.
&................?...8BIM...........x8BIM............8BIM.........
<<< skipped >>>

GET /material/35/f/401280028c1bd68e3b13a33e64424.gif HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cache.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/gif

Content-Length: 53891

Connection: keep-alive

Date: Fri, 23 Oct 2015 23:03:15 GMT

Last-Modified: Sun, 07 Dec 2014 01:10:55 GMT

Expires: Sat, 24 Oct 2015 23:03:15 GMT

Cache-Control: max-age=86400

Content-Disposition: attachment

Accept-Ranges: bytes

Via: cache10.l2hk1[0,304-0,H], cache5.l2hk1[1,0], cache7.es1[542,200-0,H], cache3.es1[544,0]

Age: 21783

X-Cache: HIT TCP_REFRESH_HIT dirn:0:449743771

X-Swift-SaveTime: Sat, 24 Oct 2015 05:06:18 GMT

X-Swift-CacheTime: 86400
GIF89ax......f..i..m..o..q..p..u..|..s..y..z..w..~".~!.....(..1..7..).
.2..3..5..?..7".=&.3..;..=..B..I..T..Z..S..h..l..H*.P1.]9.W4.V).d<.
m1.C..K..B..L..T..Y..F..K..N..S..X..k..x..y..t..d..k..w..h..w.....[#.X
".x .d .k,.f$.u(.l3.m7.r5.u:.z>.{3.kB.sF.xJ.j@.}B.{D.}K............
......................................................................
...................4..)..&..7..6.. ..&..*..%..7..3..9../..............
...............#..#..#.. .. .. ..3..2..:..;..4..;..;..-..K..T..Y..Y..E
..E..M..H..I..P..T..\..Z..R..G..G..[..X..T..a..b..e..j..c..j..g..l..f.
.t..u..z..s..r..T..D..B..K..I..C..J..L..C..W..S..[..W..U..L..[..W..f..
c..b..l..k..v..{..}..{..|..s..}..|..|..s..`..c..k..k..d..n..r..r..}..{
..u..{..H.............................................................
.................!.......!..NETSCAPE2.0.....,....x...........e...[.n..
p.....`....... j.H..F...v......(S.x...C...`.YP.. .....3'...!...e...4?*
..q....2H.J......mt.P.....>...`...]r.(.gB.G%Rt...../.P...h..W.[.Poc
C.3...;....5...*.....&..HW._....u.Þ.....ZX#Z.......a..-.*..%....%~5.
.n......`.\.(...9....[.?Me...a.t..&.K........8.ch.-..,.W/..LQS..A.....
.J.*...v....Y..E.C..d.].UD.b-...\H...]..x.....`.S. .T..(.a...[M..d.N..
..eJ]..f....^...R.!.G.j.........L..T^d....V.rd..^...B..WZi.M%...,).w..
....b...8.U.Fs...#.m(h.z!W.iz.V.r....vRy..:...N;. ..Ld.v.K....b{vT.S.9
.(...Jd}..v..Q.-..U..$.F..V..>f...\"9b...*....z U.....~..k_SJ..o.".
-~..DT_..[..T...U0.K....Y..b...^..9'....%...GF......d(..r.. U..g0..M.K
.Q`zt....V..u.ZP}.....z..2.............J...}..........'.%."{0..&.f
<<< skipped >>>

GET /aroute.php?sid=311845&width=1276&height=846&isf=1&domain=&proid=&pid=&fid=&mid=&floorid=&time=1445663183258258&referer=&href=http://vip.gutou.cc/sale.php&queueid=1 HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js.adm.cnzz.net

Connection: Keep-Alive

Cookie: ADM_USER=ae165f0f4d1d5b496521f90bd5f05e1a

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:06:15 GMT

Content-Type: application/x-javascript;charset=gbk

Transfer-Encoding: chunked

Connection: keep-alive

Keep-Alive: timeout=5

Vary: Accept-Encoding

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

X-From: 197

Content-Encoding: gzip
14........................0..HTTP/1.1 200 OK..Server: Tengine/1.4.2..D
ate: Sat, 24 Oct 2015 05:06:15 GMT..Content-Type: application/x-javasc
ript;charset=gbk..Transfer-Encoding: chunked..Connection: keep-alive..
Keep-Alive: timeout=5..Vary: Accept-Encoding..P3P: CP="CURa ADMa DEVa 
PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..X-
From: 197..Content-Encoding: gzip..14........................0..>....


GET /s.php?sid=317594 HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js.adm.cnzz.net

Connection: Keep-Alive

Cookie: ADM_USER=ae165f0f4d1d5b496521f90bd5f05e1a

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:06:16 GMT

Content-Type: application/x-javascript;charset=gbk

Transfer-Encoding: chunked

Connection: keep-alive

Keep-Alive: timeout=5

Vary: Accept-Encoding

Last-Modified: Sat, 24 Oct 2015 05:06:16 GMT

Expires: Sat, 24 Oct 2015 17:06:16 GMT

Content-Encoding: gzip
6aa.............W.o.6......6.T$Kv.ak2%.....4C..Cm/`d.. ..E.i....;=...i
.b..#.....d.'V...B..6.V|2Y...Y.s..l.D.*L.01 .....[Ns....Y.9F....Z.c...
.;j..[...-.~.Y...:a1...2......P>..\.`..j*[email protected]..`-.. ..U..p.1.T
....U.,[email protected]......~[H...#...r..T.C.L..0.4%[email protected].[.U..
L.)/.he..).p..6%^..".RMSt..h..<.c....../t..ppZh.D.#M.. ......D... .
.;..5;.Vzh...2U..b^TL...f.?...z.3.5.....?.N.z.........N.x.........d.0.
yx.A....s8....#?.....NN/Y...SG..a...1.b...j.MDVH.....K8.6Iy.Z...F.(.#.
Es..3..K^..*-..^.;.@jL>Qct....(9....A..".*&D.....P9...o..N..K:KhKq.
.(.().h J.!:...........}p....^.w*....L.U....U...S.....6.d>.i.\.3..q
..L...3........!..OM....6ev-g..(..\B............XIF..z.T.ii./..87F....
..=.....0S....._.73.X.j..z!.(.zhK..uf.1.E.[)o.7*....O2..Jd...y .w.....
....2 ......\.g.m.}....%..b(.I.....[.eU.k...xX..`CU..o...........1....
x.">.u.........?..h.E.F..7....nt.dhea...Xc":............"M........X
..c]....-2.H....n...i...*.....%.\]f2...S.%..n.SBK.)....V9w......;...z~
...RO..ZNv..{...R....V...b.$a.....`C.G|..=*d|..0.......w.#..4.."...NlU
...\(W..F.UG[.Z...K....K...ZA...Z`?..I...k\U}......b..F/b[...~C.._....
yzt..b.I%<v.jUy.SrS.......SLx.d.F..............\....=Z...... ..%\.e
%...m..,5.....F3..%.eI*L!m.No.^..\..b...V2}.q.......<uX.?...c.~.V .
.H......i..w ..q:..4|>pKSJ.?..&B.......7.7..%.[P.}. ....NR.|...M...
....}p.....*X.d..a.4_.a".LJ..f...........: h.Bx.{.<.E.."7....!Rd..i
......A3n.8.../..m..}..S.!{......)Jz.K..`...#..^Z.x..\j$..T....}.z^./x
...oc...|..j...[..Zi(.=x....HUb_.T.....8..0}.`.=.6...O.9.vs.Oe....
<<< skipped >>>

GET /s.php?sid=317595 HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js.adm.cnzz.net

