Gen.Variant.Strictor.74096_2945c7495f

by malwarelabrobot on June 3rd, 2016 in Malware Descriptions.

Gen:Variant.Strictor.74096 (BitDefender), HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Siggen6.47921 (DrWeb), Gen:Variant.Strictor.74096 (B) (Emsisoft), SAPE.Heur.82F31 (Symantec), Backdoor.Win32.BlackHole (Ikarus), Gen:Variant.Strictor.74096 (FSecure), Generic_s.EWG (AVG), Win32:Malware-gen (Avast), Gen:Variant.Strictor.74096 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, TrojanFlyStudio.YR (Lavasoft MAS)
Behaviour: Trojan-PSW, Trojan, Backdoor, Malware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 2945c7495fe862de5b3639fcdf405959
SHA1: 75adbf61cfcc209dd34b3cf0f5c8a32e07967069
SHA256: 548b6a5c4348309809e1abbfa52556bfa9030281a759707f865d93cc494dbc3e
SSDeep: 24576:pRzDf9OG2qL/J4TQSmj/ue8L4mBF39tO94VO/08Z6J1qtmZi3sJbT bO0/DuUDbD:pRuTEmzsmBDW3s5ItnD
Size: 2314240 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: no certificate found
Created at: 2015-10-21 18:30:48
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan-PSW. Trojan program intended for stealing users passwords.

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

%original file name%.exe:872

The Trojan injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:872 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1OITCXMZ\35887743[1].htm (421 bytes)
C:\svchost.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\35887743[1].htm (16232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4N740QDH\35887743[1].htm (17422 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\35887743[1].htm (0 bytes)

Registry activity

The process %original file name%.exe:872 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 7F D7 4F 69 C2 F8 BE 13 D9 3C D5 FB 7C 81 61"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Play_Background_Sounds" = "no"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"%original file name%.exe" = "c:\%original file name%.exe"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
0fa14e09d6f8af8b0430417f3d465cd9	c:\svchost.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: Window ?????
Product Version: 1.0.0.0
Legal Copyright: Window ?????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: Window ?????
Comments: Window ?????
Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	946151	946176	4.41475	f0e48a43de943b3edb0557da536d5428
.rdata	950272	1272742	1273856	4.30656	c790a82c20739957103422acf73fb915
.data	2224128	192618	65536	3.48946	2b1ca8a23cfeadbd1e6786a3db51d210
.rsrc	2420736	23784	24576	3.55038	0dcea93969f8acb0cc78e39d70e12db6

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://duowan.xdwscache.ourglb0.com/
hxxp://www.yy.com/9050	113.107.236.195
hxxp://duowan.xdwscache.ourglb0.com/pc/js/lib/jQuery/jquery-1.11.1.min.js
hxxp://duowan.xdwscache.ourglb0.com/pc/css/studio.css?20160602135939
hxxp://duowan.xdwscache.ourglb0.com/pc/css/headfoot.mix.css?20160602135939
hxxp://duowan.xdwscache.ourglb0.com/duowan.js
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy\|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849065284&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849065284	14.17.119.59
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy\|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849065831&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849065831	14.17.119.59
hxxp://duowan.xdwscache.ourglb0.com/hiido_internal.js?siteid=www@yy
hxxp://res.udb.duowan.com/lgn/js/oauth/udbsdk/pcweb/udb.sdk.pcweb.embed.min.js	222.73.61.81
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy\|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849066144&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849066144	14.17.119.59
hxxp://duowan.xdwscache.ourglb0.com/pc/js/headfoot.mix.js?20160602135939
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&isnew=1&io=1&ut=1464849067566&rnd=0.79673912970488821464849067566	14.17.119.59
hxxp://duowan.xdwscache.ourglb0.com/pc/images/default_portrait.jpg
hxxp://res.udb.duowan.com/lgn/js/oauth/udbsdk/udb.sdk.getmm.min.js	222.73.61.81
hxxp://duowan.xdwscache.ourglb0.com/pc/images/2wm.png
hxxp://duowan.xdwscache.ourglb0.com/pc/js/liveplayerInline.js?20160602135939
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-head/images/w-head-sprite.png?$cssjsdate
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-leftMenu/images/icons-menuclose.png
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-leftMenu/images/icons-leftMenu2.png
hxxp://cm.hiido.cn/cm/user?time=1464849065&domain=yy.com&zds=www@yy\|&hiido_ui=0.572767224148353	103.30.231.70
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-thirdpartyLogin/images/login-close.png
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-liveplayerToolBar/images/w-liveplayerToolBar-sprite.png?201605261526
hxxp://duowan.xdwscache.ourglb0.com/pc/images/default_load.png
hxxp://duowan.xdwscache.ourglb0.com/pc/js/lib/requirejs/require.js?20160602135939
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-chatroom/images/alpha-bg.png
hxxp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&	103.30.231.70
hxxp://duowan.xdwscache.ourglb0.com/pc/images/icons-index.png?20160505002
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-liveplayer/images/w-liveplayer-sprite-p24.png?201605261526
hxxp://weblbs.yystatic.com/s/36588833/2488366466/yycomscene.swf	115.238.59.218
hxxp://cm.hiido.cn/cm/user?time=1464849066&domain=yy.com&zds=www@yy\|&hiido_ui=0.572767224148353	103.30.231.70
hxxp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&	103.30.231.70
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-thirdpartyLogin/images/login_btn.png
hxxp://res.udb.duowan.com/lgn/css/oauth/udbsdk/xelogin.sdk.css	222.73.61.81
hxxp://duowan.xdwscache.ourglb0.com/pc/js/studio.js?20160602135939
hxxp://hm.e.shifen.com/hm.js?c493393610cdccbddc1f124d567e36ab
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=807722698&si=c493393610cdccbddc1f124d567e36ab&st=1&v=1.1.26&lv=1&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=1000,1000&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=607327760&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=1
hxxp://cm.hiido.cn/cm/user?time=1464849073&domain=yy.com&zds=www@yy\|&hiido_ui=0.572767224148353	103.30.231.70
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=5984&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&isnew=1&io=0&ut=1464849073691&rnd=0.79673912970488821464849073691	14.17.119.59
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=498269031&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™
hxxp://dw.dlmix.ourdvs.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://www.yy.com/9050
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=1&ut=1464849074691&rnd=0.79673912970488821464849074691	14.17.119.59
hxxp://www.yy.com/	113.107.236.195
hxxp://duowan.xdwscache.ourglb0.com/pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526
hxxp://log.gds.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6
hxxp://log.gds.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6
hxxp://duowan.xdwscache.ourglb0.com/MGFhN2YyZTEtZWM1YS00MWJiLWFkZjAtNWYyYTExZDQzNTg0.jpg
hxxp://duowan.xdwscache.ourglb0.com/ZTE4NDIzY2MtZDA5OS00YjQzLWI2NGUtMzBmODc3M2ZmMzQz.jpg
hxxp://duowan.xdwscache.ourglb0.com/ODQzOGMzMTYtYWMyMi00MzBjLTg1MjEtYTA1ZTlmMjhkZWQx.jpg
hxxp://duowan.xdwscache.ourglb0.com/MTFhOWY1ODAtYTc2Zi00OGI2LThlNGUtMDE2YmFkZWY4OTIw.jpg
hxxp://duowan.xdwscache.ourglb0.com/pc/images/loading-white-mini.gif?201605261526
hxxp://duowan.xdwscache.ourglb0.com/ZDJlZDFmYWEtMjgxOS00NmU3LWE1NzQtMjYzYWM4NDkwMWVj.jpg
hxxp://duowan.xdwscache.ourglb0.com/NDQ1NzI4OTctZjBkMi00NzRkLTk4OGItYWRkN2NjZWU4ZjY4.jpg
hxxp://duowan.xdwscache.ourglb0.com/ZGZhMGQ3YjgtNzViYS00ZThiLTlkYjktZTY0M2RlZWE0OTI2.jpg
hxxp://duowan.xdwscache.ourglb0.com/MjJlMDk2YjEtODlkMS00OGVkLWIzNmItMGFhOGZiMzUyOGQy.jpg
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849075&username=	14.17.119.59
hxxp://duowan.xdwscache.ourglb0.com/OWE1YWJkNTEtMTgyNy00MGQzLTg2YzMtN2RiZjYxNTdmNmJi.jpg
hxxp://log.gds.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/DF/D3/tz0M9VdIH4YAAAAAAABCXwapNGU050.jpg
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/DB/E1/tz0M9Vc1T9UAAAAAAAA9GCmL_PA833.jpg
hxxp://duowan.xdwscache.ourglb0.com/1354080893_1464664091.891954.jpg?ips_thumbnail/4/0/w/363/h/330/format=jpeg
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/2F/B8/tz0M9VVAXDEAAAAAAAApeRzzhWQ610.jpg
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/A8/67/d7wtWVZMVGYAAAAAAAAsUBB5Ylo338.jpg
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/AB/24/tz0M9VZb9NQAAAAAAAAquzvx9eg282.jpg
hxxp://duowan.xdwscache.ourglb0.com/group16/M00/BA/4B/d7wtWVbNX2QAAAAAAABV3x-aSpw439.jpg
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&cna=rMDWDx5FnCUCASU5EL04/DMR
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&act_type=200&source=0_0&time=1464849075&username=	14.17.119.59
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy\|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849073831&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849073831	14.17.119.59
hxxp://weblbs.yystatic.com/crossdomain.xml	115.238.59.218
hxxp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&tanx_tid=rzQriA3wFNQ=	103.30.231.70
hxxp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=9Cingj_B4CY=	103.30.231.70
hxxp://weblbs.yystatic.com//get-data/36588833?subSid=2488366466&type=yycomscene&referer=hxxp://www.yy.com/9050&_=38874345	115.238.59.218
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY
hxxp://log.gds.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6
hxxp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY=	103.30.231.70
hxxp://ad.wagbridge.tanx.com.gds.alibabadns.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY
hxxp://dw.dlmix.ourdvs.com/r/rc/yycomscene/core/1/14/core.bmp
hxxp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY=	103.30.231.70
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=6188,6188&et=3&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=1454432038&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2
hxxp://cm.hiido.cn/cm/user?time=1464849080&domain=yy.com&zds=www@yy\|&hiido_ui=0.572767224148353	103.30.231.70
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=5468&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=0&ut=1464849080175&rnd=0.79673912970488821464849080175	14.17.119.59
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy\|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849080378&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849080378	14.17.119.59
hxxp://duowan.xdwscache.ourglb0.com/huya/main/pkg/auto_combine_334bb_d5d43b2.css
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=490742383&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=1&ut=1464849081066&rnd=0.79673912970488821464849081066	14.17.119.59
hxxp://weblbs.yystatic.com//get-data/36588833?subSid=2488366466&type=yycomscene&referer=hxxp://www.yy.com/9050&_=39600410	115.238.59.218
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849082&username=	14.17.119.59
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&act_type=200&source=0_0&time=1464849082&username=	14.17.119.59
hxxp://dw.dlmix.ourdvs.com/r/sc/yycomscene/defaultScene/1/72/defaultScene.swf
hxxp://m.yy.com/statistics/StatisticsAction.json?uri=studio_ie6_windows xp&value=1	115.238.189.225
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=7594,7594&et=3&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=1123212515&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2
hxxp://cm.hiido.cn/cm/user?time=1464849088&domain=yy.com&zds=www@yy\|&hiido_ui=0.572767224148353	103.30.231.70
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=7687&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=0&ut=1464849088784&rnd=0.79673912970488821464849088784	14.17.119.59
hxxp://ylog.hiido.com/j.gif?act=web&zd=www@yy\|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849088972&wd=0&passport=&sns=null&pcmb=1&pl=http://www.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849088972	14.17.119.59
hxxp://m.yy.com/statistics/YycomPageLoadTimeStatisticsAction.json?uri=head-headfoot.mix.css&time=78	115.238.189.225
hxxp://ylog.hiido.com/j.gif?act=webstat&ht=www.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win\|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=&lt=&xy=&ext=&v=v0.7.4&pl=http://www.yy.com/9050&io=1&ut=1464849089894&rnd=0.79673912970488821464849089894	14.17.119.59
hxxp://weblbs.yystatic.com//get-data/36588833?subSid=2488366466&type=yycomscene&referer=hxxp://www.yy.com/9050&_=19542649	115.238.59.218
hxxp://ylog.hiido.com/j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849091&username=	14.17.119.59
hxxp://dw.dlmix.ourdvs.com/r/sc/yycomscene/defaultScene/1/72/liveBaseSceneConfig.xml
hxxp://dw.dlmix.ourdvs.com/r/sc/yycomscene/defaultScene/1/72/danmaku.swf
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=807722698&si=c493393610cdccbddc1f124d567e36ab&st=1&v=1.1.26&lv=1&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™	220.181.7.190
hxxp://a.dwstatic.com/huya/main/pkg/auto_combine_334bb_d5d43b2.css	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&	140.205.34.97
hxxp://yyweb.yystatic.com/pc/images/2wm.png	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/default_load.png	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&	140.205.34.97
hxxp://yyweb.yystatic.com/pc/images/components/w-thirdpartyLogin/images/login-close.png	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY	140.205.34.97
hxxp://res.m.yystatic.com/group16/M00/A8/67/d7wtWVZMVGYAAAAAAAAsUBB5Ylo338.jpg	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/components/w-leftMenu/images/icons-menuclose.png	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/default_portrait.jpg	87.245.198.83
hxxp://m.yy.com/zone/1151027897/	115.238.189.225
hxxp://yyweb.yystatic.com/pc/images/loading-white-mini.gif?201605261526	87.245.198.83
hxxp://www.huya.com/	87.245.198.83
hxxp://c2.web.yystatic.com/r/sc/yycomscene/defaultScene/1/72/defaultScene.swf	87.245.198.84
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=1000,1000&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=607327760&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=1	220.181.7.190
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=498269031&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™	220.181.7.190
hxxp://yyweb.yystatic.com/pc/images/components/w-liveplayerToolBar/images/w-liveplayerToolBar-sprite.png?201605261526	87.245.198.83
hxxp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://www.yy.com/9050	87.245.198.84
hxxp://yyweb.yystatic.com/pc/css/studio.css?20160602135939	87.245.198.83
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=7594,7594&et=3&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=1123212515&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2	220.181.7.190
hxxp://c2.web.yystatic.com/r/rc/yycomscene/core/1/14/core.bmp	87.245.198.84
hxxp://yyweb.yystatic.com/pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526	87.245.198.83
hxxp://emyfs.bs2cdn.yy.com/MjJlMDk2YjEtODlkMS00OGVkLWIzNmItMGFhOGZiMzUyOGQy.jpg	87.245.198.83
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=6188,6188&et=3&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=1454432038&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2	220.181.7.190
hxxp://statistics.yy.com/statistics/StatisticsAction.json?uri=studio_ie6_windows xp&value=1	115.238.189.225
hxxp://m.yy.com/zone/35887743/	115.238.189.225
hxxp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6	140.205.174.1
hxxp://mobilelivephoto.bs2dl.yy.com/1354080893_1464664091.891954.jpg?ips_thumbnail/4/0/w/363/h/330/format=jpeg	87.245.198.83
hxxp://res.m.yystatic.com/group16/M00/DB/E1/tz0M9Vc1T9UAAAAAAAA9GCmL_PA833.jpg	87.245.198.83
hxxp://yyweb.yystatic.com/pc/css/headfoot.mix.css?20160602135939	87.245.198.83
hxxp://emyfs.bs2cdn.yy.com/MTFhOWY1ODAtYTc2Zi00OGI2LThlNGUtMDE2YmFkZWY4OTIw.jpg	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/icons-index.png?20160505002	87.245.198.83
hxxp://emyfs.bs2cdn.yy.com/ZGZhMGQ3YjgtNzViYS00ZThiLTlkYjktZTY0M2RlZWE0OTI2.jpg	87.245.198.83
hxxp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6	140.205.174.1
hxxp://emyfs.bs2cdn.yy.com/NDQ1NzI4OTctZjBkMi00NzRkLTk4OGItYWRkN2NjZWU4ZjY4.jpg	87.245.198.83
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=490742383&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™	220.181.7.190
hxxp://emyfs.bs2dl.yy.com/MGFhN2YyZTEtZWM1YS00MWJiLWFkZjAtNWYyYTExZDQzNTg0.jpg	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/components/w-chatroom/images/alpha-bg.png	87.245.198.83
hxxp://yyweb.yystatic.com/pc/js/headfoot.mix.js?20160602135939	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/components/w-liveplayer/images/w-liveplayer-sprite-p24.png?201605261526	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/components/w-leftMenu/images/icons-leftMenu2.png	87.245.198.83
hxxp://emyfs.bs2cdn.yy.com/ODQzOGMzMTYtYWMyMi00MzBjLTg1MjEtYTA1ZTlmMjhkZWQx.jpg	87.245.198.83
hxxp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6	140.205.174.1
hxxp://m.yy.com/zone/35887743	115.238.189.225
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&	140.205.34.97
hxxp://www.duowan.com/duowan.js	87.245.198.83
hxxp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6	140.205.174.1
hxxp://res.m.yystatic.com/group16/M00/DF/D3/tz0M9VdIH4YAAAAAAABCXwapNGU050.jpg	87.245.198.83
hxxp://yyweb.yystatic.com/pc/images/components/w-thirdpartyLogin/images/login_btn.png	87.245.198.83
hxxp://yyweb.yystatic.com/pc/js/lib/requirejs/require.js?20160602135939	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H	140.205.34.97
hxxp://emyfs.bs2cdn.yy.com/OWE1YWJkNTEtMTgyNy00MGQzLTg2YzMtN2RiZjYxNTdmNmJi.jpg	87.245.198.83
hxxp://res.m.yystatic.com/group16/M00/2F/B8/tz0M9VVAXDEAAAAAAAApeRzzhWQ610.jpg	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY	140.205.34.97
hxxp://hm.baidu.com/hm.js?c493393610cdccbddc1f124d567e36ab	220.181.7.190
hxxp://res.m.yystatic.com/group16/M00/AB/24/tz0M9VZb9NQAAAAAAAAquzvx9eg282.jpg	87.245.198.83
hxxp://c2.web.yystatic.com/r/sc/yycomscene/defaultScene/1/72/liveBaseSceneConfig.xml	87.245.198.84
hxxp://yyweb.yystatic.com/pc/js/liveplayerInline.js?20160602135939	87.245.198.83
hxxp://emyfs.bs2dl.yy.com/ZTE4NDIzY2MtZDA5OS00YjQzLWI2NGUtMzBmODc3M2ZmMzQz.jpg	87.245.198.83
hxxp://yyweb.yystatic.com/pc/js/studio.js?20160602135939	87.245.198.83
hxxp://m.yy.com/zone/1151027897	115.238.189.225
hxxp://yyweb.yystatic.com/pc/js/lib/jQuery/jquery-1.11.1.min.js	87.245.198.83
hxxp://emyfs.bs2dl.yy.com/ZDJlZDFmYWEtMjgxOS00NmU3LWE1NzQtMjYzYWM4NDkwMWVj.jpg	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy\|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&cna=rMDWDx5FnCUCASU5EL04/DMR	140.205.34.97
hxxp://yyweb.yystatic.com/pc/images/components/w-head/images/w-head-sprite.png?$cssjsdate	87.245.198.83
hxxp://hdjs.hiido.com/hiido_internal.js?siteid=www@yy	87.245.198.83
hxxp://res.m.yystatic.com/group16/M00/BA/4B/d7wtWVbNX2QAAAAAAABV3x-aSpw439.jpg	87.245.198.83
hxxp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy\|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&	140.205.34.97
lgn.yy.com	111.206.234.57
dataaq.yy.com

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Outdated Windows Flash Version IE

Traffic

GET /ODQzOGMzMTYtYWMyMi00MzBjLTg1MjEtYTA1ZTlmMjhkZWQx.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2cdn.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 05:31:17 GMT

Date: Thu, 02 Jun 2016 05:31:17 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 58508

Accept-Ranges: bytes

Last-Modified: Mon, 16 May 2016 07:35:00 GMT

ETag: "4ac5610c6e90504634bca718aaa21645b428adcd"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 fuzhou189:88 (Cdn Cache Server V2.0), 1.1 db78:2 (Cdn Cache Server V2.0)

Connection: keep-alive
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?....>
1......S.h.2..[.Y,.v....F..!f.....$...^.....'.....-.....q... ......Kx.
3.......5..}.SY!;...i...........A|Q..>$....]......Z.._.?|O....!f...
.....*......P:....x~..:[email protected]../.7.?R .:.3...|l..e.^......]..ml...n$P
G...~..}.......e..kkk...Qnu\&.r....= ..u..<ia.......l.\..@....}....
B.My=.f;d...x...}.....j..qTmT..?..8..U..N.y.=jI..2[...,...;N..8.b.c..i
[email protected]....;...D..D}.?.x.]..?!^K..[..Rp..W....
..W...t.e.....tz..k..Z..nd....&.M.-5...9."#.....\.....?.4=a.O.^-......
....A.8..=E||....w..<[email protected]}........k.kK.....>)......X.
"..$'./\.......~._.b......A#..\......Y...f..0<.8.....7...I....2M\.S
.....P...Mzc..;R....Wd..'..x...]...X.9......:N..08.s...u..X.....o.} 5.
..J....f.........u)....s.{..*....C(..)....U.Z..#.$Y..O....k.TL.n0x..}.
{.....^2.V;..k...]..g..z....._....e.?.FA............_..G...p..T....qJ7
D.vr|z...?.<P=1.......W..~&.......XQ.......Xv.....2X\FFB..R...)<<< skipped >>>

GET /NDQ1NzI4OTctZjBkMi00NzRkLTk4OGItYWRkN2NjZWU4ZjY4.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2cdn.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074


HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 07:39:04 GMT

Date: Wed, 01 Jun 2016 07:39:04 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 49495

Accept-Ranges: bytes

Last-Modified: Wed, 18 May 2016 11:43:51 GMT

ETag: "12a3c1718d7d10cca17468109f57cf1aa949f71a"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 jfzh181:8111 (Cdn Cache Server V2.0), 1.1 db77:8 (Cdn Cache Server V2.0)

Connection: keep-alive

....$.Exif..MM.*...............T......................................
.................................................(...........1........
...2...........i............. ............'.......'.Adobe Photoshop CS
6 (Windows).2016:04:14 15:30:10.............0221......................
.............................................n...........v.(..........
...........~..........#........H.......H.........XICC_PROFILE......HLi
no....mntrRGB XYZ .........1..acspMSFT....IEC sRGB....................
...-HP  ................................................cprt...P...3de
sc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....
dmnd...T...pdmdd........vued...L....view.......$lumi........meas......
.$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Cop
yright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1
............sRGB IEC61966-2.1.........................................
.........XYZ .......Q........XYZ ................XYZ ......o...8.....X
YZ ......b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.
ch............IEC hXXp://VVV.iec.ch...................................
...........desc........IEC 61966-2.1 Default RGB colour space - sRGB..
..........IEC 61966-2.1 Default RGB colour space - sRGB...............
.......desc.......,Reference Viewing Condition in IEC61966-2.1........
...,Reference Viewing Condition in IEC61966-2.1.......................
...view.........._...............\.....XYZ .....L.V.P...W..meas.......
.........................sig ....CRT curv.......................#.

<<< skipped >>>

GET /MjJlMDk2YjEtODlkMS00OGVkLWIzNmItMGFhOGZiMzUyOGQy.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2cdn.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 05:18:19 GMT

Date: Thu, 02 Jun 2016 05:18:19 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 92356

Accept-Ranges: bytes

Last-Modified: Tue, 19 Apr 2016 09:16:37 GMT

ETag: "a95678e5c13d1ab1ef3ba420c68d4450b5bd0207"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 db78:5 (Cdn Cache Server V2.0)

Connection: keep-alive

......Exif..MM.*...............@......................................
......................................................................
...(...........1...........2.......................i.............H....
..Apple.iPhone 6s.......'.......'.Adobe Photoshop CC (Windows).2016:04
:12 17:01:53..............................."...........'.......}......
....0221..............................................................
......................................................................
........278.........278.........0100.......................b..........
.B....................................................................
.....2...........3...........4.....#...$...........!........2016:03:22
 19:30:48.2016:03:22 19:30:48............/.......m...............S....
.......2...S.......S....................Apple.iPhone 6s back camera 4.
15mm f/2.2.........................................(..................
.......................H.......H..........Adobe_CM......Adobe.d.......
......................................................................
......................................................................
..."................?.................................................
.........................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...c
s5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw........
................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..
D.T..dEU6te......u..F...............Vfv........'7GWgw.................
?.. ..`.&%p.&..J]:d.)p.2t.......J$.$...N......0>.a8...fX.m.a...

<<< skipped >>>

GET /hm.js?c493393610cdccbddc1f124d567e36ab HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0


HTTP/1.1 200 OK

Cache-Control: max-age=0, must-revalidate

Content-Encoding: gzip

Content-Length: 8796

Content-Type: application/javascript

Date: Thu, 02 Jun 2016 06:31:04 GMT

Etag: a6182c7abd554fdec141e481c8a3b5e5

Server: apache
...............(function(){var h={},mt={},c={id:"c493393610cdccbddc1f1
24d567e36ab",dm:["yy.com"],js:"tongji.baidu.com/hm-web/js/",etrk:[],ic
on:'',ctrk:false,align:-1,nv:-1,vdur:1800000,age:31536000000,rec:0,rp:
[],trust:0,vcard:0,qiao:0,lxb:0,conv:0,med:0,cvcc:'',cvcf:[],apps:''};
.;.{......p..`5........l.]....X..I..l...c..IZ...wF.CN...{.....3....d.&
lt;5R.LB.....wi..E...;.9.....[.....,..a.....~H'.s..V.....Ij/2.>..8'
j........[..e..../6..k1~z;.......%.4.Oc.F.g5.F..../..D..*..x<^...f.
].M.....(...Pv..bvhd.Xa......U......T..^.~>.l..m..........GK&DI.D..
.kN..`2.UlAQ.Uov&r.,b/.......Y/A.|'..m.,`.X.Ox......3a...h.6L#..dV .m.
.m.m. ..........eg.4.N..|...)....}....0....v......<...EJ...8-..".&v
n..#....:.."..S.e....A.6.l..;..b9.{.$......7B.|x6...GZ......X.j1P.4...
....3.eox..d.$..2.6..|..k.... ..[RX.....j.....~{7......9...g.1....S4..
#Kb..F.......`.s.g....9H.....T0..D<.'.{%...&...Yd..@.."O..{...8....
$.,3.A.R.x.M,....J.....)...Q[. ` .....Z...?]B....[,....UMK.,Y..L.|...u
....p_.&.tE.D....9.&r%...t.Kf.H..d.i....&.....b...Xf..I.N.&`...&...-.Y
C...P.......%0.e..%_.....!..!ShaU..D0.........&...K.pJt.....H..V......
)(}.d...Z.d...*.Z~......T;... [email protected]}3...50.T
G....#..`K.|....~......,..c......E.4.|gp..a!^..w<Z.......Fh....(l*.
.ge.....i..,Y....I..`."5.3i.....F.........n......:*t.`..QL.<...v...
.ge..!.9...yt..@....`I......E.k._.'..(A...].0.........n... .......n!k.
..>...(x..Fnm....n...7.l...e3.f ..6S.LM.8..on...y#;....f.....F..#..
......".E..p......GM..3W....f..8.!. .b.>.c....J.......7I"..j...<<< skipped >>>

GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=807722698&si=c493393610cdccbddc1f124d567e36ab&st=1&v=1.1.26&lv=1&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™ HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0


HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 02 Jun 2016 06:31:04 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Content-Length: 43..Content-Type: i
mage/gif..Date: Thu, 02 Jun 2016 06:31:04 GMT..Pragma: no-cache..Serve
r: apache..X-Content-Type-Options: nosniff..GIF89a.............!......
.,...........L..;....


GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=1000,1000&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=607327760&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0


HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 02 Jun 2016 06:31:05 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;....


GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=498269031&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™ HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0


HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 02 Jun 2016 06:31:05 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Content-Length: 43..Content-Type: i
mage/gif..Date: Thu, 02 Jun 2016 06:31:05 GMT..Pragma: no-cache..Serve
r: apache..X-Content-Type-Options: nosniff..GIF89a.............!......
.,...........L..;....


GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=6188,6188&et=3&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=1454432038&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0


HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 02 Jun 2016 06:31:12 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff

GIF89a.............!.......,...........L..;....

GET /hm.js?c493393610cdccbddc1f124d567e36ab HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0


HTTP/1.1 200 OK

Cache-Control: max-age=0, must-revalidate

Content-Encoding: gzip

Content-Length: 8796

Content-Type: application/javascript

Date: Thu, 02 Jun 2016 06:31:12 GMT

Etag: a6182c7abd554fdec141e481c8a3b5e5

Server: apache
...............(function(){var h={},mt={},c={id:"c493393610cdccbddc1f1
24d567e36ab",dm:["yy.com"],js:"tongji.baidu.com/hm-web/js/",etrk:[],ic
on:'',ctrk:false,align:-1,nv:-1,vdur:1800000,age:31536000000,rec:0,rp:
[],trust:0,vcard:0,qiao:0,lxb:0,conv:0,med:0,cvcc:'',cvcf:[],apps:''};
.;.{......p..`5........l.]....X..I..l...c..IZ...wF.CN...{.....3....d.&
lt;5R.LB.....wi..E...;.9.....[.....,..a.....~H'.s..V.....Ij/2.>..8'
j........[..e..../6..k1~z;.......%.4.Oc.F.g5.F..../..D..*..x<^...f.
].M.....(...Pv..bvhd.Xa......U......T..^.~>.l..m..........GK&DI.D..
.kN..`2.UlAQ.Uov&r.,b/.......Y/A.|'..m.,`.X.Ox......3a...h.6L#..dV .m.
.m.m. ..........eg.4.N..|...)....}....0....v......<...EJ...8-..".&v
n..#....:.."..S.e....A.6.l..;..b9.{.$......7B.|x6...GZ......X.j1P.4...
....3.eox..d.$..2.6..|..k.... ..[RX.....j.....~{7......9...g.1....S4..
#Kb..F.......`.s.g....9H.....T0..D<.'.{%...&...Yd..@.."O..{...8....
$.,3.A.R.x.M,....J.....)...Q[. ` .....Z...?]B....[,....UMK.,Y..L.|...u
....p_.&.tE.D....9.&r%...t.Kf.H..d.i....&.....b...Xf..I.N.&`...&...-.Y
C...P.......%0.e..%_.....!..!ShaU..D0.........&...K.pJt.....H..V......
)(}.d...Z.d...*.Z~......T;... [email protected]}3...50.T
G....#..`K.|....~......,..c......E.4.|gp..a!^..w<Z.......Fh....(l*.
.ge.....i..,Y....I..`."5.3i.....F.........n......:*t.`..QL.<...v...
.ge..!.9...yt..@....`I......E.k._.'..(A...].0.........n... .......n!k.
..>...(x..Fnm....n...7.l...e3.f ..6S.LM.8..on...y#;....f.....F..#..
......".E..p......GM..3W....f..8.!. .b.>.c....J.......7I"..j...<<< skipped >>>

GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=490742383&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2&tt=å¸ è±ª â•ž è®² â”‚Ð® è§£ å¤§ åŽ…â•¡-æ£åœ¨ç›´æ’-ä¸å›½é¢†å…ˆçš„ç›´æ’ç½‘ç«™ HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0


HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 02 Jun 2016 06:31:13 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Content-Length: 43..Content-Type: i
mage/gif..Date: Thu, 02 Jun 2016 06:31:13 GMT..Pragma: no-cache..Serve
r: apache..X-Content-Type-Options: nosniff..GIF89a.............!......
.,...........L..;....


GET /hm.gif?cc=0&ck=1&cl=32-bit&ds=1916x902&ep=7594,7594&et=3&fl=11.6&ja=1&ln=en-us&lo=0&lt=1464849073&nv=0&rnd=1123212515&si=c493393610cdccbddc1f124d567e36ab&st=4&v=1.1.26&lv=2 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=AD4692A2C64DD9D0


HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 02 Jun 2016 06:31:20 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Content-Length: 43..Content-Type: i
mage/gif..Date: Thu, 02 Jun 2016 06:31:20 GMT..Pragma: no-cache..Serve
r: apache..X-Content-Type-Options: nosniff..GIF89a.............!......
.,...........L..;..

GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849065831&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849065831 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490570624496829100001; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849088972&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849088972 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849065284&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849065284 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490570624496829400246; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:04 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Location: hXXp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /r/rc/yycomscene/core/1/14/core.bmp HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c2.web.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433


HTTP/1.1 200 OK

Content-Length: 312536

Content-Type: text/html;charset=UTF-8

Last-Modified: Wed,02-Dec-15 18:31:11 GMT

Via: 1.1 db80:8032 (Cdn Cache Server V2.0)

Connection: keep-alive
....F.)}!.C"k.......C#.d...._....Rk.S.{S.0:...t.<.....`n.K........p
.Z...l.!....".j....$"..!...8.[.B...adp.......U.py..xZ^.1.<.:...2(.!
G..-....9m.....B.?.....!C.`.r...w.A..$.........-.X....X`%...tZ..Pp\. B
.Y.%...j? .JGvK.\.....iB.x$w.....v.B....d..)s..#..T&..F..:l. .y.H.....
0......[..@.. ....,..0..>.....&..*..i.M.On...T.g.&...xuE....c......
5..!.)X4..^4....ak..A....l.R)..*B.v-.M....D..8v]../.\M...../x<....-
....u.....Z7... ....~.YM.....i.^C.iw.....bv.._$....p}E.............v..
P.M..........^.aq....{:.Psh...{[email protected]..@~.S..E.1.V..\
..5......$./.b..:..y..W..fR?X.T>..JP.........g.\.....$.._.N.G.l..Us
..[..u)........j..X!VYS..hf*re.........D..8..P......W..96!.U..s.......
..R..oJi.c.....Kb.H.....[n..v......o..`..B|....A...<...2S.. G...u.3
...v....V..r.Pyx....d.I..L.t%_.O..z.....NG..m.Ln.F.{[email protected]...
^R..!..0..b.n.RgW..2.....7..t'}P...r.094._H..._.O.PXk.....c3.....>.
....wI.Hx..px..t....g.L..[..;lW...x4.qV....$Z...5.D DLwM...B..S&......
............I........v..3G..P@.#.D#..r.e..([email protected]'.2...... $...?.m....
...St......`..T....H[#N..0^.wd..z.Xml.f.T....).........&.U...6H....,..
.....V%...<.]./*..C..6../...3..R.Y.v.~<'.m..Sp..g$........Xt....
.x..4.^.ZQx...t..W_....&..pV\FV...X..._..x..1(..S p-.....3L`;R..9.aT49
..<...}..Eo....z....Z.......x....XMx^G.!\..8........`...].;'k.....G
.L.X......f..f...<..?]..MQ.&..k16t8..D.@p^.P...|.......: .w..Vr.E.n
.,.2.^v.&y...#..p'.;..xv(..t..t..1...r.|@..Z...p........n...w$.V8.i&.1
.F.<...8..QFp.c.u`[....v..T....y.GF(.\.$.......O...|.;Y...Gdh..<<< skipped >>>

GET /r/sc/yycomscene/defaultScene/1/72/liveBaseSceneConfig.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c2.web.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433


HTTP/1.1 200 OK

Content-Length: 918

Content-Type: text/xml;charset=UTF-8

Last-Modified: Wed,02-Dec-15 18:31:25 GMT

Via: 1.1 db79:90 (Cdn Cache Server V2.0)

Connection: close
...<?xml version="1.0" encoding="utf-8" ?>..<data>...<!
-- ...........................  -->...<isStartCache>true</
isStartCache>......<scene>....<version>liveBaseScene1.0
.0.1</version>....<layers>.....<layer name="layer0" /&g
t;.....<layer name="layer1" />.....<layer name="layer2" />
.....<layer name="layer4" />....</layers>...</scene>
......<modules>....<module type="scene" name="liveCard" value
="liveCard.swf">.....<addChild>......<module name="liveCar
d" container="scene" layer="layer0" />.....</addChild>...<
/module>...<module type="scene" name="danmaku" value="danmaku.sw
f">....<addChild>.....<module name="danmaku"  container="s
cene" layer="layer1" ></module>....</addChild>...</m
odule>...<!-- ......... -->....<module type="scene" name="
controlBar" value="controlBar.swf">.....<addChild>......<m
odule name="controlBar"  container="scene" layer="layer4" ></mod
ule>.....</addChild>....</module>...</modules>..&
lt;/data>..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY

Connection: Keep-Alive

Host: cms.tanx.com


HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:10 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Location: hXXp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY=

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H  HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:08 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Set-Cookie: cna=rMDWD7pw/UgCASU5EL0I34H ; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=tanx.com

Location: hXXp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=9Cingj_B4CY=

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /r/rc/yycomscene/core/1/14/core.bmp HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c2.web.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433


HTTP/1.1 200 OK

Content-Length: 312536

Content-Type: text/html;charset=UTF-8

Last-Modified: Wed,02-Dec-15 18:31:11 GMT

Age: 2

Via: 1.1 db80:8032 (Cdn Cache Server V2.0)

Connection: keep-alive
....F.)}!.C"k.......C#.d...._....Rk.S.{S.0:...t.<.....`n.K........p
.Z...l.!....".j....$"..!...8.[.B...adp.......U.py..xZ^.1.<.:...2(.!
G..-....9m.....B.?.....!C.`.r...w.A..$.........-.X....X`%...tZ..Pp\. B
.Y.%...j? .JGvK.\.....iB.x$w.....v.B....d..)s..#..T&..F..:l. .y.H.....
0......[..@.. ....,..0..>.....&..*..i.M.On...T.g.&...xuE....c......
5..!.)X4..^4....ak..A....l.R)..*B.v-.M....D..8v]../.\M...../x<....-
....u.....Z7... ....~.YM.....i.^C.iw.....bv.._$....p}E.............v..
P.M..........^.aq....{:.Psh...{[email protected]..@~.S..E.1.V..\
..5......$./.b..:..y..W..fR?X.T>..JP.........g.\.....$.._.N.G.l..Us
..[..u)........j..X!VYS..hf*re.........D..8..P......W..96!.U..s.......
..R..oJi.c.....Kb.H.....[n..v......o..`..B|....A...<...2S.. G...u.3
...v....V..r.Pyx....d.I..L.t%_.O..z.....NG..m.Ln.F.{[email protected]...
^R..!..0..b.n.RgW..2.....7..t'}P...r.094._H..._.O.PXk.....c3.....>.
....wI.Hx..px..t....g.L..[..;lW...x4.qV....$Z...5.D DLwM...B..S&......
............I........v..3G..P@.#.D#..r.e..([email protected]'.2...... $...?.m....
...St......`..T....H[#N..0^.wd..z.Xml.f.T....).........&.U...6H....,..
.....V%...<.]./*..C..6../...3..R.Y.v.~<'.m..Sp..g$........Xt....
.x..4.^.ZQx...t..W_....&..pV\FV...X..._..x..1(..S p-.....3L`;R..9.aT49
..<...}..Eo....z....Z.......x....XMx^G.!\..8........`...].;'k.....G
.L.X......f..f...<..?]..MQ.&..k16t8..D.@p^.P...|.......: .w..Vr.E.n
.,.2.^v.&y...#..p'.;..xv(..t..t..1...r.|@..Z...p........n...w$.V8.i&.1
.F.<...8..QFp.c.u`[....v..T....y.GF(.\.$.......O...|.;Y...Gdh..<<< skipped >>>

GET /r/sc/yycomscene/defaultScene/1/72/defaultScene.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c2.web.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433


HTTP/1.1 200 OK

Content-Length: 28691

Content-Type: application/x-shockwave-flash;charset=UTF-8

Last-Modified: Wed,02-Dec-15 18:31:18 GMT

Via: 1.1 db79:7002 (Cdn Cache Server V2.0)

Connection: close
CWS.X...x...y|.E.?.....=.;.b..*...t=..n...!.....8I&.h..3. ...,......r.
}.... .}[email protected]....._v......:..z...G .....JQ.../.4EQ...!S. .
[email protected]. ...WV.^}...D.PS}.;.G}...W....B.A
.C....$..<....{w'...h....Z.eeE/_...W......72................/e.kt.P
M...Q....U..P...Z.)M....]......e......iI..m...l)..N.....W....)b.(]Ccy.
?T..F.S........@c}e..Z.)YE.....4QD...z.......}........5..}W...}i.K{...
J!W.j..N.z.j._.G.J%W=~......7.-........mgr\.\.].._..S...6..K........Br
UAo......T:)..x".l...x........r..O[..l...<{..H...h#.....@].....|.= 
.A_O.}....V.B<gH.Q......e......j.MFIC......@..[o.o....q...g........
.....o.{d]z.{C>.........}.:...h.Z..6.........J_0..*.g..F.f.y.8..E.Y
..G........{..>k....o}....>|..*..><.r./..jj.H..>|....F_
....I.y..!.>....a.RX...e!_.J).....W. .|.wA07P_...`...Z_._.B..R..B.&
[email protected]....!."oc.&....446 ....h...m7Jc._.r......&=..!.F.s.AoSZ.>..
.^../h.6....I..5I...x.....j...%a..P._.BS...GB....N.........BP..m3.=...
.,AJ...v$.4%.><._..H..R]..t....w.._]...C....9.U...{u.k....QU;2..
..!...2.....\......0..^q...%[email protected]
.%..2.K....'.J..W.sd.g#.M.&=...@u ..|e..u.D?.z.6......g.......t.kp....
..*%.....H....B.F.l.bY....#,npS...(....C[).....b...oS.'..s{.:C%1R.T._?
4.g.U..]N......OD~.|.[..[... ..M;..'6q.K.. . ...}..w<}..7.....Q...{
w.....y\%.q...`e.M..,..([email protected]?.z....[..........b.#=..R..
NN.15..5.m....t g..7..}.J..K.7..5t.....Ac...........1Uh.,Fi5....>.\
.....n...!..Y.M.....5........\[)/.s....Z].~.....\{..<.@.#...S.=<<< skipped >>>

GET /j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&act_type=200&source=0_0&time=1464849082&username= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:04 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Location: hXXp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.huya.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 02 Jun 2016 06:30:43 GMT

Server: nginx

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

X-Powered-By: PHP/5.4.42

Cache-Control: no-cache

Content-Encoding: gzip

X-Via: 1.1 shx104:8080 (Cdn Cache Server V2.0), 1.1 fuzhou186:8108 (Cdn Cache Server V2.0), 1.1 db78:10 (Cdn Cache Server V2.0)

Connection: keep-alive
49b.............}yw.W.....B..m..P.`#....{.....y@{.h..*G*.8..L..<%.8
d....I.$.@...(/.......95.$.&.`..C.......=..6.SM...."Yk87.....MR.......
.%E..T(jV&Z.......Z.HR{.d.f..L..).....,C.i..b.--..4uH......L...U....).
4y.a...5....`..........hI|...y.2.\..H9-C..$K.ZJ..KK.j.C7.h....k.\(..!.
...H....#Zf.u.#9.a).R.M.h..XN..].uQ.-.h...AT.`.b............5.G...V..3
.w.>[email protected]....$9.g..........R........ DAWyUa...E *.c...sW.T.
_.\.P..^.............O....>r.r.......w.d.....?$....g...v.>w.|...
 f......Sw 3...{.<}d.......L...|.r...4......NA..g....cg........<
..@.../.........9x...D..y.r.x..{....K.}t.>{.>}.<5.<GU.?...
>.2...G..3.jph.V.2'.............pc.kh.s.x.....^'.y....v..........K^
..%.QI....-.z... ....&.<....!.dw..........*R.....z#...gz.....ccc.li
\J).p.7...T&ji...R.2.b.Ek<...........H)u.h..).$TdzX2....Ci.d...X6..
 M3.<..*C.T.......|m..-.[..%.tZ.[...oJ.}j,..BDR9M.....k....`.e....&
lt;.G...C...W...4..EJ.\[email protected].|j|... ....dn...A...N.8.J........&
.b.q..j....nD.,)...4..W(.d..Ky.U.....S9SRw....^...eK.j..Rj.....u...C..
..NiI.Q.B..- Tto|"...?.]Fp=.R!.e,....T..~.....1->.'E...f!..[.B&.M(.
....w {........-f....U*.#.jf...........-......._(..._.-..(<...Q.{G.
.bAq.F...8P....BIi79.5....2ym,.E.4.5Z.T.N..N-..2000....x...a.rF1.0...4
k.1......Lt.5......nro&..R.L#..F..N...c..S....zz,...... .. .yE3...BA..
.A.&&&b.x......5.....%G.qw!["......D..7.5......owG.uQ.EE....)B.I.,. ..
...W.P.z....o..:./.=.....m..............Hv....[_~...r59'.A......:.L0&g
t;.$.JAh.;.~....XT............6....]...7.........l..9CN.{w...... .<<< skipped >>>

GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&io=1&ut=1464849081066&rnd=0.79673912970488821464849081066 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /9050 HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.yy.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:48 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Content-Language: en-US

X-Cache: EXPIRED

Content-Encoding: gzip
4a4.............}ks.G..g.j...6......,qq.\.)lBb..S)j$...G3bfd[..*.1....
 ..........cl.z~....<..).....h...d..-.Ra4.}..........%...R."rb.....
...Rd....D.H.H^..}..8.O...,....x..P<...4......R.aZD....&x........S.
......x....baw P*..m.. .".nKs....T.4(...p.. <V..d..^....b&..)r.$[..
.....SEzd...&....YC ......{[email protected]............".
L./."...xz.N.(.............1........FH...B.#&..'..._...`.Q. )R;v...E:O
........&................!!......"...C..?.P[.......!....,."CuH......$.
u..Q].......o. ...$...c.. S..q._~..47_.....3...3........t....me.Z..[{.
.....Ti..3..l.......>>......3.R..........o.0h......]k2...5i.....
...n....<.G..A.L..v..... ..b7...v...tz....b.,gx.......YSu....c.D"..
}.....K<...._....]z....o.....,Y.4...uoy....!.M.YY..aiC...r.|..-E..I
......-..-(....,R.BW.H.........l..Dc.3.o.L..!..o@f.|)[email protected]_&..qf...
 ..J.Q.X_....... .34...?..C.`<..Eb.H...$KI......$..L......!.A...\.s
....Q..p.mH,..o..g..../..E!.c.H.@X......]`.1Z.:.sO.1:::.]...!(..k..P..
.6.H.,.R&....#.b.....a0h`...6....j..)*.,..._{,.!..B.c.!3.n\......f...S
....~..%X'....v}?..i...O).>[email protected]>...../~... ..D.!........P..E@!B
[email protected](v....l..7@<..=.."..*g..".....GS.b!.z....0.I....Jqc>
;D.....8.....yi..i.2X~..g....[...........2b1f...VW...|..f.W..H......0#
M...xe......RuaA..Ue.......{........H.)....,@...e..4..Y......z.X...xnT
...PO.E...r.....N............q.... .m@..._.*...*...BI....|..)z......o.
...E ....=.....G..w...O.!c....l./`X.. .>2w..A.R$.`..&.`.iV..P..fEm1
TT....\.*CZ......M(..I([email protected]_.)..3...u.r.....h.a..!<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074; hdjs_ui=0.7967391297048882


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:07 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:31:06 GMT