Connection: Keep-Alive

Cookie: ADM_USER=ae165f0f4d1d5b496521f90bd5f05e1a

HTTP/1.1 200 OK

Server: Tengine/1.4.2

Date: Sat, 24 Oct 2015 05:06:17 GMT

Content-Type: application/x-javascript;charset=gbk

Transfer-Encoding: chunked

Connection: keep-alive

Keep-Alive: timeout=5

Vary: Accept-Encoding

Last-Modified: Sat, 24 Oct 2015 05:06:17 GMT

Expires: Sat, 24 Oct 2015 17:06:17 GMT

Content-Encoding: gzip
6aa.............W.o.6......6.T%Kv.bkR%.....4C..Cm/`d.. ..E.i....;=...i
.b..#.....d.'V...B..6.V|6Y...Y.s..l.D.*L.01 .....[Ns....Y.9F....Z.c...
.;l..Z...-.n.Y...:a1...2......P>..\.`..j*[email protected]..`-.. ..e..p.1.T
....U.,.@.~......~_H...#..{t..T.C.L.=7.4%.....}........u.noAA..r.[.U..
L.)/.he..).p..6%^..".RMSt..h..<.c....../t..ppZh.D.#M.. ......X... .
.;..5;.Vzh...2U..b^TL...f.?...z...5...1...N..p........N.x.5.......x.0.
yx.A....s8....#?...'..O.X...SG..a...!.b...j.MDVH.....K8.6Iy.Z...F.(.#.
Es.....K^..*-..^.;.AjL>Qct....(9....A..".*&D.....P9...o..N..K:KhKq.
.(.().h J.!:...........}p......w*....L.U....U...S.....6.d>.i.\.3..q
..L............!..OM....6ev-g..(..\B............XIF..z.T.ii./..8.F.o..
........0S....._..3.X.j..z!.(..oK..uf.1.E.[)o.w*....O2..Jd....'.w.....
....2 ..o...\.g.m.}....%..b(.I....w[.eU.k...._..aCU..o...........1....
x.">.u.........?..p.E.F..7.....h.....r....Dt$...9=.Y...1E....ua....
......A.[d".<......E...AUx.'..K(...dp <..K.x.2....S...3.r...oa.w
w.ea...J?..".....-..e...C)U......I...U{-..N..p.{T....a.7.=.7....a.....
QM.vb...W.B.r.;z.:.B..]D.S...\J(}....w.....I...X......-.0. ..z........
..25W.......cH*...W..{........O?.`.. S5.........t..fE..0......\.u.\YO(
..( y.-.i....b......J.T.%.0...;..}..u.....X[..Y.=x..?.]x..J...4.F...V.
C.*.-.Ii....V.N.t..i.|....8...M.\.Y.71.ovo..s......A...q..2.v5 .N.z!P/
.{...Z.[U.0..].Li.,.Dd...#.$.o.?M?/.5.uV.$.....xX...EnF...C...0...3.B3
.f..q..#^...@............}.R.......4/.'.-....,\..H....9U......^.......
M).0?.....$...P.z........>..<.?..qt]`....{&l.....s....>.1
<<< skipped >>>

GET /cgi-bin/login?appid=549000912&s_url=hXXp://qun.qzone.qq.com/group&style=12.com HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ui.ptlogin2.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Connection: keep-alive

Keep-Alive: timeout=50, max=1024

Server: QZHTTP-2.38.20

Date: Sat, 24 Oct 2015 05:05:51 GMT

P3P: CP="CAO PSA OUR"

Cache-Control: max-age=86400

Set-Cookie: pt_user_id=4091448311087695990; EXPIRES=Tue, 21-Oct-2025 05:05:51 GMT; PATH=/; DOMAIN=ui.ptlogin2.qq.com;

Set-Cookie: pt_login_sig=pC*6ch5aOIZixeT8gnj7iibJE3SguWgc0y3sZ*XEMnnEzvSUj0b6Uo3b8eCwupYX; PATH=/; DOMAIN=ptlogin2.qq.com;

Set-Cookie: pt_clientip=33d4c2f260da0507; PATH=/; DOMAIN=qq.com;

Set-Cookie: pt_serverip=da7b0a82584bc9f9; PATH=/; DOMAIN=qq.com;

Set-Cookie: login_param=appid=549000912&s_url=http://qun.qzone.qq.com/group&style=12.com; PATH=/; DOMAIN=ui.ptlogin2.qq.com;

Set-Cookie: uikey=040a575580a0c4502157d2df72f2cb8921484dbb909193a8d76385c7d2ec6520; PATH=/; DOMAIN=ptlogin2.qq.com;

Set-Cookie: ptui_identifier=000D8BEFC7884986F2F28157558DAD0AE796988A54020153E6760446; PATH=/; DOMAIN=ui.ptlogin2.qq.com;

Last-Modified: Thu, 08 Mar 2012 02:04:00 GMT

Content-Encoding: gzip

Content-Type: text/html

Content-Length: 6862
...........\y.....?U..M...y..Y..P^........S...5...-.Z3...2.;6...K....6
g.N.y...wy..... ..9w..Rkl.......w9.9..e..#.;|.....Z.:m..?<....[v6..
Q.p>............b.`.....E^.;.|..wm.^..n%.....m.sA..?......H..c62Z..
Q.^^...t.~...KqqqQ4....\^....(.n.=...k....\?........o5;r.Dy..j5....F.~
.....^#......Z.........x..k.6.....'r.s.nt.eS..V.o..S.[....6r...a....z.
...[.. ..U.Z..4.j...A.4..#.k.$......s....F.`....U/........ ... .@.....
U.Im2Q..4...(..]`t......uV...Ws.F.t........0.......S.._..._....{.N...~
......t5...F.=`{.Zqq.4....[......~...w.h-..h.....m.TC."..k. .]..i4...^
..x..C.L7"6u1N.........=|...............48.........q.i;.J..fj...w~....
N.H.v../.^.Z...u1.....X....y....?3..Z.C]op... ..^.....5......{p...K..\
....?.={e..[.O_.^}kp....u. .8..}...w^.:8.?wn..t...ngDouE...o...2|...o.
.k.k.....W..x....o.a....sW..^.|........O.....g....;8wA....^.}.m.../../
...o.i....g?E.=t...a.....L...e..w....R....<..o......Whx....kw..a"o.
.s.n#...V........={q.......?..|..~.q..s.2...rA..:\yw...cu..]....h.:..}
x.W..#{.*$....o^.......s.........{...l.l.B..].}....Kw..`g..:..~.4.s...
[...[.w#.....K.bj\.4e......$.....*.... ..J~x.y.A..3.v.....5.-.......N.
.]....,Rm...U\WK=U....T....~...._....;7..^.9.p~....?_.......qw..)...y.
...z.:N.|.o.!....S.....H.%.........>.Q.ah........d.L...-...^m.W..PC
T..3...J...n]...].3'....t.J...a.;.........R..N.th...r....d..V...c8q.|.
...1....&S.$=..J'A...-..M...#.3..Ba.X..9..J.........O.K....A...*.l...X
".fg..z.8ag.m.........]8az.C...b...R.\X(..3...6...T.AI"|].N.f.P,..O.=.
.{.8.....;.u..5...._....L....K..>..a......-..R.(..4IV9l....Z..3
<<< skipped >>>

GET /cgi-bin/report?id=326046 HTTP/1.1

Accept: */*

Referer: hXXp://ui.ptlogin2.qq.com/cgi-bin/login?appid=549000912&s_url=hXXp://qun.qzone.qq.com/group&style=12.com

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ui.ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_user_id=4091448311087695990; login_param=appid=549000912&s_url=http://qun.qzone.qq.com/group&style=12.com; ptui_identifier=000D8BEFC7884986F2F28157558DAD0AE796988A54020153E6760446; ptui_version=10137; pt_login_sig=pC*6ch5aOIZixeT8gnj7iibJE3SguWgc0y3sZ*XEMnnEzvSUj0b6Uo3b8eCwupYX; uikey=040a575580a0c4502157d2df72f2cb8921484dbb909193a8d76385c7d2ec6520; pt_clientip=33d4c2f260da0507; pt_serverip=da7b0a82584bc9f9

HTTP/1.1 200 OK

Connection: keep-alive

Keep-Alive: timeout=50, max=1024

Server: QZHTTP-2.38.20

Date: Sat, 24 Oct 2015 05:05:55 GMT

Pragma: no-cache

Cache-Control: no-cache; must-revalidate

Content-Type: image/bmp;

Content-Length: 66
BMB.......>...(...................................................<
/font>....