Content-Encoding: gzip
4c8..............kw.G.?.:g...t<.L.ub...\.e#.1..c"..f...%aI.,....8..
..;.$.1........ccX.y.<.c....|..U..rKjs.Q.c.....w.....v......8??....
\v........X.....I.?.%../....I....~_7......b...]..T"YH..|........&.'..x
c6=5. $._t%.......$.Ou.R..EW...?......=..E>...=.|....dn~_.g..%...&.
N.b.... $.=3....L~66.=,.......Lz..];%.t...u...s..r.3...o}~.f..=...3...
....[..."..H~..).Aw..&......3..4....,..............}s.!nN~../..yP.. .`
......D..U.?.M%g}......O.z>.K.?...o....?.M..6..|.B.Q.O....?...gFf..
y.....n...?=..TO...C.0......H....7.|....#..feeA.s.z.Hu...|\....rY.Gx.L
Xz.._zR/....I.u#..7...ia.~..9k..R..}......../j?/.Hy..|.....O........g.
,..\>[.|..j.o.^..............3.._........._.....JO..g.. ..- .....j.
.C..'...}.>(...?g29?./$..o....v.h..9.......g....Gem.r|I..y...R].]^_
.$..=~.>.Ka.. E~>.,..I~k..../..i..s=..G.A).B0.'Y...Al.u.\.../C.(
.....;?h....}.<...5........=.^...>..=...V.L..S...=...C..n3..~...
..U....m.G...z......&..6..w./m..l.4;1.. ...S~p................I.......
..:S...... ...|...6Q.. e..#.T.....VHj....L!.[...........}..4.U..Y...h.
Lc.......kz./....}..D. J....'>."..y0 ...g?....Dr.3_*....o(..?...-..
......x6V,~..Nv.L'....s..$d=..|.x~N........0.*_..6..N..CU............ 
 .ko..7.....K.k.7.G.....'..S..l......zmuU8s..~Om....~......'VH...1.>
;.e....1000....'......d>./..w...=../.g.......|~..p1V..b76..M...=yQy
t..S..s....hci....H....>.pR..... 0......-a?.T...D..6.{V..._:.......
.n(....`..W@.",..G.........b.b..]...)....t..x.m...?...Od..y=}.8.-.7(.:
[email protected].[...L...X.....\...:a....$...3....v........B<<< skipped >>>

GET /pc/js/liveplayerInline.js?20160602135939 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 06:31:00 GMT

Date: Thu, 02 Jun 2016 06:31:00 GMT

Server: nginx

Content-Type: application/x-javascript

Last-Modified: Thu, 02 Jun 2016 06:06:11 GMT

Transfer-Encoding: chunked

Cache-Control: max-age=604800

Content-Encoding: gzip

X-Via: 1.1 fuzhou185:8107 (Cdn Cache Server V2.0), 1.1 db78:10 (Cdn Cache Server V2.0)

Connection: keep-alive
610.............Wmo.6.. ...b...['.<!H..K.5E....w.).f*..I.1....(....
.....E........I...Re.^\3....[..k.(.,...NDf.H.7.p.......2....Nu..c..._.
.W.[$..Lf..5.mob.h.~.2...6....!...=....c..]...J....x..........n'....R.
.(b....6....j&..3..G,D(Db2....X...z..d.*I|....j.E.....".'U...........Y
..X..#.I.Fa-...;.......'..c*aX.~..*.DF.N.wq.5.{L..p../....jy..5~gV`p..
j..<\x.Y*..-..@{.ot...m].....{.m.v..[h.@-...)8.......<.*[email protected]
.y,...]Ob*..{w9Bd. 2...y.CbF...{.../.="..`r.*.^...o.A._...H.h8...^k.z.
.4O.L......4..9..K.&...bY.Y..KL*.(l.............ey....B..%.Y..{'.=.m.-
...p2.DP.e...w.{.>.P..(..."I...)axIfLg...d .u.=..}.;.Bk.y..B.n1I..-
&)3..Z,......-....Q....nw?.v.....c.......r;....<.......[.;.2.p2X..u
......#.Hys{....a..N.......].1......}..|.K..LP3K...E.....\...(..2.!.h6
. ...Z..A}.wb..dl..&Y.(.."c!Gc....v..t.k'g#q.'......i....5.bg.Sn...e.d
....o.._ ..g,.9.rT.....QQ..R..0..y..}..DBGq.........6..;.U..bXY,.*.F..
..EQJ.U....F.[. .b.M..b1.v.....=?...A..[r=4.(.}b"F8dM.W..(G...rE..R)jU
.....p.....5...E.U,.|:=Q.\e...L.....T#...#..^..).ec.b...GM.Oe|G.9L1A,.
c.O.:hX!.eM, .....*?..2I.`......A.}.........^..?.............9x.....b.
[email protected].....!..D...0S....f
c..h..H.....!&S....gh*.S.e'\.m=..,..[&7..E..C.1..{|.X...|..0f....).%.a
;ai:d......-T(.r..\....5&....I...>...?%.Ih...\;...;.....cW..evj..#.
C.uF.nIr........I%.j..Wog'v........b. o......u.-.VDkd./.......k#.....~
....G6.......:f.l.}.*...{....rq$.u..4}.;.I...%d..k>& ...=t_&D..<
..Ip..-..xA.=.%...*)...o.c;I..@!P.s.J......W......(8iBNV....d...k!<<< skipped >>>

GET /pc/images/components/w-liveplayerToolBar/images/w-liveplayerToolBar-sprite.png?201605261526 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 09:29:57 GMT

Date: Fri, 27 May 2016 09:29:57 GMT

Server: nginx

Content-Type: image/png

Content-Length: 17611

Last-Modified: Fri, 27 May 2016 08:54:43 GMT

ETag: "57480b53-44cb"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR.............5.J.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:E60E10165BFDE511AA47E9FC9BD5880F" xmpMM:DocumentID="xmp.did:C10D
9CCA0C4C11E6A9B9FA7167593658" xmpMM:InstanceID="xmp.iid:C10D9CC90C4C11
E6A9B9FA7167593658" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:777E1206C20AE611AB2B
C543F5F7AE8B" stRef:documentID="xmp.did:E60E10165BFDE511AA47E9FC9BD588
0F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>[email protected]..}.|T.....d...... ...Q.B"...Z..
.b.......[..U.........b.j.Zw....DvDvY.d.d..?..;a2Lf..L...|..^....{...s
.......#..G(.........QV.,Dy.....;....w.}..o.}.......P..4.\.B.~z.v..(.1
.........4....n$....{"..q....k...(.!.......QV.......g..i.cL^r..8/...qs
?. I.}).O...u..$.5}pc...!.....u..0..#...(.B.... ..Pr..@,.]....6w.-oN..
.....w..[Q..Y8H.?.,Cy..*..GY."......i.=..j..b8n.G)....([..A(.P......'.
..!.....=...I/..p.....u.6...?.F.cz.Y...r...(/....KQ=.O...8..y..RH.'(/Q
..,\S....[..mK#2...k...h...e.I.T.3..._.........CN.9@..=a../..=....<<< skipped >>>

GET /pc/images/default_load.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 15:00:52 GMT

Date: Fri, 27 May 2016 15:00:52 GMT

Server: nginx

Content-Type: image/png

Content-Length: 6001

Last-Modified: Tue, 24 May 2016 09:18:47 GMT

ETag: "57441c77-1771"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou186:8108 (Cdn Cache Server V2.0), 1.1 db78:4 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR...<...<.....:..r....gAMA......a....(IDATh..Z]l.
Wv>.'G?TL*.Z.q.$..v..][email protected]....>....v.....R B.}.
Po.J]$[H....].6..6D'....)..-R.P.Pd....E..Zr.9.g......w.=........-..n..
Gro\...........~.....O".#G.#W..4..q.l...G.....)R.."n^N..*.|..j...-...Q
u-".1...D.~Wx....v...5. ...5MD..?...z.P~........k.|..1v}..H.G@..!.....
...=.,(....%......=A..-d.aAdI<.kS7W..esr.......qW6".'.K....V..K..b2
J..8.;8.,V).|Y./.V..|...:\.#.......w/.w....k ...[.WeYj...z)........X..
..t'../.v.MB-p(.h...0.......&W>..j.....10....T4.......K....Q6D.od. 
.j......PeC..*i.....X=.[...-M......&1"p....T../..60...u.... ........2.
.Mu`.E..L.D%.#.uz...M...,..-V.t?...3..b.(.'R.%....PVF...15..Xh.6hx....
z:C...z...V....r....SI..mm.T/G@V...)..&q.\..n........z........`.D . .l
.iK.pW...^..."(.u.......M.D..(A..xH...,....#.!..M#.l..a......oV......d
..v.\.-.J@........`N.DD..CUcO.D.Y..Y.Z L.M..TL$..e...aWg..N.'.....u.)X
mHk.(...{..&>.y...x.Aq..8..yH.D.YC.i].....A.Cc#.....z.a.....;^.1[8w
...&@Z....|.....N. ....Z..z...5w7j..FGr.y..VQ.g..[....j..- .........P@
f.....M..s....P.fkWw.^..|.G..0.["[email protected]/.o........x....v...;K...F.F.
.5.G....8......S..m...:;5..9..]e....9......|..;....l.ZW.Uc.].V{.0e.\..
....5ylv...{~..H$DN.d6.....f...,.5..6.....j....N..;.m.k.SC.}/.f..0(W.\
...{`.....<..c......Y}.L.......%....;...R(.Ff..c;.#5.A.Qr...|..:...
u.A.....g.. 'Nn.....Kejz..L...M.Q.MH.S.H ....28...E0..Dp.I>..>X.
Z..5..../P..y.Ft..NYS>!.A/.J..%..\$.%....@!..^.a......\G......;..tt
.d.C...p.....LI.....zY...b.}.B.z.g00i.....7..\.j2m...e.D........KY<<< skipped >>>

GET /pc/images/components/w-chatroom/images/alpha-bg.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 13:23:30 GMT

Date: Thu, 26 May 2016 13:23:30 GMT

Server: nginx

Content-Type: image/png

Content-Length: 1165

Last-Modified: Wed, 25 May 2016 10:22:44 GMT

ETag: "57457cf4-48d"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou186:8108 (Cdn Cache Server V2.0), 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR.......F.......^'....tEXtSoftware.Adobe ImageReadyq.e&
lt;...qiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:8ad64beb-0567-7b4c-a3c5-f03681ebd8e9" xmpMM:DocumentID="xmp.did:
6CFE6418FC9D11E59BDE8CC47D964442" xmpMM:InstanceID="xmp.iid:6CFE6417FC
9D11E59BDE8CC47D964442" xmp:CreatorTool="Adobe Photoshop CC (Windows)"
> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6c08b5c3-eee2-7f4
3-81b4-21b6d0020688" stRef:documentID="xmp.did:8ad64beb-0567-7b4c-a3c5
-f03681ebd8e9"/> </rdf:Description> </rdf:RDF> </x:x
mpmeta> <?xpacket end="r"?>........IDATx...K..0.D.....;...$2.
\/[vy.;...L.^B......p0h.u..R(zJ.T..(....*..3W..#\s.,....|Q...6.-.,....
...t.c..pG=..A.>..T.w.Y.Q...]..^...6.`...*.9.].....A....*...^ Oe..x
.e..D{}........}.`..(.=....IEND.B`.....
<<< skipped >>>

GET /pc/images/icons-index.png?20160505002 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 14:14:10 GMT

Date: Thu, 26 May 2016 14:14:10 GMT

Server: nginx

Content-Type: image/png

Content-Length: 5235

Last-Modified: Thu, 26 May 2016 10:13:16 GMT

ETag: "5746cc3c-1473"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhdx182:8109 (Cdn Cache Server V2.0), 1.1 db78:5 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR...g.........e......:IDATx............p.A......`.*Q...
$FQL.Jb.E..%X..E#&....\...'.(.U....R.H...Z....^.K.D.N"p...|..7G.0;;;.=
...M..vw.gv..mw...c..4...x.d......A=...FO!..N.h..&r.".ipP}A...".ab`8.A
.d#E..".'8]A..P...............2.......^]S...j>.-4.wb..g..-4........
\h."?p&...kb&.g.....\}..A.g.*.Gn....16.2=.......tqP8.A.......UP8.ElL.z
)............s..S.z.........^l... A....u.l).......-.%[email protected]/...j.....b
#0...a8...8m....7o.|..-[F..8.|..?..-.m.......?.............._|.o..mM..
.Vg.R.....\.`..........c.._~..i..i...l.ps.....y3Bp....L.Y&.s!m.....c..
.G..^.....0../.Z..S.....CQ....Cf...IP....T.A.U.l..&.A.9.}...PW..R#.~..
A....&K/!...cl...|..'.....<.\[email protected][email protected][..9....yu...
.w.....tx.......K#..~.....ZH..o ......a..Mccc.n.t..b...;A.w.....f.|...
.... ........."...[w......P.....a....2!o...=.,..pX..e...J...m&.......W
.\iK.rAh.a#5.[.m&..pl.aT!'i`.V.....F...........J.....t...*8..a.....Ep.
J~.....^....;FX..d....{.... ].....~..;.......:.T$.N9.......\.h..r.8...
...$s.[(...;w.4w..mB#W.8.A.AU6C?...h....=.../.u.....r......:.?.TQ6....
.i.....^.O..........\.".....A....t....a.....9.T..N.d.e..;...b...^2.;(,
.B...`..8.Pr..S...;n.\...$..`.e60.p*...d..N..8X....b0../. .A..W.]X....
,}.. N... ........E.`e# m.:...l0`p....:.!.9.....P.~....I.3r.9.Z4..8.r.
.IN0...^..[..P...........&..g.u..H,.<.9.}Y.........Y.p...#..(....E.
.>.;<....5.;.,8..4/{..4UWj4.A.j...#...A.n..b.c^..".b.g.4D.....*.
..}...5...*F..[".X.a....#..^"...w.~.......z.....pR.BN.5.t:.3.....=.$8.
.>*...=.......(*QM....s.=...m..n..$.O.:.....cyC.....T4.N.T.....<<< skipped >>>

GET /pc/images/components/w-liveplayer/images/w-liveplayer-sprite-p24.png?201605261526 HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 09:29:57 GMT

Date: Fri, 27 May 2016 09:29:57 GMT

Server: nginx

Content-Type: image/png

Content-Length: 2761

Last-Modified: Fri, 27 May 2016 08:54:49 GMT

ETag: "57480b59-ac9"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:7 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR.......K.......~.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...niTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:b75df607-b6fe-42c1-b920-70eefaf4d55c" xmpMM:DocumentID="xmp.did:
41791D48173E11E68975F2632BFDC67F" xmpMM:InstanceID="xmp.iid:41791D4717
3E11E68975F2632BFDC67F" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D1BEB5342817E611
9B3DA3A9C7231D3E" stRef:documentID="xmp.did:b75df607-b6fe-42c1-b920-70
eefaf4d55c"/> </rdf:Description> </rdf:RDF> </x:xmpm
eta> <?xpacket end="r"?>........IDATx...Mh.U...{I.&.WI.MC...i
..7~A Y.7..P\6...A(......"..(H..H.....S..2.K..b.-..../.M...MgB?...7...
....$M;....;...{...$.......;w..w..u....=.T.Pp....566...&.e...k.*.|k...
.r~.i.5;;.l.$PJ.f.X,^....?d.......}......b.l.......d[.n]6....d#...Q...
..w.d.d..gd.d.^.E........hsUP.,...}...F....vH..........Z[[##.mr...}#;'
.P.....e/.v..,]xW..#.....w.uZ0}....d.....{J.6m...a.~3............U..\.
533...9.bss.o..=..S.gZ...........E..ZZZ6.X_.N.....}........655.J..C...
.S.X.... Z..!..................wd..t.......v`..........dG'&&..q..o<<< skipped >>>

GET /pc/images/components/w-thirdpartyLogin/images/login_btn.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 01:15:21 GMT

Date: Thu, 02 Jun 2016 01:15:21 GMT

Server: nginx

Content-Type: image/png

Content-Length: 8363

Last-Modified: Wed, 01 Jun 2016 11:26:51 GMT

ETag: "574ec67b-20ab"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR.......".............tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:08
44673FFD5611E59329C7AD930B1631" xmpMM:InstanceID="xmp.iid:0844673EFD56
11E59329C7AD930B1631" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7F002BF2F26911E5B2
0D9BEF70BA27A9" stRef:documentID="xmp.did:7F002BF3F26911E5B20D9BEF70BA
27A9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>........IDATx.....T.....o.o.F.../....ED....
..&jf...$..|:.._t....q>...2j...E.A..."..BC. ..k.U.9......f.Bo......
........}.........B0W.......!g/A.jE[".Z..o.h.).B.R.....m.^.... $.P....
*BH,EzZ.B..".o.7.^d.e.306..|..6..MN...z.QU...hG...."..B.?.7.M|..l...9.
..m.......;...]....a....&...A.X~E.q.!......|,...V..=FR[ ...x..b.J..3..
x.."..1.T.H....\\|.7....p..\..IM..91..f.i....9....s$..b.fc....>.].f
W..`........i[.03E<BHJ..4...s.....Hj.$.q....^[email protected]...@...`
Xf..W`7..9..=...)M7cL.5....G.W!D..q...?.,...Y.ER@ .f.<......jG .|..
.b6.Ty...HF.X`10P'....crP.aN.y..s~ot6{.hW .j.8&y7..B ..%...,.Ifaa.<<< skipped >>>

GET /pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 13:46:52 GMT

Date: Fri, 27 May 2016 13:46:52 GMT

Server: nginx

Content-Type: image/png

Content-Length: 4789

Last-Modified: Fri, 27 May 2016 11:23:26 GMT

ETag: "57482e2e-12b5"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:9 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR...............e.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...niTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:fce01c82-3482-443c-b8b3-396eb82a1c25" xmpMM:DocumentID="xmp.did:
E9A322F8231A11E6BED4EFD29F3E9143" xmpMM:InstanceID="xmp.iid:E9A322F723
1A11E6BED4EFD29F3E9143" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A8C2D00A6022E611
938EA93BE443F9C0" stRef:documentID="xmp.did:fce01c82-3482-443c-b8b3-39
6eb82a1c25"/> </rdf:Description> </rdf:RDF> </x:xmpm
eta> <?xpacket end="r"?>j..v....PLTE.......JJ9.%....ttj......
....f..3v.i..........D....-...z..""......VVV.QQD.1...X.G...,..........
....".......|..L...<..4....Y...........................2...........
.44.......jj...........u...|..K..d...........)..s.....................
..N.=.......bbK.V...........).....>D.2V.............Q...'..........
S...............\....,I.!.xxk.\....--...S..A.2................>>
..$-..............x.....\..2....?.................u..AF.*G.$.....C....
c-.......**........<..<[email protected].~...B......<<< skipped >>>

GET /pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 13:46:52 GMT

Date: Fri, 27 May 2016 13:46:52 GMT

Server: nginx

Content-Type: image/png

Content-Length: 4789

Last-Modified: Fri, 27 May 2016 11:23:26 GMT

ETag: "57482e2e-12b5"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:9 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR...............e.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...niTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:fce01c82-3482-443c-b8b3-396eb82a1c25" xmpMM:DocumentID="xmp.did:
E9A322F8231A11E6BED4EFD29F3E9143" xmpMM:InstanceID="xmp.iid:E9A322F723
1A11E6BED4EFD29F3E9143" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A8C2D00A6022E611
938EA93BE443F9C0" stRef:documentID="xmp.did:fce01c82-3482-443c-b8b3-39
6eb82a1c25"/> </rdf:Description> </rdf:RDF> </x:xmpm
eta> <?xpacket end="r"?>j..v....PLTE.......JJ9.%....ttj......
....f..3v.i..........D....-...z..""......VVV.QQD.1...X.G...,..........
....".......|..L...<..4....Y...........................2...........
.44.......jj...........u...|..K..d...........)..s.....................
..N.=.......bbK.V...........).....>D.2V.............Q...'..........
S...............\....,I.!.xxk.\....--...S..A.2................>>
..$-..............x.....\..2....?.................u..AF.*G.$.....C....
c-.......**........<..<[email protected].~...B......<<< skipped >>>

GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=5468&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&io=0&ut=1464849080175&rnd=0.79673912970488821464849080175 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /ZTE4NDIzY2MtZDA5OS00YjQzLWI2NGUtMzBmODc3M2ZmMzQz.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2dl.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 03:43:06 GMT

Date: Thu, 02 Jun 2016 03:43:06 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 90086

Accept-Ranges: bytes

Last-Modified: Fri, 08 Apr 2016 12:06:06 GMT

ETag: "a11ef96c09b67d8f71967939120bef49b82d626b"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 zhenjiang80:8104 (Cdn Cache Server V2.0), 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive
......Exif..II*.................Ducky.......b.....*hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c01
4 79.151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:9F06E0B7FD7411E5BE36C7906
B3F28A8" xmpMM:InstanceID="xmp.iid:9F06E0B6FD7411E5BE36C7906B3F28A8" x
mp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFro
m stRef:instanceID="xmp.iid:33200C90FC9E11E5BDB9F8B305C1B02C" stRef:do
cumentID="xmp.did:33200C91FC9E11E5BDB9F8B305C1B02C"/> </rdf:Desc
ription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&
gt;....Adobe.d........................................................
......................................................................
...................B.b................................................
..............................................!1..A.Q".aq2...B#...R3..
.b$45.6..rS7...Ccde8...T%....UV..t.u&Fx......................!1..AQa..
q.."......2..#..BRb3.4.r..Cc$56Sd.7...s%.t.DTUu.8............?...N.%)&
.........y.Zc....F.*......k:M S...s....T%B..I.KZ_.D...C:.jM|s.o.?8%...
/y.Z$.......4:....T\.VN9....z..1.............$...N2.B.@!@@[email protected].
...*h...*.=...%q[w~..c.Xla.k...6....QZ.....=1... ...../1. r.&..Lb.<<< skipped >>>

GET /MTFhOWY1ODAtYTc2Zi00OGI2LThlNGUtMDE2YmFkZWY4OTIw.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2cdn.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 06:26:37 GMT

Date: Thu, 02 Jun 2016 06:26:37 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 90063

Accept-Ranges: bytes

Last-Modified: Wed, 11 May 2016 09:30:45 GMT

ETag: "f8fcd7d98b256b623af2fce04b860dfe3747f60d"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 db77:10 (Cdn Cache Server V2.0)

Connection: keep-alive
.....0Exif..MM.*.......1..............VVV.meitu.com....C..............
......................................................C...............
..........................................................&...........
....................................................}........!1A..Qa."
q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwx
yz....................................................................
..........................................................w.......!1..
AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghi
jstuvwxyz.............................................................
.......................?....R....~.......{.[s.M....}.......4..........
@.i..?.....,.<.........]..%._..?.......{N........N..R.#.6O)..~..U..
;....."1\...3..UdZwW..2.'....N.a..}.........2.'....E....}.........R.. 
........]...bas&.B.......z..e.O..?.........#.c..E......X#."...F?....&R
.Z.d..uu..sd|....!...*....nW.9..o...  .XY.d.rT.M..)Tp~..m..=.....h.*..
...U....U]D.v..(Pq.....Q.F;...G.,.'.....#]..R.L-.3^.m.m.8.UE_....M..j:
....Q...(....:..8.>$v....Y..u...C..].eK....X..........d.....Sz...?.
.%..`7n^{yc.*[&D..P1........k(..3qb\.....x..`..L.. .'.]......K). .....
.o....Q............QV1.4.T.T..?..\.f.2].o?8...Z.cx.%.R..9.t.....2.~.. 
.Nc.d...VN:..3N7e{.Jrwo..(.c. ..~.z...v..g=....... ....p....W....Y..A,
...B.A.... ...gE..d_....q.........*.3.....EO)..H.w....'9>..([email protected]
.........Rsf.\...m.........>[email protected]_.....]..)7r.S
..s{t.........q..Q..........1...A>q..S.4..55;.m.a......,.?.....<<< skipped >>>

GET /ZGZhMGQ3YjgtNzViYS00ZThiLTlkYjktZTY0M2RlZWE0OTI2.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2cdn.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074


HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 23:34:04 GMT

Date: Wed, 01 Jun 2016 23:34:04 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 34692

Accept-Ranges: bytes

Last-Modified: Mon, 23 May 2016 03:16:48 GMT

ETag: "0a3ccb1c7d41902d280adece9217688d8c11fe14"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 chshx40:8105 (Cdn Cache Server V2.0), 1.1 fuzhou191:88 (Cdn Cache Server V2.0), 1.1 db78:3 (Cdn Cache Server V2.0)

Connection: keep-alive
......Exif..II*.................Ducky.......P.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4D7B5B88AA12E611B
5E5A87810B57366" xmpMM:DocumentID="xmp.did:C2B19FA1209411E6B614C6FF3AB
B0594" xmpMM:InstanceID="xmp.iid:C2B19FA0209411E6B614C6FF3ABB0594" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:901A9FEFFC1CE611A66DF0953CD9D519" stRef:doc
umentID="xmp.did:4D7B5B88AA12E611B5E5A87810B57366"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
..................B.b.................................................
..........................................!1..AQ.aq"2...B....R#3..b...
r.C4...S$..cs5...DTU....d%V.W......................!1..AQ"..aq.2.B....
.#3..R.............?..=...6.q.../B....&.i......)R[[email protected]... 
i..i .sHC.............y.. .... bQ1...B.?L.....2..1....*.*.*.*.*..k.U..
?l&!Z/.p.....l1......G.=&.wm...j.-....R./>..-S..5-...=.........<<< skipped >>>

GET /OWE1YWJkNTEtMTgyNy00MGQzLTg2YzMtN2RiZjYxNTdmNmJi.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2cdn.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074


HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 13:39:27 GMT

Date: Wed, 01 Jun 2016 13:39:27 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 62074

Accept-Ranges: bytes

Last-Modified: Tue, 31 May 2016 03:27:37 GMT

ETag: "652aa9c85a6b9889cd391adb8a16e2dbb21a805b"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 db77:3 (Cdn Cache Server V2.0)

Connection: keep-alive
......JFIF.....,.,.....XExif..MM.*...................i.........&......
...........................................C..........................
...........%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((
((((((((((((((((((((((((((((((((((((((..........."....................
........................................}........!1A..Qa."q.2....#B...
R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..........
......................................................................
..............................................w.......!1..AQ.aq."2...B
.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...
......................................................................
...........?..a.P:.`=)..M...R.PM.<[email protected]
z.J........;.....m..,J..}.S...>"....m}.F..,R.d....}y$..W.|[...t_..Y
...W.9.#......v.9.!9#.v..6.l...8.0..2.....}R..,-...O.Gs.R..l..27.v....
dy._v=...Z."[&2.=3..M..p.$..Z...S.Np:...V.'>.d.w.L.~...O4.H....m^9.
.........ZB....R8...M...o.8..........#>Is.;s.MO..C...8.....!@\e..1.
.}j./A]..0......>.....8..........bL...E....2@<..A.O.=..kQ!.<v
..q........Y...u$zTPF.~.Fgr};..J..AP3..<...T....}x.v.....n......H..
.\.S.,.q.G..H...F...9 .=..u....G..[r..9.J"..8...#....$........c...?.9U
......'[email protected]..#...4.l...P.......B.w..#M.6..v..........
#.dT....4.....^A#...6.c.O..[w.....n0.I.v44..az......L.J.....v.E.#".. .
..$0<..Q.w=wE. .....q..._,.Z6.k.!..8.q.]....D.....OJ..7...g.=...;.&
lt;.I......V#..$..~.ZH.j[[email protected][email protected]}..).<<< skipped >>>

GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849080378&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849080378 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /lgn/js/oauth/udbsdk/pcweb/udb.sdk.pcweb.embed.min.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.udb.duowan.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:59 GMT

Content-Type: application/x-javascript

Last-Modified: Wed, 25 May 2016 06:20:30 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 02 Jun 2016 06:40:59 GMT

Cache-Control: max-age=600

Content-Encoding: gzip
10a5.............:]o.Jv.E............#8.S...S..........E.*I......X`...
b........b......9.AR_I....E"..9s....n.../.,.....[....,..C\7.|.0{.ge.g.
.......&..}.E.(.....I.....0.]!...8.e...B...HK..N.[...BX.&../....... ..
.])..'.......d.....H4`..,b#...q...v..(gy.....o.....s1M./.....X.K..s]..
....M...%G..P...{....E...`..."Ng..8-.b..P..J>....oo[. ..e.p.=.....4
......U........v(.......`a.%,rc..)u...9......^....'O.X\..n_..s.<...
pRo.Y.X..l.^.:.H.....>..c.D... .X.6..."7.A(8...{.-...F.....,. .Z.l.
..T....,ly.........8S....H}.h......%.9l.T..Z.5P...E.e3B.F_..y...j..}8{
............N..?^..;. t.z.....T.eg......".......J|.c..N...D<*.....O
......h5l?m.?.....?............=..9....^wa.g.{.........V....D4T..r..m.
<.y\.?8:?;.yn......q:WV<.Am.0|t.....r.&..........o..8...'x|..'.9
s.....L....g.....\...........?<H...8t.U."C6q.....9a)x..eb'"..Q?m.i.
Z...2..........>.kg8..$.....?..N....S.^.1_..kv/.`[email protected]....
d...j.... ..e.p....1.Q N[...>z.........[G............7..tV.,.&.i{.!
.-.F...5.....p.......DT.5.b.B5.5...tu..m...`...H....._{..x. ..... ...Q
..8. j....{..id...2.6.p.g.8.nh_gqj.>...-..}.n#....W.W..'C...\]=...W
...=....T.Q..A.. &..K..aA......5.7....1.;..Y.&.....:........Z..N..8J..
...|n.qT........v.}.~.`h.c..$N...V.|.........?>.._>..o?.......@.
.PQ:.9.Z.......I3`....pK.9../v.d...&vzb.....4..!..|.T....x..p.....V...
\PT......<.s.......M.*(..p~|...\P.... 1...o...b.R..b..16/..../$....
.a.#..q/.D,..&$.!...&<.G\u..0...f.y.)..........H*...~.UV:[email protected]...
.W.X.|D........E.!.?2.....X...`b......6.q#s.o..Y..fh..2I.5.....`."<<< skipped >>>

GET /lgn/js/oauth/udbsdk/udb.sdk.getmm.min.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.udb.duowan.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:00 GMT

Content-Type: application/x-javascript

Last-Modified: Wed, 25 May 2016 06:20:30 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 02 Jun 2016 06:41:00 GMT

Cache-Control: max-age=600

Content-Encoding: gzip
571.............V...6..*..%R,|6`0...#.6.I.6...0$#.2...b...A?{..>`z.
....K.Z.}.}.}.m.Q.i.9yl.-..2Yl...`.}.)W#.,......S...:......X...5m...8.
.............D...s,/...g-.n.......3}...f_..h.:.!.=s8.!.<-...5 &.`E.
F.9...4f....G V.>.........t.B...h."....6..\Q..>..S1....c%_...%..
.[|,....~=..T'V._0.{x.}j.....4.P&Z.#ZB.*qN.."H...!............(>MJ.
.K)....tM.....g....3r..S.......1n..*.....6.S.-..8mw.?Z..Gw<h.....vt
...... .....u....,h....*..n...64Ls.1G..hh....W..R...F.hs..3.j.0.L...v.
Q.G.....>.W....... n...p&.n.9..G...pj...Lt.^....5..O..\...3w .c...g
...7.v.W.-.mC.U...7$.r..9.)..n.o.....v...5....#\.!..P....I...V(.9....$
.]L&.K...p..m. ..D...O..u......6i3F..E..#..T.2....".i4...p...NtD....H.
E.2H..N.i..,?.[.Y..M.5.:.%..|h...$.R..A,1........M.!.^GAE..KG.R.d.....
.Sm......o.%/.L...~..y..n..V.....(P.....M.H.... ....Kr.....y<.(.-@.
.m.n4i....B.q[!..........yp.37..X&.*2....dia........7x.2.q..n.m..=....
-|h.W}.,..8=.~.0O......$.w...{[email protected],.h...M..m.ny...6...3....
......Y5ML...R.....G...y.8X(.(/.E......:........P.0.R8..]1Aj..4p[...^.
,1..y%Q...<.....Y.. ..R.../.W..5R..8 ...h.MA.....!.....Z.a......V.0
U8.2^_p...Y.4..8$V)BWF.....j..g..D.....4;?d..L[...=_........W......8..
J...u...z.!..`l....F..q.........D........|{....2..#../h.X.....6;w..2.(
A.}a......3..C......<..(...:.[..,X....w.`W.}.t...p...m.=..i<a...
\..X.r/y&.'..Q..tP.......M.m..6.....=z.1..]mlh.`-A...p...w.=>7..]..
....[.C..[../.......^....O....G.....0......
<<< skipped >>>

GET /lgn/css/oauth/udbsdk/xelogin.sdk.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.udb.duowan.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:04 GMT

Content-Type: text/css

Content-Length: 667

Last-Modified: Wed, 25 May 2016 06:20:30 GMT

Connection: keep-alive

ETag: "5745442e-29b"

Expires: Thu, 02 Jun 2016 06:41:04 GMT

Cache-Control: max-age=600

Accept-Ranges: bytes
/*mark*/@CHARSET "UTF-8";.popup-mask{z-index:30001;position:absolute;t
op:0;left:0;-moz-opacity:0.5;opacity:0.5;filter:alpha(opacity=50);back
ground-color:#000;width:100%;height:100%;zoom:1;}.popup-mask iframe{po
sition:absolute; z-index: -1;}.udbsdk_login{display:none;}.udbsdk_clos
e{font:13px/1.5 Tahoma,Arial,Verdana;text-align:right;position:relativ
e;top:23px;right:-4px;}.udbsdk_href{TEXT-DECORATION:none;color:#A7CFEC
;font-size:14px; font-weight:bold;}.udbsdk_href:hover{text-decoration:
none !important;}.udbsdk_frm1{width:524px;*width:526px;_width:526px; h
eight:298px;*height:300px;_height:312px;} .udbsdk_frm{width:320px ; he
ight:273px; vertical-align: middle;}.HTTP/1.1 200 OK..Server: nginx..D
ate: Thu, 02 Jun 2016 06:31:04 GMT..Content-Type: text/css..Content-Le
ngth: 667..Last-Modified: Wed, 25 May 2016 06:20:30 GMT..Connection: k
eep-alive..ETag: "5745442e-29b"..Expires: Thu, 02 Jun 2016 06:41:04 GM
T..Cache-Control: max-age=600..Accept-Ranges: bytes../*mark*/@CHARSET 
"UTF-8";.popup-mask{z-index:30001;position:absolute;top:0;left:0;-moz-
opacity:0.5;opacity:0.5;filter:alpha(opacity=50);background-color:#000
;width:100%;height:100%;zoom:1;}.popup-mask iframe{position:absolute; 
z-index: -1;}.udbsdk_login{display:none;}.udbsdk_close{font:13px/1.5 T
ahoma,Arial,Verdana;text-align:right;position:relative;top:23px;right:
-4px;}.udbsdk_href{TEXT-DECORATION:none;color:#A7CFEC;font-size:14px; 
font-weight:bold;}.udbsdk_href:hover{text-decoration:none !important;}
.udbsdk_frm1{width:524px;*width:526px;_width:526px; height:298px;*<<< skipped >>>

GET /hiido_internal.js?siteid=www@yy HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hdjs.hiido.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 02 Jun 2016 06:30:59 GMT

X-Powered-By: Express

Accept-Ranges: bytes

Cache-Control: public, max-age=0

Last-Modified: Thu, 26 May 2016 02:37:10 GMT

ETag: W/"59c1-154eaec37f0"

Content-Type: application/javascript

Content-Length: 22977

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive
/*! hiido.js: v0.7.4 2016-05-26 10:37:00 */.!function(e){function n(r)
{if(i[r])return i[r].exports;var t=i[r]={exports:{},id:r,loaded:!1};re
turn e[r].call(t.exports,t,t.exports,n),t.loaded=!0,t.exports}var i={}
;return n.m=e,n.c=i,n.p="",n(0)}([function(e,n,i){"use strict";!functi
on(){var e=i(1),n=navigator.userAgent;try{new e(n,!0)}catch(r){console
.dir(r);var t=new Image(1,1),o=encodeURIComponent,a=r.stack?o(r.stack)
:"";t.src=window.location.protocol "//wbugs.hiido.com/c.gif?e=" o(r) "
|" a "|" o(window.location.href) "|" o(n),t.onload=function(){}}}()},f
unction(e,n,i){"use strict";function r(e,n,i,r){e.addEventListener?e.a
ddEventListener(n,i,!!r):e.attachEvent&&(e["e" n i]=i,e[n i]=function(
){e["e" n i](window.event)},e.attachEvent("on" n,e[n i]))}function t(e
){var n="; " document.cookie,i=n.split("; " e "=");return 1===i.length
?"":decodeURIComponent(i[1].split(";")[0])}function o(e,n,i){i=i||{};v
ar r=e "=" encodeURIComponent(n);if(i.expires&&"number"==typeof i.expi
res){var t=new Date;i.expires=1e3*i.expires*60*60*24,t=new Date(t.getT
ime() i.expires),r=r "; expires=" t.toUTCString()}i.path?r=r "; path="
 i.path:"; path=/",i.domain?r=r "; domain=" i.domain:"",document.cooki
e=r}function a(){return window.location.hostname}function s(){var e,n=
window._hiido_wid,i=Object.prototype.toString;if(n)if("[object Array]"
===i.call(n))e=n.join("|");else if("function"==typeof n)try{e=n.call(w
indow),"[object Array]"===i.call(e)&&(e=e.join("|"))}catch(r){window.c
onsole.log("_hiido_wid ..................!"),window.console.dir?wi<<< skipped >>>

GET /hiido_internal.js?siteid=www@yy HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 26 May 2016 02:37:10 GMT

If-None-Match: W/"59c1-154eaec37f0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hdjs.hiido.com

Connection: Keep-Alive


HTTP/1.1 304 Not Modified

Date: Thu, 02 Jun 2016 06:31:05 GMT

X-Powered-By: Express

Accept-Ranges: bytes

Cache-Control: public, max-age=0

Last-Modified: Thu, 26 May 2016 02:37:10 GMT

ETag: W/"59c1-154eaec37f0"

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive

HTTP/1.1 304 Not Modified..Date: Thu, 02 Jun 2016 06:31:05 GMT..X-Powe
red-By: Express..Accept-Ranges: bytes..Cache-Control: public, max-age=
0..Last-Modified: Thu, 26 May 2016 02:37:10 GMT..ETag: W/"59c1-154eaec
37f0"..X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)..Connection: keep-ali
ve......

GET /hiido_internal.js?siteid=www@yy HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 26 May 2016 02:37:10 GMT

If-None-Match: W/"59c1-154eaec37f0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hdjs.hiido.com

Connection: Keep-Alive


HTTP/1.1 304 Not Modified

Date: Thu, 02 Jun 2016 06:31:12 GMT

X-Powered-By: Express

Accept-Ranges: bytes

Cache-Control: public, max-age=0

Last-Modified: Thu, 26 May 2016 02:37:10 GMT

ETag: W/"59c1-154eaec37f0"

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive

HTTP/1.1 304 Not Modified..Date: Thu, 02 Jun 2016 06:31:12 GMT..X-Powe
red-By: Express..Accept-Ranges: bytes..Cache-Control: public, max-age=
0..Last-Modified: Thu, 26 May 2016 02:37:10 GMT..ETag: W/"59c1-154eaec
37f0"..X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)..Connection: keep-ali
ve......

GET /hiido_internal.js?siteid=www@yy HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 26 May 2016 02:37:10 GMT

If-None-Match: W/"59c1-154eaec37f0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hdjs.hiido.com

Connection: Keep-Alive


HTTP/1.1 304 Not Modified

Date: Thu, 02 Jun 2016 06:31:21 GMT

X-Powered-By: Express

Accept-Ranges: bytes

Cache-Control: public, max-age=0

Last-Modified: Thu, 26 May 2016 02:37:10 GMT

ETag: W/"59c1-154eaec37f0"

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive

HTTP/1.1 304 Not Modified..Date: Thu, 02 Jun 2016 06:31:21 GMT..X-Powe
red-By: Express..Accept-Ranges: bytes..Cache-Control: public, max-age=
0..Last-Modified: Thu, 26 May 2016 02:37:10 GMT..ETag: W/"59c1-154eaec
37f0"..X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)..Connection: keep-ali
ve..

GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849073831&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849073831 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /j.gif?act=web&zd=www@yy|&ui=0.572767224148353&sp=0&fl=11&sl=0&ss=2&bs=6&mb=0&nw=0&fd=0&hiido=0&sn=0&ls=0&ut=1464849066144&wd=0&passport=&sns=null&pcmb=1&pl=http://VVV.yy.com/9050&v=T20160526.01&rnd=0.5727672241483531464849066144 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /cm/user?time=1464849065&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:02 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_ui="astyYDKFq0a2WlezmUN12A==|0.6"; Expires=Tue, 29 Nov 2016 06:31:02 GMT; Path=/
....


GET /cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="astyYDKFq0a2WlezmUN12A==|0.6"


HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:02 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&
....


GET /cm/user?time=1464849066&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:03 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_ui="/CQ/vRyNOKd62lCrFSuMgA==|0.6"; Expires=Tue, 29 Nov 2016 06:31:03 GMT; Path=/
HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:03 GMT
..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connecti
on: keep-alive..Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy
.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&..P3P: CP=
"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Set-Cookie: cm_ui="/CQ/vRyNOKd62lCrFSuMgA==|0.6"; Expire
s=Tue, 29 Nov 2016 06:31:03 GMT; Path=/......


GET /cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="/CQ/vRyNOKd62lCrFSuMgA==|0.6"


HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:04 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&
HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:04 GMT
..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connecti
on: keep-alive..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427
&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=
www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&......


GET /cm/user?time=1464849073&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="/CQ/vRyNOKd62lCrFSuMgA==|0.6"


HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:05 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&
HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:05 GMT
..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connecti
on: keep-alive..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427
&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=
www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&......


GET /cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"


HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:08 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&
HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:08 GMT
..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connecti
on: keep-alive..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427
&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=
www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&......


GET /cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=9Cingj_B4CY= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:09 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_mapping=tanx|0|1464852669; Expires=Tue, 29 Nov 2016 06:31:09 GMT; Path=/
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: ng
inx..Date: Thu, 02 Jun 2016 06:31:09 GMT..Content-Type: image/gif..Con
tent-Length: 43..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo 
PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Coo
kie: cm_mapping=tanx|0|1464852669; Expires=Tue, 29 Nov 2016 06:31:09 G
MT; Path=/..GIF89a.............!.......,...........L..;....


GET /cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; cm_mapping=tanx|0|1464852669


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:10 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_mapping=tanx|0|1464852670; Expires=Tue, 29 Nov 2016 06:31:10 GMT; Path=/
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: ng
inx..Date: Thu, 02 Jun 2016 06:31:10 GMT..Content-Type: image/gif..Con
tent-Length: 43..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo 
PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Coo
kie: cm_mapping=tanx|0|1464852670; Expires=Tue, 29 Nov 2016 06:31:10 G
MT; Path=/..GIF89a.............!.......,...........L..;....


GET /cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: cm.hiido.cn

Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; cm_mapping=tanx|0|1464852670


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:11 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_mapping=tanx|0|1464852671; Expires=Tue, 29 Nov 2016 06:31:11 GMT; Path=/
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: ng
inx..Date: Thu, 02 Jun 2016 06:31:11 GMT..Content-Type: image/gif..Con
tent-Length: 43..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo 
PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Coo
kie: cm_mapping=tanx|0|1464852671; Expires=Tue, 29 Nov 2016 06:31:11 G
MT; Path=/..GIF89a.............!.......,...........L..;....


GET /cm/user?time=1464849080&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; cm_mapping=tanx|0|1464852671


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:12 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: ng
inx..Date: Thu, 02 Jun 2016 06:31:12 GMT..Content-Type: image/gif..Con
tent-Length: 43..Connection: keep-alive..GIF89a.............!.......,.
..........L..;....