GET /style/0/images/load.gif?v=0.5662742633235497 HTTP/1.1

Accept: */*

Referer: hXXp://ui.ptlogin2.qq.com/cgi-bin/login?appid=549000912&s_url=hXXp://qun.qzone.qq.com/group&style=12.com

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ui.ptlogin2.qq.com

Connection: Keep-Alive

Cookie: pt_user_id=4091448311087695990; login_param=appid=549000912&s_url=http://qun.qzone.qq.com/group&style=12.com; ptui_identifier=000D8BEFC7884986F2F28157558DAD0AE796988A54020153E6760446; ptui_version=10137; pt_login_sig=pC*6ch5aOIZixeT8gnj7iibJE3SguWgc0y3sZ*XEMnnEzvSUj0b6Uo3b8eCwupYX; uikey=040a575580a0c4502157d2df72f2cb8921484dbb909193a8d76385c7d2ec6520; pt_clientip=33d4c2f260da0507; pt_serverip=da7b0a82584bc9f9

HTTP/1.1 200 OK

Server: QZHTTP-2.38.20

Connection: close

Date: Sat, 24 Oct 2015 05:05:55 GMT

Content-Length: 771

Last-Modified: Wed, 04 Mar 2015 02:52:01 GMT

Content-Type: image/gif

Cache-Control: public; max-age=86400

Expires: Sun, 25 Oct 2015 05:05:55 GMT
GIF89a.....................................wul..y............!..NETSCA
PE2.0.....!.......,..........O.......{....Y..`....I.D8.. S.....(......
.D..(.I~.. .H`....Z.f....k.N..q...;'.L..!.......,..........N.......{..
@.1....Q]AiN.:..)S.T...,........b....$?...Q(0.).j.f....{....n.-~N....!
.......,..........M.........,Eeu......%5..E...f3. ......g(..<...L..
.D".X`.RJ.J.N..........9...=..!.......,..........N...J..Z.'B. ..q`....
.P)8./,S&.$.$.......y....D...."..`.R.ak.b.........m..^S....!.......,..
........M......Z.gJ.....}.H..I...b$.(.t..}.......~9..@Y,2..........i00
......|......t;..!.......,..........M...R..Z..R.. ..}.H..I.l....t.P0..
..B....v>.CG1.2...i.P....J.0.R-.....J....t;..!.......,..........M..
....Z..Z..$..}.H..I.l...at..0..........8..B d..L.I.B)...q80...&..t....
...3..;..

GET /material/cf/c/df32015041f34b9146b8696c892cd.gif HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cache.adm.cnzz.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/gif

Content-Length: 52809

Connection: keep-alive

Date: Fri, 23 Oct 2015 23:03:15 GMT

Last-Modified: Sun, 07 Dec 2014 01:48:04 GMT

Expires: Sat, 24 Oct 2015 23:03:15 GMT

Cache-Control: max-age=86400

Content-Disposition: attachment

Accept-Ranges: bytes

Via: cache16.l2hk1[0,304-0,H], cache13.l2hk1[1,0], cache8.es1[540,200-0,H], cache4.es1[542,0]

Age: 21782

X-Cache: HIT TCP_REFRESH_HIT dirn:0:448818133

X-Swift-SaveTime: Sat, 24 Oct 2015 05:06:17 GMT

X-Swift-CacheTime: 86400
GIF89ax......f..i..m..o..q..p..u..s..z..z..~".~!..$..-..'..1..9..*..(.
.2..2..6..?..7".=$....3..:..=..D..I..S..[..T..f..l..G*.P1.]9.Y5.U'.d;.
m4.B..K..B..J..T..\..W..F..K..O..T..V..w..z..n..c..k..g..s..{..x..g..z
.....[#.X".z-.d .g'.y).l2.o8.u:.v8.lB.vG.jA.|B.}K.....................
......................................................................
................2..(..9..6..,..&..#..(..8../..=.......................
......#..#..#..,.. .. ..)..2..:..6..4..;..;.....U..L..S..X..Z..N..E..M
..H..G..Q..T..[..U..R..Z..F..G..X..W..W..e..s..h..c..j..f..k..j..s..v.
.z..t..q..a..C..K..G..C..J..L..C..W..S..\..[..T..L..L..S..\..f..c..b..
k..k..v..}..{..x..s..|..}..|..s..b..d..c..k..k..n..r..r..{..u..{......
......................................................................
...........!.......!..NETSCAPE2.0.....,....x..............-.. .....-W.
n...K....f........~d...E.$/..xP....."4H.......$.1....!>|..%G.F.....
...EU...E&..0.j......:%&l...L.B.".H..Y.^,....c].);..[r.K...^...a....j.
..$D.T.4....R.w.z.{."..]8....._.V.7......=[vU(."..X[b...cA..c.UX.sU...
.G.Wj..S...i.v..-{Bn...........Ux....7...v\..G.g:....~.....rt.....s...
.H....f.%..Dr.....5e.~....O.-..g..V.{.6".g.!. zUY...qA...V.h......p0..
.OJI.T..1.^{.U..g):..G.D....^!......h..h.c:...D..7.o.5.[.I.x^J....r.uq
.......Y.p......D....r....H.5j.GuY..f V.....W..UEug>..p..x.7.q_>
.b.1......-.......{...i]..ze:oD..K.9..B\....B.d...l....R.m..mI........
r...Q....J.GW^{...}.~X)...YOh..........-.3...PyR.u2..w.....$f(#R^.\o..
..n\d,...-...,..r%...b.?Z...J......6.a....ED.T,.-..-t=....f...1...
<<< skipped >>>

GET /9.gif?abc=1&rnd=64926055 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.gutou.cc/up/tongji.htm

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cnzz.mmstat.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Server: Tengine

Date: Sat, 24 Oct 2015 05:05:55 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=s/ xDknQKHcCAcLyYNr/GNhv; expires=Tue, 21-Oct-25 05:05:55 GMT; path=/; domain=.mmstat.com

Set-Cookie: sca=8660a110; path=/; domain=.cnzz.mmstat.com

Set-Cookie: atpsida=69d515a513b829ba72d2a8d1_1445663155; expires=Tue, 21-Oct-25 05:05:55 GMT; path=/; domain=.cnzz.mmstat.com

Location: hXXp://pcookie.cnzz.com/app.gif?&cna=s/ xDknQKHcCAcLyYNr/GNhv

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server:
 Tengine..Date: Sat, 24 Oct 2015 05:05:55 GMT..Content-Type: image/gif
..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CUR
a ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=s/ xDknQKH
cCAcLyYNr/GNhv; expires=Tue, 21-Oct-25 05:05:55 GMT; path=/; domain=.m
mstat.com..Set-Cookie: sca=8660a110; path=/; domain=.cnzz.mmstat.com..
Set-Cookie: atpsida=69d515a513b829ba72d2a8d1_1445663155; expires=Tue, 
21-Oct-25 05:05:55 GMT; path=/; domain=.cnzz.mmstat.com..Location: htt
p://pcookie.cnzz.com/app.gif?&cna=s/ xDknQKHcCAcLyYNr/GNhv..Expires: T
hu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cach
e..GIF89a.............!.......,...........L..;..