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:09 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Set-Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY; expires=Sun, 31-May-26 06:31:09 GMT; path=/; domain=tanx.com

Location: hXXp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&tanx_tid=KkMtCGmfVAY=

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /group16/M00/DF/D3/tz0M9VdIH4YAAAAAAABCXwapNGU050.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.m.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Mon, 25 May 2026 12:17:34 GMT

Date: Fri, 27 May 2016 12:17:34 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 16991

Last-Modified: Fri, 27 May 2016 10:20:54 GMT

ETag: "57481f86-425f"

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou188:8105 (Cdn Cache Server V2.0), 1.1 db77:3 (Cdn Cache Server V2.0)

Connection: keep-alive
......JFIF...................................................%...#... 
, #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((
((((((((((((((........@...............................................
............}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:
CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................
......................................................................
..........w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:C
DEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................
.............................................?.....2.&.n2......x..Qx.B
..|.&..(\&.Sf.._.9..?....F....4a2..-...5......e...^.e...~9...Z...)....
..I. .;.....U....Dt. .\.....@. .phQ........U.r...t?...\{.)k...m..&.E".
.G .G......C [email protected];." 6.'....*....*!.A.I.hZ..E.*q..w.0..
.r8".eK.FP....)5....\2...z.t...b\u....R...[.b6....`.s...........N/.1..
...|.V.D..)4.q..\z..\[email protected]..#.2.....q:..@.$..B=*....8.E.0...S.V
....*.h.G.j* ...f.\.M>......;.'..0......&gkJ....&q...^...1.SF......
PN:K...Fk6.V. .........Z..I./....|z...\...[.z..d....jv.A*3.$W...A?y\..
...Fr..1...".N.IX..&.R$`.K.>..s2Z:..eKe .1.w.L...ev.W..z.I>....3
.F.......3w.qZ.l.]X... .....hCdP....Fy.P\.s.Fv.....*..r3b....;BF......
X#..ZX.n>.[...6.e........-.F. ........*.c7...XUTw....#.@..\.E.!..&g
t;.?.Z..[.......w...8.....\6)[email protected]..#.R.bkK.BT..U8.C4-&
(..H#.VSV)j...A.E..a.....ZE...yY..8...........v..r*X..q.........8.zR.l
'aT.6I..,EWA60..JC....;..."n....&.U.T-. .....i|(r..a... fBz...t..T<<< skipped >>>

GET /group16/M00/2F/B8/tz0M9VVAXDEAAAAAAAApeRzzhWQ610.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.m.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Wed, 18 Feb 2026 06:26:42 GMT

Date: Sun, 21 Feb 2016 06:26:42 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 10617

Last-Modified: Wed, 29 Apr 2015 04:21:23 GMT

ETag: "55405c43-2979"

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhdx182:8111 (Cdn Cache Server V2.0), 1.1 db77:4 (Cdn Cache Server V2.0)

Connection: keep-alive
......JFIF...................................................%...#... 
, #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((
((((((((((((((........@...............................................
............}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:
CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................
......................................................................
..........w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:C
DEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................
.............................................?......P.....P.@....P.@..
....v.P....P ....1@.(.(.........P...C@..!..b..Qp..J`....)....@[email protected].
).P1h........(............(.S.....0..C@..........([email protected]....%...J
`..f..P.H.......([email protected].@..%[email protected]@[email protected].....
[email protected]....([email protected][email protected][email protected]...%.aM.a...`....P.@X(
[email protected]....@%.......%.Z.(([email protected][email protected][email protected]..=..`../4.
.......6.y.d..v..J.4j2.?.|.i..k.rK|5....l..P?3N........9.d...ps......A
[email protected] ..&)[email protected]`...`[email protected]@[email protected][email protected][email protected]*
A..#.@9&.>b.....Y.w6......cs.[._...a.zs...n.../.|k....&.guc...^...g
`.....F...hHj.8...v....]/J...B.r..3FH...23.....K....)...'A.j.0N.$..9v.
.G=8=..zU$d.g...w......3M.G...E-.*.....s...6\7>.\..I...(......(...!
.....%[email protected][email protected].@..).z".....A...<Rn.....o&
lt;S [email protected].;.....=0..G6.F...y...9.8.....j.5.Ab...79'=.[..n*.
.x....)zm[.F.O.>...1 ...#..c...X.!.V:%.q......Vi.FTprs.....#..G<<< skipped >>>

GET /group16/M00/AB/24/tz0M9VZb9NQAAAAAAAAquzvx9eg282.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.m.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Fri, 06 Mar 2026 14:00:47 GMT

Date: Tue, 08 Mar 2016 14:00:47 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 10939

Last-Modified: Mon, 30 Nov 2015 07:04:29 GMT

ETag: "565bf4fd-2abb"

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou188:8108 (Cdn Cache Server V2.0), 1.1 db78:7 (Cdn Cache Server V2.0)

Connection: keep-alive
......JFIF...................................................%...#... 
, #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((
((((((((((((((........@...............................................
............}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:
CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................
......................................................................
..........w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:C
DEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................
.............................................?........Lhp........\P..L
....P..).\P.@..&..#SB.h...._..5.|-.Iyy"I..8..|.. *.F....>.z.rm.'.j.
.|U{$.gig..w..d2(.nN.H.......9k.)k)~.0...aq(..Z.K..m........n?:.6W. .?
......./x...\.... ."..........\.<".6w......B.#WH....&O,d.p9n...rzt.
.1:.....M#T..l#.............z...%;.z.(......@.(..4.B(d."..0...F..F.C."
qI.....B!"....(!.....KEYW..E......8..(..p...)[email protected]...(.h.(....3
@..`gk..v6...B.(26.r@..$..NH.."3.  .$....-KP....y. .D.Ua.$..xT..1.$...
Sz....aO..e..[.M.1;.$.. ...'....../.$....l.D..........g.NI..4..... ..m
...d....;W.C...9....g)....F...?.......:z.4........C.7..........`.t..$0
..O8.qM;.R.Z........Z.3a...)..h...F..,.......g'=..7.e ..v....=.)I=..Ns
..B....!...A#M .E4!.PH.([email protected] .h!.%^j..i........0...9E .(.
[email protected].<.I..P&.x....H....R......I9.... #.."..q...
d..t(.Gy.?..6...<.a.|7(wc...G'.{.....l..i...{.M.,C.2v..:.o...j...&.
.Hd>F..U.....9..^.8.....z"%...E.$c...xn........V..........g'<<<< skipped >>>

GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&isnew=1&io=1&ut=1464849067566&rnd=0.79673912970488821464849067566 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: log.mmstat.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: Tengine

Date: Thu, 02 Jun 2016 06:31:08 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=rMDWD7pw/UgCASU5EL0I34H ; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5EL0I34H

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server:
 Tengine..Date: Thu, 02 Jun 2016 06:31:08 GMT..Content-Type: image/gif
..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CUR
a ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=rMDWD7pw/U
gCASU5EL0I34H ; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.m
mstat.com..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx
_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849066&zds=www@y
y|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWD7pw/UgCASU5E
L0I34H ..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cac
he..Pragma: no-cache..GIF89a.............!.......,...........L..;t>....

GET /cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: log.mmstat.com

Connection: Keep-Alive

Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY


HTTP/1.1 302 Found

Server: Tengine

Date: Thu, 02 Jun 2016 06:31:09 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server:
 Tengine..Date: Thu, 02 Jun 2016 06:31:09 GMT..Content-Type: image/gif
..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CUR
a ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Location: hXXp://cms.tanx.
com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.57276722
4148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&h
i_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY..Expires: Thu, 01 Jan 1970 00
:00:01 GMT..Cache-Control: no-cache..Pragma: no-cache..GIF89a.........
....!.......,...........L..;..

GET /cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: log.mmstat.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: Tengine

Date: Thu, 02 Jun 2016 06:31:08 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=rMDWDx5FnCUCASU5EL04/DMR; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&cna=rMDWDx5FnCUCASU5EL04/DMR

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: log.mmstat.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: Tengine

Date: Thu, 02 Jun 2016 06:31:08 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=rMDWDycvKB4CASU5EL2TdaEY; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.mmstat.com

Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5EL2TdaEY

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server:
 Tengine..Date: Thu, 02 Jun 2016 06:31:08 GMT..Content-Type: image/gif
..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CUR
a ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=rMDWDycvKB
4CASU5EL2TdaEY; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=.m
mstat.com..Location: hXXp://cms.tanx.com/t.gif?tanx_nid=109887427&tanx
_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@y
y|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6&cna=rMDWDycvKB4CASU5E
L2TdaEY..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cac
he..Pragma: no-cache..GIF89a.............!.......,...........L..;..

GET /pc/js/lib/jQuery/jquery-1.11.1.min.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Sat, 04 Jun 2016 15:46:22 GMT

Date: Sat, 28 May 2016 15:46:22 GMT

Server: nginx

Content-Type: application/x-javascript

Content-Length: 96477

Last-Modified: Fri, 20 May 2016 09:37:21 GMT

ETag: "573edad1-178dd"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhenjiang82:8111 (Cdn Cache Server V2.0), 1.1 db77:4 (Cdn Cache Server V2.0)

Connection: keep-alive
!function(e,t){"object"==typeof module&&"object"==typeof module.export
s?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw n
ew Error("jQuery requires a window with a document");return t(e)}:t(e)
}("undefined"!=typeof window?window:this,function(e,t){function n(e){v
ar t=e.length,n=ie.type(e);return"function"===n||ie.isWindow(e)?!1:1==
=e.nodeType&&t?!0:"array"===n||0===t||"number"==typeof t&&t>0&&t-1 
in e}function r(e,t,n){if(ie.isFunction(t))return ie.grep(e,function(e
,r){return!!t.call(e,r,e)!==n});if(t.nodeType)return ie.grep(e,functio
n(e){return e===t!==n});if("string"==typeof t){if(fe.test(t))return ie
.filter(t,e,n);t=ie.filter(t,e)}return ie.grep(e,function(e){return ie
.inArray(e,t)>=0!==n})}function i(e,t){do e=e[t];while(e&&1!==e.nod
eType);return e}function o(e){var t=xe[e]={};return ie.each(e.match(be
)||[],function(e,n){t[n]=!0}),t}function a(){he.addEventListener?(he.r
emoveEventListener("DOMContentLoaded",s,!1),e.removeEventListener("loa
d",s,!1)):(he.detachEvent("onreadystatechange",s),e.detachEvent("onloa
d",s))}function s(){(he.addEventListener||"load"===event.type||"comple
te"===he.readyState)&&(a(),ie.ready())}function l(e,t,n){if(void 0===n
&&1===e.nodeType){var r="data-" t.replace(Ee,"-$1").toLowerCase();if(n
=e.getAttribute(r),"string"==typeof n){try{n="true"===n?!0:"false"===n
?!1:"null"===n?null: n ""===n? n:Ne.test(n)?ie.parseJSON(n):n}catch(i)
{}ie.data(e,t,n)}else n=void 0}return n}function u(e){var t;for(t in e
)if(("data"!==t||!ie.isEmptyObject(e[t]))&&"toJSON"!==t)return!1;r<<< skipped >>>

GET /group16/M00/DB/E1/tz0M9Vc1T9UAAAAAAAA9GCmL_PA833.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.m.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Sun, 17 May 2026 03:08:27 GMT

Date: Thu, 19 May 2016 03:08:27 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 15640

Last-Modified: Fri, 13 May 2016 03:54:44 GMT

ETag: "57355004-3d18"

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou185:80 (Cdn Cache Server V2.0), 1.1 db77:3 (Cdn Cache Server V2.0)

Connection: keep-alive
......JFIF...................................................%...#... 
, #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((
((((((((((((((........@...............................................
............}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:
CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................
......................................................................
..........w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:C
DEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................
.............................................?..1_.#..U...B...P...V..)
..*.)...Z.-0.`-..HB..p...f....b...5,bf...s^.t(.]V.-.C.R.3...d.....0.j.
.r...2.....?...T..ze..@7M$...r...<d..W.C...j.%........U...=.......l
.$....J.0d...z..g....=.. ....m"...kR}8...D.ik7.....|g.%...d......m~.n.
v.........?......mk4.\..c....q..$~...^N *.a..%u..I.F.e......).L.<..
.8.....(.(.E0....(.. .h.2.xh..*...0.h....3E.\P...`&(.qJ.-0.......)..*.
u4!A.LLp5W.g..i.e.?..l.5.zN.nu......6.......m...>c..{.^Q,k..4......
..J..-......"..|K{t.. m.fo5... q.#.H.......$.N6^G.w.....]iv....G...&.7
...w.2........JO.)..UK..l..[...R.Kuc...rGL....|.AW.....\........5....|
.....pz.........nn...b......N.....vv.8i:....$..^...i.p.......i..~..,..
[email protected]*J].3q..}p.N...c..L.$.&..~...s....dzh5...x5I...Uq...1..`..P..`..).
[email protected]....(.B.....P).p....1@.).b..P.).b......!i....LB...hLF'.|Ao.....7
.,.d1..k).............Z4...%..r.W>i.R...hj..h..B..c...x.......;...i
.. ..VK.8.....b_s..NMnA.px#x...;....`[email protected];.....R.....Z.-<<< skipped >>>

GET /group16/M00/A8/67/d7wtWVZMVGYAAAAAAAAsUBB5Ylo338.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.m.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Fri, 24 Apr 2026 02:27:07 GMT

Date: Tue, 26 Apr 2016 02:27:07 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 11344

Last-Modified: Thu, 07 Apr 2016 12:54:11 GMT

ETag: "57065873-2c50"

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:6 (Cdn Cache Server V2.0)

Connection: keep-alive
......JFIF...................................................%...#... 
, #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((
((((((((((((((........@...............................................
............}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:
CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................
......................................................................
..........w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:C
DEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................
.............................................?..qY....B..q...@..(.=(..
@..8..c....C..I.F.#..i6TV...!.y..G'.l.z.=k4j..n...d..U1...A..\.. ....D
1...D..8...?.U.D.B...e..x.M..:.....8.r.K.Z..Pz..P.Z..k.;....8..E(....3
 :.....O8...........1K...........1.T.Qk.....@....!S...%2H.L..... </
N......\..<.).M..|?..... .-.sQ...0.H.}..V.d.sZ..........:U.........
#..j.#7.>{2..;g..22q*:.Q..2.#B.....-..$..~...K.M..qz..[|.V..'.c...z
V...w.]..`..P..D.F8..i....i.c.Z#&%h..=w.3A,.T.......L(%[email protected].....
......./...-..&M.d.|.......D. |.r|.3.Q...Mu.6P...|.J.i.E.lb8...bnT.l..
.f..~Q..Z$.{....I...f...3&W$....h.....3..s.5..(......j.>.._..5<.
....t..,....l.......(...-..k.v..SBf...P.....X6..?J..fP..}h....J.C%.=..
.U...8^(..ug.....15.4L.l.q...c.......r...q9.GG..*.t.:V.....]..7!..{r U
#)D............-.l...A.8."..............|...~5%.GZ...q .2.../..:..*...
.1TM.b........(....P........c...*.B.3aT..{...*.z.B.>#[;I.Gj........
...%dy...6.;y..2)..5..94....b....D....T$Y.&.A.../Dh.f......[..e).B<<< skipped >>>

GET /group16/M00/BA/4B/d7wtWVbNX2QAAAAAAABV3x-aSpw439.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: res.m.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Mon, 02 Mar 2026 14:19:40 GMT

Date: Fri, 04 Mar 2016 14:19:40 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 21983

Last-Modified: Wed, 24 Feb 2016 07:44:43 GMT

ETag: "56cd5f6b-55df"

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:2 (Cdn Cache Server V2.0)

Connection: keep-alive
......JFIF...................................................%...#... 
, #&')*)..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((
((((((((((((((........@...............................................
............}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:
CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................
......................................................................
..........w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:C
DEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................
.............................................?...O...a\vGO3"m5..YO..&g
t;V..Ma*...}...U....O.............Xw. ..)..$.N..0.. .w.f.&..F...Rh....
...F,i.9."$A.... .r..d...qk"....$}........q7..t.....[G.[.}.!O..?CX....
.y3...!.<.......n...jj?v.V....Y...C*........k...FEY...b........)...
..'.`......<.hd?0..u..1.....n..u.....6..Ud!..`Gpk..{......JV(\T....
ZTYb..>W...F.auu.-..Kwn........f....[4....B.CA.C....OUb.........8..
...i..6..8.b....Xg...?.w...d..qN...D..hFei..x..x..#..\...4...fu..h(p9.
.[...T.Sv9..?|.'.1.q.qE.b..l....D.7..$.......0....^.....XN%'?.'.k..-..
.(........lW...LW.{d...7.,.u.P.R..)..v!... i.:....-....=.E..8...4\....
}....E..%.(..(.w${XJ..}.&.*.....a...R..u.Z.a.....XP..p_..a&.iz...(....
.6..,}.......U..c.{mkA..>fe.RdUP....w....q...psM.Gr.....q... ..X...
~...E.u.i1.)..8..Tr.m..}[email protected]..~5..Y..vaET.<wA{k..
.}..2.v.......F]s....O.:..B..N.3.G.F ..B.....R.1..u....s.....9.g:.....
.0...#.;.OJ.1.S...pQ..'.S..t.......M.T.u.H..x.R...3.....*....74...<<< skipped >>>

GET /statistics/StatisticsAction.json?uri=studio_ie6_windows xp&value=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: statistics.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849081


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:18 GMT

Content-Type: application/json;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Access-Control-Allow-Credentials: true

Content-Encoding: gzip

3a.............VJI-NV.RR.Q*.I,)-V.2.QJI,[email protected]*.....0..HTT
P/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:31:18 GMT..Cont
ent-Type: application/json;charset=UTF-8..Transfer-Encoding: chunked..
Connection: keep-alive..Access-Control-Allow-Credentials: true..Conten
t-Encoding: gzip..3a.............VJI-NV.RR.Q*.I,)-V.2.QJI,IT.....2..@.
...7.F*.....0......

GET /pc/css/headfoot.mix.css?20160602135939 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 06:30:53 GMT

Date: Thu, 02 Jun 2016 06:30:53 GMT

Server: nginx

Content-Type: text/css

Last-Modified: Thu, 02 Jun 2016 06:06:15 GMT

Transfer-Encoding: chunked

Cache-Control: max-age=604800

Content-Encoding: gzip

X-Via: 1.1 db77:7 (Cdn Cache Server V2.0)

Connection: keep-alive
1530.............<i..8r.. .;...d.}b..dll..O..6...Zbwk..4..~.....-..
..H....'..b..V....5.z08/....o..x..CS...2.....!x...s........... ..2..eU
...kY..~..SS<:...|..8... @.t.P6..nj.t.n..}..O....}..xY..{?.....?.ro
....E...g...bp.%....{n..{..k.^c......n..n..[.nS...v......u s..{..[.]..
....(......@.....~.0..{"P!..........!..............H.....#........mS..
..........0Bz.e.U^V...p.....t]c.0...S66..*k.....X.}[e.....om..Y=<..
....d..|..6........1....c.I..........u...r..R......G.E..b....}x.....2.
..9...f......^.?e.......g......Y..Gy.3.......<.oe.})..z.o...x..O...
[email protected]..].......b.5./5............`.....bsn.{.... ...
[`k......R......J.- k...4. P.=.B...b%.?5.^^....jz ....p.. ........z}..
.....#.}.... .r?on...]y......j!w.C...d.l.. .....O....?."....n... .8..&
C.Ep..L(....N.A~).Ky.g.s.....K....o.......).I*.a 3..g.....Q...OQ.n.8..
.8ys|.a.t.................;j............j..n.....^.]...?n..\..;.?....)
...C..^.=.6.....38~.2R....L.{C.....z......`QG..y.e.....W...8#-....\.}.
.....R...............|[email protected]...>46.D{..)..aY.......)..
...b...Y...L$...[..4a..G.....Q.....:B/.9....v.=....s.._..=..Q..>...
.)U......V.y...>.f`).j..."..x!3U.8.u:j..-B.}..R.8...D..3.....E.j..|
[email protected])k..Lj.}.=..Q..iz4#.\.....v:...P.N.m.Y..m.V..X!.HN....m.....
....A..t.S.:p...o......g..c....N:.r.J...O...N.....6u.......*.*[email protected]...
.......!.....]......H...7..T."".t...Z......Z...E..bAO...TQ.1'.I..e.k..
~DZ.\...>.......... 0.'......Fv.=Zh..........X:.1..V5.&...y).cb~.e.
.o.C....y....h`..F.:........v...........}.|.y..........G...._.-...<<< skipped >>>

GET /pc/js/headfoot.mix.js?20160602135939 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 06:31:00 GMT

Date: Thu, 02 Jun 2016 06:31:00 GMT

Server: nginx

Content-Type: application/x-javascript

Last-Modified: Thu, 02 Jun 2016 06:06:15 GMT

Transfer-Encoding: chunked

Cache-Control: max-age=604800

Content-Encoding: gzip

X-Via: 1.1 db77:10 (Cdn Cache Server V2.0)

Connection: keep-alive
3903.............}kw..u.....{d.[h4.R.H.5..c<L.G...'$G.......PwA Mb.
...v.....>...7{...............f...a..U.]....O...[l..........,.. ..y
....=......=..l.Dlh...$...i....L...'^V.:M..%Q....I.4...l.o..g...N.c]9.
.\j...a-.J.G..>.,.......O........-.'d....x.i..GI......l....X.v...v{
.8..7..?.z.....#oI..Y.........AH68...LL.....1K!E...V.H.$~.*...O...u...
t..0...Z....a....i.\c..}.....).p#[email protected]..
.........,.<..V..vt.x.\ZsW.v.....PL_M...M.0.... ...a......X.....O.}
g..... 1.o.(.p...,.....C.[A..........c.5b>f..0-..OOR.&...~.P.6..6..
...:.9..t....tkJ.O.....z.\h....r.:.^.).........C.....pG....H..........
\,...B.t.O. r.1.S........3.'...}.i.B?...E.a6.hO..........g......].%...
GcN....O]..?.'!}..0.$.EH..G.8...x.C........N.<..x...19...J...4.i:..
`l......9K..)3-.t....n".x*.w.0.Y...lked.^.'~.N...F ...T..g..t.\?..=...
T_\.....O.,....T..=-...0g.&|zy.9.......O.Y^[..T._^....H.P..a.D.y{.o..i
.C.8.....z..h?.P ......w...s...{..{.......u......W.^..~.*Qdc..x...)..z
....:.z(...........8.<../X{...m.......Io.`I.....r......>..F.`.z.
4...9.."....e..-.6."..*..q....X..v.p6....V[.....~.....u..0..;.$......y
.~8.O..:.".$.e..%%hEeJ]a..-....9}..!.F.....".}n.lr..D|..$..4.\4.......
5.*E....LI>.rV.tN..Q.B.('v..%:?..`.....<.....K......).?>j..q 
..........|C1.>.....Y..q.-.}[email protected]..._.........L...?...
...&K...q?.......J/uA.....>M.5.J.4..#.z)_L., ~.J(J.e2IWS......ex...
.R..|._YB.*..Q..,[email protected]..!A..duU.3.U2..:...P.N.P..cb...F..&.S...w
.o{..=...t.\[email protected]@[email protected].?.........|.n)......(f...^...<<< skipped >>>

GET /pc/images/2wm.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 15:00:52 GMT

Date: Fri, 27 May 2016 15:00:52 GMT

Server: nginx

Content-Type: image/png

Content-Length: 14508

Last-Modified: Mon, 23 May 2016 11:22:41 GMT

ETag: "5742e801-38ac"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhdx182:8104 (Cdn Cache Server V2.0), 1.1 db78:10 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR..............X....8sIDATx..}..........HG@.#.."".@....
..RD..(.{SPQ.JQ..*E.....(.(..... .......u.3.;........f./..99.I2Y.....)
)))..n....4.t...).9s..Y.f......2_F.y.....Yg...8p./e...?...>....8..m
..../m....3.6)Q.Df.'b.H. %.De..g..M........P... y....{.........j.. ...
.s.5....Q..s.9.6...w.mR.lY..`[email protected].#.......L.... ...
t..*.d..\u.U.6..d..}N...M.$..?.4...,.4h.@[o.3..'....$.r.... v.........
...QQ..5.H.R....y..7...*_....C.B.8p ..{..W.aq|..7n..m.....7...2....?..
....,..es..:..|...w.?.|m.....L...\.e[....m..MP......>}..G..q5,Vz.&g
t;'.~.!m".....r_z.%J.S.N%.....O....1#t.c.=.JO=P........Q.<....s^{..
...Jy....|..m..{....'...~h....MS...v.;.<m.{...,.............W.hQm&g
t;..Q.F.Q....D.g[.n....O..i....c.{...D=.2..u.].mL.Q...r... n...CO..f..
w.......X..F.S.&.........9..8.. ;w.t.=.5.y........U.V.y.....^{.....B..
[email protected]..#..A,@,@,@..aj.......A......I_..u.Z.jT.F.Xh.
.a....K..U.......&.z....Z.j.>/..2....X`^te,S...........|>@ti....
e......^x..0.tr..I..t-w...............k.x.*U......h.~..E...-Z.{h.....g
.}Vy...........o.....\r..#...d.....[..{..A._y..i... .n..i...8Hk..Q|>
;w.....M.<9f....f#.. .. .... .5....k^...9r...y..%......6.....s....*
?..(. u..Q..u#.g....{..A2bA...n..Xx.E.P(.$.S,]Z.|.\^cP^.r..... ..aj..)
...LW.../.......$#...........y...;..".. ..,p..(......K.... X...If.....
..W_}.........wh.0q.=.kG.;..)......H. (P,[email protected],....X
.\9e.5k...yL.Rb.5....4..tU....z.d...........M`.....u......<Xy......
.][Y."E.h.N..........yA...)>..XZ....Ml...r.4m?a........[>..e<<< skipped >>>

GET /pc/images/components/w-head/images/w-head-sprite.png?$cssjsdate HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 15:03:34 GMT

Date: Fri, 27 May 2016 15:03:34 GMT

Server: nginx

Content-Type: image/png

Content-Length: 6079

Last-Modified: Fri, 27 May 2016 05:46:55 GMT

ETag: "5747df4f-17bf"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhenjiang80:8105 (Cdn Cache Server V2.0), 1.1 db77:9 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR.......}.......w.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...giTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:2BB29396CBA7E5119F439F0DA7ACDCF2" xmpMM:DocumentID="xmp.did:2507
8143CB2911E58A13920359E01A66" xmpMM:InstanceID="xmp.iid:25078142CB2911
E58A13920359E01A66" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:285B92DA28CBE511A70
1DDAE9E0BDC70" stRef:documentID="xmp.did:2BB29396CBA7E5119F439F0DA7ACD
CF2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>.m......PLTE...........3.U-........N...,,,V.
.......TTT...........{..7.....I.kP..8........6|M&..m,e.....d6.........
..o..E......aaaQ2"..4.....Q.....<..a..g.........*.......o...Br.uuu.
..Hh~.....0@??....g .l.......C(..~~...................w*.........1t...
......:.Z*..W..A....uG..........r .y0..F.....Q..]....tl'Z....0z......=
.......v..............f ..9........H......._5.....[.q.....z1iUK.....7.
....j........g.....y.....x1.............>......3Xz.jE.r/|.`k:......
./......c/.......................1.........................p-..?..<<< skipped >>>

GET /pc/images/components/w-leftMenu/images/icons-menuclose.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Sat, 04 Jun 2016 04:36:25 GMT

Date: Sat, 28 May 2016 04:36:25 GMT

Server: nginx

Content-Type: image/png

Content-Length: 1914

Last-Modified: Tue, 24 May 2016 09:18:47 GMT

ETag: "57441c77-77a"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou185:8111 (Cdn Cache Server V2.0), 1.1 db78:4 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR..............]Hr....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:A304DAA9EA8111E5BB679C93
BB9C9144" xmpMM:DocumentID="xmp.did:A304DAAAEA8111E5BB679C93BB9C9144"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A304DAA7EA8111E5BB
679C93BB9C9144" stRef:documentID="xmp.did:A304DAA8EA8111E5BB679C93BB9C
9144"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>..&.....IDATx...]HSq......9..S...S/..8D...q
}.KH..S.C/.Db.%........C.T.$YT.Z.... .zp.A...t..s..........9p..x......
....FGG..`...{...U..n...<..Qm.a8p|....B....U.4F.....>.0..>.=S
....<....y...`.W".......L.:f..q:.zE...H)f..I..(**rc5..P.f.....S.9..
....A..........Ld.f........0....%.r.2.<c"[0.)..T)-..h.....b.....x..
F].V.F%.UM3...).v...p...H....^..j.1.:.M......rc.)B'.....)b...bl.`... .
.D.A..D.A...7 ===..Dx{:...j.9...`hh.......}U(g......6...zL..2<.....
0.4Bu....iPSS.C.K..mj....:.....o........ ..G...........o..r.@ .......R
.A..D.A..D.....!......U.....)...H.W.H.)..Fi.m..V".x.. ...:..'.a%2;<<< skipped >>>

GET /pc/images/components/w-leftMenu/images/icons-leftMenu2.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 13:23:29 GMT

Date: Thu, 26 May 2016 13:23:29 GMT

Server: nginx

Content-Type: image/png

Content-Length: 3501

Last-Modified: Wed, 25 May 2016 10:22:46 GMT

ETag: "57457cf6-dad"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhdx182:8110 (Cdn Cache Server V2.0), 1.1 db78:7 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR...,...........9A....tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:78147A0941E8E511B4F18C60B26C9B4B" xmpMM:DocumentID="xmp.did:C28C
A4F60A8911E6A7BC8ECC5119A4F7" xmpMM:InstanceID="xmp.iid:C28CA4F50A8911
E6A7BC8ECC5119A4F7" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DE35EEEE6F08E61188C6
FFEC2BF8B5A6" stRef:documentID="xmp.did:78147A0941E8E511B4F18C60B26C9B
4B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>.'w.....IDATx..\i..E...,...cP\..4....u."..h.?
&.F.. ..!v...?....Q.D.}A.VdQ..]c......w..A.....m...f.......YvMW.ez._..
MMu.W....<..H.nll....X..........W........e^.Cw=p'p!}9.m..X.Iu.v%.k.
C......{.K..@7......\ ^J.A~.........S.^k4t........X..'....6.. .Q,.q\..
....r.....vi>r'_#.................|.V.a.....4`O.G.a..t.D.0...w.p~q.
..{G..G...2`...A}..-|.'.=:Bl.......d.x%~.....7..x0i.D.. ?.T.-..e~.K...
,..n!.O.3....N.."s<..,../5?.-..8.8.}.......FS.....1.to.5.J.xo....|.
...~.....2.~.......m....1a*..Y.-.;....?Jp......../.(...:..6._....Y<<< skipped >>>

GET /pc/images/components/w-thirdpartyLogin/images/login-close.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 01:15:21 GMT

Date: Thu, 02 Jun 2016 01:15:21 GMT

Server: nginx

Content-Type: image/png

Content-Length: 1093

Last-Modified: Tue, 31 May 2016 07:31:37 GMT

ETag: "574d3dd9-445"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou190:88 (Cdn Cache Server V2.0), 1.1 db78:8 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR.............r..|....tEXtSoftware.Adobe ImageReadyq.e&
lt;...!iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC (Windows)" xmpMM:InstanceID="xmp.iid:ECE434E8F27011E58FDE90351
826CD97" xmpMM:DocumentID="xmp.did:ECE434E9F27011E58FDE90351826CD97"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ECE434E6F27011E58FD
E90351826CD97" stRef:documentID="xmp.did:ECE434E7F27011E58FDE90351826C
D97"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>........IDATx.b<s..3.......M.......@.%..p
[email protected] .e..........4B5...)@.kA61..3piD....c.Ib..M..0.....).@....
...]...4.c`.6... ..M..M0'..b. v..t.Y...O....&|.. T.......@....#T.@6...
.|..l,.......v......D....IEND.B`.....
<<< skipped >>>

GET /pc/images/default_portrait.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 15:13:44 GMT

Date: Fri, 27 May 2016 15:13:44 GMT

Server: nginx

Content-Type: image/jpeg

Content-Length: 7872

Last-Modified: Fri, 20 May 2016 09:37:16 GMT

ETag: "573edacc-1ec0"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 zhenjiang80:8107 (Cdn Cache Server V2.0), 1.1 db77:0 (Cdn Cache Server V2.0)

Connection: keep-alive
......JFIF.....d.d.....C..............................................
......................C...............................................
........................Z.Z...........................................
.........................................y......g..........z......u...
.|[@.UC^S^%...a..C....j...a.$#.3}..h}qG.9.g...,%.nS.D.).Y....u.h.#gG.`
..AK.K..#.. 33.:@._....(...q.c....{.*.R..L.5n..l.w c.J`M..R.......#8..
\..i.I...yU..P.............X..e...i C.0..zT...!?.Z.%7.I......Z.F6..x..
^O.a...S)..[.~.R...3uu.n..1..}.`..(.....b...}7.L-..\[email protected] 
.`[...i..]..h...%F.<'<.HQ.v.uz..O..DJj(V..<[email protected]
...c......?.l.$R^..6..1jez5o..B.R\...9..Yw.s.....)....................
.........."3. !#45A.............I....."........F.3.....l;9..W.6.\3B.r.
..!)..!.m.gd..L%......Em..F|..=]a%..............!k....8...B.....c..0X.
.k...j.......\.3a.....I|e<...p....VE..[.W-u.......#.6.j............
...W".uM......,.....l...K.e./.[.2........P...x.>.U\.c. .....X.P..5.
....X......x`6..%m[E.....1.h>BWWTG_....H.S."...4. ."d.......f.&.h..
| ...._....#[email protected]~Y.d....D...Kq....%..Il..x...c.H{..%. 
.'quo..BEu........`.K..g......g...?........................!1....AQ2a.
..."3q....#BRbr...... 4CS.........?....T.....F....."..v..[..G.~..#..e.
>.>..#.....x..&c..N.%w......[..........>..x.P..`.1.4....%i...
.;$c......m"...i.............. [email protected]'[email protected]
...s.....R.4.......OjsPbcS...2......o..G2=..b..-.....<.......M4L.SZ
85.......v....s....7?..TZ..}...IW..-.......f.%..U=.f...-..]......O<<< skipped >>>

GET /pc/js/lib/requirejs/require.js?20160602135939 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 06:31:03 GMT

Date: Thu, 02 Jun 2016 06:31:03 GMT

Server: nginx

Content-Type: application/x-javascript

Content-Length: 14904

Last-Modified: Thu, 02 Jun 2016 06:06:11 GMT

ETag: "574fccd3-3a38"

Cache-Control: max-age=604800

Accept-Ranges: bytes

X-Via: 1.1 fuzhou191:8111 (Cdn Cache Server V2.0), 1.1 db78:7 (Cdn Cache Server V2.0)

Connection: keep-alive
var requirejs,require,define;!function(ba){function G(e){return"[objec
t Function]"===K.call(e)}function H(e){return"[object Array]"===K.call
(e)}function v(e,t){if(e){var i;for(i=0;i<e.length&&(!e[i]||!t(e[i]
,i,e));i =1);}}function T(e,t){if(e){var i;for(i=e.length-1;i>-1&&(
!e[i]||!t(e[i],i,e));i-=1);}}function t(e,t){return fa.call(e,t)}funct
ion m(e,i){return t(e,i)&&e[i]}function B(e,i){for(var n in e)if(t(e,n
)&&i(e[n],n))break}function U(e,i,n,r){return i&&B(i,function(i,o){!n&
&t(e,o)||(!r||"object"!=typeof i||!i||H(i)||G(i)||i instanceof RegExp?
e[o]=i:(e[o]||(e[o]={}),U(e[o],i,n,r)))}),e}function u(e,t){return fun
ction(){return t.apply(e,arguments)}}function ca(e){throw e}function d
a(e){if(!e)return e;var t=ba;return v(e.split("."),function(e){t=t[e]}
),t}function C(e,t,i,n){return t=Error(t "\nhXXp://requirejs.org/docs/
errors.html#" e),t.requireType=e,t.requireModules=n,i&&(t.originalErro
r=i),t}function ga(e){function i(e,t,i){var n,r,o,a,s,u,d,c,t=t&&t.spl
it("/"),f=D.map,p=f&&f["*"];if(e){for(e=e.split("/"),r=e.length-1,D.no
deIdCompat&&Q.test(e[r])&&(e[r]=e[r].replace(Q,"")),"."===e[0].charAt(
0)&&t&&(r=t.slice(0,t.length-1),e=r.concat(e)),r=e,o=0;o<r.length;o
  )a=r[o],"."===a?(r.splice(o,1),o-=1):".."===a&&0!==o&&(1!=o||".."!==
r[2])&&".."!==r[o-1]&&o>0&&(r.splice(o-1,2),o-=2);e=e.join("/")}if(
i&&f&&(t||p)){r=e.split("/"),o=r.length;e:for(;o>0;o-=1){if(s=r.sli
ce(0,o).join("/"),t)for(a=t.length;a>0;a-=1)if((i=m(f,t.slice(0,a).
join("/")))&&(i=m(i,s))){n=i,u=o;break e}!d&&p&&m(p,s)&&(d=m(p,s),<<< skipped >>>

GET /pc/js/studio.js?20160602135939 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 06:31:04 GMT

Date: Thu, 02 Jun 2016 06:31:04 GMT

Server: nginx

Content-Type: application/x-javascript

Last-Modified: Thu, 02 Jun 2016 06:06:15 GMT

Transfer-Encoding: chunked

Cache-Control: max-age=604800

Content-Encoding: gzip

X-Via: 1.1 db77:0 (Cdn Cache Server V2.0)

Connection: keep-alive
800a..............k...q ....`[email protected]=..U.>(.,...p...K$u
$..$....e..e{..]k.c....%kV.1w.g............%y..w.H]`>#3###"##6.3...
.._..(.`.`8;w.....3v}gd........0...r.......4....B..O...:S..:z...$Z..:.
f..^.?6.gL..% 4|..7/c'R....... ..d...........I/.V..jQ.pb....s#.c.....o
.....Y..ah_*.....o.....E..... 0.RA..c.....|..,.r.9)[email protected].<.e
.7.....M=.V!f-....=....k.:.v..}.|...G.0.\....k...G.SY<... .I...>
91..d.m4.:,M.........>......4.o:gw.N..ms..\..Me.......u.~........-M
.k.[P.u...hU.4..&ap.48H........7.Nh .....W..y5x...!e.<.L-.'N.-u.A..
e.;...j|..,.....j..J.."...N.b;.VI...l...R{.B..B..BeP=q....V.Z...@.{...
....n.!.5...S..ou".K6.]....s..Mm..S......_^.....sm.u..=;...,.8,...[..s
.....~w.h......H..8..$.Oj..G....o..}.</....#f..../.M..&..-{.m......
... .7&'4P.Hr...1...x8...z...\8.-;rt........y.K&.NC.~..2|..2"A-....M..
6.RPM].T..r..8s}....o....|z.<..d....*@...R._P..L..O M]S/Y_.........
>@U.e%iPi.H....&...u|.:G..;....o...W...s..",0...y..w....;..wvo.Z...
v.{s...vwv:;]..........[.....{T...4n.......i#........1.O.......o..^y..
.l(..T...*#;..D9".......$..........k....s1F8...W.....5.(.N.?_..Jk.;.=7
.L.O...r....G....7.C'J{....2*.C[D.Dl.bA..JQ.RV. y.p..pN.i..W.w......zm
....3"......E..E...2.A>_..P..)....k!VU......H..Rd..!..gA..C.....p.T
R...$........O...Z.GjT.&.S.d. r.. |x.A3...]o..~........`H^.NY..85*.s..
..}.d..#.....S...{..K2..v...G.8..(.l.9..j.'.......5..A.s.|YD..#WBb.(.P
..R8.j1.....T.CGe6_..(!~..J0Lv.$ _q...S.*.....%...-).......=.e*3_...:&
...-{kK.u...S...f.P...y....;Lz.\..9.y......L.2...H=...`.....l.}...<<< skipped >>>

GET /pc/images/components/w-liveplayer/images/w-liveplayer-sprite.png?201605261526 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 13:46:52 GMT

Date: Fri, 27 May 2016 13:46:52 GMT

Server: nginx

Content-Type: image/png

Content-Length: 4789

Last-Modified: Fri, 27 May 2016 11:23:26 GMT

ETag: "57482e2e-12b5"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:9 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR...............e.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...niTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:fce01c82-3482-443c-b8b3-396eb82a1c25" xmpMM:DocumentID="xmp.did:
E9A322F8231A11E6BED4EFD29F3E9143" xmpMM:InstanceID="xmp.iid:E9A322F723
1A11E6BED4EFD29F3E9143" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A8C2D00A6022E611
938EA93BE443F9C0" stRef:documentID="xmp.did:fce01c82-3482-443c-b8b3-39
6eb82a1c25"/> </rdf:Description> </rdf:RDF> </x:xmpm
eta> <?xpacket end="r"?>j..v....PLTE.......JJ9.%....ttj......
....f..3v.i..........D....-...z..""......VVV.QQD.1...X.G...,..........
....".......|..L...<..4....Y...........................2...........
.44.......jj...........u...|..K..d...........)..s.....................
..N.=.......bbK.V...........).....>D.2V.............Q...'..........
S...............\....,I.!.xxk.\....--...S..A.2................>>
..$-..............x.....\..2....?.................u..AF.*G.$.....C....
c-.......**........<..<[email protected].~...B......<<< skipped >>>

GET /pc/images/loading-white-mini.gif?201605261526 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 13:46:55 GMT

Date: Fri, 27 May 2016 13:46:55 GMT

Server: nginx

Content-Type: image/gif

Content-Length: 12694

Last-Modified: Fri, 27 May 2016 11:23:22 GMT

ETag: "57482e2a-3196"

Cache-Control: max-age=604800

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 db77:1 (Cdn Cache Server V2.0)

Connection: keep-alive
GIF89a............E..g.....s...........&..............c...........C...
........y..S..............Z..... ..[.................<..L.....m....
.{..l..K..4....................2.....#..:........z..s...........T.....
.......................................,..........................[...
.....................................................:................
..........e.............}......N..................!..NETSCAPE2.0.....!
..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-
c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="ht
tp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.
0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" 
xmpMM:InstanceID="xmp.iid:7B2AD44BD6FD11E5A2F6C23F896E17AB" xmpMM:Docu
mentID="xmp.did:7B2AD44CD6FD11E5A2F6C23F896E17AB"> <xmpMM:Derive
dFrom stRef:instanceID="xmp.iid:7B2AD449D6FD11E5A2F6C23F896E17AB" stRe
f:documentID="xmp.did:7B2AD44AD6FD11E5A2F6C23F896E17AB"/> </rdf:
Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="
r"?>...............................................................
...................................................................~}|
{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<
;:9876543210/.-, *)('&%$#"! .................................!....<<< skipped >>>

GET /MGFhN2YyZTEtZWM1YS00MWJiLWFkZjAtNWYyYTExZDQzNTg0.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2dl.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 06:26:36 GMT

Date: Thu, 02 Jun 2016 06:26:36 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 57637

Accept-Ranges: bytes

Last-Modified: Fri, 08 Apr 2016 11:45:17 GMT

ETag: "05103121f4d2ad1e1d0d5fd6247c26df393229fa"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 zhdx182:8108 (Cdn Cache Server V2.0), 1.1 db78:10 (Cdn Cache Server V2.0)

Connection: keep-alive
......Exif..II*.................Ducky.......b.....*hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c01
4 79.151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:8C674D38FD7411E597FADFC94
CEB5A8E" xmpMM:InstanceID="xmp.iid:8C674D37FD7411E597FADFC94CEB5A8E" x
mp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFro
m stRef:instanceID="xmp.iid:F49862DFFCA211E58BAEE6768DC01998" stRef:do
cumentID="xmp.did:F49862E0FCA211E58BAEE6768DC01998"/> </rdf:Desc
ription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&
gt;....Adobe.d........................................................
......................................................................
...................B.b................................................
.............................................!1.AQ..aq...".....2....B#
3...Rbr..C$456.c7...SsDd%Ue.89.....................!.1A..Qa.q."......2
...B#..Rb3.r..$..Cs..S5.c...4.............?......@..>.C..r...S..QO.
..j.,4..B.c?....2..P..>..S=x.A...W..\...........=.%......-Q=.E4.5..
...~.&1u.1.E3.A..........0'...F......I.L.M.....4..)(...OJ;P...O.A.0<
;..0.$t...Hj8..Z:y.|...d....&XT.mU{....-..:=P!..2...$.cX..@.!CNx.r<<< skipped >>>

GET /ZDJlZDFmYWEtMjgxOS00NmU3LWE1NzQtMjYzYWM4NDkwMWVj.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: emyfs.bs2dl.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 04:37:04 GMT

Date: Thu, 02 Jun 2016 04:37:04 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 87874

Accept-Ranges: bytes

Last-Modified: Fri, 08 Apr 2016 12:06:09 GMT

ETag: "fc382aa7256ccc1b335b878ec4e32ad2d916a2f1"

Cache-Control: public,max-age=86400

Age: 1

X-Via: 1.1 fuzhou186:8108 (Cdn Cache Server V2.0), 1.1 db78:1 (Cdn Cache Server V2.0)

Connection: keep-alive
......Exif..II*.................Ducky.......b.....*hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c01
4 79.151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:74445BFFFD7411E5BBD599E46
9D2731B" xmpMM:InstanceID="xmp.iid:74445BFEFD7411E5BBD599E469D2731B" x
mp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFro
m stRef:instanceID="xmp.iid:DB4D34DFFCAA11E580E9BDA302A424FD" stRef:do
cumentID="xmp.did:DB4D34E0FCAA11E580E9BDA302A424FD"/> </rdf:Desc
ription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&
gt;....Adobe.d........................................................
......................................................................
...................B.b................................................
...............................................!.1.A"..Qa2.q.BR#3.....
45....brCS$T6..cU7..sdV...DE.8....e.&F'......................!.1A..Qa.
.q.".....2...B..R#3br.....$5..4..CS.............?....>.Zn.L.>.[Q
r.o...D.)Zc...,Tu.s..wV.........^.P...f..W...;.]wvD.Ii.....\[email protected]
..di.Qk...95.v.H...y...f........w..[SjPI.TH.w.E ...A..>...0.. .Lc1l
...C.o...8....|..A.!.......E....t.x..u|..B.B." .)A...%zD.b.g...n..<<< skipped >>>

GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&io=1&ut=1464849074691&rnd=0.79673912970488821464849074691 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /1354080893_1464664091.891954.jpg?ips_thumbnail/4/0/w/363/h/330/format=jpeg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: mobilelivephoto.bs2dl.yy.com

Connection: Keep-Alive

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074


HTTP/1.1 200 OK

Expires: Fri, 03 Jun 2016 06:31:10 GMT

Date: Thu, 02 Jun 2016 06:31:10 GMT

Server: openresty

Content-Type: image/jpeg

Content-Length: 14136

Accept-Ranges: bytes

Last-Modified: Tue, 31 May 2016 03:08:12 GMT

ETag: "09b11e27d1efcc3f65282a1f60267dfb631eb5d3"

Cache-Control: public,max-age=86400

X-Via: 1.1 fuzhou188:8106 (Cdn Cache Server V2.0), 1.1 db78:0 (Cdn Cache Server V2.0)

Connection: keep-alive
......................................... $.' ",#..(7),01444.'9=82<
.342...........2!.!22222222222222222222222222222222222222222222222222.
.....@.`.."........................................................}..
......!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXY
Zcdefghijstuvwxyz.....................................................
.................................................................w....
...!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZ
cdefghijstuvwxyz......................................................
..............................?...L....P.QE......Z.(4R..k}..(c.H.v....
.-..v......4..:).{....55C.J...(..C.(...;UY.....Q.8....I...j{u....?1.0.
[..>.........J..2i.TFzt...&.n..6......I.h.....V..sP..g....C....<
......y..'zx...p.*t.P.Z.h%..2j..Z!.j..Lu.Q@..(...(..4...%..QH:...ZZA..
..CKI......!.x.J........ka2.1M~....l.p{.Tu......;.#.-<u.....(.0.4..
@.c....E\...j..`U!...s...yp .$U"...[.F%.j..G^....JJ2NA.. d..JK..s.k..P
c.........N.V...s......Kc.F..\.....&'..V...UVdP......RG?.....j.r.Fz...
....T ............L..Ps.zRQ]OF...<.6.....O..o*.t..Vk. 3..yd....q...
.9.JI..4.sQ.. ...9nM......T.)....:T..]*\P&-.Q@..(...(.....zS(..u..(<
;...ZZA....JZm.F.]........&.[...i.............F.S. .S.F.QE.!.......G!.
....w..s...\W7..l...V..d...^^,k.....).K.F...../.H....X.p..vF.#.sm.....
...4c9|.N.H...}..}...ibn.....M.........9T..h.R......)#.y.],..^..a`.z..
..^$$.~W.=..yS..........5.H.t....C....V.q.F..v.r>....... ..Zgd.....
...h.94..fN..r.Si...e....z..:.. sHE........wN)[email protected]@[email protected]<<<< skipped >>>

GET /cm/user?time=1464849065&domain=yy.com&zds=www@yy|&hiido_ui=0.572767224148353 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: nginx

Date: Thu, 02 Jun 2016 06:31:03 GMT

Content-Type: text/plain; charset=UTF-8

Content-Length: 0

Connection: keep-alive

Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; Expires=Tue, 29 Nov 2016 06:31:03 GMT; Path=/
HTTP/1.1 302 Found..Server: nginx..Date: Thu, 02 Jun 2016 06:31:03 GMT
..Content-Type: text/plain; charset=UTF-8..Content-Length: 0..Connecti
on: keep-alive..Location: hXXp://cm.hiido.cn/cm/user?hi_tc=1&domain=yy
.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&..P3P: CP=
"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Set-Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"; Expire
s=Tue, 29 Nov 2016 06:31:03 GMT; Path=/......