GET /pa?p=1:10347904:4 HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: wpa.qq.com

Connection: Keep-Alive

HTTP/1.1 301 Moved Permanently

Server: tws

Date: Sat, 24 Oct 2015 05:06:10 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: close

Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_old_41.gif

Pragma: no-cache

Cache-Control: no-cache; must-revalidate
0..

GET /getonline?Type=1&10347904:10347904:10347904:10347904: HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: webpresence.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: tws

Date: Sat, 24 Oct 2015 05:04:25 GMT

Content-Type: text/html; charset=ISO-8859-1

Transfer-Encoding: chunked

Connection: close

Vary: Accept-Encoding

Content-Encoding: gzip
2b.................K.6..5.......FHlc.....O.0.....0..

GET /9a.gif HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cnzz.mmstat.com

Connection: Keep-Alive

Cookie: atpsida=69d515a513b829ba72d2a8d1_1445663168; sca=7c565289; cna=s/ xDknQKHcCAcLyYNr/GNhv

HTTP/1.1 302 Found

Server: Tengine

Date: Sat, 24 Oct 2015 05:06:20 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: atpsida=69d515a513b829ba72d2a8d1_1445663180; expires=Tue, 21-Oct-25 05:06:20 GMT; path=/; domain=.cnzz.mmstat.com

Location: hXXp://pcookie.cnzz.net/app.gif?&cna=s/ xDknQKHcCAcLyYNr/GNhv

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server:
 Tengine..Date: Sat, 24 Oct 2015 05:06:20 GMT..Content-Type: image/gif
..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CUR
a ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: atpsida=69d515
a513b829ba72d2a8d1_1445663180; expires=Tue, 21-Oct-25 05:06:20 GMT; pa
th=/; domain=.cnzz.mmstat.com..Location: hXXp://pcookie.cnzz.net/app.g
if?&cna=s/ xDknQKHcCAcLyYNr/GNhv..Expires: Thu, 01 Jan 1970 00:00:01 G
MT..Cache-Control: no-cache..Pragma: no-cache..GIF89a.............!...
....,...........L..;..

GET /ad/shiyitop.htm HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gutou.cc

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Microsoft-IIS/7.5

Connection: keep-alive

Date: Sat, 24 Oct 2015 05:05:47 GMT

Last-Modified: Thu, 06 Nov 2014 01:26:53 GMT

Content-Type: text/html

Content-Length: 834

Content-Encoding: gzip

Accept-Ranges: bytes

ETag: "802cc8be60f9cf1:0"

Vary: Accept-Encoding

X-Powered-By: ASP.NET

X-Daa-Tunnel: hop_count=1

X-Cache-Lookup: Hit From Upstream
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"...O.<y...<M...L_~....I..
.....wr...7O....o.x...w.7u.l....Yy........m.zt........../..yu..`..e.u.
......GG.c|..[.............6.f.c...!...._...?...Z....~s..?J...g.......
=L...n..............-.2?............w..$y..no..............moS.fZ..6m.
.g.3....3.......}.\...n..l1......2.v..l.5.........Wn.x............O...
|{..{{;;..G..@~<.......c.to.....!~........{.....w.......RvR...j..|.
........]...< [email protected].._............R.DG..z9...M[........0.%.....j;.
[email protected]).......>z.p..tR.....#...* ....=....L..m...e.6.....5...
.S......g....?.........w.?E...../....N_<=}ESA....YT.o.....-z......E
/..^.'S.&.)OP..........-......z...^>..^>.....^/..(G.............
.X{..{.n.n...O...[t..Q.I...Ac...~......v.b.._77)*ts.........X7...G....
...?a.........p...HTTP/1.1 200 OK..Server: Microsoft-IIS/7.5..Connecti
on: keep-alive..Date: Sat, 24 Oct 2015 05:05:47 GMT..Last-Modified: Th
u, 06 Nov 2014 01:26:53 GMT..Content-Type: text/html..Content-Length: 
834..Content-Encoding: gzip..Accept-Ranges: bytes..ETag: "802cc8be60f9
cf1:0"..Vary: Accept-Encoding..X-Powered-By: ASP.NET..X-Daa-Tunnel: ho
p_count=1..X-Cache-Lookup: Hit From Upstream...............`.I.%&/m.{.
J.J..t...`[email protected]#).*..eVe]f.@......{....{....;.N'...?\fd.l..
J...!....?~|.?"...O.<y...<M...L_~....I.......wr...7O....o.x...w.
7u.l....Yy........m.zt........../..yu..`..e.u.......GG.c|..[..........
...6.f.c...!...._...?...Z....~s..?J...g.......=L...n..............
<<< skipped >>>

GET /kss_inc/style/sale_style.css?version=M09-P136 HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: text/css

Content-Encoding: gzip

Last-Modified: Thu, 30 Jul 2015 00:49:55 GMT

Accept-Ranges: bytes

ETag: "bfe7aba661cad01:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:51 GMT

Content-Length: 872
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"......./>....y.(..G.G_...j..
6.}.o..G...]..E......I?.B..d^..e..(.............o.c....O...A6...G...w.
..7N&....O.....Z/g.~..?........"....MV....b....;i........_<...~..;O
...?.G...&e...YM.m......u6..Y^oO......V...*.Y..;...=.wo........X^<.
.z._..'.;..=..C...../..e.=...y.h.....4.....Y;...> iS..Q...y%.......
...y..l.=z.Co......`..MD../..;.....Hwwv~.tG....\4%" E..'....7yVO..x...
...*.m^..w..........=...........7........}.b....^..,.v.........N..3..j
[email protected] j-.|H,d.m.....?h.w.vV...G...8..tx..m1.Jm.(f.2
......<.w...........{D......G}..:....u.......{..#82..=.....2_o.,.n.
f.....1...s2F...-..2..4....d..`.Pf...C..E...2..2)...-... i....xV4.2.~4
)........Ge~..8..].H.....w.H..8RTl..FJ.G{...o~....o.|..I......S.#.-...
.....)=..U..E.|D.t..... ../n....y..B...............


GET /kss_inc/js/jquery.1.3.2.pack.js?version=M09-P136 HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Wed, 29 Jul 2015 22:26:55 GMT

Accept-Ranges: bytes

ETag: "601ea5ac4dcad01:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:51 GMT

Content-Length: 28270
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"........$.V..?.....;.e.zZ..6}^L
..>......Q.....z9m.j.u.._fuZ~...ft1........~..F.. ../..g.....;....u
.L..UZ....bY.../.=.............xk.3.os...;.........g~......{...O..nwG.
.n..........}.#...!@}V.Wu.V..*.....#..o............z./...|.t..f..j...c
0....g...m\...v....5..m.../.}|.K........>........GB..?{:......;..._
...>......g~.o......................_..M.0.>3../...........|....
.....q1.]?.O.q..;..b9.....=...:.................mU..=.%...Ym}.A.o..j\4
.,.iX...}g\......%........S....~..k......h7.m...u.]32.......Q5^dos..1.
.....F?.....>b..h..?....a0|.._2..pMNm.L.....8..7e1....,....#.......
.j.._......l.....<}N.......*..r...0..}.c.?..`.o...af..>'j. .....
....{|.~DT.....I....?.....?.h..ON?...G....s.T...C....l.....4.C..`..V.5
#E#7,.?..(..s...}oH].........F..s.....;.:...t...$..NG.@/gm[.w1...$.~..
...$..@_ ..9.~a{.0....a.....g>.....8..PjL...~./9<......mK>...
Y$.......z...Xw~q5......n...e..D.gM..~F.;.|tF......M........S?.*f.....
..>...y..._..WY....*k........>...d4......>y..#....z.>..~W.
_1.~...!..\[email protected]*<."./......Z..S."Ni..OI........n.X4..g.}
DF....g~.`F.;........(gx9h....1...g...?.Yp...d.....uNz.l....=|.}......
dtUg...t.....h..r.....Q8v.qY-.-......}.1.d..7y.>..wr.../yF.p.xK:...
sxE$..>'.^7...1#..........N...c>..2..%a...k"d._.D...`..!..."..I.
c..../9.......U./.e......p3j.u.x..TR.4c.?.lW...f.QC...t5>.../.[a.o.
........g........X.B.........K.....$...n..._....L.E....Y.G.#!.....
<<< skipped >>>

GET /kss_inc/js/jquery.form.js?version=M09-P136 HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Wed, 29 Jul 2015 22:26:55 GMT

Accept-Ranges: bytes

ETag: "f6b6a5ac4dcad01:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:53 GMT

Content-Length: 6993
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?".....i[T...../.h..i.......2...&
lt;k.u../.%.....(.lU|..m}..X..m.^...>....=...."o.v.p..w....r....|.@
T.b...gW.rV]....O.....6>_......^O.E....Z.Gs....[.k;/.q.//..._\V.[..
W....b.*..i.......M.n..*..|./..._.m>[email protected].....
-.....:O........w~....7.)z}...._r(`..8k.z.c..P............(.~F=64]....
.....~[l.7w.}[email protected]:..4...y.....P...5........x.......o.{......;w...
.|..w...._r.......wm..m..:...G......&...-.......~$...??}...8..E...>
.....v..-.m..[C...=>...2k.u.j..ge.....lR..G.2[.......;<}.y[.w..D
........^..v..EV.?.?.}.M..#...;..~....w.O.$...E..!.. M_.\.Z;.Orz-.m...
.p..-.iP.CS......R.[3b.P.4 .I6}.E.Dk.lV....L{#......'.ae../...0....Cb.
.k>....._.n......7.q]g..JM...m1...xz...&V...u..b...........l..7....
;..ar...?.........bhJ./...HyW@m_.\....!.......N..}w..)..%.<*.._.../
.E.m...c..}../.......? 0.....Z...$k.-" ..7..Z>[email protected]...<......
..g;......?.EFE..~.\.../.i6,0...........Ru..-L.._l..W.f.L.._.f.5...K..
M.H...f ..}.XN..,.v1..K..w5.b.o.p.#..&.{..cTU9{-*.2........_r8........
Q..2..o....c...E;'[email protected]^Wt{..~o-......
u...m4.w.Z.3..-i.;&..g~..|HS..V.g;.E..3..x...c............g.Uy...F..t.
3?..,n.....G'p...;.5.....G..Q..&e>....:...,.b..Y..Z.[h,.*zG;.j.....
.l........B........../r"....${......f...;A.]..<..:s.7........}tz...
.......>._.L3.....&.F.#.l ......../......)0.'..9..n../.|.3?......i3
-.&...|u\.....7vY...,S......UYe.3.e 3......go..^......y...6...mp#.
<<< skipped >>>

GET /kss_inc/js/jquery.pngFix.js HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Wed, 29 Jul 2015 22:26:55 GMT

Accept-Ranges: bytes

ETag: "6729a6ac4dcad01:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:53 GMT

Content-Length: 1138
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"....i[T...../...X....|9^-/...&g
t;._6y....../6.}...wm..m..I.-.^...>.......ddZ.9........lk.]..Y[..l.
z.-..>...bZWMu..g.6..y...[.U....._...&./.W.2.....g...._..f\,g../..&
gt;....iz.|..;..g....O..p.t.cp).......j.z.h.....-P.g~...cff......9....
X\|.....g....tg.g.....;Y..[._..v..(..?..s.0.T....b.v^...........u.....
.A../..o......0=.}..T ...}|...A?>...O.........9P'e.4QhS|.......]...
..1.......o.`..>........A.....M.\q...H.0.....G.0..'[email protected]\.....
[email protected]~.e.O>.X>#|z...a.S.._....f3."!\.0..
.v!.......(.!d.,.,.u....Vi.0>.{.6..R.w..`P...U.L?..^9.._fk...._.u.w
..g......?..2k....j^..6A...h .e...gE.*..G...nO.j..p.M.^..z9{....^.<
.2..[......:.......u...W.....n#.......%.W...(f....g..".....z1.zx|\....
....E..-R}....wz.n.........)[email protected]......`Bc.y#i;z|...<b.&Z.S
..4.d.. f..g$J..?....?..H..?......f$.$...b.ou..9M..{../.4........O....
\..}..~.c.m..f..OT.....|.-d`E>..L....v..u]n}.....~.|....s..!...G./.
%z..^.....q.^..".).1..i6.....?......G.........G.$N.b.Z..-9....i.q{.x..
>~...k..!m..M.........=Dr...~.a...z..KD#5Dw....)u.........


GET /kss_inc/js/admin_pub.js?version=M09-P136 HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Wed, 29 Jul 2015 22:26:55 GMT

Accept-Ranges: bytes

ETag: "d98aa1ac4dcad01:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:54 GMT

Content-Length: 4509
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"........t..y.....v.....4y..X...
={..2.J..:.....z9..}..._...iV..l.....r...r../.%.u...........y....7....
..g......_.E....G......7I./.u.....^~......-.c`.MN/.eK_......kn6~.~..^~
Lz.._.g..;......O.3..../B.q..>......v^4..gi>^e...M ..k...C.Q7.qb
.M.i....em.........3.........?.../..?.?........;..?......?........o...
....._..?....................?./....?.....*.H....._.?.}......q....w...
._...............7......O./..?...k..?...W...N...../......?........;..?
.g......_.........9.1....u.L....{ci..4.............4k.......Bx...`[.f.
!..._.i....G.I....'.....................x]..r...V)$G7.>.hw....O..&l
t;\U......_.5....O.-.......~......>_..|.{}...?{....~...|.....s...V.
}...W..>).!..iyX|....c.(.....x:[email protected].....>w~.w.2_^.
s...h.....>..0............/..?.f.?........S....../......S...J....b.
E./f#.w.-r.\..._L?g...YM.9>.s.......V.....j.........._._.Y......=^7
.2..EV.4.....`<.4..?.....>..........o..Ao.V[......?.F...3;...q.(
../....L...I5.i..;.n...........|..<.?.Kr.S....O.[.......P^..2..#.&g
t;....>....5>...x^.h.............6...../....~.^...{W.[.|....O...
!..1.......a..o....O..........7!.f....I5...j./g[.=...i1..c}.......#I..
....!..?.;...8$.......W...._........!....G..R.L#G...g....<L.......O
[email protected]..<..>..G..#....lK.....;.f^]1..........O\...?./.
..........2J. ..R..c..:)..........$..r.n.[fXp..Z..CQ.T^.........F....c
N.uC...k.d...%0..q...l.o..}.....#..[.^r....}......5.ro.M.r.o......
<<< skipped >>>

GET /kss_inc/images/salelogo.png HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 13 May 2015 13:20:06 GMT

Accept-Ranges: bytes

ETag: "0c7e877f8dd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:54 GMT

Content-Length: 45207
.PNG........IHDR...X.................pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>

GET /kss_inc/images/sale_search.gif HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Wed, 29 Jul 2015 22:26:55 GMT

Accept-Ranges: bytes

ETag: "e27398ac4dcad01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:54 GMT

Content-Length: 2437
GIF89av.%...............f..3..............f..3..............f..3....f.
.f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3....
..........f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3
............f..3..............f..3..............f..3..............f..3
....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...f..f..f..f.ff
.3f..f..f..f..f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3
ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3..3.f3.33..3..3..3..
3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.........
....f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3
..3..3f.33.3............f..3...]..\..[..Z..Y.. p..n..l..j..h..f..c.._.
%z.!m..d..Y.-..\.. L}h..Mq..........M..=w.E..L..`....................U
..R..[.....!.......,....v.%.......#E......*\......#J.H..C..32.7o.....q
.f....(S.\.-.?R....I....8s.....O..<.......H.*].....P...&._.mX.j....
..`...K.,.....].....p...K..]....e.O.>.............[.xq....A..v....'
.=.92>..C...d^.....[..u...Q.F.......s..M.......w..b...)_..u?..].F.|
....U.../37..... ...x....>N..ry.......}.....7.......]w....?....<
.^. ...(!..T..=...Z=.....y.'.<y.7.~...!|...b=....~%.#..#...w.......
v.i?..Dh..S........qHJ;...G=Xb..>..R..`b.Zz.d(.>.......x..?.H`&l
t;.-...=>..|{..b.....>......q.%....c>.|..<]....K...;.f..=.
....z.............<.....=....`..z.L..Vk..~.N....N..a.._..:..A..i..p
..u.....iv.N.....:...n).Q..........0,)..c.;..S.:...bU..F..L.6p...#....
.-....._...B........[......o...k;..........E2..=.g3..K.s.>..G3h
<<< skipped >>>

GET /photo/miaopingmiaozan.png?mode=open HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 19 Nov 2014 10:55:57 GMT

Accept-Ranges: bytes

ETag: "80dc8f65e73d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:55 GMT

Content-Length: 35724
.PNG........IHDR.......I.....Z.-.....bKGD..............pHYs.......... 
.... .IDATx...{.%G}...sn.nu.....m.B. ...[`.eK.&4x..x...a/..f.Q..eP .g.
...c%...k..a..k.....#.V..x.Xhl.-.C/..."..WRw.{*.....7....U.zd...DGG.&l
t;..eVe..~.UU. .G=..k~....%*...........|......q..;f%[email protected]....
....|.........z.._A...`9)...;..ph3.....2...D"Z9......9x`........d.....
.?swq.J%..|`mh...........w^t.}.3 .`zd...]... D...*7h.N.:..S.N.u....:..
...9'......j.... ..?...M...^t.....<..6..!.=..1...bB..fO.......q..u2
.Vv...4)...1...]x.4....0.......x......":....o"....]K.f.. TLh.BO>...
o...'....h..]D...........w.wt.....,.|.w....X%........5...M.D.:....h.$B
>B|M.u4.O.`e...D.....).>i.[.K.O..HH.b..C.<.....H...|/..1....U
.VO...U..EQ...n............G.$.U...d....'F3.PG0..6~.......... '.T...|.
.X..{.....Wp.!i&"C...|.........w.$.;....{v.u.._......g]..O|....c...P.3
....>.8#W........:B.....0..j$&d#.....n..N.kT#:,........lOT^.m!..%.p
..7. S.1e.]3.M...j.J3m*..D....gO<.....MA.......'.N.|......^y..D..O.
U...|b3.....=q3..sQ3..4{.......}........W....?.J...V... .\|.Y.x.e?u...
?....R....D........z'......EStU...Q.f....g....q"G.Lv$(.ntF.p.y[;T.G.{/
...Ts..h.....{.'ld.>.n.|.4.$..........SRYr.T.G..Ld.M&E1!Y~l..LIe...
V.*..4.Y...RK.6...W.:......~.....g....T.1...Lk._....wL>.w.......?..
Li.~....}...:...<.._8x...p.&.!'yF...yt.......=.....B.N.x&........}x
.y..&..wB. M...>.P.EK t.B....1...r..a..Y.C..(;.....P..C.9T(.Ahy..".
.}...e..1.T..,.....M\..EQ.fRP1..(.#......_|.KDdg...{.)K...e^.P.$.c&.v}
.S_..C.../..<"..PA...]......r.U.L.M.f........>{cc..O|.v.Ak..
<<< skipped >>>

GET /kss_inc/images/sale_le.gif HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 12 May 2015 11:58:48 GMT

Accept-Ranges: bytes

ETag: "b4e5b11ab8cd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:55 GMT

Content-Length: 181
GIF87a........b....,.............................H...........L........
........L*......J......j............N.....................(8HXhx......
....)9IYiy..........*:JZjz..........W..; ....


GET /kss_inc/images/sale_btn1.gif HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Wed, 29 Jul 2015 22:26:55 GMT

Accept-Ranges: bytes

ETag: "d35d96ac4dcad01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:55 GMT

Content-Length: 1592
GIF89aE...............................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..........&;$.3.......................................................
......................................................................
...........!.......,....E........$8.......)T.P....#B.D..$..?i...B...&l
t;..IR...&I.\.....0c.D@.&..8sN......?........H.*-:.i..P.J.j..)R....!..
......K....h.pY...[..,Y*.5.].(..Ea.......xA...,.. ^....K....A....2.o..
...i.C..\....Q..^.:.....H8.....?....-._......\.........y...e..e.6..4v.
[email protected].%..X....?..}..V...........4..0B.R$..h.*.\[email protected]
.M40`....E.......4..VA.!....,......(#.T.HE......<......PC4,.Yd4'\..
.L..Z...(...|`..1.8#.6.../..Q..d.r. z..f4t....i.).x...G"..)Z*|...-. C.
..$b. ...&..^.&..F..h].....d..).m.i ....2...H#..........a..*..a......&
).....j.nj.3.8ah...zi.b...._T!..U.f..Vd.Z..N..$.}....Nr.3.8.G.......R 
.... ......h.../h..,0#.0...|$.0.k4.o.SD,...W<q.......w..(. .D.r.l..
(.<q.,7...0.,3.-71..8...#....'s....D.a4.H....L3=..1..2.TWm..Vk"
<<< skipped >>>

GET /photo/qqxiangche.png?mode=open HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Mon, 22 Jun 2015 04:05:34 GMT

Accept-Ranges: bytes

ETag: "07becafa0acd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:55 GMT

Content-Length: 425114
.PNG........IHDR.............~muY....bKGD..............pHYs.......... 
.... .IDATx...yx.U......-.^......k....J....3l?EAYT....|.....3.......W.
A.8........4.D.D..D..;kw...~.\( U..N.I:p>O.<.U..nU....s.=.._....
..............>..c............~_.J..q7.........<.e.4..m....O...C
b.......S.el;U..FX..........g............i.r..Iw.......'...o.<V..~.
B.s...B./.9../A.C.F..Cm....r..............lc....*.T...ezf.@.!t.K....q.
...Y.6d..(..Z..........L X.c9..D...D......_...'.;...m...N............_
...1..).w.!..c...]..E.[.....t.D.....X.....'....tSc.........../..,..L..
8.cY.u!....S4.(.)....n..rc/.e.Ea....P.%r..........k..g....b.tC....Sv\.
..._<6.....T..[.r..we.[g.4..y..=..se..........?. ........h'.....N..
-.cY.aw.Z\.V......J.ZK1*L.^.)........:..#J..h..r..V.!J.....f...4'...!.
.....P./7>_...w.V..N..;-..mW.wz._<&o{x.}.............u..}.......
.....}.5. .u:...-sGz.....W`.R....2...rNG.....ov.`..X.k.R......Q4.(....
h.g`..]En..\.W..P....x....fh..8e.."..C..7.n.....\.....%..yY./7........
..8.z..(r......0E9X......r.e.X.... N......T.].R8L..........B.-Jy...o..
z^..o.).z.S..C..o..K...R......P...7..U...<.#.~..K..7,]B.......[T.w.
...'x69DQ ...|......zp..... .......N$.......`L#_.Z...../.....1..y...e]
.X.J6.Or.]=1.......7On.t<B...K.<...Q.._...>|...^..7.....CA_&l
t;.C.........xq&]..w.aa....w=.\......Q..6=...!... ..:KO........._.i...
i....-....0.r.ZG3jJ..yU.....,.!.r2..]..`Z.T...[...o..B.>....>..4
.V..(..Xs.._..O.........d...........PGm%.t...;.'....;.N.......xp.. .s.
.o.y...^.......I..R.....n.0...\...q..... ....c.cZ.1%...sS&..{.).. 
<<< skipped >>>

GET /photo/shuoshuofabu.png?mode=open HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 04 Mar 2015 04:19:43 GMT

Accept-Ranges: bytes

ETag: "801987703256d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:57 GMT

Content-Length: 29709
.PNG........IHDR.......I.............bKGD..............pHYs.......... 
.... .IDATx...}...}.._..bA....,e..I.......u.d..R.L...U..FR...*q..\:.%Y
w....,..U.$.......h...J|'...LZ.x4..u.}.....[>P.....bw..G..>....=
=3=...X.l..O?O...y........=I7.I.$I.$I.4..O.4.&.I..i*..i..H.G..3.w:q...
.......3.I.I.i..&.n7Y[[.......I.E.."Q.....w.(.....&.Z.>M..H........
q.EQ$Q.E.g..q......Ng&...8..D3.....T$.I.4...""..3q$Q,q,q$..$].&I.].v.u
.t.I..SGQ..&I7I.I......I$.%.".4JE.T$...M3.6.n.....E.eS%.&k....][[[....
..$.....".vH....Wcmu.......t.....I..&.$.t..1...t......N$Y.I.$.BJ...Eq.
g.....lM...G..$i..i".I.giff:...........e.........HGdFd6...H|...}.Y*.9~
..Z..L.EY...Qv.....eJV...o.1.....)i~....~(....).._......u?.f.Z....... 
<..j.....,.i.....t..]..*.....t..&..J.H.I'.8.N$q"...'W.dee........ .
k...e..v.yE.:..N'.;2....\...3.9..WeuEV................W;....>;3..gf
f;33....4.V_.....g;....N.iS.i......../."....A$.....ki.....i...<....
./..UIc.8M#.8..~>. .H2...|........L...o<.s...t9..,  ruY..-.....O
...O.."...._..I.N"Q..I*Q$iv.N.T.8 M.ko.!.P.4.n.v.$...r*.l:.I.I....Y8..
E?..(.b....Z..t.nw...$....]5[Z.....X$J.l.K.(.t.n...v..3;;..$.N'NE..ZI.
wyu.OE.8.SI.IcI.I...^.4.=r....$I.wA..=..Y/.J%M%...n.]... ..6.$.Z7.t...
...~......H.4.v.$YO-../.;33.M.8.S.t:..N.......8.Kz.T......ME$..^4.;...
..Dq..I...QW..(.4I.8..........^Q\.............%_....Z.M...Qi..8..'...h
...gzH...i. ..'..(...d......n.......F(.."...Q...-5U....8.:.K$...v..X.:
..;2.K...s......E.Q....(..q.......8..(..N..Q..".E.J$iv-..]."...~ .../&
lt;......6.f.9..[....i......u=p..OY...w..A..t.DD...z....W$._...k-[
<<< skipped >>>

GET /photo/zhuanfachongfa.png?mode=open HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 26 Nov 2014 01:46:56 GMT

Accept-Ranges: bytes

ETag: "06816dc1a9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:57 GMT

Content-Length: 28041
.PNG........IHDR.......F.....t.......bKGD..............pHYs.......... 
.... .IDATx...}..W}.._?W.u.r.d#.'..K2!....x.1`."..%.[.r.)...$D[$8..%..
......7.]..T.!..coQS;..#Q.....(..1L,.8.1... d[..}z...9..9.O.~..>.O.
...s..9.....9..}..?.I...x..3?....3k.,.3.E2.E../....^5...=[h)...]U....r
......#....E..._...O.S\.X.mi... ........E....Z,.T.......P....p.....pU&
lt;..%.v363.../..h......ar.-..lK...RO..J,"o....uI...:..O...D..........
...../..H.........}......E[../.......K.....$.z../.R.8......%...U"../..
.,]...YzI..d..,.$K.d.......[.n.l.....9.}..].a.\u......W_}.WDV....d....
D......r.Yy..\</[email protected]...>......E4..W&g
t;.y.i..zkQNx....h .U...W\8./o..g?....]""g.....y._.|.{./.U.Dd)n......o
.?..]..q,...."..D.$.FQ.E.?.^.yCN.q|....._.x.,-..%.......E.....".......
i..}...].ED......|ZD..../.v.3..=.:'<..e.$/....{_..mk/...#..\{.%.lX.
...U.........../...E..h.....^.....cw<.8.......~..g.....u....K}[..G.
l.q.....R....6..9'.?...3.ZZ.....9.l.a....ze.)......q....O.z....o......
go..qGz...u....u1.3,7.d...h..XhK......'...$.5I]r.l....V..s.w.9.g......
.^.....>[email protected]...:);.-z...VZ....!q.....(..H..&J..Q.4.xB....^x.
W~.gF.W.......]Z..."D....o..."r...$_......^.e4KX.y....,.x.K...........
.||.C'.:.F..\..........'_..7....SK.....d....<{.....n^..v........3G.
W.w..;.s.}7....Sw< ...,bv.(DX(.l.>..O.....yV......M...R..2'"..X.
...N.....ph...........Q..=tT;.d.d...g..G...8.g....[r..6..Ht..9.....o.2
......w|n....7kk).z.O....]..........'.J..B.'3........`...P.ED.Y.d..O..
.z.......cw?.(2wp...]..^.....n[...j.K..e8..#...[......Q4.....\....
<<< skipped >>>

GET /photo/renqikongjian.png?mode=open HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Fri, 19 Dec 2014 07:40:01 GMT

Accept-Ranges: bytes

ETag: "801ed5fe5e1bd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:58 GMT

Content-Length: 30421
.PNG........IHDR.......F.....t.......bKGD..............pHYs.......... 
.... .IDATx.....].u.....Z....[...`..q,'q....~.Y4..g'k.H...^..<G.$..
-~$y..V...3.....5.....7$/.3.jV,.AQl..`.....u../...5.{..Q...[.N.s....~?
..to.:U..=..>.vU...f.. 7......_...'..<..<..{...........R....w
O.."....7.)r!...{.wN..{~.s.S..{.;...Hr....`Ot^...7.IU...-......Sj.\."C
o[..S....F..q.."..(.....^.....E..5.....&N..cJ.[....D.&...<s........
...S^...o0.^]8..O... .......=..R.....w..7~|j.......G~...7>..>.5.
.?.....?n.#..~........c............s.p...>?..M......CJ.......c/.D.f
.;..On...~......^...3.....g..w..7~...........|B..W\.l..Z-.g.ma.._9zd.C
........M..v...#...C......=..j. .y6.w.a.:|./.H......6.d;...x...>...
t.{...]oJ.........l.&L...=.o!..W?A.;2..t[".).... .....eC ..m...[.....h
...~.8~....."..Iw.....7.........~G%...?~3....E...W.m.o[.........G]..~.
._.....X6.b.E...c...m......'..m..-.]r..;..>....<..^.c/....;>)
R.p.'_~s........N...P....o......7W.#:.mz}.^?J.^......._..5?......g.,..
.......'..?..D....MdS.Z....?....i...........}...|....A......V...V....x
..o.Z.ON...<.{..t.._.[.Zu...>.|.7..N/5.h...\V..........c._.....K
....s./..=..,[$.........N...7....D.>...F...........(.n....7...c..Cg
.[1.......P..5...D....D.%j.E.%j.5.:..m.W-.).!.........Y..}.......N....
O.....[1.....A.&5..S........Z".hx.-..FD.5.;v....`.........>....\q..
.."...x..".[~.[.c.5.a.....7_{...?.z.W~.}.....^;.._.:....>w.l..&..p.
.....x....c.1.....W.......Q.EQ.k/?.vML..-..I....:uI.7V..^yNl.Dd..b..^.
v...^ ..w........g....."Z.S..}...p..~.c..1j5...~.=..ol8...":td...W
<<< skipped >>>

GET /photo/miaozanfenxiang.png?mode=open HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423

HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Sun, 24 May 2015 23:10:28 GMT

Accept-Ranges: bytes

ETag: "04ac2d27696d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:05:58 GMT

Content-Length: 19923
.PNG........IHDR.......F.....t.......bKGD..............pHYs.......... 
.... .IDATx...mp..}....(.......b ....K... ..]...<.m^..JE*.-..\y....
....\..*.A*....K..,-|.[..R)wkiK.T"[...D.z.r...,..l2$.LI.HL....9.......
..~JE.zz.O.....sf..m{ffFDD.o..o...oJ........luu...IV.=.;....z......<
;9..G.......,@...]....d.......W.......w...'.u..3 .....o.w.............
...a......N}p........'.]x..K.?...j.a|Y...D...U.].. .."..H..._..Od...&g
t;i.]M...........P....\."4..w|......|.."K.g._.9..,VJr.2..\. .O.....".-
K....%e.X..=~.R.r.....r.._{....u.........W~ "....ZT$..[K.JIj.|<.. .
...-....m...Dd........<z.g.o.%KDd..^... V..@G..../...wY.........l..
mq.s...D......,.r..}!....m.......,v~]..S..-....................D..S7.p
.*[email protected]$bKn^>....g......f.9~f...e..l._...6..-_
.......r.u".|.\M..;w.........m..c|l..9..l\7....?.U..l\7.~~.K.n.?....{.
..2....C6b|........./<.!........e......4....{&.bWw.fZ.gn}bggoP..6k.
....[D.........}..to...#._.;pA.mc.&.'..i}bg.(.......;;.m?.2.i.&....{Q.
.b./"R..... .C..Ay2.vO.....^x.....{K.6k..$..'vv..>..t.j~hk..v..,2..
......S..............v3..`,'..!)....a.....?..........6....-.]..._}...}
HDn......_.....U.K.-.X<.]...o.....okn\....3..M..y.._.e...m^w...{.O.
.a(..|...............d......;_.O...O....vi.......N.;86'"r....NQ....9.D
..v.f..f...1b...c.|.`,G..#.E...f..}.0...v....y.Es....e..{..2u..." .u.t
.t?qQ}S........i..-."....q.=....W..-..o..;..q...&.....}.'..vkO. V.y.wg
|.....y9#0.*.5 ....;#..n/.t..7.....=./..4=f....7....t<.....N......M
TK..CK9.t..?.w.W.aQ.9...k,L.....vX....0|o._~o.G.'.*[email protected]...\.....
<<< skipped >>>

GET /kefu/kf.js HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423; CNZZDATA1253155700=1428304560-1445663166-|1445663166

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Sun, 26 Jul 2015 01:19:10 GMT

Accept-Ranges: bytes

ETag: "07ba1341c7d01:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:06:04 GMT

Content-Length: 297
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"..:..e..?[.W.q]g.[w..Y5]/.e;...
6...q3..U....b.]......tv.....GiSO..y.....{.OVu...i>.E.h<..w/.V..
=.\...v........w..m...N.Y..-.^.....I.......]{.G...]................{..
...j...../.....?.5.]...HTTP/1.1 200 OK..Content-Type: application/x-ja
vascript..Content-Encoding: gzip..Last-Modified: Sun, 26 Jul 2015 01:1
9:10 GMT..Accept-Ranges: bytes..ETag: "07ba1341c7d01:0"..Vary: Accept-
Encoding..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date: Sat,
 24 Oct 2015 05:06:04 GMT..Content-Length: 297...............`.I.%&/m.
{.J.J..t...`[email protected]#).*..eVe]f.@......{....{....;.N'...?\fd.l
..J...!....?~|.?"..:..e..?[.W.q]g.[w..Y5]/.e;...6...q3..U....b.]......
tv.....GiSO..y.....{.OVu...i>.E.h<..w/.V..=.\...v........w..m...
N.Y..-.^.....I.......]{.G...]................{.....j...../.....?.5.]..
.....


GET /kefu/skin/42/skin.css HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423; CNZZDATA1253155700=1428304560-1445663166-|1445663166

HTTP/1.1 200 OK

Content-Type: text/css

Content-Encoding: gzip

Last-Modified: Sun, 26 Jul 2015 01:19:10 GMT

Accept-Ranges: bytes

ETag: "07ba1341c7d01:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:06:06 GMT

Content-Length: 942
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"~..<...M?Z...........y.n'...
X\..xV4.2.~T,.b..N.z...v.eE...../..yV?J'U;?\UM....Q.M..\..a...b9..=...
.p....}..z..I.7....._|U.......$.....}.{...I6}{QW.........Eq~.p...U....
^.../..)o.......l.V.. ....iu...eu.h^.f..0=...vS. .....m......b.h./...&
...(..}.............~2.g.2.......~6...n..8."HH..../.^f...3....tZ.U...?
.'.&../...W~............>....V.........|..~Q[.t..(>..*......u3$F
.7N~..A..P~...p.O.tZVMN...{x.p.>.a...0........:]...rU.2.v.S.x...g~.
f$..yE..X.=.....G.A.....).{............J>{@.G.)....G..44.B<..!.o
@~..tK.C..w.......T..bj>...m...y... [email protected]
.y..g.6..........e...`.EC...e..^.r.Z....qfF..}..v.CH1..3..y.|*..}...C&
.....1...4e.H.......oo",.>G.{[email protected]......<...f...%@\.lL.
M.......I....>........%.(...2..R.....l.....Ed......#...V..q....Yf."
"x.........l....?x,.....F..Wq.V...sG...q.1....@.../...."0......
...


GET /kefu/skin/42/bottom.gif HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vip.gutou.cc

Connection: Keep-Alive

Cookie: pagecook=AiZYeANnC2VWNAUeVw9XVAFpATAEOww2VVZQMF00WzYEJFA+BzFcC1VWUncLWgo8AANQFAswDGhVYlRPAX0NUg==; pagecook_ver=7efa9d80597f206b70424247efe47423; CNZZDATA1253155700=1428304560-1445663166-|1445663166

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sun, 26 Jul 2015 01:19:10 GMT

Accept-Ranges: bytes

ETag: "07ba1341c7d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sat, 24 Oct 2015 05:06:06 GMT

Content-Length: 783
GIF89an.$..#.f...k.N........<......h.x...q.....d..m..f.....o....$x.
!v.?..9..o..............T...i...........w..i.....b....................
....................................................................!.
.NETSCAPE2.0.....!.....#.,[email protected]:..h.3.Z...v..R.`lwL.
C.....n..i.gN.....~....q............................!.......!...!"..`J
...F.H.V.....H.....B.C...L.....Y..q...IU.......R...NV.i......Y........
....Z.........[....`....W..6j..(@ .^@x........R!...4m.8d.h5.v..G!..<
;.td#.....|.2N...4q.\9Pa-e.R..w`$.. .D.2u.SHU{..:.*....j.#.j..f.B...JT
.i....5..._........m..u.W/..|....x...`..]...d.. _.LW3`...g.L.3c..O..=:
..4...f..,...m.......V6..N|...../.0.]...FH.  ..........!.....#.,......
[email protected]".h1..h...V[.R1..wL.Z$.........a.Ww(....x.C..RJMT...
.T......K..C . CA.;....


GET /kefu/theme/3/style.css HTTP/1.1

Accept: */*

Referer: hXXp://vip.gutou.cc/sale.php

Accept-Language: en-us