GET /cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&tanx_tid=rzQriA3wFNQ= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cm.hiido.cn

Connection: Keep-Alive

Cookie: cm_ui="OuuEUGzZXbY/329qUHHKpA==|0.6"


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:09 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: cm_mapping=tanx|0|1464852669; Expires=Tue, 29 Nov 2016 06:31:09 GMT; Path=/
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: ng
inx..Date: Thu, 02 Jun 2016 06:31:09 GMT..Content-Type: image/gif..Con
tent-Length: 43..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo 
PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Coo
kie: cm_mapping=tanx|0|1464852669; Expires=Tue, 29 Nov 2016 06:31:09 G
MT; Path=/..GIF89a.............!.......,...........L..;..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:06 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Location: hXXp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849073&zds=www@yy|&hi_cmui=/CQ/vRyNOKd62lCrFSuMgA==&hi_cmuiv=0.6

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6& HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:09 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Location: hXXp://log.mmstat.com/cm.gif?url=http://cms.tanx.com/t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=OuuEUGzZXbY/329qUHHKpA==&hi_cmuiv=0.6

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=7687&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&io=0&ut=1464849088784&rnd=0.79673912970488821464849088784 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849082&username= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /pc/css/studio.css?20160602135939 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: yyweb.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 09 Jun 2016 06:30:54 GMT

Date: Thu, 02 Jun 2016 06:30:54 GMT

Server: nginx

Content-Type: text/css

Last-Modified: Thu, 02 Jun 2016 06:06:15 GMT

Transfer-Encoding: chunked

Cache-Control: max-age=604800

Content-Encoding: gzip

X-Via: 1.1 db77:0 (Cdn Cache Server V2.0)

Connection: keep-alive
29b8.............}k..F.._.N0Hw...m...E......|......d[>.m.r,.~.8.}.)
...d..Af.F::.`.X,..bUm^..9....m.\w..)|-..f.uV>..O...U_.`Wm.k.......
....9....a7.>g....c5 ...r...*..l.%6....%....... .[...~^.//.........
].-.Ay...O.z.;V...t........D....*(w...v.[.c....K.U....n..?.w........k 
..\O.C4?..C2?..C6?...c=o....r...n..).U9......T^...S....]}~...A]n..,.{.
.....*.p.[..}=V..... 5v.........X....F...o..}......>w..U#|.V.yM....
.t..\1...j........l.c.........ky..o.9...9t.c= %O......O..X_..].>.].
..r...p.}......8.Pv..iN3....N....6...0z.a>1SO.......<../Us......
..........'...g?...*?.c..=6.......%k.S.........t_...n/......-....`..?.
.(....$..J.Y.[}.4..<w.....nk.l.........g.=V.u_........._>r..g..O
.ERuwe.W...|f#.g...p..t....r..|...[...0.u...N....U..1..f..{....z......
...y.{[email protected]}j_...J....o..S..... ....O..
..s......O.9.\....*./_..r......wO..C.3......XN....K.Z...!...bh.b...I..
{.C...e..V....T..>.....?......_.^........G.xu...K.iYVW..."0X_.1.q.[
.W%[..$AD.50Qa...z|w.....?|.......m.(.ePO?\.?.'..............g.,.|....
Z][email protected]...!I."..........(.4...`&......ZI...)ZZ4..~.5.Z....
)..o.....,..A.B.L...T).._,M..5.}.5R...G..\.....CC..M..9....k......Z.?.
..-.........z9ws......6..#..T./..]..d&=..t..?.^...k4.'...P......d.....
.E]..Z..x..=.5.M..fK=.6{5.O.%...w.....p...r.m..._x.&.L..=.-.....Sfp..{
...[6o.......zeb.k.O-c..].....S...."....%......M..."].,..PU.^....G..5p
....:h...I......cn...F..|U.oo6|.Q:.1.....P..:\5.E.W.M....../..........
.. D...y.j1.2-..,h..r..K0......`@N|[email protected]#......#!'Y.<<< skipped >>>

GET /huya/main/pkg/auto_combine_334bb_d5d43b2.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.huya.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: a.dwstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Sat, 30 May 2026 07:36:17 GMT

Date: Wed, 01 Jun 2016 07:36:17 GMT

Server: nginx

Content-Type: text/css

Last-Modified: Tue, 31 May 2016 08:38:53 GMT

Transfer-Encoding: chunked

Cache-Control: max-age=315360000

Content-Encoding: gzip

Age: 1

X-Via: 1.1 zhj75:8104 (Cdn Cache Server V2.0), 1.1 db77:0 (Cdn Cache Server V2.0)

Connection: keep-alive
2932.............=kS.<...Wd..;..o.|....~..R.....tv..-...4q.....n...
c'...m..l.H:...]M/...I.H..x..{...S#...C.2....t...t....Q..Ng=c7..)...O.
......c......8I.y.Kf#.o.._..v........6.i2....VVq..z.a.cw...Q..?M......
....5o-j..-=.....|.F.i#....c..L'.(....,...sullT.i.....{sR..0...C. ....
..]."St....bx.7..`...X..p......1I..|.{..u.i.. .y...s/...Zrw0%.2..q....
$....t...=.......u>.y......ya.O.=.....<.{........W......t.3Z>
z;c/......(.H.vX.....x.[..4...l...O.t:.....&..<.E^.....M=_..>.F.
.IT....4Y....."...E....|/...."~.z.K....!....p...Z..ta."..`;.X.>....
r..H.kd.qX{.v..9o..$hi..$_...A..ip'F...dK.K....D...v..|A.<...O...F.
.5........I...\.. ..9dr.I.s..a........K&....F:.&.(.Uk:.Z.....GOq4..h.m
...t...U7..ow_W..r?\...E.]2.....r....y~...Exw.wF@&...:#at.RK.h./.T.. .
".Y....._.q....do..J....&_3.ljl.L...K..5..:0..Yn...mJ.*......R7..a...t
..#..F........b........IP..F...i:..e..t........v$...:..E.L.l~.....f.(.
.b..2......ik.H..[k.d.............3. ....tq...,..y.F^..;.....n]W.o.y..
&....A....!p.(..........T..xn.mU.7a..O...o...>:z.kE.!0..R.A........
@`!h 'K..l.....r\.$.}...8N...lDHuF.]....8...1.>dL#;.C.e58s.3..nw...
@..j...:..y.@.#.~ .JyXWa?....H.9.....T...GkA-(a".......t.1a..g.;.C..40
...d*....-.I'-.z.8......w/...5;[email protected]......
..B.q.'?F.....:.E3?^.~O:.d|H{[email protected]%Q..c.ti.8 ..^k.'b..5...
......D.3o...|.$../....G..........y...%3-2....;M..{.....;.a|.(N...H...
=......a.<...D.7D._4.../.$.g.x.[.8#Wd....B.*pQ#=...N..[5.|..Z..=...
.P ..JMz.5..|.*.[..{..ur&..IZ.L....^....7.vf.!y...V=..wv.2..h8....<<< skipped >>>

GET /j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&sid=36588833&act_type=1&source=0_0&bak1=0_0&parm1=0&time=1464849075&username= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Con
trol-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Contro
l-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-typ
e: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/mai
n/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtu
na=1&referer=http://VVV.yy.com/9050......

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Con
trol-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Contro
l-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-typ
e: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/mai
n/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtu
na=1&referer=http://VVV.yy.com/9050......

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.yy.com/9050

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Con
trol-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Contro
l-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-typ
e: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/mai
n/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtu
na=1&referer=http://VVV.yy.com/9050......

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Connection: keep-alive

Content-Length: 260

Content-type: text/html

Last-Modified: Wed,02-Dec-15 18:31:09 GMT
...<?xml version="1.0"?>.<cross-domain-policy>..<site-c
ontrol permitted-cross-domain-policies="all"/>..<allow-http-requ
est-headers-from domain="*" headers="*" secure="false"/>..<allow
-access-from domain="*" secure="false" to-ports="*" />.</cross-d
omain-policy>....


GET //get-data/36588833?subSid=2488366466&type=yycomscene&referer=hXXp://VVV.yy.com/9050&_=38874345 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Encoding: gzip

Content-Length: 798

Content-type: text/html

Set-Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6;Path=/;Domain=yystatic.com;Expires=Fri,02-Jun-17 06:31:09 GMT

Set-Cookie: hiido_ui=0.90771560971984433;Path=/;Domain=yystatic.com;Expires=Fri,02-Jun-17 06:31:09 GMT
...........UMk.9....h.O.F.%i.,.e......,!H%)n23..G.C...R{...C..C7......
S..&.wyhvbC.......}.k.SL(..1..M.w.T...8...o.3PZ&..V2._.e.......od4|...
...0L....Y#EE.W).Y.][email protected]&..4....%{...N.....v....p{:Q8
b>.m.....K...'..K...mE..n|A..$Z _d..P..>.wm.]. a?fJ.m.>.-....
....[........e..L...Sn..).c1...A...EL.y.E..x.Y.4V....#.....rr.%... .W1
kmR.F.h.).d.P2.k..!.V.}..KUEh_..Z'U.Je0H"...yr^.......d..8..I.x..J....
.w!..O?wn."..~...=...s\.....<....!s.M.aP;?a...|Z....md}.q9r..V..r..
......){Ijk..".EpI...............$..0....;....y.?.C....q...R..M.......
.#f....H.AL...k...].w.....vW3s...g...[....u.5^...6.3].......$r0..3...u
b..N.u:...;.z...6.(0.9...9...4......0..p#...n.. ..J.~....K.K.i.v...\.o
...[.....gk?J".<k".-....n..../>..<..Q......b.0.P..Y.....IJ.yx
7dZO...../......r1........Q."..E'[email protected]/1.1 200 OK..Acce
ss-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GET.
.Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connecti
on: keep-alive..Content-Encoding: gzip..Content-Length: 798..Content-t
ype: text/html..Set-Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6;Path=
/;Domain=yystatic.com;Expires=Fri,02-Jun-17 06:31:09 GMT..Set-Cookie: 
hiido_ui=0.90771560971984433;Path=/;Domain=yystatic.com;Expires=Fri,02
-Jun-17 06:31:09 GMT.............UMk.9....h.O.F.%i.,.e......,!H%)n23..
G.C...R{...C..C7......S..&.wyhvbC.......}.k.SL(..1..M.w.T...8...o.3PZ&
..V2._.e.......od4|......0L....Y#EE.W).Y.][email protected]&..4...
.%{...N.....v....p{:Q8b>.m.....K...'..K...mE..n|A..$Z _d..P..&g<<< skipped >>>

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433


HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Con
trol-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Contro
l-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-typ
e: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/mai
n/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtu
na=1&referer=http://VVV.yy.com/9050......

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.yy.com/9050

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433


HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Con
trol-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Contro
l-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-typ
e: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/mai
n/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtu
na=1&referer=http://VVV.yy.com/9050......

GET //get-data/36588833?subSid=2488366466&type=yycomscene&referer=hXXp://VVV.yy.com/9050&_=39600410 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433


HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Encoding: gzip

Content-Length: 794

Content-type: text/html
...........U.j.H.}....OCOw.]`B ....../.1}.EfFB.L....j...........S...OI
_ ............Z5]UW....4..u.......Q C...Z..LR..aL.e.HS...H-.HY...ry8.%
P..R...3F(@.>..@Z....}.!Q....~U..O.}...^...}..p.F76..v...}X....!...
T....9"~.!uL.M... ..n8.[V"..........p...Vuv.!a.ib.05x.%.j...V3k../d...
Dj..a...&|...Y.,.r.....*[O..V......(U0,s...%...|..s...J.wx}1..$"C.*...
.G}d..R..d.....x.VpI.... .>..QI....n...,.:g/..Tr.G.7....S...i]lv...
.NE.c.....u....J...9xfY..D..O.<N....O......f....e..S\.....G#.0Ds2..
...E...R..I..~1......S.>V5.|.a(3R..Q.(..|......q{...xH.d...j.m.>
$n.....,..\.<.s..>..........o......5.7.zY...s.!.....3...g@r%/r'.
>e.D..Ny3..t..q=..m.o.........5.\)%.....8....>I.).... ..j.6.6b/.
.....w.,_#tV.()o.\..}...y....eW..n.....e..7DZ..L......bf0....$`.O..$&.
.......q.~.....p...w9x..i.....f.)d...NUO...G%..Y...HTTP/1.1 200 OK..Ac
cess-Control-Allow-Credentials: true..Access-Control-Allow-Methods: GE
T..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..Connec
tion: keep-alive..Content-Encoding: gzip..Content-Length: 794..Content
-type: text/html.............U.j.H.}....OCOw.]`B ....../.1}.EfFB.L....
j...........S...OI_ ............Z5]UW....4..u.......Q C...Z..LR..aL.e.
HS...H-.HY...ry8.%P..R...3F(@.>..@Z....}.!Q....~U..O.}...^...}..p.F
76..v...}X....!...T....9"~.!uL.M... ..n8.[V"..........p...Vuv.!a.ib.05
x.%.j...V3k../d...Dj..a...&|...Y.,.r.....*[O..V......(U0,s...%...|..s.
..J.wx}1..$"C.*....G}d..R..d.....x.VpI.... .>..QI....n...,.:g/..Tr.
G.7....S...i]lv....NE.c.....u....J...9xfY..D..O.<N....O......f.<<< skipped >>>

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433


HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Con
trol-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Contro
l-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-typ
e: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/mai
n/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtu
na=1&referer=http://VVV.yy.com/9050......

GET /s/36588833/2488366466/yycomscene.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.yy.com/9050

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433


HTTP/1.1 302 Found

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Length: 0

Content-type: text/html

Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050

HTTP/1.1 302 Found..Access-Control-Allow-Credentials: true..Access-Con
trol-Allow-Methods: GET..Access-Control-Allow-Origin: *..Access-Contro
l-Max-Age: 600..Connection: keep-alive..Content-Length: 0..Content-typ
e: text/html..Location: hXXp://c2.web.yystatic.com/r/rc/yycomscene/mai
n/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtu
na=1&referer=http://VVV.yy.com/9050......

GET //get-data/36588833?subSid=2488366466&type=yycomscene&referer=hXXp://VVV.yy.com/9050&_=19542649 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://c2.web.yystatic.com/r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http:/%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: weblbs.yystatic.com

Connection: Keep-Alive

Cookie: wyy=8bafcb56c717427eb29f1d02f4d86ba6; hiido_ui=0.90771560971984433


HTTP/1.1 200 OK

Access-Control-Allow-Credentials: true

Access-Control-Allow-Methods: GET

Access-Control-Allow-Origin: *

Access-Control-Max-Age: 600

Connection: keep-alive

Content-Encoding: gzip

Content-Length: 797

Content-type: text/html
...........U]..1.}.g..>.4...XD...AX.....;.v......{3.].u.U.Z..s.=.9.
|.\w...f ..U..[.tU]1...F4.e.U...X.A.....}. P.q........c..b.....HE...0f
.>...R=.)..i..<[email protected].)./...b.1~XU...Bo.......>yr8....@B
.]..>.....!...d....yD..C....6.uA..n8.[f"..'.2.3..........6C.@.....`
-J,5.)M.a.......... L...c.....g.....fB.....4)..9x...C-W. J.$UA8....{..
(...U)C.,8.Q..4$..T...-.5.!.,..AXa.F....2.R!B.....RJc(....I..%....$kY.
..yn.l.u..}..s;&a.......kv..U2....{...ThN..TD....{w4..v..../.x\....b..
........D.sRS.tI.%I.....b.m.}..S.&V5.......r.(H<F....O}.T.-..>..
..@)....f.C.V.(|0.....A....[.n.O.}}]...7Mx..i...7.z....p.!........./..
.:.........:..x...O...v.M..Z........K.i-.....8....<J.*.......b.6.6b
/........L."tV.H)._.......y....eW..n....'..\K8 .ur.x.T13.e...Q.4W..$..
.....c.n.f..o..p.Z..>eJ....&...Y.<...;]}...6.jbY...HTTP/1.1 200 
OK..Access-Control-Allow-Credentials: true..Access-Control-Allow-Metho
ds: GET..Access-Control-Allow-Origin: *..Access-Control-Max-Age: 600..
Connection: keep-alive..Content-Encoding: gzip..Content-Length: 797..C
ontent-type: text/html.............U]..1.}.g..>.4...XD...AX.....;.v
......{3.].u.U.Z..s.=.9.|.\w...f ..U..[.tU]1...F4.e.U...X.A.....}. P.q
........c..b.....HE...0f.>...R=.)..i..<[email protected].)./...b.1~XU.
..Bo.......>yr8....@B.]..>.....!...d....yD..C....6.uA..n8.[f"..'
.2.3..........6C.@.....`-J,5.)M.a.......... L...c.....g.....fB.....4).
.9x...C-W. J.$UA8....{..(...U)C.,8.Q..4$..T...-.5.!.,..AXa.F....2.R!B.
....RJc(....I..%....$kY...yn.l.u..}..s;&a.......kv..U2....{...ThN.<<< skipped >>>

GET /r/rc/yycomscene/main/1/9/main.swf?type=yycomscene&topSid=36588833&subSid=2488366466&newtuna=1&referer=http://VVV.yy.com/9050 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: c2.web.yystatic.com


HTTP/1.1 200 OK

Content-Length: 21750

Content-Type: application/x-shockwave-flash;charset=UTF-8

Last-Modified: Wed,02-Dec-15 18:31:07 GMT

Via: 1.1 db80:8500 (Cdn Cache Server V2.0)

Connection: close
CWS.ip..x....<.....<.=3c.-....."K.....`..eF3C.H......B..EE..d.h.
=-.$.........~.....s....{.9......p. H...d`.F..A... ..d....^E..........
...1.X.7.n...L.4M|..A0D......'........h'xL.@....'[email protected] ..E...#,((.(
.....<."7GP.,@...#....AQ..K.....#.(E......IA!1......,...L7@bD......
 ......oB.....0........8,..............Q...,./....9....$<.*.....n..
..Z'g..V3....._..e.X.?.!0...m ..8...c.3C0.D..l...Z;g..5d....F..y.r.?M?
....C. .YB>Q.;..Z...E5[s......\..K...ERu.....=..dm.5..T5.TT)Y..u...
$..7.].M..g.>4..U....%..X...%........ .*.B.4.S.n....GS..).SOc.... .
.v..ovM....I......4.|n,.....n]^.Zw......}Zl.s.9e....S....#>...\8u.A
D..Q.;{..?2._.iu..90.r..w.....d.Z..D...[^6....3.-.....~7q..a.....og.j.
o.B..\...[.Z.]....E.....~....O.%*....h...^..k.:Z0W)....q.D.>.Z..b*.
>.....I...n...w81......D..|.Y.^[.......S.c(....t...KSK:...(....a.a.
.....1f......}.<.,-..i.O.k~............h..0}.....fC..X......tN.(...
o..-o..-kl..(..?...."zU...Lx.&.O7$..-.rU9..k.].L...fg...<.^:0Z.[2..
.<.P).O..D...O.u?..... Ka...'=g;[n..E....{_..G.w....#G2........x.=\
.......7.#q.....g.-._..4.N.....a....M.....O....nR5.u..wYR....SV...L8/.
....r_.S..........b....BD...w.)w....!...._.[.-p!v...`..i....O........M
...I..Q;'.......li.l~}.VN.i......>wn......t..?;2..2:.......#..1i...
.sT..p._%k4...8f..Y]......o..wH%?bU.m...6{h.%[email protected]
....N/..v..Tl[p.!j......irOF....\W..Q...w..M......)...7.&..,.....f^l..
x[I.n.....N._..t..S...MI.2................!...n.Mk......*.}>g.Fnj.V
.}.....g....#E..G;...bO.....]..WhRs....!j.l...]M^..[./....\.&.....<<< skipped >>>

GET /j.gif?act=webstat&ht=VVV.yy.com&siteid=www@yy&speid=&ui=0.7967391297048882&sc=1916.902&cl=32-bit&pcmb=1&os=win|xp&bs=ie6&mb=&se=&wd=&rfh=&rf=&sns=&fl=-1&ln=&ja=1&ck=1&ot=<=5984&xy=&ext=&v=v0.7.4&pl=http://VVV.yy.com/9050&isnew=1&io=0&ut=1464849073691&rnd=0.79673912970488821464849073691 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache


HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:30:35 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>......


GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:43 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:30:43 GMT
62b8..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN
" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<h
tml xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta h
ttp-equiv="Content-Type" content="text/html; charset=utf-8" />..<
;title>YY............ [email protected]...</title>..<
meta name="keywords" content="........................................
..............YY............"/>..<meta name="description" conten
t="YY...............YY...........................K....................
............................YY...YY...................................
......................................................................
...............K......m.yy.com" />..<link type="text/css" rel="s
tylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type=
"text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />.
.<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/a
lbum.css" />..<link type="text/css" rel="stylesheet" href="http:
//m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel
="stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..&
lt;link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiw
idget-messagebox.css"/>..<link type="text/css" rel="stylesheet" 
href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<link type=
"text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.blue.mon
day.css"/>..<link type="text/css" rel="stylesheet" href="htt<<< skipped >>>

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache


HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:30:45 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>......


GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:46 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:30:46 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<ht
ml xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta ht
tp-equiv="Content-Type" content="text/html; charset=utf-8" />..<
title>YY............ [email protected]...</title>..<m
eta name="keywords" content=".........................................
.............YY............"/>..<meta name="description" content
="YY...............YY...........................K.....................
...........................YY...YY....................................
......................................................................
..............K......m.yy.com" />..<link type="text/css" rel="st
ylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="
text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..
<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/al
bum.css" />..<link type="text/css" rel="stylesheet" href="http:/
/m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel=
"stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..&l
t;link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwi
dget-messagebox.css"/>..<link type="text/css" r..1000..el="style
sheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<lin
k type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.b
lue.monday.css"/>..<link type="text/css" rel="stylesheet" hr<<< skipped >>>

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache


HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:30:48 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>......


GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:48 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:30:48 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<ht
ml xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta ht
tp-equiv="Content-Type" content="text/html; charset=utf-8" />..<
title>YY............ [email protected]...</title>..<m
eta name="keywords" content=".........................................
.............YY............"/>..<meta name="description" content
="YY...............YY...........................K.....................
...........................YY...YY....................................
......................................................................
..............K......m.yy.com" />..<link type="text/css" rel="st
ylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="
text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..
<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/al
bum.css" />..<link type="text/css" rel="stylesheet" href="http:/
/m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel=
"stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..&l
t;link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwi
dget-messagebox.css"/>..<link type="text/css" r..1000..el="style
sheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<lin
k type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.b
lue.monday.css"/>..<link type="text/css" rel="stylesheet" hr<<< skipped >>>

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache


HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:30:53 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>......


GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:54 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:30:54 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<ht
ml xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta ht
tp-equiv="Content-Type" content="text/html; charset=utf-8" />..<
title>YY............ [email protected]...</title>..<m
eta name="keywords" content=".........................................
.............YY............"/>..<meta name="description" content
="YY...............YY...........................K.....................
...........................YY...YY....................................
......................................................................
..............K......m.yy.com" />..<link type="text/css" rel="st
ylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="
text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..
<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/al
bum.css" />..<link type="text/css" rel="stylesheet" href="http:/
/m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel=
"stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..&l
t;link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwi
dget-messagebox.css"/>..<link type="text/css" r..1000..el="style
sheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<lin
k type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.b
lue.monday.css"/>..<link type="text/css" rel="stylesheet" hr<<< skipped >>>

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Cookie: hiido_ui=0.572767224148353


HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:31:02 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>......


GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Connection: Keep-Alive

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Cookie: hiido_ui=0.572767224148353


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:03 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:31:03 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<ht
ml xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta ht
tp-equiv="Content-Type" content="text/html; charset=utf-8" />..<
title>YY............ [email protected]...</title>..<m
eta name="keywords" content=".........................................
.............YY............"/>..<meta name="description" content
="YY...............YY...........................K.....................
...........................YY...YY....................................
......................................................................
..............K......m.yy.com" />..<link type="text/css" rel="st
ylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="
text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..
<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/al
bum.css" />..<link type="text/css" rel="stylesheet" href="http:/
/m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel=
"stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..&l
t;link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwi
dget-messagebox.css"/>..<link type="text/css" r..1000..el="style
sheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<lin
k type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.b
lue.monday.css"/>..<link type="text/css" rel="stylesheet" hr<<< skipped >>>

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074


HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:31:09 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>......


GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Connection: Keep-Alive

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849074


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:10 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:31:10 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<ht
ml xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta ht
tp-equiv="Content-Type" content="text/html; charset=utf-8" />..<
title>YY............ [email protected]...</title>..<m
eta name="keywords" content=".........................................
.............YY............"/>..<meta name="description" content
="YY...............YY...........................K.....................
...........................YY...YY....................................
......................................................................
..............K......m.yy.com" />..<link type="text/css" rel="st
ylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="
text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..
<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/al
bum.css" />..<link type="text/css" rel="stylesheet" href="http:/
/m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel=
"stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..&l
t;link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwi
dget-messagebox.css"/>..<link type="text/css" r..1000..el="style
sheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<lin
k type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.b
lue.monday.css"/>..<link type="text/css" rel="stylesheet" hr<<< skipped >>>

GET /zone/1151027897 HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849081


HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:31:18 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/1151027897/
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>......


GET /zone/1151027897/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/1151027897

Accept: */*

Accept-Language: zh-cn

Connection: Keep-Alive

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Cookie: hiido_ui=0.572767224148353; Hm_lvt_c493393610cdccbddc1f124d567e36ab=1464849073; Hm_lpvt_c493393610cdccbddc1f124d567e36ab=1464849081


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:31:18 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:31:18 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<ht
ml xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta ht
tp-equiv="Content-Type" content="text/html; charset=utf-8" />..<
title>YY............ [email protected]...</title>..<m
eta name="keywords" content=".........................................
.............YY............"/>..<meta name="description" content
="YY...............YY...........................K.....................
...........................YY...YY....................................
......................................................................
..............K......m.yy.com" />..<link type="text/css" rel="st
ylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="
text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..
<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/al
bum.css" />..<link type="text/css" rel="stylesheet" href="http:/
/m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel=
"stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..&l
t;link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwi
dget-messagebox.css"/>..<link type="text/css" r..1000..el="style
sheet" href="hXXp://m.yy.com/css/zone-index-pagebar.css"/>..<lin
k type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/jplayer.b
lue.monday.css"/>..<link type="text/css" rel="stylesheet" hr<<< skipped >>>

GET /j.gif?act=webevent&eventid=10008953&value=1&sys=3&uid=0&ui=0.572767224148353&act_type=200&source=0_0&time=1464849075&username= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ylog.hiido.com

Connection: Keep-Alive

Cookie: hiido_mid=14648490580624496829300100


HTTP/1.1 200 OK

Content-type: image/gif

Content-Length: 35

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR

Set-Cookie: hiido_mid=14648490580624496829300100; Path=/; expires=Mon, 25-Aug-25 10:20:28 GMT 
GIF89a.............,...........D..;..

GET /t.gif?tanx_nid=109887427&tanx_cm&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&cna=rMDWDx5FnCUCASU5EL04/DMR HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cms.tanx.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Date: Thu, 02 Jun 2016 06:31:08 GMT

Content-Type: image/gif

Content-Length: 49

Connection: close

Server: Tengine

P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"

Set-Cookie: cna=rMDWDx5FnCUCASU5EL04/DMR; expires=Sun, 31-May-26 06:31:08 GMT; path=/; domain=tanx.com

Location: hXXp://cm.hiido.cn/cm/adx/tanx?tanx_ver=1&domain=yy.com&hiido_ui=0.572767224148353&time=1464849065&zds=www@yy|&hi_cmui=astyYDKFq0a2WlezmUN12A==&hi_cmuiv=0.6&tanx_tid=rzQriA3wFNQ=

Timing-Allow-Origin: *

GIF89a...................!.......,...........T..;..

GET /duowan.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.yy.com/9050

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.duowan.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 02 Jun 2016 06:32:54 GMT

Date: Thu, 02 Jun 2016 06:27:54 GMT

Server: nginx

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 11794

Last-Modified: Fri, 27 May 2016 09:51:47 GMT

ETag: "574818b3-2e12"

Cache-Control: max-age=300

X-UA-Compatible: IE=EmulateIE7

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 fuzhou186:8104 (Cdn Cache Server V2.0), 1.1 db78:2 (Cdn Cache Server V2.0)

Connection: keep-alive
/* Hiido v20160527.01*/.eval(function(E,I,A,D,J,K,L,H){function C(A){r
eturn A<62?String.fromCharCode(A =A<26?65:A<52?71:-4):A<63
?'_':A<64?'$':C(A>>6) C(A&63)}while(A>0)K[C(D--)]=I[--A];f
unction N(A){return K[A]==L[A]?A:K[A]}if(''.replace(/^/,String)){var M
=E.match(J),B=M[0],F=E.split(J),G=0;if(E.indexOf(F[0]))F=[''].concat(F
);do{H[A  ]=F[G  ];H[A  ]=N(B)}while(B=M[G]);H[A  ]=F[G]||'';return H.
join('')}return E.replace(J,N)}('j BY="CA",Dg="ylog.u.k";7 Di(){j BH=8
.Dq,BM=CT(BH),d=BM?BM.B1:O,BO=BM?Ck(BM.CI):O;Y(BO=="Cc")BO=O;j BZ=DE(0
.Bd.CR),CV=CT(BZ),BS=CV?CV.B1:".";Y(0.Bd.protocol=="Dz:")BY="Dz";Y(BS=
="."||DQ(BS))y v;j _=C0(BS);Y(!_.BD)y v;j BK=P;Y(!BH)BK=O;p Y(BS==d){B
K=Q;BO=O}j ap=$.appName,av=$.DT,Z=$.Dd.B3();7 Ci(X){Y(X==By.Bg)X=P;p Y
(X==Cu.T)X=Q;p Y(X==BU.By)X=R;p Y(X==1440.V)X=B4;p Y(X==Co.864)X=S;p Y
(X==BU.U)X=T;p Y(X==BU.Bg)X=BI;p Y(X==B_.Bq)X=U;p Y(X==1680.Cm)X=BE;p 
Y(X==B_.By)X=Bp;p Y(X==Cn.Bq)X=Bq;p Y(X==BU.EP)X=Dw;p Y(X==BU.D8)X=14;
p Y(X==1360.Bg)X=15;p Y(X==DJ.T)X=Dv;p Y(X==1400.Cm)X=Dt;p Y(X==B_.V)X
=Du;p Y(X==DW.h)X=19;p Y(X==Co.D8)X=Dy;p Y(X==1088.612)X=Br;p Y(X==Cn.
Cl)X=Bl;p Y(X==Cn.DM)X=Bm;p Y(X==BN.Co)X=f;p Y(X==BN.1536)X=CS;p Y(X==
Cb.Dv)X=Dl;p Y(X==Cb.BN)X=Dn;p Y(X==Cu.h)X=Do;p Y(X==DW.e)X=Dp;p Y(X==
320.f)X=Dr;p Y(X==1366.Bg)X=Bn;p Y(X==480.BP)X=BP;p Y(X==1080.By)X=Bi;
p Y(X==DJ.D_)X=Bj;p Y(X==1136.D_)X=e;p Y(X==Cb.DM)X=Bh;p Y(X==BN.Cl)X=
CL;p Y(X==B$.Q)X=CM;p Y(X==B$.BN)X=CK;p Y(X==B$.f)X=CQ;p Y(X==2880.Du)
X=CP;p Y(X==Dx.C3)X=CO;p Y(X==Dx.f)X=CN;p Y(X==Bs.C3)X=Ce;p Y(X==B<<< skipped >>>

GET /zone/35887743 HTTP/1.1

Referer: hXXp://m.yy.com/zone/35887743

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache


HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:30:32 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/35887743/
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>......


GET /zone/35887743/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/35887743

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:36 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:30:36 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<ht
ml xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta ht
tp-equiv="Content-Type" content="text/html; charset=utf-8" />..<
title>YY............ -........................</title>..<m
eta name="keywords" content=".........................................
.............YY............"/>..<meta name="description" content
="YY...............YY...........................K.....................
...........................YY...YY....................................
......................................................................
..............K......m.yy.com" />..<link type="text/css" rel="st
ylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="
text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..
<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/al
bum.css" />..<link type="text/css" rel="stylesheet" href="http:/
/m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel=
"stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..&l
t;link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwi
dget-messagebox.css"/>..<link type="text/css" r..HTTP/1.1 200 OK
..Server: nginx..Date: Thu, 02 Jun 2016 06:30:36 GMT..Content-Type: te
xt/html; charset=utf-8..Transfer-Encoding: chunked..Connection: keep-a
live..Last-Modified: Thu, 02 Jun 2016 06:30:36 GMT..4c5..<!DOCT<<< skipped >>>

GET /zone/35887743 HTTP/1.1

Referer: hXXp://m.yy.com/zone/35887743

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache


HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Thu, 02 Jun 2016 06:30:42 GMT

Content-Type: text/html

Content-Length: 154

Connection: keep-alive

Location: hXXp://m.yy.com/zone/35887743/
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>nginx</center&g
t;..</body>..</html>......


GET /zone/35887743/ HTTP/1.1

Referer: hXXp://m.yy.com/zone/35887743

Accept: */*

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: m.yy.com

Cache-Control: no-cache

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 02 Jun 2016 06:30:42 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 02 Jun 2016 06:30:42 GMT
4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<ht
ml xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta ht
tp-equiv="Content-Type" content="text/html; charset=utf-8" />..<
title>YY............ -........................</title>..<m
eta name="keywords" content=".........................................
.............YY............"/>..<meta name="description" content
="YY...............YY...........................K.....................
...........................YY...YY....................................
......................................................................
..............K......m.yy.com" />..<link type="text/css" rel="st
ylesheet" href="hXXp://m.yy.com/css/public.css" />..<link type="
text/css" rel="stylesheet" href="hXXp://m.yy.com/css/star.css" />..
<link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/al
bum.css" />..<link type="text/css" rel="stylesheet" href="http:/
/m.yy.com/css/uiwidget-popup.css" />..<link type="text/css" rel=
"stylesheet" href="hXXp://m.yy.com/css/uiwidget-pagebar.css" />..&l
t;link type="text/css" rel="stylesheet" href="hXXp://m.yy.com/css/uiwi
dget-messageHTTP/1.1 200 OK..Server: nginx..Date: Thu, 02 Jun 2016 06:
30:42 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: 
chunked..Connection: keep-alive..Last-Modified: Thu, 02 Jun 2016 06:30
:42 GMT..4c5..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tran<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_872:

.text

`.rdata

@.data

.rsrc

t%SVh

t$(SSh

|$D.tm

~%UVW

u$SShe

kernel32.dll

wininet.dll

ole32.dll

winmm.dll

ws2_32.dll

WinINet.dll

shlwapi.dll

User32.dll

user32.dll

gdiplus.dll

advapi32.dll

rasapi32.dll

Wininet.dll

urlmon.dll

shell32.dll

OLEACC.DLL

gdi32.dll

HttpOpenRequestA

HttpSendRequestA

HttpQueryInfoA

MsgWaitForMultipleObjects

GetWindowsDirectoryA

HttpAddRequestHeadersA

GdiplusShutdown

keybd_event

RegCloseKey

RegCreateKeyA

RegOpenKeyA

UrlMkSetSessionOption

GetProcessHeap

ShellExecuteA

WinExec

RegEnumKeyA

RegFlushKey

RegOpenKeyExA

RegCreateKeyExA

RegDeleteKeyA

%System%\ntdll.dll

%System%\kernel32.dll

%System%\USER32.dll

%System%\GDI32.dll

%System%\ADVAPI32.dll

%System%\RPCRT4.dll

%System%\Secur32.dll

%System%\IMM32.DLL

%System%\LPK.DLL

%System%\USP10.dll

%System%\WINMM.dll

%System%\comdlg32.dll

%System%\msvcrt.dll

%System%\SHLWAPI.dll

%System%\SHELL32.dll

%System%\WINSPOOL.DRV

%System%\ole32.dll

%System%\OLEPRO32.DLL

%System%\OLEAUT32.dll

%System%\WS2_32.dll

%System%\WS2HELP.dll

%System%\uxtheme.dll

%System%\MSIMG32.dll

%System%\MSVCP60.dll

%System%\WININET.dll

%System%\CRYPT32.dll

%System%\MSASN1.dll

%System%\PSAPI.DLL

%System%\VERSION.dll

%System%\urlmon.dll

Web.dll

software\microsoft\windows\CurrentVersion\Run\

VVV.huya.com

hXXp://VVV.huya.com/

hXXp://m.yy.com/zone/1151027897

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

http=

https

HTTP/1.1

Content-Type: application/x-www-form-urlencoded

HTTP/1.1

hXXps://

hXXp://

hXXp://VVV.yy.com/

VVV.yy.com

hXXps://aq.yy.com/loginOut.do

hXXps://aq.yy.com/p/wklogin.do

&denyCallbackURL=hXXps://aq.yy.com/p/logincbk.do?cancel=1®CallbackURL=hXXps://aq.yy.com/welcome.do&UIStyle=xelogin&rdm=0.26365254551226436

hXXps://lgn.yy.com/lgn/oauth/authorize.do?oauth_token=

hXXps://lgn.yy.com/lgn/oauth/x/s/login_asyn.do

&denyCallbackURL=https://aq.yy.com/p/logincbk.do?cancel=1&UIStyle=xelogin&appid=1

&password=

callbackURL

Winmm.dll

dsound.dll

@ping 127.0.0.1 -n

\*.*"

@ping 127.0.0.1 -n 1 >nul

del 123.bat

\123.bat

\TEMP.TMP

{Reg}((?:src=)['"]?).*?\.js['"]

{Reg}((?:hXXp://)['"]?).*?\.swf

{Reg}((?:url\()|(?:src=)['"]?).*?\.[jpg|gif|png]{3}

scripting.FileSystemObject

bbs.125.la_Cookie

Adodb.Stream

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Accept: image/gif, image/bmp, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

del C:\123.bat

\Restart.bat

(*.*)|*.*

(*.txt)|*.txt|

HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyserver

Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyenable

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\

\data\Config.ini

;http=

<ie9>Mozilla/4.0 (compatible; MSIE 9.0; Windows NT6.1)</ie9>

<ie8>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT6.0)</ie8>

<ie7>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.2)</ie7>

<ie6>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT5.1)</ie6>

>Mozilla/5.0 (compatible) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.682.0 Safari/534.21</

>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2</

<ipad>Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10</ipad>

<iphone>Mozilla/5.0 (iPhone; U; CPU OS 4_2_1 like Mac OS X) AppleWebKit/532.9 (KHTML, like Gecko) Version/5.0.3 Mobile/8B5097d Safari/6531.22.7 </iphone>

<android>Mozilla/5.0 (Linux; U; Android 2.3.3; zh-tw; HTC_Pyramid Build/GRI40) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1</android>

<opera>Opera/9.80 (compatible; U) Presto/2.7.39 Version/11.00</opera>

<navigator>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12)Gecko/20080219 Firefox/2.0.0.12 Navigator/9.0.0.6</navigator>

<safari>Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7) AppleWebKit/534.16  (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4</safari>

{25336920-03F9-11CF-8FD0-00AA00686F13}

document.all.retjs.innerText=

javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}

javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};

var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');

text|password|file

comdlg32.dll

{557CF400-1A04-11D3-9A73-0000F81EF32E}

{557CF401-1A04-11D3-9A73-0000F81EF32E}

{557CF402-1A04-11D3-9A73-0000F81EF32E}

{557CF405-1A04-11D3-9A73-0000F81EF32E}

{557CF406-1A04-11D3-9A73-0000F81EF32E}

WarnOnHTTPSToHTTPRedirect

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

adodb.stream

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

Microsoft.XMLDOM

VBScript.RegExp

application/x-www-form-urlencoded

WinHttp.WinHttpRequest.5.1

SetClientCertificate

Set fso = CreateObject("Scripting.FileSystemObject")

fso.DeleteFile("

sc.vbs")

\sc.vbs

sc.vbs

sc.bat"

sc.bat

del Restart.bat

%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

__MSVCRT_HEAP_SELECT

KERNEL32.dll

GetKeyState

USER32.dll

GetViewportOrgEx

GDI32.dll

WINMM.dll

WINSPOOL.DRV

ADVAPI32.dll

SHELL32.dll

OLEAUT32.dll

COMCTL32.dll

oledlg.dll

WS2_32.dll

GetCPInfo

CreateDialogIndirectParamA

UnhookWindowsHookEx

SetWindowsHookExA

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.*)|*.*||

Shell32.dll

Mpr.dll

Advapi32.dll

Gdi32.dll

Kernel32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

out.prn

%d.%d

%d / %d

%d/%d

Bogus message code %d

(%d-%d):

%ld%c

(*.htm;*.html)|*.htm;*.html

its:%s::%s

.PAVCOleException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCOleDispatchException@@

.PAVCArchiveException@@

zcÁ

#include "l.chs\afxres.rc" // Standard components

PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXC:\svchost.exe

@hXXp://m.yy.com/zone/35887743

F%*.*f

iphlpapi.dll

SHLWAPI.dll

MPR.dll

VERSION.dll

WININET.dll

.yy.com/zone/35887743

/login_asyn.do

c:\%original file name%.exe

246813579

(*.*)

1.0.0.0

svchost.exe_1604:

.text

`.rdata

@.data

.rsrc

t%SVh

t$(SSh

|$D.tm

~%UVW

u$SShe

kernel32.dll

wininet.dll

ole32.dll

winmm.dll

ws2_32.dll

WinINet.dll

shlwapi.dll

User32.dll

user32.dll

gdiplus.dll

advapi32.dll

rasapi32.dll

Wininet.dll

urlmon.dll

OLEACC.DLL

gdi32.dll

shell32.dll

HttpOpenRequestA

HttpSendRequestA

HttpQueryInfoA

MsgWaitForMultipleObjects

GetWindowsDirectoryA

HttpAddRequestHeadersA

GdiplusShutdown

keybd_event

RegCloseKey

RegCreateKeyA

RegOpenKeyA

UrlMkSetSessionOption

GetProcessHeap

RegEnumKeyA

RegFlushKey

RegOpenKeyExA

RegCreateKeyExA

RegDeleteKeyA

ShellExecuteA

WinExec

%System%\ntdll.dll

%System%\kernel32.dll

%System%\USER32.dll

%System%\GDI32.dll

%System%\ADVAPI32.dll

%System%\RPCRT4.dll

%System%\Secur32.dll

%System%\IMM32.DLL

%System%\LPK.DLL

%System%\USP10.dll

%System%\WINMM.dll

%System%\comdlg32.dll

%System%\msvcrt.dll

%System%\SHLWAPI.dll

%System%\SHELL32.dll

%System%\WINSPOOL.DRV

%System%\ole32.dll

%System%\OLEPRO32.DLL

%System%\OLEAUT32.dll

%System%\WS2_32.dll

%System%\WS2HELP.dll

%System%\uxtheme.dll

%System%\MSIMG32.dll

%System%\MSVCP60.dll

%System%\WININET.dll

%System%\CRYPT32.dll

%System%\MSASN1.dll

%System%\PSAPI.DLL

%System%\VERSION.dll

%System%\urlmon.dll

Web.dll

hXXp://m.yy.com/zone/1151027897

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

http=

https

HTTP/1.1

Content-Type: application/x-www-form-urlencoded

HTTP/1.1

hXXps://

hXXp://

hXXp://VVV.yy.com/

software\microsoft\windows\CurrentVersion\Run\

VVV.yy.com

hXXps://aq.yy.com/loginOut.do

hXXps://aq.yy.com/p/wklogin.do

&denyCallbackURL=hXXps://aq.yy.com/p/logincbk.do?cancel=1®CallbackURL=hXXps://aq.yy.com/welcome.do&UIStyle=xelogin&rdm=0.26365254551226436

hXXps://lgn.yy.com/lgn/oauth/authorize.do?oauth_token=

hXXps://lgn.yy.com/lgn/oauth/x/s/login_asyn.do

&denyCallbackURL=https://aq.yy.com/p/logincbk.do?cancel=1&UIStyle=xelogin&appid=1

&password=

callbackURL

Winmm.dll

dsound.dll

@ping 127.0.0.1 -n

\*.*"

@ping 127.0.0.1 -n 1 >nul

del 123.bat

\123.bat

\TEMP.TMP

{Reg}((?:src=)['"]?).*?\.js['"]

{Reg}((?:hXXp://)['"]?).*?\.swf

{Reg}((?:url\()|(?:src=)['"]?).*?\.[jpg|gif|png]{3}

scripting.FileSystemObject

bbs.125.la_Cookie

Adodb.Stream

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Accept: image/gif, image/bmp, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

del C:\123.bat

\Restart.bat

(*.*)|*.*

(*.txt)|*.txt|

HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyserver

Software\Microsoft\Windows\CurrentVersion\Internet Settings\proxyenable

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\

\data\Config.ini

;http=

<ie9>Mozilla/4.0 (compatible; MSIE 9.0; Windows NT6.1)</ie9>

<ie8>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT6.0)</ie8>

<ie7>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.2)</ie7>

<ie6>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT5.1)</ie6>

>Mozilla/5.0 (compatible) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.682.0 Safari/534.21</

>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2</

<ipad>Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10</ipad>

<iphone>Mozilla/5.0 (iPhone; U; CPU OS 4_2_1 like Mac OS X) AppleWebKit/532.9 (KHTML, like Gecko) Version/5.0.3 Mobile/8B5097d Safari/6531.22.7 </iphone>

<android>Mozilla/5.0 (Linux; U; Android 2.3.3; zh-tw; HTC_Pyramid Build/GRI40) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1</android>

<opera>Opera/9.80 (compatible; U) Presto/2.7.39 Version/11.00</opera>

<navigator>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12)Gecko/20080219 Firefox/2.0.0.12 Navigator/9.0.0.6</navigator>

<safari>Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7) AppleWebKit/534.16  (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4</safari>

{25336920-03F9-11CF-8FD0-00AA00686F13}

document.all.retjs.innerText=

javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}

javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};

var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');

text|password|file

comdlg32.dll

{557CF400-1A04-11D3-9A73-0000F81EF32E}

{557CF401-1A04-11D3-9A73-0000F81EF32E}

{557CF402-1A04-11D3-9A73-0000F81EF32E}

{557CF405-1A04-11D3-9A73-0000F81EF32E}

{557CF406-1A04-11D3-9A73-0000F81EF32E}

WarnOnHTTPSToHTTPRedirect

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

adodb.stream

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

Microsoft.XMLDOM

VBScript.RegExp

application/x-www-form-urlencoded

WinHttp.WinHttpRequest.5.1

SetClientCertificate

Set fso = CreateObject("Scripting.FileSystemObject")

fso.DeleteFile("

sc.vbs")

\sc.vbs

sc.vbs

sc.bat"

sc.bat

del Restart.bat

%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

__MSVCRT_HEAP_SELECT

KERNEL32.dll

GetKeyState

USER32.dll

GetViewportOrgEx

GDI32.dll

WINMM.dll

WINSPOOL.DRV

ADVAPI32.dll

SHELL32.dll

OLEAUT32.dll

COMCTL32.dll

oledlg.dll

WS2_32.dll

GetCPInfo

CreateDialogIndirectParamA

UnhookWindowsHookEx

SetWindowsHookExA

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.*)|*.*||

Shell32.dll

Mpr.dll

Advapi32.dll

Gdi32.dll

Kernel32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

out.prn

%d.%d

%d / %d

%d/%d

Bogus message code %d

(%d-%d):

%ld%c

(*.htm;*.html)|*.htm;*.html

its:%s::%s

.PAVCOleException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCOleDispatchException@@

.PAVCArchiveException@@

zcÁ

.yy.com/zone/1151027897

/login_asyn.do

C:\svchost.exe

#include "l.chs\afxres.rc" // Standard components

246813579

(*.*)

1.0.0.0

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

%original file name%.exe:872
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1OITCXMZ\35887743[1].htm (421 bytes)
C:\svchost.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YB33U3FA\35887743[1].htm (16232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4N740QDH\35887743[1].htm (17422 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"%original file name%.exe" = "c:\%original file name%.exe"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Gen.Variant.Strictor.74096_2945c7495f

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Gen.Variant.Strictor.74096_2945c7495f

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet