MD5: 16168f1679741afd6d1619a67528b022
SHA1: cfdb1d824a06f86f432890984e9d3e72cab369e3
SHA256: 60209a7a5453de89fd1bd1703cee6187f55565f206271ddf9966e5f1f4da4a77
SSDeep: 12288:tj7NKpBcIOSwULWiJcZiGwKP4R ugOJ/Oq999/SMZoS1K1Ssq:tj8OSwUKiaZFw2W/O49oMBz
Size: 954368 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: no certificate found
Created at: 2010-11-30 10:24:03
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

%original file name%.exe:1956

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1956 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\cpro_media_small[1].png (645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\20200293.jpg.small[1].jpg (60 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[3].gif (2942 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\s_icons[1].gif (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\27400657.jpg.small[1].jpg (443 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\8888.89919[1].htm (1925 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589[1].jpg (1031 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CAUBS9CP.htm (2074 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\sizikqak[1].gif (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd30[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[4].gif (4367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd13[1].jpg (3808 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[3].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd32[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd11[1].jpg (7108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\sync2r[1].htm (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[1].gif (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CA8LQN4T.htm (2923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\hd10[1].jpg (7590 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].js (1184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\sync[1].htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[2].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync2r[1].htm (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CAKDQRGT (25 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (14744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\CAIZYB2P.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\b[1].php (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\time[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90[1].jpg (1031 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\top_bg[1].gif (322 bytes)
%System%\drivers\kiss.she (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\298857[1].jpg (7 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (210 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\logo-border-light[1].png (473 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CA0T6DJK.htm (3910 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\stat[1].php (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\album_2013_11_7_15_46_53_626[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd31[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[2].gif (2932 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\298879[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[5].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\rqcode[1].gif (2729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\00540197.jpg.small[1].jpg (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[2].js (2428 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[3].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\hd22[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CAQJ89MB (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[1].js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].swf (547 bytes)
C:\SkinH_EL.dll (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[2].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\album_2013_11_7_17_13_15_360[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[2].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\hd33[1].jpg (6012 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (214 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\CPROID[1].xml (310 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\new_logo[1].gif (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\nova_fp[1].htm (114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[4].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\CA50NMFR.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd12[1].jpg (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B[1].jpg (1055 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[2].js (3326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[5].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd21[1].jpg (6478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\iconjans[1].gif (2053 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\o[1].swf (157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[3].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\core[1].php (762 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync_pos[1].htm (1596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[4].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562[1].jpg (1030 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1675 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[2].gif (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\jquery[1].js (3382 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\hd23[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[5].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\2014727172939492[1].jpg (1300 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\dldldl[1].gif (627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\time[1].js (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\0f000PCl-eM7bK8cufB8p0[1].jpg (3570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\52330314.jpg.small[1].jpg (1938 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[7].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[6].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\head.gif.small[4].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\tabs9371[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[7].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\code[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\CAMR45E7.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\hd20[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\pic[1].gif (719 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OHYRGXIJ\sync_pos[2].htm (1596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\head.gif.small[8].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\head.gif.small[6].gif (392 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (2203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\head.gif.small[5].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\album_2013_11_7_20_21_29_235[1].jpg (3 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\oXMLStore[1].xml (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\new_index[1].css (147 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\CAQJQRMT (25 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\o[1].htm (1394 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\fp[1].htm (114 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040920140410 (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\time[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040920140410\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\wh[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05I7KPMB\sync[1].htm (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OX6J4PMZ\c[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\89AJKDYV\ac[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)

Registry activity

The process %original file name%.exe:1956 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CachePrefix" = ":2015082520150826:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012015082520150826\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Multimedia\DrawDib]
"vga.drv 1916x902x32(BGR 0)" = "31,31,31,31"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CacheLimit" = "8192"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CacheRepair" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1291105443"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E C1 9C 23 F1 AD 3A 4B 95 5F EA 22 11 AC 48 C0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826]
"CacheOptions" = "11"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014040920140410]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: ??Visual Basic
Product Name: ??Visual Basic
Product Version: 1.0.0.0
Legal Copyright: ??Visual Basic ????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: ??Visual Basic
Comments: ??Visual Basic
Language: Language Neutral

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://8888.33591.com/	218.255.247.52
hxxp://8888.89919.com/	218.255.247.53
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/js/jquery.js
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/style/new_index.css
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/js/tabs9371.js
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/top_bg.gif
hxxp://8888.89919.com/code.aspx	218.255.247.53
hxxp://8888.89919.com/img/dldldl.gif	218.255.247.53
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/iconjans.gif
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd10.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/9/18/7/713022/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/11/11/15/734682/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpm/userdata/2015/08/19/00/00540197.jpg.small.jpg
hxxp://wmjs.wshifen.com/cpro/ui/c.js
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/11/6/10/442141/image/head.gif.small.gif
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd11.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/28/16/2712/image/head.gif.small.gif
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd12.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd13.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpm/userdata/2015/08/16/18/20200293.jpg.small.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/new_logo.gif
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/sizikqak.gif
hxxp://cb.e.shifen.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=1522x8&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=578&tlm=1440500346&tcn=1440500347&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - 中国最大的在线音乐分享网站&baidu_id=&dpr=1
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpm/userdata/2015/08/19/00/52330314.jpg.small.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpm/userdata/2015/08/14/04/27400657.jpg.small.jpg
hxxp://cb.e.shifen.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=1&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1522x8&psr=1916x902&pss=995x1784&qn=6017087a97ff6662&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.656.3125.3125
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/album_pic/album_2013_11_7_20_21_29_235.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/album_pic/album_2013_11_7_17_13_15_360.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/album_pic/album_2013_11_7_15_46_53_626.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/note_pic/298879.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/note_pic/298857.jpg
hxxp://cb.e.shifen.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=1&dis=0&dai=2&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=878x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=4015&tlm=1440500350&tcn=1440500350&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - 中国最大的在线音乐分享网站&baidu_id=&dpr=1
hxxp://wn.pos.e.shifen.com/adx.php?c=d25pZD1hN2FmY2I5MGZkZDE1YzdiAHM9YTdhZmNiOTBmZGQxNWM3YgB0PTE0NDA1MDAzMzkAc2U9MQBidT00AHByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAGNoYXJnZV9wcmljZT1WZHhLY3dBSlN5bDdqRXBnVzVJQThoNEdRdHp5MDM3OFBKV3dmZwBzaGFyaW5nX3ByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9NDJmY2Q2OTE
hxxp://wmjs.wshifen.com/cpro/ui/noexpire/img/2.0.1/logo-border-light.png
hxxp://cb.e.shifen.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=2&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=878x293&psr=1916x902&pss=995x1784&qn=1c53e6c91e61ea50&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.4078.6141.6141
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd20.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd21.jpg
hxxp://8888.89919.com/videopic/2014/7/27/2014727172939492.jpg	218.255.247.53
hxxp://cb.e.shifen.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=2&dis=0&dai=3&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=1427x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=6984&tlm=1440500353&tcn=1440500353&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - 中国最大的在线音乐分享网站&baidu_id=&dpr=1
hxxp://mfs.ykimg.com/1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589
hxxp://mfs.ykimg.com/
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd22.jpg
hxxp://wn.pos.e.shifen.com/adx.php?c=d25pZD01NzEwYTU2ZTc4YjA2MmY3AHM9NTcxMGE1NmU3OGIwNjJmNwB0PTE0NDA1MDAzNDIAc2U9MQBidT00AHByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAGNoYXJnZV9wcmljZT1WZHhLZGdBSllmSjdqRXBnVzVJQThoVVdnYmcxTVo4N3NxSjc4UQBzaGFyaW5nX3ByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9N2MzNDY3MjI
hxxp://mfs.ykimg.com/1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562
hxxp://mfs.ykimg.com/1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90
hxxp://mfs.ykimg.com/1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B
hxxp://cb.e.shifen.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.7063.7469.7469
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd23.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/11/26/5/741147/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/8/26/15/944406/image/head.gif.small.gif
hxxp://8888.89919.com/newskin9371/images/rqcode.gif	218.255.247.53
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd30.jpg
hxxp://all.cnzz.com.danuoyi.tbcache.com/stat.php?id=5862873&show=pic
hxxp://wn.pos.e.shifen.com/adx.php?c=d25pZD02NDdmM2I0ZjA1OTZiZWIxAHM9NjQ3ZjNiNGYwNTk2YmViMQB0PTE0NDA1MDAzNDMAc2U9MQBidT0xAHByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAGNoYXJnZV9wcmljZT1WZHhLZHdBUE4wOTdqRXBnVzVJQThnLWkwMEhqbDQ2bXJMaDFJUQBzaGFyaW5nX3ByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAHdpbl9kc3A9MQBjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9OTdjYWJmMGM
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/4/9/23/313985/image/head.gif.small.gif
hxxp://temp.p23.tc.cdntip.com/data1/p12/ku6video/2014/1/22/2/1395667510432_95415401_95415401/1.jpg
hxxp://wmjs.wshifen.com/cpro/expire/time.js
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd31.jpg
hxxp://cpro.e.shifen.com/img/cpro_media_small.png
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/3/10/13/906768/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/4/9/16/313604/image/head.gif.small.gif
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd32.jpg
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/huandeng_pic/hd33.jpg
hxxp://wmpic.wshifen.com/media/v1/0f000PCl-eM7bK8cufB8p0.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/4/23/8/918845/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/6/3/18/928824/image/head.gif.small.gif
hxxp://dfgfdherwtewrnvbcxcgdsf.89919.com/img/s_icons.gif
hxxp://oz.cnzz.com/stat.htm?id=5862873&r=&lg=en-us&ntime=none&cnzz_eid=501615567-1440500344-&showp=1916x902&t=缘分网 - 中国最大的在线音乐分享网站&h=1&rnd=1192507884	198.11.132.200
hxxp://all.cnzz.com.danuoyi.tbcache.com/core.php?web_id=5862873&show=pic&t=z
hxxp://wmjs.wshifen.com/sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2013/10/29/21/870006/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/4/6/17/566949/image/head.gif.small.gif
hxxp://cb.e.shifen.com/sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2015/8/18/4/991533/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/3/12/3/295026/image/head.gif.small.gif
hxxp://www.gslb.yytcdn.com/video/mv/141204/2195219/-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135.jpg?t=20141204180518
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2013/6/1/3/818513/image/head.gif.small.gif
hxxp://icon.cnzz.com.danuoyi.tbcache.com/img/pic.gif	213.244.178.249
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/8/31/14/945045/image/head.gif.small.gif
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1882719831	42.120.219.171
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2012/5/17/19/587037/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2015/7/25/16/988694/image/head.gif.small.gif
hxxp://cnzz.mmstat.com/app.gif?&cna=ezhjDrYCjAACAcLyYOLflqIz	42.120.219.171
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2014/2/17/21/901570/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2011/6/14/2/356144/image/head.gif.small.gif
hxxp://cb.e.shifen.com/sync2r.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/26/21/1705/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/25/1/1066/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/29/3/2838/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/5/10/23/12850/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/4/27/2/1863/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxza/userdata/2010/5/12/13/14411/image/head.gif.small.gif
hxxp://cb.e.shifen.com/wh/o.htm?ltr=&cf=u
hxxp://ecomcbjs.wshifen.com/tpl/wh.js
hxxp://cb.e.shifen.com/wh/c.swf?v=3
hxxp://cb.e.shifen.com/wh/o.swf?v=1
hxxp://ecomcbjs.wshifen.com/tpl/ac.js
hxxp://e.pos.e.shifen.com/b.php
hxxp://eclick.e.shifen.com/nova_fp.htm?br=6&fp=2AB125E7677A63A92889485C5D413F38&fp2=2AB125E7677A63A92889485C5D413F38&ci=8138C33758309AE6FF4C222F3076C661:FG=1&bi=8138C33758309AE6FF4C222F3076C661:FG=1&im=0&wf=1&ct=984&m=&t=0&ft=&_=1440500365699
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/11/26/5/741147/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/5/10/23/12850/image/head.gif.small.gif
hxxp://pos.baidu.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=2&dis=0&dai=3&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=1427x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=6984&tlm=1440500353&tcn=1440500353&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - 中国最大的在线音乐分享网站&baidu_id=&dpr=1	115.239.210.141
hxxp://wn.pos.baidu.com/adx.php?c=d25pZD01NzEwYTU2ZTc4YjA2MmY3AHM9NTcxMGE1NmU3OGIwNjJmNwB0PTE0NDA1MDAzNDIAc2U9MQBidT00AHByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAGNoYXJnZV9wcmljZT1WZHhLZGdBSllmSjdqRXBnVzVJQThoVVdnYmcxTVo4N3NxSjc4UQBzaGFyaW5nX3ByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9N2MzNDY3MjI
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2013/6/1/3/818513/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/4/9/16/313604/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmiko2.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/js/jquery.js
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/08/19/00/52330314.jpg.small.jpg
hxxp://wn.pos.baidu.com/adx.php?c=d25pZD1hN2FmY2I5MGZkZDE1YzdiAHM9YTdhZmNiOTBmZGQxNWM3YgB0PTE0NDA1MDAzMzkAc2U9MQBidT00AHByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAGNoYXJnZV9wcmljZT1WZHhLY3dBSlN5bDdqRXBnVzVJQThoNEdRdHp5MDM3OFBKV3dmZwBzaGFyaW5nX3ByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9NDJmY2Q2OTE
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/2/17/21/901570/image/head.gif.small.gif
hxxp://cpro.baidustatic.com/cpro/ui/c.js
hxxp://cpro.baidu.com/img/cpro_media_small.png	58.217.200.77
hxxp://pos.baidu.com/sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1	115.239.210.141
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/7/25/16/988694/image/head.gif.small.gif
hxxp://g2.ykimg.com/1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90
hxxp://wn.pos.baidu.com/adx.php?c=d25pZD02NDdmM2I0ZjA1OTZiZWIxAHM9NjQ3ZjNiNGYwNTk2YmViMQB0PTE0NDA1MDAzNDMAc2U9MQBidT0xAHByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAGNoYXJnZV9wcmljZT1WZHhLZHdBUE4wOTdqRXBnVzVJQThnLWkwMEhqbDQ2bXJMaDFJUQBzaGFyaW5nX3ByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAHdpbl9kc3A9MQBjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9OTdjYWJmMGM
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/6/3/18/928824/image/head.gif.small.gif
hxxp://g1.ykimg.com/1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589
hxxp://eclick.baidu.com/nova_fp.htm?br=6&fp=2AB125E7677A63A92889485C5D413F38&fp2=2AB125E7677A63A92889485C5D413F38&ci=8138C33758309AE6FF4C222F3076C661:FG=1&bi=8138C33758309AE6FF4C222F3076C661:FG=1&im=0&wf=1&ct=984&m=&t=0&ft=&_=1440500365699
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/5/17/19/587037/image/head.gif.small.gif
hxxp://pos.baidu.com/wh/o.htm?ltr=&cf=u	115.239.210.141
hxxp://cpro2.baidustatic.com/cpro/ui/noexpire/img/2.0.1/logo-border-light.png
hxxp://g2.ykimg.com/1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562
hxxp://pos.baidu.com/wh/o.swf?v=1	115.239.210.141
hxxp://pos.baidu.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=1&dis=0&dai=2&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=878x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=4015&tlm=1440500350&tcn=1440500350&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - 中国最大的在线音乐分享网站&baidu_id=&dpr=1	115.239.210.141
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/08/19/00/00540197.jpg.small.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/11/11/15/734682/image/head.gif.small.gif
hxxp://vi1.ku6img.com/data1/p12/ku6video/2014/1/22/2/1395667510432_95415401_95415401/1.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/4/23/8/918845/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/11/6/10/442141/image/head.gif.small.gif
hxxp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.7063.7469.7469	115.239.210.141
hxxp://s22.cnzz.com/stat.php?id=5862873&show=pic	1.99.192.16
hxxp://cpro.baidustatic.com/cpro/expire/time.js
hxxp://img4.yytcdn.com/video/mv/141204/2195219/-M-e1bab9342ae6f0b23fffa5ca1db2c2a4_240x135.jpg?t=20141204180518	125.89.72.211
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/8/18/4/991533/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/6/14/2/356144/image/head.gif.small.gif
hxxp://g1.ykimg.com/1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/29/3/2838/image/head.gif.small.gif
hxxp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=2&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=878x293&psr=1916x902&pss=995x1784&qn=1c53e6c91e61ea50&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.4078.6141.6141	115.239.210.141
hxxp://cpro.baidustatic.com/sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/8/26/15/944406/image/head.gif.small.gif
hxxp://pos.baidu.com/wh/c.swf?v=3	115.239.210.141
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/26/21/1705/image/head.gif.small.gif
hxxp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=1&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1522x8&psr=1916x902&pss=995x1784&qn=6017087a97ff6662&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.656.3125.3125	115.239.210.141
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/4/6/17/566949/image/head.gif.small.gif
hxxp://g1.ykimg.com/
hxxp://c.cnzz.com/core.php?web_id=5862873&show=pic&t=z
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/4/9/23/313985/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2013/10/29/21/870006/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/3/10/13/906768/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2012/9/18/7/713022/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/28/16/2712/image/head.gif.small.gif
hxxp://dup.baidustatic.com/tpl/wh.js
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/08/14/04/27400657.jpg.small.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/25/1/1066/image/head.gif.small.gif
hxxp://ec.pos.baidu.com/b.php
hxxp://dup.baidustatic.com/tpl/ac.js
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/4/27/2/1863/image/head.gif.small.gif
hxxp://pos.baidu.com/acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=1522x8&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=578&tlm=1440500346&tcn=1440500347&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - 中国最大的在线音乐分享网站&baidu_id=&dpr=1	115.239.210.141
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2011/3/12/3/295026/image/head.gif.small.gif
hxxp://icon.cnzz.com/img/pic.gif	213.244.178.249
hxxp://pcookie.cnzz.com/app.gif?&cna=ezhjDrYCjAACAcLyYOLflqIz	42.120.219.171
hxxp://qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2015/08/16/18/20200293.jpg.small.jpg
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2014/8/31/14/945045/image/head.gif.small.gif
hxxp://qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw/userdata/2010/5/12/13/14411/image/head.gif.small.gif
hxxp://ubmcmm.baidustatic.com/media/v1/0f000PCl-eM7bK8cufB8p0.jpg
hxxp://release.baidu.com/sync2r.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Outdated Windows Flash Version IE

Traffic

GET /acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=1&dis=0&dai=2&dds=&drs=3&dvi=1440397437<u=http://8888.89919.com/&liu=<r=&lcr=&ps=878x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=4015&tlm=1440500350&tcn=1440500350&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - 中国最大的在线音乐分享网站&baidu_id=&dpr=1 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Cache-Control: post-check=0, pre-check=0

Connection: keep-alive

Content-Length: 1148

Content-Type: text/javascript;charset=UTF-8

Date: Tue, 25 Aug 2015 10:59:00 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue Aug 25 18:59:00 2015

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Pragma: no-cache

Server: nginx
BAIDU_DUP2_define('request!u1548235_1',[],{deps:['nova/painter/inlayFi
xed1392089005'],data:{"id" : "u1548235","_isMlt" : 4,"sw" : 250,"sh" :
 250,"_html" : {"adn":"3", "at":"6", "aurl":"", "cad":"1", "ccd":"32",
 "cec":"utf-8", "cfv":"11", "ch":"0", "col":"en-us", "conOP":"0", "cpa
":"1", "dai":"2", "dis":"0", "ltr":"", "ltu":"hXXp://8888.89919.com/",
 "lunum":"6", "n":"46055029_cpr", "pcs":"628x452", "pis":"10000x10000"
, "ps":"878x293", "psr":"1916x902", "pss":"995x1784", "qn":"1c53e6c91e
61ea50", "rad":"", "rsi0":"250", "rsi1":"250", "rsi5":"4", "rss0":"#FF
FFFF", "rss1":"#FFFFFF", "rss2":"#F781F7", "rss3":"#525052", "rss4":"#
008000", "rss5":"", "rss6":"#F781F7", "rss7":"", "scale":"", "skin":""
, "td_id":"1548235", "tn":"text_default_250_250", "tpr":"1440500346621
", "ts":"1", "version":"2.0", "xuanting":"0"},"_html_old" : "cpro_temp
late=text_default_250_250|cpro_161=3|cpro_flush=4|cpro_cbd=#FFFFFF|cpr
o_cbg=#FFFFFF|cpro_ctitle=#F781F7|cpro_cdesc=#525052|cpro_curl=#008000
|cpro_cflush=#F781F7|cpro_client=46055029_cpr|cpro_at=image|cpro_cad=1
|cpro_w=250|cpro_h=250|cpro_version=2.0","qn" : "1c53e6c91e61ea50","_q
id" : "1c53e6c91e61ea50"}});....


GET /acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=2&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=878x293&psr=1916x902&pss=995x1784&qn=1c53e6c91e61ea50&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.4078.6141.6141 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Cache-Control: post-check=0, pre-check=0

Connection: keep-alive

Content-Length: 22285

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:02 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue Aug 25 18:59:02 2015

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Pragma: no-cache

Server: nginx
...<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml"
>  .    <head>.        <meta charset="UTF-8" />.       
 <title>..................</title>.        <!-- 0|0 --&
gt;.        <style type="text/css">.            html{color:#000;
background-color:transparent;}body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h
5,h6,pre,code,form,fieldset,legend,input,textarea,p,blockquote,th,td{m
argin:0;padding:0}table{border-collapse:collapse;border-spacing:0}fiel
dset,img{border:0}address,caption,cite,code,dfn,em,strong,th,var{font-
style:normal;font-weight:normal}ol,ul{list-style:none}caption,th{text-
align:left}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal}q:befor
e,q:after{content:''}abbr,acronym{border:0;font-variant:normal}sup{ver
tical-align:text-top}sub{vertical-align:text-bottom}input,textarea,sel
ect{font-family:inherit;font-size:inherit;font-weight:inherit}input,te
xtarea,select{*font-size:100%}legend{color:#000}body{margin:0;padding:
0;}          .            .bd-logo,.bd-logo2,.bd-logo3,.bd-logo4{text-
decoration:none;cursor:pointer;display:block;overflow:hidden;position:
absolute;bottom:0;right:0;z-index:2147483647}.bd-logo{height:18px;widt
h:18px;background:url(hXXp://cpro2.baidustatic.com/cpro/ui/noexpire/im
g/2.0.1/bg.png) no-repeat left top;background-position:0 0;_filter:pro
gid:DXImageTransform.Microsoft.AlphaImageLoader(enabled=true,src="http
://cpro2.baidustatic.com/cpro/ui/noexpire/img/2.0.1/logo-border-light.
png",sizingMethod="crop");_background:0}.bd-logo:hover{background-
<<< skipped >>>

GET /acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.7063.7469.7469 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Cache-Control: post-check=0, pre-check=0

Connection: keep-alive

Content-Length: 9458

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:04 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue Aug 25 18:59:04 2015

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Pragma: no-cache

Server: nginx
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<!-- 0|1; --&
gt;..<meta http-equiv="Content-Type" content="text/html; charset=UT
F-8">..<title>..............................</title>..&
lt;style>..body{margin:0;background-color:transparent;}...uptown{wi
dth:250px;height:250px;position:relative;overflow:hidden;}..a.logo{dis
play:block;height:18px;width:26px;text-align:justify;letter-spacing:20
px;text-decoration:none;overflow:hidden;cursor:default;position:absolu
te;bottom:0px;right:0px;}...cpro a.logo{filter:progid:DXImageTransform
.Microsoft.AlphaImageLoader(enabled=true,src="hXXp://cpro.baidu.com/im
g/cpro_media_small.png",sizingMethod="image");background:url(hXXp://cp
ro.baidu.com/img/cpro_media_small.png) no-repeat left top;_background:
none;}...cpro a.logo:hover{width:78px;filter:progid:DXImageTransform.M
icrosoft.AlphaImageLoader(enabled=true,src="hXXp://cpro.baidu.com/img/
cpro_media_large.png",sizingMethod="image");background:url(hXXp://cpro
.baidu.com/img/cpro_media_large.png) no-repeat left top;_background:no
ne;}...gongyi a.logo{width:78px;filter:progid:DXImageTransform.Microso
ft.AlphaImageLoader(enabled=true,src="hXXp://cpro.baidu.com/img/gongyi
_media_large.png",sizingMethod="image");background:url(hXXp://cpro.bai
du.com/img/gongyi_media_large.png) no-repeat left top;_background:none
;}...uptown #dish0 img{width:78px;display:block;width:250px;height
<<< skipped >>>

GET /sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://cpro.baidustatic.com/sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 1596

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:06 GMT

Etag: "55dc1feb-63c"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Server: nginx
<!DOCTYPE html>.<html>.    .    <head></head>.
    .    <body>.        <script type="text/javascript">   
         .            var getCookie=function(b,d){var a;d=d||window;va
r c=RegExp("(^| )" b "=([^;]*)(;|$)").exec(d.document.cookie);c&&(a=c[
2]);return a},setCookie=function(b,d,a){a=a||{};var c=a.expires;"numbe
r"==typeof a.expires&&(c=new Date,c.setTime(c.getTime() a.expires));do
cument.cookie=b "=" d (a.path?"; path=" a.path:"") (c?"; expires=" c.t
oGMTString():"") (a.domain?"; domain=" a.domain:"") (a.secure?"; secur
e":"")},getUrlParam=function(b){b=RegExp("(^|&)" b "=([^&]*)(&|$)","i"
);b=window.location.search.substr(1).match(b);.            return null
!=b?decodeURIComponent(b[2]):null},currentDomain=document.domain.toLow
erCase(),referDomain=(document.referrer?document.referrer.match(/.*\:\
/\/([^\/]*).*/i)[1]:"").toLowerCase(),urlCproId=getUrlParam("CPROID"),
cookieCproId=getCookie("CPROID"),targetCproId;!urlCproId||"pos.baidu.c
om"!==currentDomain||"cpro.baidu.com"!==referDomain&&"cpro.baidustatic
.com"!==referDomain||cookieCproId&&cookieCproId===urlCproId||setCookie
("CPROID",urlCproId,{path:"/",domain:".pos.baidu.com",expires:(new Dat
e).setFullYear(2042)});.            var sendByIframe = function (b) {.
                var c = document.createElement("iframe");.            
    c.style.display = "none";.                c.setAttribute("src", b)
;.                document.body.insertBefore(c, document.body.firstChi
ld).            }.            sendByIframe("hXXp://release.baidu.c
<<< skipped >>>

GET /wh/c.swf?v=3 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1; CPROID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 547

Content-Type: application/x-shockwave-flash

Date: Tue, 25 Aug 2015 10:59:15 GMT

Etag: "55dc1feb-223"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Server: nginx
CWS.....x..Q.r.A.};.a'$...D..8y.KrM..*....)..aw...k..*7oz..[..*....g..
~...=..RQ.0........Y|....M.w.&..#......}t.D5..D. b.4;...p%.y....P.].4_
..........0....D.4.....%gIK.@.... %..1......K.K.o.?...B..!..Q.e2.U....
....q= .)b.......6$...T.&D...[G.}$.b...|.J..mg...J.....P.D.....y;.S...
.l..%.....{......^.....-O'X....H.co}d( u.X.n..9v..C...=L..F.NK.s.<Q
..b...f..WZ..LK..XU">0.\...........I...sy....xDY..:...j....7.....M.
..Fu:.MF...Yr.W....?.X.....g..kFs.lk.....<.s...N.....&.r..~o....ZSk
[z.....b...6..xi...].f...w~w.../.........s.^.....P.8b:.;..1.?....2HTTP
/1.1 200 OK..Accept-Ranges: bytes..Connection: keep-alive..Content-Len
gth: 547..Content-Type: application/x-shockwave-flash..Date: Tue, 25 A
ug 2015 10:59:15 GMT..Etag: "55dc1feb-223"..Last-Modified: Tue, 25 Aug
 2015 07:57:31 GMT..Server: nginx..CWS.....x..Q.r.A.};.a'$...D..8y.KrM
..*....)..aw...k..*7oz..[..*....g..~...=..RQ.0........Y|....M.w.&..#..
....}t.D5..D. b.4;...p%.y....P.].4_..........0....D.4.....%gIK.@.... %
..1......K.K.o.?...B..!..Q.e2.U........q= .)b.......6$...T.&D...[G.}$.
b...|.J..mg...J.....P.D.....y;.S....l..%.....{......^.....-O'X....H.co
}d( u.X.n..9v..C...=L..F.NK.s.<Q..b...f..WZ..LK..XU">0.\........
...I...sy....xDY..:...j....7.....M...Fu:.MF...Yr.W....?.X.....g..kFs.l
k.....<.s...N.....&.r..~o....ZSk[z.....b...6..xi...].f...w~w.../...
......s.^.....P.8b:.;..1.?....2..
<<< skipped >>>

GET /img/cpro_media_small.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cpro.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 25 Aug 2015 10:59:05 GMT

Content-Type: image/png

Content-Length: 645

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Connection: keep-alive

ETag: "55dc1feb-285"

Expires: Wed, 26 Aug 2015 10:59:05 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
.PNG........IHDR.............E.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...'IDATx..U...P...ZiI....*m..n.$.^ H...p.....[..@........~..... ..
.h..g....e.I^.2....|...&....{.K\.O5.4...7....#f;..M......rB.\~.......q
<.w.l.a .h..t...5......1.l6..$1.v.....\..d2.f.....b..*..Q......".I.
2...^....(J.7#~.Q...'...,.^z......=..}.....|N8...P(.. ..N.XmFO6.P..d..
F#. ..p8|Q*.......9dF....T*.V.......Z._......0.X,..X.)ptL..4....~$.9..
U......GB..0l.N...Z-...b}&.9s...! .~..?..K.Z.U2.<m4................
..?.8.*.|>/..........f.@... 4..."yC......q......t.5@/..*._.<....
a.d...lF"a.G..p$..W>..#...n..B.M8...b @.f..E..>...[{&..z..O..t..
!z.....Zi...~.0..a.....r....IEND.B`.HTTP/1.1 200 OK..Server: nginx..Da
te: Tue, 25 Aug 2015 10:59:05 GMT..Content-Type: image/png..Content-Le
ngth: 645..Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT..Connection: k
eep-alive..ETag: "55dc1feb-285"..Expires: Wed, 26 Aug 2015 10:59:05 GM
T..Cache-Control: max-age=86400..Accept-Ranges: bytes...PNG........IHD
R.............E.......tEXtSoftware.Adobe ImageReadyq.e<...'IDATx..U
...P...ZiI....*m..n.$.^ H...p.....[..@........~..... ...h..g....e.I^.2
....|...&....{.K\.O5.4...7....#f;..M......rB.\~.......q<.w.l.a .h..
t...5......1.l6..$1.v.....\..d2.f.....b..*..Q......".I.2...^....(J.7#~
.Q...'...,.^z......=..}.....|N8...P(.. ..N.XmFO6.P..d..F#. ..p8|Q*....
...9dF....T*.V.......Z._......0.X,..X.)ptL..4....~$.9..U......GB..0l.N
...Z-...b}&.9s...! .~..?..K.Z.U2.<m4..................?.8.*.|>/.
.........f.@... 4..."yC......q......t.5@/..*._.<....a.d...lF"a.
<<< skipped >>>

GET /cpro/expire/time.js HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.7063.7469.7469

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cpro.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:59:04 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: close

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Expires: Tue, 25 Aug 2015 11:25:02 GMT

Age: 2042

Cache-Control: max-age=3600

Ohc-Content-Crc: 3776131546

Server: hkg01-sys-jorcol02.hkg01.baidu.com

Content-Encoding: gzip
2b8............}.mO.0.....Pe.....".&.A..{..C.r....vp\JI..wv[.B..4?.}w.
..B...P:K.k..?.@;)..|.e.2.Z..{]WBj:......a<......h4eyi..B.........j
........U.Y....x. .4.&....gI?&.u^.......m....\.z.......V/.......D...U.
.#.."L....4..V.9eG'..Og...g..._......,7`.k..[=..K.l.....{......^......
..j.0.L..c7^..........|.3.U...j..}.....Go.H....h.iG.. 'E...^.....7uUb.
{d..g..'[email protected]..<.S.07...?.z.........j.?...}.u.4...x.....8ff.H..
.Ci.b....G4Z...G.%z@:....5.iT.m..KEz=.V.v. ....U..V .^.......6)....58h
...w9...q.....w...x../t.....4.M.g.<d..L..$.....{.....P_..ZV....(..K
7.....u.....@..>.5#.i...".)..p..#|D....N.=...X..7.`..f...G....G0.|{
.....6...1...YS.......Y.s.j....b:....*.t.....U.j...'<~...H...M...`.
.K.vK....1........0..

GET /nova_fp.htm?br=6&fp=2AB125E7677A63A92889485C5D413F38&fp2=2AB125E7677A63A92889485C5D413F38&ci=8138C33758309AE6FF4C222F3076C661:FG=1&bi=8138C33758309AE6FF4C222F3076C661:FG=1&im=0&wf=1&ct=984&m=&t=0&ft=&_=1440500365699 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: eclick.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 25 Aug 2015 10:59:17 GMT

Content-Type: text/html

Content-Length: 114

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Connection: keep-alive

ETag: "55dc1feb-72"

Expires: Tue, 25 Aug 2015 10:59:17 GMT

Cache-Control: max-age=0

Accept-Ranges: bytes
<!DOCTYPE html>.<html>.    <head>.        <meta c
harset="UTF-8" />    .    </head>.    <body>.    </b
ody>.</html>.HTTP/1.1 200 OK..Server: nginx..Date: Tue, 25 Au
g 2015 10:59:17 GMT..Content-Type: text/html..Content-Length: 114..Las
t-Modified: Tue, 25 Aug 2015 07:57:31 GMT..Connection: keep-alive..ETa
g: "55dc1feb-72"..Expires: Tue, 25 Aug 2015 10:59:17 GMT..Cache-Contro
l: max-age=0..Accept-Ranges: bytes..<!DOCTYPE html>.<html>
.    <head>.        <meta charset="UTF-8" />    .    </
head>.    <body>.    </body>.</html>...

GET /1100641F46532C79EDA601095951376D3163AB-63A5-7BC9-2EC0-E6EB06DD4D90 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g2.ykimg.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: YK

Date: Tue, 25 Aug 2015 10:59:03 GMT

Content-Type: image/jpeg

Content-Length: 19212

Connection: keep-alive

Accept-Ranges: bytes

ETag: "2517345573"

Last-Modified: Fri, 21 Mar 2014 17:42:14 GMT

Expires: Mon, 20 Aug 2018 15:05:39 GMT

Cache-Control: max-age=94608000

Server-Name: b01.tracker.b28

Age: 330805
......JFIF.....H.H.....C..............................................
!........."$".$.......C...............................................
............................."........................................
.M..........................!.1.AQ.."aq.#2..BR...3....$'br..CESceu....
.GUs.................................-........................!.1."A
.2Q.#3aq..$4.............?..*(...(...(...(...(.P....O.=XE..S.4..,.V...
I... ..]...s..i.........%n..c..I.8..f..!L>..?.On<.~....\...g....
........P?....e...c....Z5b...L.R..6.9..i.z4..m....{..M.%........Q.:...
0....)..*.b...&K{.qcrH...y.[...TC...").f.i...E.9&..C...I=.7.\.....q'.I
=....]..%i....%g5....<Wc..M&.S..8.@......./Zl..wM^[..kn....`v z....
.........%N9...y....b{P.(..........#..:#...i........q...O.i.....i..j.#
8.5...\...IK.QJ.. A...L.0$5......Y..;..Us.b..H...&..K.e.g.JV..........
...B.5.M.A*qK.Nx...l....m:.P..!_..J.....>[email protected]..
.~.r.... 2.7e..m ..".....S....i}.j.4B..C.,.....Y...UV.~f......F;r=.c.!
.8?.t]..c.v....[-.T8.AK`c.Y.9W>U....I.8.m..d..(].....z..8.M....D...
..4/$c.............m.......c....yTe.KD../h.-VTG.....c....H4.h..6.i.,..
w......d*lT.K........U..........JY...vs.O. kh...a..*..m...'..EDzi0....
..-=....w..V.[..B...M.......&...A\.....o.Gq{.f........Q.:qf.i..k.7.W.-
.y.7........C....'=...B....VN....X..@h..#>_/...o.X...C[..A..c....-W
..x..Jv...k QR.=.x=.Q....jM....v......=.!...3...Fhi.H.....m.J).... g..
..<b.-6.25.cC........j..........E..8C........8FT...).c.^U..j'm..5.s
h...y....i.. .1*.(.oiG.A.3m2[......g...L.8...<....js.t...O.0...
<<< skipped >>>

GET /cpro/ui/c.js HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cpro.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:58:55 GMT

Content-Type: application/x-javascript

Content-Length: 27979

Connection: close

ETag: "55dc1feb-6d4b"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Expires: Tue, 25 Aug 2015 11:04:04 GMT

Age: 3291

Cache-Control: max-age=3600

Content-Encoding: gzip

Ohc-Content-Crc: 4204715424

Server: hkg01-sys-jorcol04.hkg01.baidu.com
...........Zkw....._!.d.d.Sr....F..4m.6..GsZY..I..B.*I9q%.... .......e
......'0.}<x.o..4YT.;..o..D.m....;..e........,.d..n.};...*........=
...h0a ~<a...f. ...o....tv....z........y.w..7Z....E%Yu....k...M..1.
Y..E.8..L..5[.n=....7.......Bn2...\W.[....6.x.m7n@.  Q......F..J.c.=.Q
.n.#....X.8.!.){...g..9......vA....../.."..&s.......i....... .....).a'
.~.9....bn[.\..p.....}.... ;.Y......,......P..U...pDL...H.Q......mZ...
.V..E..5..zq^.D#.5.....I7...Z..h.D.x.X.h8...k....l.K[..........6....oH
..=../..v|..r`......?=.(L......n..A#..w...5.f%..!.......R.I.`9....0..{
6.f.f[..w 6...)&.^.....C...w.p.v.4..g.O4NNb..v..3..6.3...u^.D..%.W.4..
...p.....m.........`sZ.L1.-. .8S..P.O.......i.HX.T5......U..Y..{.= <
;.......H..g ..*.>.q .X6.......)........Z.......b. >K..D*I...'?&
gt;.m.....j..^.gj...#....;.....&.$....D..L...*.".T.....DQ..[.*>..B.
(/.!..b..'P.'n"......k.<........D..O. ..Y..aV...@.$.7N..z.H..q.'.."
.....fape..Mi}5R..........{_.}...C..8].`..k.|8.Bm.J.C.........Z.Im.E.7
.[.EJ...EX..%..y..0|.g.S....:wv..d%.....}...;=."...3l.[.....;.....%.f.
=.N....a.v.?7.....W......o.m`..7.$!C...D........$.E.q....#...#.X......
.L0...O.w...CkJ_..t..a..z.......Ix9..Z...r.....W./.........V*...c...a.
r...P....'.g.SJs.,[email protected].(,L.;K.....m9.fy..a5..~9....U..).*..7..
.WU...7.YFV..7...f.L.....j&.;.g.d.bn./.q9x....k............*........@.
l..&Ka.....O,[email protected]...[...
k.,D....E.o`b..yv../a.../...h..J..D.d .....v......,T.XL..;...Za...i.s~
01....v.Q.........`Y...N*...).......s..n!.Y...u.G.......&_...tpR..
<<< skipped >>>

GET /1100641F4653290F51A0890557493144933D54-011B-B519-A4F5-B3FCEAC94562 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g2.ykimg.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: YK

Date: Tue, 25 Aug 2015 10:59:03 GMT

Content-Type: image/jpeg

Content-Length: 19942

Connection: keep-alive

Accept-Ranges: bytes

ETag: "1667177441"

Last-Modified: Wed, 19 Mar 2014 03:30:40 GMT

Expires: Sat, 28 Jul 2018 13:18:05 GMT

Cache-Control: max-age=94608000

Server-Name: b01.tracker.b28

Age: 2324458
......JFIF.....G.H.....C..............................................
!........."$".$.......C...............................................
............................."........................................
Q.........................!1..AQ"aq.....#2....Br.$3R......Cb..EScdE.
..st.....................................*......................!.1.A"
..2Q..3Ba.#.............?...eu9V#.DI....|....{4(u!..$ ..o6.:f.....}.u;
.|(...V.m.....IPO.T{......V...D...#..*`D#.29nM.&....C)....4.*=..1..\.0
)..#.s........0.b. ..`....5..............A.I....L.M..gI.j..h..{g4..B..
[email protected].*....].&d.<<..([...{)....rzS.&..*p....i..[H.....
..'...hBY.4,MR............bDcj.U.I5hbKl...2o'.....5..........P..p..EG.
...2...5.....\.8...$.)...9..j]..&..nI....E....T.M0.......S.2`l'.BW... 
..h.9. ..][xr:Q5.....*./.-.....$.Q.6.....4@.......@N=*.Q...st..D.r.<
;sR...:r0h..t..qY.L\g.o....P...89"...u.H'.....PO....f..!..R.WAJ....H.N
.....i[eQ.O\U..D.]..\~..."...eO..lYE..B.`..E.s....2....c.p....*... ..T
.x. U..##...v.f..E4..V...n....1..2F..h..l.E../....8Q...[mK..m.....w..p
.*..s..SsV..Z*.W. ..C...-.'..SWI.<..bCf..=..X.H....|I.S:".sHw.J..".
.dK..%.\.*..{...Ma...gw..3..4...`....)N......,....;.^.xG.I.{..G.Q.....
....gO.....1n:Q.]B..R1..k....*.._5_...$$...Ok:....usa..-).$h.q........
.$q.3X....z..d..b./e.4i...?..W..&..B..............8..tR/ce.x.....\....
Z.{.^h...Lu.t`."....X..R.&..&.......3kr./4..>.O.T..'.........z.b3..
....s.X?g0[..X.3.h.3Q....:.l.%.....Q.u.7d,#.......[.k.............c|cW
' c....G .m.H..O........{....A.*..Yo.....:..I.B.&.#..w".[[email protected].
<<< skipped >>>

GET /stat.htm?id=5862873&r=&lg=en-us&ntime=none&cnzz_eid=501615567-1440500344-&showp=1916x902&t=缘分网 - 中国最大的在线音乐分享网站&h=1&rnd=1192507884 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: oz.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine/1.4.6

Date: Tue, 25 Aug 2015 10:59:05 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 09 Mar 2015 09:01:02 GMT

Connection: close

Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..

GET /userdata/2015/08/19/00/00540197.jpg.small.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Tue, 18 Aug 2015 16:00:59 GMT

Accept-Ranges: bytes

ETag: "1c20d212cfd9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:43 GMT

Content-Length: 6282
......JFIF.....`.`.....C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222...........".....................................
.......................}........!1A..Qa."q.2....#B...R..$3br........%&
'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................
......................................................................
.............................w.......!1..AQ.aq."2...B.....#3R..br...$4
.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................
................................................................?...L.
h. .....3Fh...f.P(..&ih.-.'..E-..QE..(...(...(...(...(...F!T...MD.(.$7
\t.R2.B........nm..g.........|S.P..9...h.(..^.8.$J.\d..h.Q...J).._..#.
........E.....s..}.....!V.....PEl...&m.`..`.....;.[.........y.S..vi.P.
.b...p........4.S..A......e...R..h../...3G**......e...h...#..,.8...._x
.Y.../..#...{....?......2..oWR.g..... c...xr...M.s...3uaV........h...?
.....g... ;!......L...._...g.....Ar....2....:..2?..P...h.......b...?..
......4.3O........L...G.....'....`:....T......0?..'...0?..e3`t.n...vk.
o........0.....c..}....).......s4k............Tg.....?.?..b..@...".ftk
.ue..............^.!......?.H.SX.....S...J)..Z~i.(.v...7P4.8..4..z]...
KM.4...<P?..O.....V..?.Ym..\.b...>m.TaO,2 kM...u..s.r.....Rb.G..
....CO.!...a....j..{=......N...5...vp....w.R..WH..Q..4.5.}.H.%q......d
..F....7..J......SQ[Hd,3...>.E..3M;.C.N........~)......4.jB=.1.@...
/5..\".e....E....f%...EU...9.A..1Lg.....D..........9t.7..l....dW$&
<<< skipped >>>

GET /userdata/2015/08/16/18/20200293.jpg.small.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Sun, 16 Aug 2015 10:20:22 GMT

Accept-Ranges: bytes

ETag: "fdc9829dd8d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:45 GMT

Content-Length: 7464
......JFIF.....`.`.....C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222...........".....................................
.......................}........!1A..Qa."q.2....#B...R..$3br........%&
'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................
......................................................................
.............................w.......!1..AQ.aq."2...B.....#3R..br...$4
.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................
................................................................?.....
.w.-8..l..{(.w..1...\....3.N.....^9.%...f...5..F.....3.3.....QGdk( AX.
.>8.......2..'.L...7.]Y4..t,.2}.W...x.f.......L.mR..r}..m..dz...&f.
..'..Q..O_..H.4.\wY...J...]8.03.1.....Lg..G...Z.Q..o..Kb..wH..Ul~U.m.7
..0.{..N..... ..@....;.Q..K;.A2ZL.......?.............Y...I..R ...W . 
W.~zF.(....#.../...........9....D.i..'...$ey.G...7..m.....E.........B.
....O.....a....m# .5.v..........dB...j.....!%...m.e....m.;..B....|....
C:..A._.G...F..20..T..:..]....M.....\.i_......{....;.......c.4.z..)...
1../.)....I..t.F...Wr;...-q........8......;.u...l..;...'......N.......
M ...aV.........=.....Uflt......1.U..q..u...N.\..3....j.)h.z.Q.#"....9
.%.2...sE ..T`v.rz.T.w*....Z.&.A.h.......#.;..7.... ..QY..P|..4S.\...c
..)..A.c.\..<rp ..<.yy"4.......=. ..eI.s.X._A.&.{8]B...w.94.4IZ.
...KkP.'#..[....|...k......*...8..3c.9..#....U.4(.Nc.} ../.....E...y^.
.KiI& .....~.*..eX..j..b..[d6RN.8.8.......Q.....m{....k.0i4y.Eua).
<<< skipped >>>

GET /userdata/2015/08/14/04/27400657.jpg.small.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 13 Aug 2015 20:27:41 GMT

Accept-Ranges: bytes

ETag: "b4ccab806d6d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:46 GMT

Content-Length: 9342
......JFIF.....`.`.....C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222...........".....................................
.......................}........!1A..Qa."q.2....#B...R..$3br........%&
'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................
......................................................................
.............................w.......!1..AQ.aq."2...B.....#3R..br...$4
.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................
................................................................?.D..l
>U...Fw6...T....p....X...~= ...&....9blo.U....5.....|[email protected]
.....;V|...85....m....W...H...7mdQ.i.9.D...#9>....GM...f.....R..i..
Z.6\..x.`....]/c..Xot...L$s.........v.e...<!.....^.|7b.. 0r0H..>
.....p.>.!.'..J.S.....<.-6P..6...W......xZ..z....v..O6......zy..
.J..d_..~j...a.h.i..K . c.U.r..)..VG#{.i...#[email protected]].c......iK...'.
.Vm.s.J.....p?*....?*.."{Ug.....f.N:...K...3..W5.$-3.hp..oOo.O........
Q.....>T...*A.Y[.....t.Y.v..-.X/ U...=..`e...U...\..M.......#E..HG.
NJ...q.....>. s.[....&R..q{.[.%.$h.Q.p... .....rXs..UY.nem.\J...&.&
lt;.#..Y.MZ.L..1...)....%]...)T...6.4.lYk.l..a.z...F .m..'...5R!  *pA.
P..RkC..u). ..Q.9...._R....h#.....]^....KO.. ..%.C`Z4.d{. f?.^.......=
:1....}f.tl.....(...S....0..$........ ..)...........u.k.q<..-Y.";W.
}....Z.kO.v...t...yE...]>.....1...\a.|.>...z........0Fq.....{..l
....p.F2.{Vn....1.sO..t.&.,..h.m.R2.....VMz.8:....$.Jj..f.. eq.*.~
<<< skipped >>>

GET /cpro/ui/noexpire/img/2.0.1/logo-border-light.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cpro2.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:59:02 GMT

Content-Type: image/png

Content-Length: 473

Connection: close

ETag: "554709f0-1d9"

Last-Modified: Mon, 04 May 2015 05:56:00 GMT

Expires: Thu, 01 May 2025 07:58:38 GMT

Age: 9774024

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Ohc-Content-Crc: 1058936823

Server: hkg01-sys-jorcol03.hkg01.baidu.com
.PNG........IHDR...D...........xX....IDATx..W!o.0.....,.;..<.%.$...
g..K0....%.92...AM N...p...a}K....hi...... ....{....8.8.Xq\s.s.g..c.q5
#...Yr....=B.....6M.|.....eY....M.m..3N.c....=...a.>b2...k...8/..ch
1U..Q!..).........$I.R....UU}.z.c....L8.....z...8~..........b. x. O...
...S.CW!.........R..ej..."[email protected]...,1SC.#.F...r [email protected]"..'1y..
...B....K.K. [email protected][%...T;.1!...a.......\..^.-V.-.h]..J2.....)!&.
Y.......UJ...!z..m...x.j.L1l6.?rGB..h.....'a.B.....IEND.B`...

GET /userdata/2012/11/11/15/734682/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 11 Aug 2015 22:33:32 GMT

Accept-Ranges: bytes

ETag: "f968bec085d4d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:43 GMT

Content-Length: 3985
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.._.Q...
.Aup.J..,`.....d.1 (S.G...........T15..8.07.B....U.g$.ns.....Yh.};D.eQ
}).c.}[email protected] .b.A%~...E...-l..vF.8"..\A.y.
.p3.L...>..(...<S.xnY&0..Kn..9^N.x....M`.2Z...m`{.-.}i...b].D..S
z(...v.p...b...jsh?..;.].I`......b..g......F 978...JQh...V.5o..!Q3A%..
..".... ...C/.....0....n..y..-.iJFX.......8,9'.I. .....x'S.....R..M...
....(..... .('.&...,1i.....4.c....L..cW!Kc..0OA...........,..Z....{{..
6. p..f....U.|...c....u.....p.g...l....m..8..9=.b3.q.)$.=F.27...1T'..2
@...~......M..uW:.....Y.....}..S.....=}k.........)l..ic.N).SJHyP......
{......;. B....u....A{...A'.:0..^;[email protected]>..G...w....B.y.
...8R....%t.4&iJ-#.>*^>..6. .(.H....<n9>.....g.4.........2
...Z4.*z...~u.f.P.."... a..m.A.'......i........H7.@T3(9.==k....K.X.<
;S.....o.. ..Y..[...."$K......z}k.....F..F..d..i...L.B..< ..y?^..Z.
.saa.Ej.r..r.$....).?xl#.#wrx.......Z.Do.,R2!|.N.....r8....c..`..y
<<< skipped >>>

GET /userdata/2010/4/28/16/2712/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 20 Aug 2015 17:46:02 GMT

Accept-Ranges: bytes

ETag: "9021f11470dbd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:44 GMT

Content-Length: 3168
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.....@..
H]..@O.'W9......#..U%.......................Q. .....!x..cjd......WQ...
.k....x#;.~...1V`@F..f......"...H.h.H.W.. ..^UO.@....'......m.....4fGL
..8...t.56...k....`K[...Ir.....6...9..r1..xs.w...ml>TgP.?0.....?.|'
...b.Yf.V....Y1..8.....@...?h..*..#....&D9'.....&1...(..8o.Y~..../.=..
....i......?....kR.w._4.. .....c.... ..E.W.....2F.*y.k.O...6...f..|..6
9.........z...r..wb"?OO.\6.u.M....-.>."......'..P..."..u...sR ..)..
....3....q.m(.t./>.}..\.#.,..7M.2O.a...:...KF...c .q.W...\w..;..xJ.
Q.k.1..I........w$..3. .5...s.Nt..lm...^.......#.H.........7Y.=vyf....
.!.c....'[email protected].\.....N.......fS$`wd
.....y...iz...W..p.B.*.........~..-.k.#....D...A.8$t.C....5..ws.E....=
..;D..B.7.............8.[........Eaj...6.A...'w....J..:.O.u#.N.u.2G.c.
.....P2T...8.J.....>$_.o...#....1.....zn...x.n..eY.......6.J.@.. ..
...4..Mqik9....G&v..*...s..e.. .ip.n..$..`...q.....k...TZ..:s.....
<<< skipped >>>

GET /userdata/2014/8/26/15/944406/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sun, 14 Jun 2015 14:42:44 GMT

Accept-Ranges: bytes

ETag: "4d78955fb0a6d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:52 GMT

Content-Length: 20106
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z......................
......................................................................
....................$.....,........*..&..!.....d..b..c..e..j.....]....
.n. r.!Z !"."v.%T.&|&''.'..'..(.#)O.)..)..*.. .. .. . ,,.,..,..//,1J.1
.122333346447.6.47E78<78>.8.;<C.<.<=D:=I.>..B..B..G.
.J..L..N..Q..X..\.#].)^.1b.3d.;[email protected].`i|divfip^j.Hj.jklkklWl.llmQ
m.[m.mmnSn.oopttuvvwzzz}}}............................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
.`1.....0 ...!..GX4..%..7r....G..)|B..9....X.L....../.&T.0.C..q6......
G.`[email protected]...$..,D.... .."tv........"]j..*U...}...%F..Q.z.K
......*P...\.b8r.g.=....F......e...m..{/.<.C.a.0.>L.....z.......
...........U1b.....AY.f.S.j.d.....60...e........w.........CG.Z....q0Re
[w....u...{v..mV.Sz]...-...s......\.M4.TXa;.V.........Q..#z.q`..1..W.:
..K".......a6.p.......S|...K*..U`..$..n.s...B.......p..4Ec.9.d..)....9
..=...f7RN.!w..U.qn..............N..f....f.9R..0..y...t.'..1.gB.`qD4i.
9....j...]..y..y..]...B.........i.o...p....i.y.......s...M..zj....)...
.V.s.:W.M.T...........U./...._%......n........wn.......!.A...t...D3o..
vx.o......2........r.............b.-..N..{-........I...X.$.....a(.
<<< skipped >>>

GET /userdata/2011/4/9/23/313985/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Wed, 28 Aug 2013 04:04:01 GMT

Accept-Ranges: bytes

ETag: "808e9da0a3a3ce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 3494
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(......Z.P..........................................
...............}........!1A..Qa."q.2....#B...R..$3br........%&'()*4567
89:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...................................
..............................................?.........n..=%b.\....Ko
9.w%........=...k....Z./q..&9O.Q.~5.k.R5....G.9T...._z.....;.r.8$H....
O...v.W...O....*c20#..Ls....8.ap.Y.....L...*}WZ.....XoR9.bi..W..H...)5
...QYiB.......nr....ZW..........$..........(n..p.c\..[...N1..R}.T.....
.....z....[K....Y.E...r...z..#.ji:]...K..noaQ..V^s..T...q]T...........
.....|.$.J~w...(E.#..5..1.s.._.w.'O....m..%`../6.....v. .FJ..z...O.i.m
-..[T.VY$.n..xq..l.q......u..-..coum?.,R...|..s.#....3.K..|}....d.Q...
-.m...y$.........yg....sJb[........<[email protected].....=N7T,..h.`.....$).
....z..-....#......iC.....3...[..x.[X4.UR;..)..E..@,..a....=..........
:<^.y.H....pT.`@.f....W..x.Q..$[.J;e............6.'.XrI.:ak........
t....Z..W..%.`.5a./..2Y....O....X......\........c...P.._.L..NG9.c.x.K.
.4...K.[.....y.Up......y=8.qrk6....Y......l.e..k...Xc'.`...|..0.......
*.48G.'..8.......a.d......h...._..g..[..K.P..................r..]M..r.
.Wj......1''...^.~..h...Z]....7..V HV..........{.\..%.4..Y_[\.....wP.]
..7...9.x......#...zo.5K.l..F&..ky..m8a..l^....$..\..B.BKy.v.l...[....
... .s..2.T....u....};..{...................V.3.m..=..Z....6.bx<c.`
g..W;..n5..?....;...yq../C...3.O......Tg..... .< ..-:[....3Q..~.).O
-..P...N.ldp3....u.o./-.......Dc....`[email protected].....=>..U.\.^.Tl.1r
<<< skipped >>>

GET /userdata/2011/4/9/16/313604/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Mon, 24 Aug 2015 18:00:58 GMT

Accept-Ranges: bytes

ETag: "465d91d496ded01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 2401
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..5.5...
.b..}*....;r9.][email protected]}.t..w.95
.ybSvF.&..c..q,..R.9Pk.......)..B.V.......' w.s.....>"M<....7.7P
.x..).^..Q(f.I>.P.C...w.(...P.y.%.$...r......m.......H..t=).I..\E..
........Q.w....d..n.....<.%....d........@bz....;.\...........y....9
....=CB.....BLl.....W...F. .0d..^..3O.J.A.....0...8.X....T..s..Q......
u<W..G.m..{ S.....[.:q..Z..T.H.nn../...c....}..........\O#K4.Y..5.*
....qIhV.B.w..._..s..G..e.2mT....Q..b..4.....bv.....{..B[.......4....W
.V(xlv..?...CT.:m...H..|.....m3FY.i. !.$n... .2.......Pnv'. ...*F..c&l
t;.Y..I.Fk...=&._.M..........A\....#"..|.2ee...v..J.....!nn$.oM.......
.$..lM..|......]..=.&......`S..^...K..d)...........^.W....l..n2Y.@'...
.y..K}{W....Z....^YJ..d.1^N..m;U.5.S.M..<.....i.......*|>....R..
[...wB.C}.h.o...s_[Y\......a.. zWD.J..w..00>\[email protected] ...9
?^./qNK....5<..-i.$.w ...!D_.<....#...B4...".2.7........9$.v
<<< skipped >>>

GET /userdata/2014/6/3/18/928824/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 25 Aug 2015 09:03:35 GMT

Accept-Ranges: bytes

ETag: "9bd4c0ec14dfd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 2610
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...2x`..
[.X/"P..9p.......s..;.*..Y...m......b.c...N...>......8....E.E..d>
;}.J....<D.m..Q...b{..i...o B5........<...$`...s..=.....l...<
...1...G....[.L.(F<.......[|..=..]_..5.&.-....s.V~..]WU........BK}.
.K......H.A...?....Z.V.c.S.WE.?=-O....\..5....F.=.k.....b.j....&...v..
..{...iKP.R8.W.~)....n.zp2.^ ..o.4e....)^.'.<5.[............... ..'
..[.......I#.y..".zR.vT..e(E....0.F=H.i-$;_...EBH.I.Hn...P..@$..q.~...
.LN.B.K.....;u..5......M.yJ>\r....5.V.....W....pXD....g4..Q=.k..e._
.....3..oAg..ac..:I...u...d.0..........&..DW.W..V.....A..#5...F...-...
.x.,.......Qz.s...N{.....%S.*..~.  V.{iy8..5.G9#5.6M........H......q.Q
l.R...........(|.h......Z..y..Wf)C......3..&.t.....#,>n........'..H
.J...|.]....b...........E...Q....X......2.:.........I.M.k..'....Wo.-.L
=....\. .D..P.I.&,.da.*.....l..c.Z....O-....Z...Yj..c;..>O.\j[M5..G
S{.........(...p..........ao%.y-..59....WD.....N..[.....r......~ ^
<<< skipped >>>

GET /userdata/2012/4/6/17/566949/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 13 Aug 2015 16:49:03 GMT

Accept-Ranges: bytes

ETag: "d1efd5f5e7d5d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:54 GMT

Content-Length: 2687
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..n....}
...zg..........&.k.GIe8.........x}.'2.]..Y.....u.g.T.....I......t..9.{
..#8...."F..1.'......>[..'.Y!......>G...._..4eT.d.TZ....c D./.w.
..a#2b.3..V''..T........F.A.2.q....x#..c.DV.....%.Kx.r..X.l....m...9..
Y.......O,.g.\!.0_.8.........w.z.......O.......q&..X..r8.....9.q. jz..
...v1!....h.....O...}.V.T<.Jk..G..z..s.s........ji.6.i|.F...<8%.
.p2?#[7.:..@..... ..Fq....^.8.'i.*...C...X..p..ed>\..t.....j...V...
....re%[email protected].;V..0.......L...L.G$s........U5t..s......,.....*[..
..V|."..$..Xu...p ;Hh.|a~..$[.f.0>b..p.$...I<V....c|U....5..I...
.v..8..8c...8lb.....h...^.hU.'z..X.:..........=.............:..i.FBg..
.9....@iI....?..X.......1\..........N..7z........b..-..1......$w.p.\..
.lTr....$..n.cTb.;.pv....:9..y.SuIKZf2.X.Sk`7........J.q.."i.t.A.q....
^.......>...uV...C..|.M. .V....i.u.H....A.y.....k.3U..G9....a...i..
....n. .*.\(.m(x-...M.'....kQ2.9..&l..........jA..s.....N..93."...
<<< skipped >>>

GET /userdata/2011/3/12/3/295026/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Mon, 24 Aug 2015 09:38:13 GMT

Accept-Ranges: bytes

ETag: "c992cd9850ded01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:55 GMT

Content-Length: 15367
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z...........!!!"""###$$
$%%%&&&&&&'''(((((((((((())))))))))))************               ,,,,,,
,,,,,,,,,------------..................//////0000000001111112222222223
33333444444444555555555555666777777999:::<<<===>>>??
????@@@BBBBBBCCCEEEFFFGGGHHHIIIJJJJJJKKKKKKLLLLLLMMMOOOOOOPPPRRRSSSTTT
WWWXXXZZZ\\\^^^___aaacccdddeeefffhhhlllmmmmmmooopppssswwwyyyzzz{{{}}}~
~~....................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...._?........-X........o..iB..T'Z........z......Y.r....H....6e..Wo..|
7g..T.X.~F.q..-Y6q..e.DhQ%O....9l.;.(..k....f.q.\..`>...f.z..B...-.
U..7[..q.6.[.M.4......~...t....Y..q.VP-[.i..t[/.4.p..{.k..l...ZVx..l..
Uz.............cQ.I.k.3..?Q.;...9n.yRf...7n.....%...d.....W......e....
..&.;..3..*}..[v.#.?(Ms.3}...4........[9.|c.s(.3O<.|SR<..#"u....
Ip..M[..d_q......H3.1.(.. ....d...Lg...O?....;....3K...Z..H`J.0F.A?.S.
...5.4...L2..S....".8..SO...S.?.......3.'..B.<`...[;..R<..#....S
.l....1....1...K..T..T.<.L>...L9...$.4..R.4.dR.[...Y.`9.O...X.D.
$..'.4..4...[6f.9.0.TSXiEf.......8..............t...R=.x7.z....-....3.
4.Z9"2.c..x.......;.`.)3.$lW?..elX.B..4......x..3..S.'....,...K1..
<<< skipped >>>

GET /userdata/2014/8/31/14/945045/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Fri, 14 Aug 2015 19:00:34 GMT

Accept-Ranges: bytes

ETag: "6319a80c3d6d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:55 GMT

Content-Length: 2766
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..... *.
.....*..J.... ..f;K.1....9....2..7.c.....;:.Y....r L...x..m..'7W....wg
..Ai ...W!v...=._K...$`... .k.....7.,.|..#.y..\...\.Df.e..Y?..;W@/....
.#..j...`B\2}y................Ps.*............!....y2......U)..X~".W..
Y..2..H./9_....r..q.].....r..'.8.&...G. ....1B..q..(..I.#..p[...95.j..
.0.>[J...`..|Gd.kr.z.#'$d....;......yP...p.s.\..k..../T..Xj.....X..
B.O_J..;..)...r...?Z......,eh.........8..W.P.&XloV....G#....Z.z.......
...=..LFG....r>..... ... ....B..q......[..2u...Y.L...~.Y....(.....Y
...X............X..$.q...W....z.V.....1.k..M......~\..f..<.....&.q.
...C...Y.....q....g......t..VG.}.$ 5.....o|R...q..R[`.\c.m....Z....n..
.q....eKH......f....?N?.....T...1..`.....!..c.z..z..R.....M....h......
.\g.f.{..?...u..fxd*..YNW#.5.]...3I..Tga....Y.l....gt<$.S.O...U.k$.
;.nuB~.......vZ.............NA..k...E...^.XF.*<..$.... ....jR...C..
.n......,a......Et..W.S..{..IX.0.nN6..8PG|n...Q...oMI.H..YxsU..K..
<<< skipped >>>

GET /userdata/2012/5/17/19/587037/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 25 Aug 2015 10:48:36 GMT

Accept-Ranges: bytes

ETag: "8a96749823dfd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:55 GMT

Content-Length: 3287
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?......j.
......o4..H...O$.....x..!\.o.FTc=pO.s....]f.....N%.Y.....>...v..O.M
.i/1....$.?S[.W.[R..eiQ-.'.^Q..8.f .r.~.SLj.o.v.../.\...>.c...bxt..
.....M).....S....zS...gf61Prh.....ior.A..&93.pH#......C...s&y..5..<
.....e...o..Bx ,av.......ZN....N..^Ht.."Y".8.'..y8...o..'.......Z,...@
xf..h......c]...ik...~./.5......%..m.Y..NA..:......1f.t.A.i.s..5r..:bX
D......[8...?.S..e..Q....WOcl.....r.G\i......sBM..A.Rx..M.._7./!f.....
z.HW|[email protected].;.".#..........9t.Nm..f...Uny......K._..
..$Ky._....?.\} .......p.p.;0.NA?......._.A...d.`./7. [email protected]^cR2
.I............$q............V..,.n.k{.....&....R.<.....iv ./.... ..
...?..Q]....v...!...:0O.ay{6G....~&..:z...R./m....Z5Vc..,...T.;m"H.L.{
.....g.?..-zA...t.;..E...n....<2....kw.es.1.v.v..........'`l.z.<
...>..s...B-..H....n8......k....j..=....t.V.....r...iJ.....d.....lH
.$..U....}.^..\[email protected];5.0..z$Ei.c..1......u..s...,2..[.
<<< skipped >>>

GET /userdata/2014/2/17/21/901570/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sat, 22 Aug 2015 16:41:23 GMT

Accept-Ranges: bytes

ETag: "ce99bf61f9dcd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:56 GMT

Content-Length: 2700
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..V.(...
(..|./..I..Iu..Z..RNRF....9..I=...=2..s....5...c.n....s..5............
..h.#i([email protected].........[..ns..~.. .x.=A...g...@s............
,JB..jb2(...Q.c...-c...O-.2..B...g?.:....yW._.^....=.L6..5.o>W....3
.F?Z..X.Y...!d.G........|.}...i.mf..z.....?...|-IE..QE............M...
...)W.N..........<..C._.[j3....... 08${....d....2q.i..m.... ...P.~.
~.$..d....*....p.Hx..6..ON.hP.{...^7.Dx.]..7.M.*.jvW.#.H.)..w''...k..9
%......p...<...=G..j.Q.6KU.(V1...........|..E.P.E.P............g..j
.r....(.nR.>...........?...D`^=. ..9'...7.8D?.|'....E....y.........
...h....<.b..z.g.....M.v..~A.... .X]2B.....g....>...Pk........).
........CH.d...........`R..FN....8...4......]....G..6w<F..c..p?.Z..
...-4..........4........n.:c.1....'.m..J.*=.r?.b..$.*......7}.........
....l......m....Q..fu......63......<.6.4.m..\.......!.wG6. .M..y.%.
lW.Z......G..........FA......|P.....-SR.`...6.....VH..X..].....,20
<<< skipped >>>

GET /userdata/2010/4/26/21/1705/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sun, 23 Aug 2015 16:18:27 GMT

Accept-Ranges: bytes

ETag: "db95a157bfddd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:56 GMT

Content-Length: 2135
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(......Z.P..........................................
...............}........!1A..Qa."q.2....#B...R..$3br........%&'()*4567
89:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...................................
..............................................?.......k..........2....
.Rp.8.-E0X.r...u.>...q.......w .......J.<....4....;q.....u...Y..
.8.S..WI..sW..$..K3p.FI>..i..|Csn..m....r..,..t.0.....|U9...y..wk..
....-..w2..*..IS......x.Z.[t......wv..........S....C.Z........$ne.*...
.;...k...d.8.......^.....C-.'.....fwi. .|..h~.......B..Y^.@\...B.ppGl.
.H.>......B..7.C..$.6.n.n...q.....~*..5 .g..q*.fr..;.<[email protected]....
......c.$.$L.3.....m...|E...$.n.l.....33. `X..i m..i/...n%...[.....qm.
.'....z...8 .zf........qS..q.......j10....R.;0P3.I...]......dKK.e.....
.t.......G.....MF|...?.......X..ND8$).Vh...G~....'......#..."..hY...;.
.....9.......\..|k.......K..l.h..n.....T........W...5sxVgB.....'.t.7..
K..#[\....>v...*...T....k..6.ea....NOZ...-..... .=Lf2.s..O.....P...
.W.=j...t..n....WA....v...z....3.*....en.i%....t...a]...$A..s.....4.-.
Ir"i[[email protected]}...y...>E.d..\..|.........6.[.R.w.......5..E.]
.h%..B..i=....{....E......1c.`~.U&#.W.s\...). ..y.....}~.nA...$...[zf.
.x. ..j7..XA.p9.<}Ew>....=j(....*...~...(.._^..F~...x..P. ...A..
....pF...........$...<..^[.....u..7.[......a......e...* mN.NX.|...k
`..Q......X.G...h.\. q.......P[[email protected]...... ..z..9i.....W..X.sp.....
.3... ...=.k.M.....Kt2..]..di'..6......@.....]..7F..i....[..H...I$
<<< skipped >>>

GET /userdata/2010/4/29/3/2838/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 16 Jun 2015 10:09:07 GMT

Accept-Ranges: bytes

ETag: "f46d447b1ca8d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:57 GMT

Content-Length: 15342
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z......................
......................................................................
..................      !!!"""#########$$$%%%&&&&&&((()))******,,,.../
//000000222222333333444555666888:::;;;<<<<<<===>&
gt;>>>>>>>@@@AAABBBCCCCCCEEEFFFGGGIIIJJJLLLMMMNNN
PPPPPPQQQQQQRRRSSSTTTUUUVVVXXXYYY[[[\\\]]]^^^___```aaaccccccggghhhiiij
jjkkklllmmmoooqqqtttuuuvvvvvvxxxxxxzzz{{{|||~~~~~~....................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
.................................o.....J..&9v...N..t."}z....Nn..1....$
F.....L..k........!@x(QHY2A<[email protected]."..[.<.:up.4R.\...C....
..s.n..`.DQ..f..*].xy.....-.....[;s...(.......%........p.q#....L.zD..U
S.p..2C..;...K....9.....$I.$H........P.PI..];bVf.X....K...a ..c..<|
]a..'R. ...... W.\m.!.S...>..c.O.,R....... ...T...0..3.!.;.$.F.; ..
.NH..2s.e.........`Z..y.I*.x6.-.......w...L...c....C$...7.p..H.e......
./.`J3.....M...3...Yu.....?....9...&.].M8....1..!.?.....?....[T.......
.J..B.HDd.....B.".0.(p.1..Fp.G3....u...#S..!.%in..)..B..{....>.....
]..D.M8...2,Z.]9..$.3x.B.#....k..F.S.@...<..u.v(..#..iN7.Q.Z.L3M*n.
../....#^@1..^.8D]>.;C.3.`[email protected]..>[email protected]....?..B.{D.M .r
<<< skipped >>>

GET /userdata/2010/5/12/13/14411/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sat, 15 Aug 2015 12:14:58 GMT

Accept-Ranges: bytes

ETag: "47e5a6054d7d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:58 GMT

Content-Length: 2731
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..^.O...
..^..{I..i'.....Q\..,....s.{/...u...b..K..8..W...E.E..e...!......~y...
@..o.._i...KT.VE..w9B..H......$....|1.H{iw.s.......c...5.....m5..E..Q.
...>].:..q]..l..h..<.AH.NH.]...\~&.>T.O......&iV..v.....PZ1..
5.M.].....,..d.r3..{{W...Zm.PKq.y..)v.i$n....\.....6...Gm.......w.w$..
su....t_.O.ir\J...S.?68n.......cN.J...|y...t...H[ .[..4...c..92...9`[.
~.k..6Y...]....W.U.6........0..../.....(_....B>.....d...nC...j...P.
y$b.?\w.J..< uy.Y..S..d.......k...|6KMOT....t.....yf@......}(.....o
F.....H .F.uU...0x...1]...uo.\"...fi.9. 9....:....m..."i.i..rK.....t..
-....R..>....]k..[$...I.M.Z. $..@ m#8 ..:.`...<.,..b.GY..4..O$).
.8...W.h^7...qk...(|..re!7.t#q.?...?.......]Y..P.r.7M......W:.....hJ.9
[email protected]......%@.N3...^.. T.S..uM........9..I....yu..."KI.
%.......}...Z.|../......,........O...>..u....O............3\i.....Q
(7W.....F....^.~5..T.-.H.X................*..x.6.....=...|../x..M.
<<< skipped >>>

GET /b.php HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ec.pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1; CPROID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 25 Aug 2015 10:59:16 GMT

Content-Type: text/javascript;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.6.0

ETag: 8138C33758309AE6FF4C222F3076C661

Cache-Control: private, must-revalidate, proxy-revalidate
2c..setEtag('8138C33758309AE6FF4C222F3076C661');..0..HTTP/1.1 200 OK..
Server: nginx..Date: Tue, 25 Aug 2015 10:59:16 GMT..Content-Type: text
/javascript;charset=UTF-8..Transfer-Encoding: chunked..Connection: kee
p-alive..X-Powered-By: PHP/5.6.0..ETag: 8138C33758309AE6FF4C222F3076C6
61..Cache-Control: private, must-revalidate, proxy-revalidate..2c..set
Etag('8138C33758309AE6FF4C222F3076C661');..0..

GET /js/jquery.js HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmiko2.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Mon, 16 Feb 2015 18:23:43 GMT

Accept-Ranges: bytes

ETag: "80e1b5b1154ad01:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:36 GMT

Content-Length: 33466
.............v.F./.........R..DIN.v7(.....t..cw'i....$$..H.7........ .
....P.A.....;.q).u..y................G..{..=:...]/-.G[sS.&..".........
...o...(.~...........w..(.^..Qt......jq...q:...z9 6.:PN.ip...Q.9..*...
..;..w....(J.......7..9..Kcy.e.&>..io./gq../.w....z....}.z..s?.gQ..
..'...Hn7...}.|C...#j.[......6..wY.f...6........l..s.]..f....n..<z.
..Y.mo..7~....e.Z...........74...n....z...*.N$;=iY5...3... ?9*.G1OL.N.
...x. .........<...0..AZ.6..6.H...S./^ .t.u{4...$..;..z.T...StO?...
N.!... Z.......[s!...Gq.~..O.Y....w....b.. |.p.%...F..xa`,.......*.._f
...Izi<....mK.k.cHIl_..B.I.m......44.E-.T..&Mw$..rG6.f....:.I.~....
.gu..m.d..?.r<.....\_W.<[email protected];.....'.....~.|..a ...
f.b......bY....B.............7....W..j..g#@_.\...)5...*./...a.....3i..
..A..eo.....5.....>V......;;P.{..q......CO1'S..|.o......f........).
.4.e...<.........~...K...g.5.*..f.`7a.s|....%......vJ....\..C......
v.,.W..........{.|5.....0Ci$.`....^.V)..y...E$4..WR..o...=........]...
.7..g_?....x.X,...1. uaNu...Wio#.|....b.....M....{...z....v.y:.....x/.
W....x..n1..\q.|e....%...$.5.G..zt.....K.-.lhqi.b|.K.SW.....tU,y4=|...
............j.|.....t.....4.k.....]P..E.y....{........y.z2.5.h....#.{L
.4V...7....;..*\ g..g"...........a...]ZB.N.y..,h.&... .0?9....a>...
.7.B.$..c@.{1.}...... ......P..=.Y...b.nbA:....88..,......".M......I.L
.....p<B.;io..8. .#.7.... g...J.~.....w=..v......Q._.p./?.....JS.. 
.....VM.E.._.SY.....2`O.......<..:4..7^.|.......B.n.B..n.".0..h..).
q.D..?..io....T6<...)QOA....#[email protected]&`.?.xI....u.#%....W!
<<< skipped >>>

GET /sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.7063.7469.7469

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cpro.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:59:06 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Last-Modified: Fri, 21 Aug 2015 15:41:51 GMT

Age: 97551

Content-Encoding: gzip

Ohc-Content-Crc: 327863765

Server: hkg01-sys-jorcol10.hkg01.baidu.com
37d.............VQo.6.~..`.. 3.Z.=.v.......d.C...E.mn.$.T.....QtmI.\..
.lQ....w..9z}.qz....,.*{.j...?..h.2}7..GC...:...V.]:..%...... .. .;=..
*.......s#[email protected]^..."',..[K.i.P5-T....e@:....1.k_....V..u."...........j.
..9......(.....6".........0.T...kc.t.....z..D.p...Ow0..:......(..H.u..
..^....aq.P2..<.N./$./.../......o8...@1%v5........I_.....%..29...c{
......./=....# 1.R......Z%`(..k....E.....=9G.".<.n..X*...GH.6.G.R.S
...5Q.eR..-...!..zg#<#..S0.z.sV...W.......|..lu%.s%u.L.z.t..P..*.A5
.i.>...Lv%.s...I...63.......P.7....." ..'b.....Ub.ao.XI..,9L...2...
dBRPE.../......#).,G0..1h x......I.P.r}(..L.E..........u-7`|.].&.X...f
.,F.g1.(Nb.o...R....d........2:...xyN.1.dnZ.N>d...z.M.........H.N .
...;g..t.A....j.9!..........3..^&.....ZoZ.M....G..H...Jv..o..fz.Q7....
-...W.....,..y.v. ..../.i....1...s..>....[.&.u.?..6...*....3.q.../.
;.I.|.o..>.I..Rv....c.)'.v.2f.Q&.98..L..C.......Uc..kh....ps}.WZ...
...........0..

GET /userdata/2012/9/18/7/713022/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 25 Aug 2015 03:24:06 GMT

Accept-Ranges: bytes

ETag: "76a6ce7fe5ded01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:43 GMT

Content-Length: 3285
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...q....
..X..j:k.*ef`...W...b...9.a.|[........U..{.F.So.......I...mu.KN...n..!
vmt<q....i.....b$...i.Nq#...WS.Nr..Uf..b.|u?.<C%....B......u.U..
..N.s..\g.....j..0.K...?.....#h...a.e=9.....p4.I..|......k......~PF@..
.9:YF..:J.Z........n......G=k.Y-..eMF.e......N ......5g..GQS\.I...:H.J
.....G._,.....G....K...w......#[email protected]...:.....:.\].@9......@...|M.k
....h..vFT}.F~......&..^.MI.!.E... .>_.?..^......'....;r.....;K.|..
..<TZ}......~."....*..t.3......xo].....u.....]F....J.*.c9A.`.8...yN
.....af.Js.xZ'.o...... ^.I.0D..u...A......9.}3..S.\..n.....Yb<. c.P
...}N}.`....>...v...>.ZSl.....f'?x..8.......x.mWRy..D.Z.. ......
.\u.........f..aI.$.T...:g...^...q...M...a..,....=.....'.^uy.Ul.....I~
?...w.xnV.....'|l.oL.S....o.}]v.$r0..W.?..3..l...(..#.....y..#..c.....
r..[C..u{y.....d......sU...u4..;.$.z7.4O...m..SM.m.1.V].ao...6....... 
....-.E...P.0....t........O...4..N..F.......,c\.....[......>NV0
<<< skipped >>>

GET /userdata/2011/11/6/10/442141/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 20 Aug 2015 17:15:43 GMT

Accept-Ranges: bytes

ETag: "24c1c3d86bdbd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:44 GMT

Content-Length: 3072
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...?.e..
..~../.[`.9..`[email protected]$..L....|....
..?...H.#.M.,.K.........>...J.7).......Aej..\6.:(^..?Z............|
.Y.%`..".....dg..q..&.BK#,.......}2.Q.h/"I.n.....y..~..o.M*...R]..%.:.
...S...>sa.i..Nk....YD..P.P^W.0..g......8.No....4-.{. .V.|....L..n.
P;s...@<....h.Z...h#..y."...`0..g....I[%T..F2...5..........".u$....
.U._Ta.P...QE.!....L.C..q...J.p..A....n.....}o.....j...0.K.]...K7..V..
.9..3F...q.........B.f...Z.....H.$. d... .D.....W.a....c\9@3....~..:}A
.....k...*]..... ...t-....^1.:W...U.......R$RI5...$...'[email protected].. .$
u...=. ...R...Q.<..DQ.bN...|7c./.x_M..H..8..&6$;6...GVc..j.....k.6.
5p.$dyJ.J...(..I=y...M.9.dR..0J..8.2G.......kvF..H.C8...6..8......9.(.
IcY"ux..VS.A.A..].X...."dUb..........P. ..1<.. ...=...zP.Y\......s.
i%.b_....6.&&.~$......M..]?.......^g.M....2Z...M..Cin.......zFF=M.x..[
....h.d6.iH.%%A?1^y.s..8.k.-m.{..>e..i !VvQ..r....W9..O.E..6qHd
<<< skipped >>>

GET /userdata/2012/11/26/5/741147/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 25 Aug 2015 10:00:04 GMT

Accept-Ranges: bytes

ETag: "280d8d01cdfd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:52 GMT

Content-Length: 28117
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z......................
......................................................................
..................   ""#$$%''')))))****  ,---...///0001112223334444445
55666777888999:::;;;<<<<<<===>>>>>>
;@@@BBBCCCDDDEEEHHHIIIJJJJJJKKKKKKKKKLLLLLLMMMMMMNNNPPPQQQRRRSRRTTTVUU
XXX[[[_^^```baacbbeeefefhghhhhiiijjjjjjjjjkkklllmmmmmmnnnooopooqqqrrrr
rrssstttttttttuuuvvvwwwyyyyyy{{{|||}|}~~~.............................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
....................H.......2`.."Gx.8.DM.8s.........;..0A...;.S..h....
.n..A...^..i.FM.!| ...r S&8X>.....Fg.n.20........q.OJy ........&...
!..8jLW.Z....Y.D.....\.........-=.R][email protected]..`....6...2{....,.r
.Jd.U.........b,Y .02.q....MA........{....y..A.WO..y./2[..X.Ex8...<
N];s....." L!GV..1EJ.......E(.1F.....Pc.O..#....S.3...O;..R. .t......W
y.........G0....K`[email protected]&`. ..;.s./:}f`...V.8..........k<.H)|t..-.
a4........h..~.i........0P..:....3.`4......6Fdu..,l.L(.8bE(.4....U.%.G
D6]?.."..YxQ.1g...3...[..$.',\.p.1.......aQ.....%V.~..J...Y......gt.J.
.8..5....S....9.,z.....I*g.r........T..G>p)D...S.,R..PV,."...Z.. ..
..3....5..`.-.........y.ni..,.....}..t...K.$H..1..!.'SxQI ......$.
<<< skipped >>>

GET /userdata/2014/3/10/13/906768/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sun, 15 Mar 2015 08:28:08 GMT

Accept-Ranges: bytes

ETag: "225fbbf7f95ed01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 2135
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...A..?.
...y.P.^Gz.h..$S..........#..W.x.O....{)X....pq......i.o..d..:v..^..t.
p.......}...5.. Y.4>G9....Y..o..m.`.c,.......{zrk.u.)"V;HP1.c.;..^"
.....*$F..#.9.1..........j.n.C..I....*.T...&....8R.4t.....n.);.s.?..@.
1.?.Z.l....U).........)M.]Ei..!$c.......y...3....a...O;..9....z..y..?!
_x|)......`[email protected].$aNNK...8.'...Y..=*;...[....n...........,/.n.t..I..s
R ..B.N....i..v.v.rbRO'.V..$..y.Os...2Z..O.]E....=A5.{.Iq#<..9...7l
.4...e.../...Xt........%3............a..1.J.r~O.."..SW...c..W...".o.^.
q-.4VV..d..gL.p.bFG..s...8>...._.?.<.L.&,-.G.o..,d.9..^?*U..:i..
.~xu.SDN.^..{.i....-.M.......;V.x......S.R..k........Vm....K.\v.I)E}..
..f......=kX.t....r1=wT7...Z!|..SI?..hZ.....~........1..]>...S.d...
....._....O....g..8.M..P....g?.n..SH......)..PF....Q...{.I....E b.{T@.
..S..a..J.kB]...N'.E.$...Tn.G..l...U;...R.B.jP..Pie.)C.E=..J.p.. B.XW.
..u....&.H...;..........?.~|....O...|/..Y.o.....q........TVz"....H
<<< skipped >>>

GET /userdata/2014/4/23/8/918845/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Wed, 13 May 2015 13:25:42 GMT

Accept-Ranges: bytes

ETag: "7f27754f808dd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:53 GMT

Content-Length: 3652
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?....\.n.
......G.._.....1.[0P.. g8...|A.to.*[email protected].
Q}..'t...j..".C.... ..jk(.I...I...5._..0..ws..f?7VE....Kl..nG.9.zP.O.G
..'..HiC..VU.N|......._...I<..K..N@'...[......7I5.....g..=s.....>
;..V.4...u../..[h.........X.3..j.,...S.H.2....tB.A....#.......q..4{.9f
P{.I.....W......4..Z C,.0.%w..6...N...3.n.H.G.........v|.-..77'...O!..
....{[..%$...=9.].....>..A...G...'.1....1.fu|...8.........:.__.....
....KJ..)..1......:..>.y}..1q..V<.....h..8..<.Oor.E!`..r.{..=
[@.....I.q...|...Y.\.... .!.^.Myy&.. .8y..lp.....OQ....a^..1..u.......
.t...$PVK.........".[.O.(.s}i....k.F....,..*x..r..A.G..|.....0....j%.L
...FY.a..>...A.L....w..`.7....iy..$( .s....W..yo./..|?.t..o.d....$.
...8.921.6Xp...I. W.n.uod..s.mw..hc,.Uay.~..3...t...u.....h.L.C.ZEp.*.
.....w.q..t..J..G.0....*.. ...?J...n...[Q9..TLv........q.....mCJY...t.
.[>D........g.78.NG8...-....s]n..I.j.ww6 sg..d..f].eN....c.....
<<< skipped >>>

GET /userdata/2013/10/29/21/870006/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Wed, 27 Aug 2014 16:21:32 GMT

Accept-Ranges: bytes

ETag: "85e3aaf612c2cf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:54 GMT

Content-Length: 3009
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..]...&l
t;...f..Eyj'..T..K......x...kdp....]..qm.......^Pc.9.v=.zT.wf.... w...
rX.y.5.$....[v.....4p......xv}..E..I;........NW....Id..F.v<..}H?..f
Ex..C ...A......N9...W?k...$.-....t....VU`.$oF....T.....g.....X-......
.-..U.x..O...m3. H..J....1...a.9.W.xb...][email protected]^...5[xr....p9..&
..M...QN...p....>.....g5Ij..<?....C...J.....5]'jD.z.).@H'.Q.....
....^o......rl. .<.'#.T..Nq]..t..nE....#..2.......<....-j|..-2.8
[email protected].?9.~....x.....k.n..h....A..5.~8........n.J....W...@....8....M...K
{.3.H......}.V.V3....S....Y..u..5hn..ki.H.eY{..............i.B.X....E.
..).!.$...4.Z.33..A'...5.D.sP...j-.....}.d;.q.......<..9`N..s...z{.
mGJ.H.......4g .......]*[email protected]'"....G
.'#.>..O.p?.?....T`..........TMf)^I.(..."|.......?...Z/.o...!.RX...
.w..r{.3...2i...2.<....-.0...;...\H...p..s.a^)qksm.oq...0......P{..
 ...=..Z.4.H..M....?6.n.'..<.Yqhs..j.N% .c.P........z.q.....m..
<<< skipped >>>

GET /userdata/2015/8/18/4/991533/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Mon, 17 Aug 2015 22:18:34 GMT

Accept-Ranges: bytes

ETag: "f73e0a73ad9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:54 GMT

Content-Length: 2927
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.......n
.l0...."..2Z7b........p} ...gwi.A......f8..FF[.p>r.....~..4..o...%a
.nR.....[.....&.....6...x..'...6.. .......Z3.#Ijy.0..N*x.CE...=O.4.~fV
.6O..2....t ....fKt;Z...8....58.u....P1....\V]..E*...n.c ...w..=.Z.k..
...Dd..8.8?.(..r.Q..).Ppx...G.V9(....*/.UV-..J.Q.....#u.g.......M.....
......s.1Ms..&8.'.q.G}.....O.X.u...S.c..S.~.5......m.e.....#........ :
..X.z...k.H. . b.....,.e....FA...rH.\.h>T_.Z.aC.<....n....'8...i
f...H.$B...K..}.3...V.":.....8.t......s..... M...?.-..m%u....x.....g5.
.?..K.6.l,....-.vm...9.....Dn../..J..x...V7rK.2!\...,..R:.=....>.b.
..Ic..s..Q).MN....(..._......Gm..;~.......X;...pq.......w.j/...[..%...
...2g.w.mc.>.#....]&........8n<......N...$........W...\...GQI...
t....x...... ....P.P.8..... ..9.<...t......i....2......W.Z-....-..}
.Eu4.[....geV......|[email protected]>
[email protected];.53...1iCb...1PY.....&..p$...;rO.]....2..P)..c.
<<< skipped >>>

GET /userdata/2013/6/1/3/818513/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 09 Jul 2015 14:22:11 GMT

Accept-Ranges: bytes

ETag: "6b4378a552bad01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:55 GMT

Content-Length: 44596
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z......................
......................................................................
........................... ..!.."..# !$!"%#&&$'(&)*'* ( -*,. -0-/1/02
/020130131253465776988:;9;;:><;?==A??CDDGHHJKKMQQQUVXXX[YZ_[\`\]
a^_cb`cdbdfcdgcdidcpeaqeaqgbthbqicnjfmkgnqik|l..u..v..v..un.o..x..u..{
..|..vo.o.....z...~.{o.p...p.p...x.~p.q......p.qq.uq.tp.qp.rp.q......t
..t..............u.~u.|...t.x...t.w...................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................................8....%L..2
...O.H}...Y.j..\........y.E..%L.0.\.R..I.$):d.P.Blr....'A...p0..D.!B.|
.5...O......#..oryc'..,..0m. v.JJhe..yS'..p...`.(.!T.|.5.........g#..{
...W.p.M.#K.....C.i....n...1......2...K-...e.......,l....Flr)..S...H..
.n...M..B..a.....u{..K.s.K.2}s....KT........."E7.%.............4h.]..v
..Q.....L1.y.......y....K/...g;}&..G....^}.......u.a.M5o.AQI.m..,... .
...^.j.bSr.}8....r.'{.../..#..)Z..v....j".(X,.X...c.H.z....".......q.W
ox..=S^.......,....;.QcM/...h...X.z.b..r:..A.{()..]...n{..../...;...M1
.&.j.;B.X!{.Pb\...U..&z..m ViO5z.....xS...@....>.......L.qX....p.1.
[email protected]*6.4....<k....j.....d[l..B...).'.....Z....y.(...\)
JJ..7..k.&..4......O..a./...FD..B..].h..R^.*n*.H..@.. ...Yr[@.uE
<<< skipped >>>

GET /userdata/2015/7/25/16/988694/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Mon, 27 Jul 2015 10:14:23 GMT

Accept-Ranges: bytes

ETag: "38cd84255c8d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:56 GMT

Content-Length: 3476
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..V..r*.
y.JlJ3^w...z..|3e'...uws... ........p.....9.....<..JV`.x._(..'../..
...9.$Q ../!..O.....|...y'.<U...Ri..[..]7.i.0:[email protected]. ..._...
....`...-%...[k.}....}......z.V.$.K.6C.M7........\...:`.}-....2.Rh.H.2
0.`x4......j.......)..j.lhGZ.~".[.....n`.............<W.\.M.lnDW.d.
....Uee'.....x.R.U.D. X.....O...8o..cW.o..F.j`..c/j.c..O..E.2..8~.<
......ur..,.H..j......W.Q.]\X.V.5.........<|.H8?7.Q^ku.-G....-.....
F...??.......1.....[|=.%....h.......5....1<.Cqs.(..S.Q....... .....
...[.......o.........=3.n......l....N.m.e.I.."[email protected]..
=...8.....G$......0...e#...%x.....%n..gw.\..v...c.0.b<..}.... d.%.=
..I...h....4...\..).H.h.....)V....,_.V...q>"...t..[..P.... .2J../Rr
q...u...7......C...3..5...E....B.9.bs..W....W^%.....m....OH........=.s
....h...~%....-..<..aM.1. .'.E....5'..auq....C...\].x....`P0Ufbx..d
..z.....Ioiqu.}..f...&.-..V8...J..{....&D[av...2_.`. ...u.w3...5_.
<<< skipped >>>

GET /userdata/2011/6/14/2/356144/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 11 Aug 2015 06:44:23 GMT

Accept-Ranges: bytes

ETag: "7e73af281d4d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:56 GMT

Content-Length: 3617
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.....go0
..2:.CD?...H8....L...R...M .%...8..M%..IoZIE.b-.!R"$z......z.......e..
.$HJ;..v..}.r.....P...-.jv.X/.;..m.Q.i.....8...........Z.. vS).Wvh....
.......7..S......>..e.>.j..Ki..........*[email protected].`.5.~$.nt...%..
 ....d...0......\W.JnIjc(.y.....4.{.#T.......L.%...,Tq.9'ql...-...:<
;..:.. mb...t..=k...s.A.\.Oz.>4B...Y.T/...9.V .89..h..&..G....I5.;.
.o.A.[$...YP...0....d.9. .U...%..>...._6....).wu..dWx.Bq.A.A......&
gt;...oV[.9.v.....J0.?^..W.......i&.N.....f--..nC..a..J..8. y.Kc..u..t
.I.k...FGO....M....^Y.F-........,6....&...[3...v....8.W~t...KJ.$..!V..
S...I..w.C!..;y8.Y.......... ..9......-....7..?......PA.&....U........
...<).m..*........ip..Z4.L...QeF..a..;~.m8-..F...'.-.S].-1../..$...
.....4l.l.-v(......'.}...u&9...X.!rI.....5.=....x...xDrF.9.V!dE..3....
.8.>...8....q..c.w.O.#.F.Z...n.p29.._Ej1].p.dd.P'.deT.._o..a.....A.
..;..3....y..-......*[....c.X>;.c.|..Db..........:..8?7.....w.)
<<< skipped >>>

GET /userdata/2010/4/25/1/1066/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Mon, 10 Aug 2015 12:46:48 GMT

Accept-Ranges: bytes

ETag: "6f607f9f6ad3d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:57 GMT

Content-Length: 12060
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z......................
..............................................!..%..(..*!.,"..#.0$.1$.
4&.6(.7(.9).:*.; .<,.?- @/!B0"B1"E2#E2$F3$I5%J6&L7'M8(O:)Q;*R<*S
< T= U>,U>-W?-YA/ZB0[C1\D2]D2]F4_H6`J8aK9aK9aK:bL:bL;cM;cM<
;cM<dM<dN<dN=dN=eN=eO=fO=fO=fO=fO=gO=gP>gP>hP>hP>
iQ>jQ>kR>mS>oT?rVBuXCxYCyZCzZD}\D._H~`K.bL.eO.hS.iT.jT.lV.
mW.oX.qY.rY.u[.x\.y].z].{^.}_.~`..a..d..f..g..i..m..m..n..p..q..q..t..
u..v..u..u..u..u..v..x..y..{..}..~....................................
......................................................................
......................................................................
......................................................................
......................................................................
...................................HP.....*.....{...K'K...a"....#.. ..
.Y.!..(I.4i.........&...0nn..%M.H..j..q.A.GM...p...H_..Sf...<......
..7n.qS(..t..B]...S.0....B... 0t......'J....G.1c...2f...JK..l...q....[
B....al.Q....}....f...]..q..!A..K.e./.3!i@t(a.._..K.@}....7..H,....id.
.m0!w..#...q.F...&`......ao,.A..a.B:o..d..-v...D.Uf wF.c..~.0A...P.i6.
.B.i..F..f...Bt.C~.l...K.0C.ct..Fm...B.eq..zu...*|...=d...:....]....i.
...%....K....]....a....3.e.?...Ag..&X.*l...k.1..Kt`.W!.x..].0^.6....:.
.F&....H..!.p.b..a|. ..Td.......a...C.W....,..C.0P..8--.Z.?5....%....N
.....e...<....:.AE.c....,p..r0....a.(.Q..Q......i..1F.i ....*{..,d.
..~....K..C...........}M8C.]....-RA..y....a....,..B.w.`....`C.b...
<<< skipped >>>

GET /userdata/2010/5/10/23/12850/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sat, 01 Aug 2015 03:18:53 GMT

Accept-Ranges: bytes

ETag: "ebd4ecb8ccd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:57 GMT

Content-Length: 2712
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......Z.P.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?....r2l`
..w.......OU.....gy....J....I.....>...Xu%.W...R.......=...[.....k..
...........k.xkV...k...t..%..).F..p.3..=..'..~ .r.....f.f.ky...T......
...G..z...O.^......QIaG......<g.{.......u}....w2...`..g.........%..
.c....>....PYD..daw....`%....y...V.2..S.{C.I c..c..0.r@....%...-..g
)^.'S.kF..............,.....R..D.a.L.<.e....L.'<..g.-{J.-o.....F
..>.c.....{P..^j..l...X.A#.C_,.o....%......$.`.<....'p..v..2A.._
@xz{.}*$.|..<...V$.<t.v....'............}..../.....[u)$...2U.O.A
..:g..[q.-....G>.. ........}.?.B/..9.h...o.|I.*....:>....'V.....
.\..!.*.A...........$.D...,...J..@[.=....CUy.V........o.......&T.am[%K
........?..U..xGT..l....sR3..sjQ.....<.Y.~^..8..E}?>....;...s..M
[email protected]..<....u.Z .Z!ms..l0.m`1...>...n@..;=...X`.Up..W#.
D.Q.t.[......k...x.I.W.N.Y.m..9.9....s.g..{.......V.}[email protected]&l
t;..Ry......?.s....m^......9..m S.F.........F;{1......S..h..F;....
<<< skipped >>>

GET /userdata/2010/4/27/2/1863/image/head.gif.small.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpm3.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 16 Jul 2015 18:32:45 GMT

Accept-Ranges: bytes

ETag: "cef513cff5bfd01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:57 GMT

Content-Length: 13874
GIF89aP.Z....!..NETSCAPE2.0.....!.......,....P.Z..%%%%%%%%%%%%&&&&&&&&
&&&&&&&&&&&&&&&&&&&&&&'''''''''''''''''''''(((((((((((((((((((((((()))
)))***         ,,,,,,,,,,,,,,,------...............//////0001111112222
22222333333333333444444444444444555666666777777888888888888888888999::
::::;;;;;;<<<<<<===============>>>>>&
gt;???@@@AAADDDEEEGGGGGGHHHHHHJJJKKKLLLMMMMMMOOOOOOPPPPPPPPPQQQRRRTTTW
WWYYY]]]```bbbfffjjjlllppptttvvvyyyyyyzzzzzz{{{{{{{{{|||}}}}}}........
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
.....................eK.,[.hA....N..I....$b...yu'..<[.4.....Fx....D
...%j4!..F...JD!t...:q.|9.ea.,Z.....h.(P....g..s.(=.......~.{.,..9.r.[
....$Dj.y."F.(b.p..!..;?.Mz.FL.-..F......PE6..Dq.8n45.w...6w~a..F..<
;..y...^.v.b...$.K.%>...'..1=`. B)..:s....EL.$O.#.;....M..1....H...
....c Yw...QBL.8q..ytg..8h.........|PB.9....=D0...p...s.A..hLG.Rp.0..p
....].!.$.... oD.H0ut.....PB.Y...JDL.[.2.X.n}........"....."..E. ..C.5
..!\O....n...,..cN.l.AH(..q#.0..A.H.A. P..[_.....5...pH..c.^ 2.,..BQ.D
.%W.vq.#\H|a.#...K8..2..o<r..H..c.!..&..D...}E....?..R.3..C.v......
B....hW].n.(.^l!.....O;...H(.<..K<..f.,...........;`LH..G.....*.
.A..T..g..Z...9...&....'s.A. oH.nn..{g...y..1..B.Ot...%........%p.
<<< skipped >>>

GET /data1/p12/ku6video/2014/1/22/2/1395667510432_95415401_95415401/1.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: vi1.ku6img.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: NWS_Appimg_HY

Connection: keep-alive

Date: Tue, 25 Aug 2015 10:58:12 GMT

Cache-Control: max-age=31536000

Expires: Wed, 24 Aug 2016 10:58:12 GMT

Last-Modified: Tue, 21 Jan 2014 18:48:32 GMT

Content-Type: image/jpeg

Content-Length: 8497

X-Cache-Lookup: Hit From Disktank
......JFIF.............C..............................................
......................C...............................................
........................c...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.....C._
.7.w..(u?.~../....[H....Dfb@B....'..<WK...&?............y...<..:
..,.)..H.. ....h..-...O.<5z..-{~.........xp....m.....d..rU*GZ.%....
kxWt..w.@.?..&s.....e.6%...?.<......c...YV....`Y...b.......8.o.q...
........e.o..[...................sh.-...'x..f..M..'..........5.O.xw.Q.
....:.ego.H.M#}.P:..K.=..z..#....CE}:?....V...;...O.......P...3...W..&
gt;.U....._.m.. i.g..3*F..f$....}..O. ...[~.....kq...|.....$..zn.$.F.?
6EP.rV0]...'.......%?....<5......|P....qo.XxZY"...l0.....5.........
........O.'/...I...}&..M?..o........9]..\B...mW.\o..A........|S...{k..
......j.-....".n.Gb.8.F].Q..".|y.7...............Z9.on<;....dh..A..
......Xs...../....~,.j.........i:....~).[.....Gg..e.V......m.c.....s.w
...J..Mx;......P|h.W.............d.?&G.F...r.M*..2l......x.f..m~m-{..{
...ku..J....?:...fO......{..!..51....q&n..F..a..'].t.d..4>!|.....K]
k......j...a}...Q..0.O.#8...5.......{..M......&>:..Y.....W....4
<<< skipped >>>

GET /tpl/wh.js HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dup.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:59:13 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: close

Last-Modified: Wed, 08 Jul 2015 05:42:56 GMT

Expires: Tue, 25 Aug 2015 11:01:57 GMT

Age: 136

Cache-Control: max-age=300

Content-Encoding: gzip

Ohc-Content-Crc: 1457426814

Server: hkg01-sys-jorcol07.hkg01.baidu.com
[email protected]..*...{...,...SZ2....~...{.,.g
u.}u. ...;.5........d9?;........:.<.....l..}._<j.0.r8[.py..~i.?.
.-......Iw....-//N..^...H...j^~>...<..F.....`~:.vz......=.{;|..?
....pv5.P...x1{4.uOg...<;,....^.~lZ....Z{.....x2.R.......;.N..t...4
^|??..B.......7./^..........h2...........h.fy1?=|.;.{>.98..NG....lx
<;=\..L..{_.G.....1o.OL........L...'....x.x6...}...~......dv}=.Ng..
..\......Mk.o......G]a3.....E..h.p.X.......O......C..F..1....y.y.v....
........l.s....q.3.......Y-.<.3O./..y.g...d..-.......1^_...,..&ewVF
..........a.U.......Pr...g-......P..;...Y^|....."i..Z..X...d...u......
.W(..tv..<:.z6.......4}.....7.&.....R......3=/..M.rvr>.........L
.d:...'....7.....................L.%%.C.PO.T.......6=.J?......x.......
[email protected].^.(.c..[z..xq.......!..N.k...b..
.o......N..E..J...*...tw;......S....S.e......{..v....2.^O.....~...k.a.
.."....jR..6MnOv...S}p.n.[.........i..F...bv...N.-.....FIH..|~]|.]..oO
.<...........Wo...........R.X..1;..lY........Z ..d.t...W......t...~
qur.....w........!....lry.(.....lqv...<..7Gg.....g..xq4\..._.,[...?
....x.......g........|.....3?.:A.}.]..&W.=..W......J.]i...PK..~.{...z_
nM.H........7....F..tj.)...3..".........Tz.uo.nG... ..0e..2.|8.=......
3z=E........;,........P..g.gZ.m.......P...............}v.Qjy.T'.......
S....i.y....,......`|1o..L...........l.L...7.N..T.wg..l.......cN.....L
..Q.F..\$......O..l..u[.I..-$.2..5.OE.....]V.1...v:..;.F....M.s...16..
.X'#%.z_.E..8."*..,J..._..;$........_............Y#....z.......C..
<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8888.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: text/html; charset=utf-8

Content-Encoding: gzip

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-AspNet-Version: 2.0.50727

Set-Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45; path=/; HttpOnly

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 10:56:48 GMT

Content-Length: 13171
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"~..7N...O.<y...<M...L_~..
..I.......wr...7O....o.x...w.7u.l....Yy........m.zt........../..yu..`.
.e.u.......GG.5.J.-.e.Y.......ui.g3.\.mF..........>....:.>....-&
e.Q:..m.l?..............Gi...i...z.........0............G.].i.........
....?......t;......?.s............./..?.?.............o....?...g.._K..
....~|W^%...2[..}.4o.u..y<.,........?..........G....?......o.......
.?......w..........?...?..?.O....?.?......o......../...E.....?.?......
..............?.................=...J......./..........:.(..........._
.........#.F......>.(.jy#.......5.0....pw$}......s..../.......G....
.!c..(...!=..2..F...P..?.m...._.g.1.o..........HTTP/1.1 200 OK..Cache-
Control: private..Content-Type: text/html; charset=utf-8..Content-Enco
ding: gzip..Vary: Accept-Encoding..Server: Microsoft-IIS/7.5..X-AspNet
-Version: 2.0.50727..Set-Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2
kzq45; path=/; HttpOnly..X-Powered-By: ASP.NET..Date: Tue, 25 Aug 2015
 10:56:48 GMT..Content-Length: 13171...............`.I.%&/m.{.J.J..t..
.`[email protected]#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!...
.?~|.?"~..7N...O.<y...<M...L_~....I.......wr...7O....o.x...w.7u.
l....Yy........m.zt........../..yu..`..e.u.......GG.5.J.-.e.Y.......ui
.g3.\.mF..........>....:.>....-&e.Q:..m.l?..............Gi...i..
.z.........0............G.].i.............?......t;......?.s..........
.../..?.?.............o....?...g.._K......~|W^%...2[..}.4o.u..y<
<<< skipped >>>

GET /code.aspx HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8888.89919.com

Connection: Keep-Alive

Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45

HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 1416

Content-Type: image/Gif

Server: Microsoft-IIS/7.5

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 10:56:55 GMT
GIF89a<...........3..f.......... .. 3. f. .. .. ..U..U3.Uf.U..U..U.
.....3..f..............3..f..............3..f..............3..f.......
..3..3.33.f3..3..3..3 .3 33 f3 .3 .3 .3U.3U33Uf3U.3U.3U.3..3.33.f3..3.
.3..3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3..3..3..f..f.3f.ff..
f..f..f .f 3f ff .f .f .fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff
..f..f..f..f.3f.ff..f..f..f..f.3f.ff..f..f.......3..f.......... .. 3. 
f. .. .. ..U..U3.Uf.U..U..U......3..f..............3..f..............3
..f..............3..f..............3..f.......... .. 3. f. .. .. ..U..
U3.Uf.U..U..U......3..f..............3..f..............3..f...........
...3..f..............3..f.......... .. 3. f. .. .. ..U..U3.Uf.U..U..U.
.....3..f..............3..f..............3..f..............3..f.......
..............!.......,....<........L.Hp.....*L.p....n..Hq..../j..q
c...'E..FF..&S.\..%..2..h&C...7o.A..d..>.R.8.....E"..3g..N.B..t...F
...$i"..`....Q".0..~.x4.-l.j.4...7l.....cK....~uu....}...)...0..-..xiM
.`......D..)..(..Z.5k....F..'.....$!o...$d...-Zc.Ll1s^..o.........z3$1
rh]w..u.....o.....=..../...hyn.....I8.z.tuJ....]F..u.6...Y-1.G.x..6Qd.
...s.Mt.$i...]...X|.........6....nY."...t..kF)..$#-.E.*...x$u..a.H.".'
z.C3 z..R....Y".8.F....o..U..y.x.L;...v.....[HG]O%......%.E.5..(1. 'u.
....8..$pQ~v..E"..j.I....F..[Yq.g.`.E.E....eh.WKV1p.Y[7-v.R".eT.yX.IQ.
.Y...E..(..2.&U...!p)...~&N..W....j..4.P..tkE..hQ....(.."..$i......X..
..{.... R....#.\..o.8...;....
<<< skipped >>>

GET /videopic/2014/7/27/2014727172939492.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8888.89919.com

Connection: Keep-Alive

Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Sun, 27 Jul 2014 09:29:35 GMT

Accept-Ranges: bytes

ETag: "b5d676477da9cf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 10:57:05 GMT

Content-Length: 14818
......JFIF.....H.H.....C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......P...."........................................
.K........................!..1.."AQ.2aq.#....BR....$34r..CSTUbs....D..
].................................%......................!..1AQ.".2.
Ba............?..." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." 
""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." 
""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." 
""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." ""." 
""." ""." ""." ""....(.>.. ...kT.._...y}F......q.. -CK..%..u.......
%-{?....ZgJ.l....CT. [email protected]...~...`...Xh.8.....lg.V:
7<d.....lP.......p...z-e.K.pE.....i.r.|S..n.3...c..l1....-&;..w....
.x.#y......~....4)..v....p.!......P.......' .,.......1.m..Y..../.....F
..l&.]./...E}.o.Z....6c....D....WV..i8U..d....L....3^#.j.e*..... .8..W
5j.tM..mL.>..V/.....l.U...nB....`U\.tRz*.-q.......N.O8......:.2#.].
>Q..h]....]...I...V..1gxb.....5..D...N1._6V4..U......_E....O.....z.
...i...I.sT......6.R=0.."l..,n......U.;......=.)...k.{.....U........{.
...z..q ...B.X....6Gn...M....S.}k.......;.c`.G.b\..A# .!._9Jl...N.....
... c...e.7.`$n<.h...#.e.........b..n/...u\.f..*....q.......8......
.u...Z..h.....b<5.....4. .%..Ye.,...F..W..A...y.NTW....6 ...6.6.06@
......L`l.. k.T.E.(.,...?.Pu*....X>.e^@.r...=.qT....3.q.....p..d...
z.J`...(.#k... ..mNZ..=>..m../....8....o.._E.....J....].c......
<<< skipped >>>

GET /core.php?web_id=5862873&show=pic&t=z HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Content-Length: 762

Connection: keep-alive

Date: Tue, 25 Aug 2015 10:59:06 GMT

Last-Modified: Tue, 25 Aug 2015 10:59:06 GMT

Expires: Tue, 25 Aug 2015 11:14:06 GMT

Via: cache21.l2de1[719,200-0,M], cache57.l2de1[766,0], cache9.de1[766,200-0,M], cache6.de1[767,0]

X-Cache: MISS TCP_REFRESH_MISS dirn:2:516909018

X-Swift-SaveTime: Tue, 25 Aug 2015 10:59:06 GMT

X-Swift-CacheTime: 900
!function(){var p,q,r,a=encodeURIComponent,b="5862873",c="pic",d="",e=
"online_v3.php",f="z1.cnzz.com",g="1",h="pic",i="z",j="站长
;统计",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m=
"0",n=l "//online.cnzz.com/online/" e,o=[];o.push("id=" b),o.push("h="
 f),o.push("on=" a(d)),o.push("s=" a(c)),n ="?" o.join("&"),"0"===m&&k
["callRequest"]([l "//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k["cre
ateScriptIcon"](n,"utf-8"):(q="z"==i?"hXXp://VVV.cnzz.com/stat/website
.php?web_id=" b:"hXXp://quanjing.cnzz.com","pic"===h?(r=l "//icon.cnzz
.com/img/" c ".gif",p="<a href='" q "' target=_blank title='" j "'&
gt;<img border=0 hspace=0 vspace=0 src='" r "'></a>"):p="&
lt;a href='" q "' target=_blank title='" j "'>" j "</a>",k["c
reateIcon"]([p])))}();HTTP/1.1 200 OK..Server: Tengine..Content-Type: 
application/javascript..Content-Length: 762..Connection: keep-alive..D
ate: Tue, 25 Aug 2015 10:59:06 GMT..Last-Modified: Tue, 25 Aug 2015 10
:59:06 GMT..Expires: Tue, 25 Aug 2015 11:14:06 GMT..Via: cache21.l2de1
[719,200-0,M], cache57.l2de1[766,0], cache9.de1[766,200-0,M], cache6.d
e1[767,0]..X-Cache: MISS TCP_REFRESH_MISS dirn:2:516909018..X-Swift-Sa
veTime: Tue, 25 Aug 2015 10:59:06 GMT..X-Swift-CacheTime: 900..!functi
on(){var p,q,r,a=encodeURIComponent,b="5862873",c="pic",d="",e="online
_v3.php",f="z1.cnzz.com",g="1",h="pic",i="z",j="站长ಯ
9;计",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m="0",n=l
 "//online.cnzz.com/online/" e,o=[];o.push("id=" b),o.push("h=" f)
<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g1.ykimg.com

Connection: Keep-Alive

HTTP/1.1 404 Not Found

Server: YK

Date: Tue, 25 Aug 2015 10:59:03 GMT

Content-Type: text/html

Content-Length: 345

Connection: keep-alive

Expires: Thu, 09 Aug 2018 10:59:02 GMT

Cache-Control: max-age=93312000

Age: 2
<?xml version="1.0" encoding="iso-8859-1"?>.<!DOCTYPE html PU
BLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".         "hXXp://VVV.w3.
org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://
VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">. <head>.  <
;title>404 - Not Found</title>. </head>. <body>. 
 <h1>404 - Not Found</h1>. </body>.</html>.ont>....


GET /1100641F4650578C106B9E024E1F68ED259AD6-5868-CEB9-B1EA-AC6E1238389B HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g1.ykimg.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: YK

Date: Tue, 25 Aug 2015 10:59:03 GMT

Content-Type: image/jpeg

Content-Length: 21378

Connection: keep-alive

ETag: "4219485523"

Last-Modified: Mon, 17 Sep 2012 20:46:14 GMT

Expires: Fri, 27 Jul 2018 20:54:19 GMT

Cache-Control: max-age=94608000

Server-Name: tracker01.qd

Age: 2383483
......JFIF.....H.H.....C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......P...."........................................
.Q..........................!1A.."Q.2aq...#BR..3br....$S...%CTU....5DE
ds..t....................................,......................!.1.A.
"2Q.aq...3B...............?......!.@....!.@....!.@....!.@....!.@....!.
@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.
@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.@....!.
@....!.@[email protected].$.i..z......xi......q.......A...XB..>..).1
h...Y...Y|4.,qi.s.....E...5!z.....f....!.....O..s.....-.5kwiv..#-...@.
$@....^....hqPd.....s..;.?L.A.~.i.j..mdD........2V.... .m.............
M...p......i?.....). ..'N9.[.=..?..v.......o:O.#..L!]#D....?...O...?..
...6.O....iJ..P........S[......9?.."[email protected]....*........T.........\j
...-........dY.....4.QS............8.Q...>........[V....&;Gw`......
.......U.&...q...w'.Q[....g2.v.8.........0..i....V.....s8.R..1......`3
...tQ8...O.)P.(V......>2....wy..{.rF..t.4.d.D}....{...Ql.....m.....
....kG..<.Hq...5.*5.H..O............J4..H2....L...Z....Z..H.)".B...
.>.j.S...-.....s?..0...Q....F.{.m/.C........xTQ...E.H.((...}1i..3..
.P........i..!H...80........_...w.H..'.R.......rSR..c...h....S....%O| 
.6;....E.>E;]..^.....p....`U.W..Diz...............%.....UW.V.......
.j6.y.Y.6n7....._.d.MO...........pb...j.Qh....F}...f.....n......".n>
;WV.7...'...Z...,..J..i...V.Rq....(t..........5.'...JP.U..vyE....Q
<<< skipped >>>

GET /1100401F4652BC38D4364A1450EEF76006C655-992B-95CB-CD40-CF92C1EA7589 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: g1.ykimg.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: YK

Date: Tue, 25 Aug 2015 10:59:03 GMT

Content-Type: image/jpeg

Content-Length: 22683

Connection: keep-alive

Accept-Ranges: bytes

ETag: "832302386"

Last-Modified: Thu, 26 Dec 2013 14:10:38 GMT

Expires: Thu, 09 Aug 2018 12:21:31 GMT

Cache-Control: max-age=94608000

Server-Name: b01.tracker.b28

Age: 1291052
......JFIF.....H.H.....C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((..........."........................................
.H..........................!1A.Qa.."q#2B.....3Rb....$rCSc.M...&6..e
s................................)........................!1A."2Q..#Ba
q3.............?..i8....t...'..f.51g \"....k!..W.5.j[...$!.....N...$..
..U./..X.......%.|2....'zpzp9.RO._...U.l.{..2.[.........~.KK.,).b<.
.q*;_;V..0.........|4Gq...$mw...K4d4....)..J^.8..p....C>.f....".l..
..........R#JS J.J.i..N.q.._.."T`..\.Ki{....t.........qy)K...x..;...6/
CXd..Ir<..8..)?.....U#..A.....9.>F.6.(.5...m.*[email protected]
S.?1.L.-:eK.$!.\..@`/........J.>..:.ipY..R........=..S..R[l..zl.'`.
....W(.p.#%..d........:..=Yg..t.i....q......'.R....1.... .k0.y}..Kp.F.
.j..B.20f..:[email protected].*}C..T"....U....JVN.......,..GL..v......0KU
.n.....\..H...T.[QM\ {R...D..3....G.yQ.{O.. ..I..Bz<r...f...%.....h
JD#...O....T.*.Y4..s..%J.9'!.......?w>..m.....^..K-..)l....O..^..m.
*....r....9,...e..*.=?.n..f..K.F_0....[. $6..Q....#.MI.;P.E..b.D.:K|).
. ....%?"s.U.'L......\...%..2W.GNU...m.u5.L.&|..iNS.....D.z..Z.......N
5h..s....G.......TY.I...1.9.[.............U.`.=.....i<neAN....~.O.g
..\.%.x...>.J.R..... ..JT[c>,..e..8....}p..n......p>......*..
..-.i...scH...T=.VZ...:...f......s.=j\....'...6.*....=K.$..U\&o..Fh.o.
.Pi*s*R....'$...dU(u$.4F.X.=<....)9 b``.V0.H.x..#[email protected]...(h.M
[email protected]....$..?Q......
<<< skipped >>>

GET /img/pic.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: icon.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: image/gif

Content-Length: 719

Connection: keep-alive

Date: Tue, 25 Aug 2015 08:47:49 GMT

Last-Modified: Fri, 16 Jan 2009 08:10:47 GMT

Expires: Wed, 26 Aug 2015 08:47:49 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes

Via: cache1.l2de1[0,200-0,H], cache32.l2de1[0,0], cache6.nl1[0,200-0,H], cache1.nl1[0,0]

Age: 7878

X-Cache: HIT TCP_MEM_HIT dirn:5:508901051

X-Swift-SaveTime: Tue, 25 Aug 2015 08:47:50 GMT

X-Swift-CacheTime: 86399
GIF89a2.........f..3...33.............................................
.......................................!..NETSCAPE2.0.....!..Powered b
y AFEI.!.......,....2...... !.di.hjBl..p,....x......`P.(...GR.D6...CH.
...,..@8.... -..EQc.8...........`...."....................~"..H.......
.H......"...$....#.........."..........."Z.......*...%!.!.......,....2
...... !.di.hjBl..p,....x..|....p r..H.C.\&.H.tJu...#b......7..W.h....
...7..l..v..-....."....................~"..I........I......"...$....#.
........."..........."\.......*...%!.!.......,....2...... !.di.hjBl..p
,....x..|....p r..H.C.\&.H.tJu...#b......7..W.h.......7..l..v..-....."
....................~"..I........I......"...$....#..........".........
.."\.......*...%!.;HTTP/1.1 200 OK..Server: Tengine..Content-Type: ima
ge/gif..Content-Length: 719..Connection: keep-alive..Date: Tue, 25 Aug
 2015 08:47:49 GMT..Last-Modified: Fri, 16 Jan 2009 08:10:47 GMT..Expi
res: Wed, 26 Aug 2015 08:47:49 GMT..Cache-Control: max-age=86400..Acce
pt-Ranges: bytes..Via: cache1.l2de1[0,200-0,H], cache32.l2de1[0,0], ca
che6.nl1[0,200-0,H], cache1.nl1[0,0]..Age: 7878..X-Cache: HIT TCP_MEM_
HIT dirn:5:508901051..X-Swift-SaveTime: Tue, 25 Aug 2015 08:47:50 GMT.
.X-Swift-CacheTime: 86399..GIF89a2.........f..3...33..................
..................................................................!..N
ETSCAPE2.0.....!..Powered by AFEI.!.......,....2...... !.di.hjBl..p,..
..x......`P.(...GR.D6...CH....,..@8.... -..EQc.8...........`....".....
...............~"..H........H......"...$....#.........."..........
<<< skipped >>>

GET /acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1440397437<u=http://8888.89919.com/&liu=<r=&lcr=&ps=1522x8&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=578&tlm=1440500346&tcn=1440500347&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - 中国最大的在线音乐分享网站&baidu_id=&dpr=1 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: post-check=0, pre-check=0

Connection: keep-alive

Content-Length: 1147

Content-Type: text/javascript;charset=UTF-8

Date: Tue, 25 Aug 2015 10:58:59 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue Aug 25 18:58:59 2015

P3p: CP=" OTI DSP COR IVA OUR IND COM "

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Pragma: no-cache

Server: nginx

Set-Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; expires=Wed, 24-Aug-46 10:58:59 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
BAIDU_DUP2_define('request!u1548235_0',[],{deps:['nova/painter/inlayFi
xed1392089005'],data:{"id" : "u1548235","_isMlt" : 4,"sw" : 250,"sh" :
 250,"_html" : {"adn":"3", "at":"6", "aurl":"", "cad":"1", "ccd":"32",
 "cec":"utf-8", "cfv":"11", "ch":"0", "col":"en-us", "conOP":"0", "cpa
":"1", "dai":"1", "dis":"0", "ltr":"", "ltu":"hXXp://8888.89919.com/",
 "lunum":"6", "n":"46055029_cpr", "pcs":"628x452", "pis":"10000x10000"
, "ps":"1522x8", "psr":"1916x902", "pss":"995x1784", "qn":"6017087a97f
f6662", "rad":"", "rsi0":"250", "rsi1":"250", "rsi5":"4", "rss0":"#FFF
FFF", "rss1":"#FFFFFF", "rss2":"#F781F7", "rss3":"#525052", "rss4":"#0
08000", "rss5":"", "rss6":"#F781F7", "rss7":"", "scale":"", "skin":"",
 "td_id":"1548235", "tn":"text_default_250_250", "tpr":"1440500346621"
, "ts":"1", "version":"2.0", "xuanting":"0"},"_html_old" : "cpro_templ
ate=text_default_250_250|cpro_161=3|cpro_flush=4|cpro_cbd=#FFFFFF|cpro
_cbg=#FFFFFF|cpro_ctitle=#F781F7|cpro_cdesc=#525052|cpro_curl=#008000|
cpro_cflush=#F781F7|cpro_client=46055029_cpr|cpro_at=image|cpro_cad=1|
cpro_w=250|cpro_h=250|cpro_version=2.0","qn" : "6017087a97ff6662","_qi
d" : "6017087a97ff6662"}});....
<<< skipped >>>

GET /acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=1&dis=0&ltr=&ltu=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1522x8&psr=1916x902&pss=995x1784&qn=6017087a97ff6662&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.656.3125.3125 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Cache-Control: post-check=0, pre-check=0

Connection: keep-alive

Content-Length: 22250

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:58:59 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue Aug 25 18:58:59 2015

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Pragma: no-cache

Server: nginx
...<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml"
>  .    <head>.        <meta charset="UTF-8" />.       
 <title>..................</title>.        <!-- 0|0 --&
gt;.        <style type="text/css">.            html{color:#000;
background-color:transparent;}body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h
5,h6,pre,code,form,fieldset,legend,input,textarea,p,blockquote,th,td{m
argin:0;padding:0}table{border-collapse:collapse;border-spacing:0}fiel
dset,img{border:0}address,caption,cite,code,dfn,em,strong,th,var{font-
style:normal;font-weight:normal}ol,ul{list-style:none}caption,th{text-
align:left}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal}q:befor
e,q:after{content:''}abbr,acronym{border:0;font-variant:normal}sup{ver
tical-align:text-top}sub{vertical-align:text-bottom}input,textarea,sel
ect{font-family:inherit;font-size:inherit;font-weight:inherit}input,te
xtarea,select{*font-size:100%}legend{color:#000}body{margin:0;padding:
0;}          .            .bd-logo,.bd-logo2,.bd-logo3,.bd-logo4{text-
decoration:none;cursor:pointer;display:block;overflow:hidden;position:
absolute;bottom:0;right:0;z-index:2147483647}.bd-logo{height:18px;widt
h:18px;background:url(hXXp://cpro2.baidustatic.com/cpro/ui/noexpire/im
g/2.0.1/bg.png) no-repeat left top;background-position:0 0;_filter:pro
gid:DXImageTransform.Microsoft.AlphaImageLoader(enabled=true,src="http
://cpro2.baidustatic.com/cpro/ui/noexpire/img/2.0.1/logo-border-light.
png",sizingMethod="crop");_background:0}.bd-logo:hover{background-
<<< skipped >>>

GET /acom?di=u1548235&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=2&dis=0&dai=3&dds=&drs=3&dvi=1440397437&ltu=http://8888.89919.com/&liu=&ltr=&lcr=&ps=1427x293&psr=1916x902&par=1916x874&pcs=628x452&pss=995x1784&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=6984&tlm=1440500353&tcn=1440500353&tpr=1440500346621&dpt=none&coa=&ti=缘分网 - 中国最大的在线音乐分享网站&baidu_id=&dpr=1 HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Cache-Control: post-check=0, pre-check=0

Connection: keep-alive

Content-Length: 1149

Content-Type: text/javascript;charset=UTF-8

Date: Tue, 25 Aug 2015 10:59:03 GMT

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue Aug 25 18:59:03 2015

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Pragma: no-cache

Server: nginx
BAIDU_DUP2_define('request!u1548235_2',[],{deps:['nova/painter/inlayFi
xed1392089005'],data:{"id" : "u1548235","_isMlt" : 4,"sw" : 250,"sh" :
 250,"_html" : {"adn":"3", "at":"6", "aurl":"", "cad":"1", "ccd":"32",
 "cec":"utf-8", "cfv":"11", "ch":"0", "col":"en-us", "conOP":"0", "cpa
":"1", "dai":"3", "dis":"0", "ltr":"", "ltu":"hXXp://8888.89919.com/",
 "lunum":"6", "n":"46055029_cpr", "pcs":"628x452", "pis":"10000x10000"
, "ps":"1427x293", "psr":"1916x902", "pss":"995x1784", "qn":"397da722a
6333ad8", "rad":"", "rsi0":"250", "rsi1":"250", "rsi5":"4", "rss0":"#F
FFFFF", "rss1":"#FFFFFF", "rss2":"#F781F7", "rss3":"#525052", "rss4":"
#008000", "rss5":"", "rss6":"#F781F7", "rss7":"", "scale":"", "skin":"
", "td_id":"1548235", "tn":"text_default_250_250", "tpr":"144050034662
1", "ts":"1", "version":"2.0", "xuanting":"0"},"_html_old" : "cpro_tem
plate=text_default_250_250|cpro_161=3|cpro_flush=4|cpro_cbd=#FFFFFF|cp
ro_cbg=#FFFFFF|cpro_ctitle=#F781F7|cpro_cdesc=#525052|cpro_curl=#00800
0|cpro_cflush=#F781F7|cpro_client=46055029_cpr|cpro_at=image|cpro_cad=
1|cpro_w=250|cpro_h=250|cpro_version=2.0","qn" : "397da722a6333ad8","_
qid" : "397da722a6333ad8"}});....


GET /sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://cpro.baidustatic.com/sync.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 1596

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:06 GMT

Etag: "55dc1feb-63c"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Server: nginx
<!DOCTYPE html>.<html>.    .    <head></head>.
    .    <body>.        <script type="text/javascript">   
         .            var getCookie=function(b,d){var a;d=d||window;va
r c=RegExp("(^| )" b "=([^;]*)(;|$)").exec(d.document.cookie);c&&(a=c[
2]);return a},setCookie=function(b,d,a){a=a||{};var c=a.expires;"numbe
r"==typeof a.expires&&(c=new Date,c.setTime(c.getTime() a.expires));do
cument.cookie=b "=" d (a.path?"; path=" a.path:"") (c?"; expires=" c.t
oGMTString():"") (a.domain?"; domain=" a.domain:"") (a.secure?"; secur
e":"")},getUrlParam=function(b){b=RegExp("(^|&)" b "=([^&]*)(&|$)","i"
);b=window.location.search.substr(1).match(b);.            return null
!=b?decodeURIComponent(b[2]):null},currentDomain=document.domain.toLow
erCase(),referDomain=(document.referrer?document.referrer.match(/.*\:\
/\/([^\/]*).*/i)[1]:"").toLowerCase(),urlCproId=getUrlParam("CPROID"),
cookieCproId=getCookie("CPROID"),targetCproId;!urlCproId||"pos.baidu.c
om"!==currentDomain||"cpro.baidu.com"!==referDomain&&"cpro.baidustatic
.com"!==referDomain||cookieCproId&&cookieCproId===urlCproId||setCookie
("CPROID",urlCproId,{path:"/",domain:".pos.baidu.com",expires:(new Dat
e).setFullYear(2042)});.            var sendByIframe = function (b) {.
                var c = document.createElement("iframe");.            
    c.style.display = "none";.                c.setAttribute("src", b)
;.                document.body.insertBefore(c, document.body.firstChi
ld).            }.            sendByIframe("hXXp://release.baidu.c
<<< skipped >>>

GET /wh/o.htm?ltr=&cf=u HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1; CPROID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 1394

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:12 GMT

Etag: "55dc1feb-572"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

P3p: CP=" OTI DSP COR IVA OUR IND COM "

Server: nginx
<!DOCTYPE html>.<html>.    <head>.    </head>.
    <body>.        <style>.            .userData {behavior
:url(#default#userdata);}.            .client {behavior:url(#default#c
lientCaps);}.        </style>.        <div id="oPersistDiv" c
lass="userData"></div>.        <div id="clientDiv" class="
client"></div>.        <div id="oFlashDiv"></div>
.        <script src="hXXp://dup.baidustatic.com/tpl/wh.js"><
/script>.        <div id="cFlashDiv">.            <object 
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="hXXp://
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7
,0,19,0" width="1" height="1" id="BAIDU_CLB_ac_o_flash" title="BAIDU_C
LB_ac_o_flash" align="middle">.                <param name="allo
wScriptAccess" value="samedomain" />.                <param name
="movie" value="c.swf?v=3">.                <param name="quality
" value="high">.                <param name="wmode" value="trans
parent" />.                <embed wmode="transparent" name="BAID
U_CLB_ac_o_flash_embed" id="BAIDU_CLB_ac_o_flash" src="c.swf?v=3" swli
veconnect="true" quality="high" width="1" height="1" align="middle" al
lowscriptaccess="samedomain" type="application/x-shockwave-flash" plug
inspage="hXXp://VVV.macromedia.com/go/getflashplayer">.            
</object>            .        </div>.        <script sr
c="hXXp://dup.baidustatic.com/tpl/ac.js"></script>.    &l
<<< skipped >>>

GET /wh/o.swf?v=1 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1; ISBID=8138C33758309AE6FF4C222F3076C661:FG=1; ISUS=1; CPROID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 157

Content-Type: application/x-shockwave-flash

Date: Tue, 25 Aug 2015 10:59:15 GMT

Etag: "55dc1feb-9d"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Server: nginx
CWS.....x.3.bX..........{.^....?............b..............7..Ofq.Cq~Q
.CVbYbqrQfA.U.TBC.!.89. .AI.!.85'.a./.@6.(.`.......d3......Af.;.;#H...
.$..&.g......?.' HTTP/1.1 200 OK..Accept-Ranges: bytes..Connection: ke
ep-alive..Content-Length: 157..Content-Type: application/x-shockwave-f
lash..Date: Tue, 25 Aug 2015 10:59:15 GMT..Etag: "55dc1feb-9d"..Last-M
odified: Tue, 25 Aug 2015 07:57:31 GMT..Server: nginx..CWS.....x.3.bX.
.........{.^....?............b..............7..Ofq.Cq~Q.CVbYbqrQfA.U.T
BC.!.89. .AI.!.85'.a./.@6.(.`.......d3......Af.;.;#H....$..&.g......?.
' ..

GET /img/iconjans.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sun, 10 Nov 2013 14:48:44 GMT

Accept-Ranges: bytes

ETag: "06ecf423dece1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:42 GMT

Content-Length: 12263
GIF89aG.......................M..M..M..L..............................
...........................................l..........................
.........................................................~............
..........................Qy.a..k..........................z..........
......................................................................
......................................................................
................................................W..p..................
..I..I..K..J..J..L..M..M..L..K..N..N..N..N..U..a..a........M..........
......................................................................
......................................................................
......................................................................
...........!.......,....G..........H......*\..............q,R..'...q8Z
.X..Gv.G.aW.bI..;..X.`........gHv,].dg..:u...K.GiR.ptVd..(..X.....`T.!
.b..r.Ev|...Z....j..K.."..,.V]9.l..b.|.)s.....&^.U..t|...,....M.C-..jF
.|G.......(.Zf<.n.t.a...t.l8..&.......m.Z....v...N...l>..I/..]..
..MO..).bo...$.2...d..-~.t.E.,..J..tu...?gLS1.....dHq.TO....M.eDPU:}..
y..4.[..3......&....1[...:.p(.lsA..r9...1..G.{.}.....Q.R.........9(...
.&.I.9..G.\.)UT.~,.#.4.q#r;.7.$.i..}.....".....h.....q......t....z....
A[.E.r....tyna....#.0{.3.9..3L...x..).y.s.......Q\FH.'.......9on..9..C
)...S...&.Il..d.y;>..N....u..Sb.o......S...D3L...#L4.d.-.[(........
[email protected]..]ui.....n ..............s..qz.N1..E.M8~..Gd..[.q....^.l.0
....9)w{p&.V:..LbF.[:.G...........c...i.^.Sr..O3M5...u&Q...5nD...s
<<< skipped >>>

GET /huandeng_pic/hd11.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 13:14:04 GMT

Accept-Ranges: bytes

ETag: "0f6433bbbdbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:44 GMT

Content-Length: 69261
GIF89a.............E"#?12...:6">:&B>*NJ8>: B>/JF82."62&..v
:6*..z:2.>6"B:&F>*NF2KB.rfJvjN~rW...:2">6&B:*F>.JB2nbKrfN.
.vvjRNF6.........vfJzjN.tZ..~..l..u..|............J>*RF2VJ6ZN:.qV..
m.~c..g.w^..r..{e[K...1.)2*.6."l\ErbJ:2&vfN|lT>6*^[email protected]`..v62,>
;2"F:*r_FJ>..vYNB2RF6VJ:ZN>eXFB:/..yWF2ZJ6.&.^N:vbJzfMdUBrbNl]Jv
fR~n[:61Q>)bQ>..|...;).J:*B4&N>.:."RB2>2&VF6ZJ:^N>F:.J&
gt;22*"6.&:2*>6.......C6*NB7xaN....t_E=6< .J:.......ygYJA:LD>
PHB^VP?."XB22&....6*"lUE:.&>2*XI?F?:...O5%[?.Q9*.^I.dN..q..l.jU..i.
.{..t.........d\WtlgzrmD .H2%eH8yXE.x`.nX.s].|f..zRA7... ..ULGZQL.....
..........-..U;-!.._C4lM=.|c:*"...>.&XB7:[email protected]............;&.4".
'..L5*.fQtQA.cU(..md`...O90...1*'.........?*"nULD.'.[N;.*6-*RFB.....oW
<4eJB..w_C<:*&...{XQ3%"...6)&...<&".c\A1.@!.j>8 $#...@)&.g
aS/,M1/JAA...............!.......,.............4.B... \...2.Q....D..Qb
.;B.<."dc. .;>....G.(S......".Z..S..M8xp"....$... ...NP.Hi..$IR.
7E.D...*.$X. ....O.X.8!.....Z..t.2R$.B.lx.Rj..^.8U.....Q....g....X....
..;.N.4y......V$(m.B...0l4.aB..C?v..........r...B.....n.;.m.LZ..W.M..1
Z....M...R..o8...m..'r.........y6..o`y...;r...p..]..e...>..H.,..I".
.....t.e.5.Qh...PA..F...e..f.Y$.I"i$...2(.J...Vqt= [email protected]..
Q.........ad{....`.y..VN........z..........b.A.sx..Sq9..b.R.FX.....J..
.^J"r..c.r.ae.A4Pg..$...I.ZA.U..c....G#JJ.ct..bK-.WSS/.u.q....s....Uxx
.@....".5..".,....#wH.......yS.W.......np.%._.V.Q..w....9.Ra:......X$.
.Ig[......j....Mh.h.6DOA....H...al"^.'K.^...)......t.V..$.PM...V7.
<<< skipped >>>

GET /huandeng_pic/hd13.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Sun, 24 Nov 2013 11:06:54 GMT

Accept-Ranges: bytes

ETag: "01b74485e9ce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:45 GMT

Content-Length: 53989
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2013:11:24 19:06:22....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
..................................l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.f...z..B....Y........5......t...3.
F............u.~.. .........._..8.5..F...7l....1..........R.....U.Vnh.
w..?I....ap..[:..2}.......3.o.}..g^.O.z.C...$.g.}..r=..../.7&.R[eu....
[email protected].~.gYc]s.Ac..6.w.>....7...qnC......
[email protected]..{.....}5...S.]...Z~ ...<.......'..w...S...
d.2...W..e..v.-.LY.4^kjA....#.5..%.J/M-...N()Z..5-....^..F............
.q....X{5........o..f.m.z....:.p>.o3...Y../z....Y..@$6.L5.....h..Y.
..2..u.s....q..c...W...|..%.wU....a.sd....-..GkUSas..I... ....MV.h...e
.N..1..........2k.0~h...?!..O..l..a..Xw..Sg....wz'\...`.Kx0u...^..:.=.
...[..k....j..............Hq......Ul.....m.:..f.p .?.Y&d....7d.wV.
<<< skipped >>>

GET /img/new_logo.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 29 May 2014 17:03:17 GMT

Accept-Ranges: bytes

ETag: "80788ce25f7bcf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:45 GMT

Content-Length: 7778
GIF89a..R...........X.......................!:y.......'...../..5..?.1L
.Lh.#G.)N.0V.f...........-T.3[.:d.Z{.Bn...............................
.........Fs.Hv.K{.P~.]..i..w..u.......................................
..........................S..b..c..]..m..o..o..y......................
..................................V..W..Z..]..]..a....................
......c..f..h..l..m..{..........................i..l..n..o..p..p..r..v
..|........................................................s..r..v..z.
......................................................................
......................................................................
......................................................................
.....................................................................x
xxooofff...!.......,......R........H......*\......#J.H.....3j...... C.
.I....(S.\.....0c.T!....c.....'AV:.p.I.& -1l.u.sa......:..AV.YY....@V(
ZH!.....[.z..s.....f.J....Q.R....\..X.: .k._p.....K....s%.....^..4.W..
...O....[.J...iw3f..M. ...g..5....pS...B.......y...m..._U/....R..X..j.
.`..p......\.M....}`j...C.....bm.b^Ml...|[email protected]../
..F...1..k.U8.zQ...4....TR..V..@3X};m.`.;.'.a.i..4.5.....6.u..b...rE@.
*6.. ...../...`K.V.~;....Z`..W*...jQ-....MG..T.8.gub.#......:.ueU...fd
o...a.U(.l.FG......~..j)..5...n&IepQ.9..&N:.V....}.H....0. .2s..#..V..
...@%mK...u.>..@."h_..5..Zdu7.-Z.h.......Z.H.t.."..J.in....jsG.._..
.....a.$1?.0&...9....i.....$..N*...t.f.......b.im..%,.(6.....G1.JY...0
v.jv......r...W.g..K..sk..........0...t.^. ..jG.`...$...)2.....}..
<<< skipped >>>

GET /album_pic/album_2013_11_7_20_21_29_235.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 12:21:29 GMT

Accept-Ranges: bytes

ETag: "802abde2b3dbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:47 GMT

Content-Length: 3548
......JFIF.....`.`.....C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222......X.Z..".....................................
.......................}........!1A..Qa."q.2....#B...R..$3br........%&
'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................
......................................................................
.............................w.......!1..AQ.aq."2...B.....#3R..br...$4
.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................
................................................................?...On
q......PoHW..F-=b@......!:f....O.EJ.OCZ_./.S.W~%..-I....6...!,.3vE$..'
..............$....dk2.j.wa.~..c.*...^.B.....>.{;.q...|2.2.N..I..H.
.k.............iO.aqq%.....DbuU..r.. d.v.9......f..y'.!:..jF.N.....$.i
Qq... ..9.jh...u{..Lj..]..o....70]..P.. ...v...N.........3..j........'
. .....8..V..c...x.F..c....X...IX7FS.`..F.............Dp.>..5....K.
".6.!Sk..:.B.1p....;........o....>..I$;.a.....x.r.!....y...]..P..e.
a....-r.....k.../...{g.n......<...Z.......%X..r2...vc.>..4......
c...}...na..d[.....!..w.....Y.p.]A.J...A. .Z.O...G.f&m:..P...Ib..w....
[email protected]........}....F E..T.F>.....w..}..:.-os...
..Gf..R.[.0.O\..E6..O...Vd.....`....-R'.a..x.S....x....Y4..|.'$..2.}..
........~...O.............2^.Q.Y...61..........#.go.V..\.Z]HJ.F0......
......s/.S.|.>.l.V..-.r........lC........>./....~.E.....a.......
..`.{....?....*..qV:...}......g.m.;..DB..*.{......R..4m .FC._...o.
<<< skipped >>>

GET /album_pic/album_2013_11_7_15_46_53_626.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 07:46:53 GMT

Accept-Ranges: bytes

ETag: "801447868ddbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:48 GMT

Content-Length: 2811
......JFIF.....`.`.....C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222......X.Z..".....................................
.......................}........!1A..Qa."q.2....#B...R..$3br........%&
'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................
......................................................................
.............................w.......!1..AQ.aq."2...B.....#3R..br...$4
.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................
................................................................?..-..
.......o..@..#...q....3D...m...02q....ko..a....[...{.. .B^F.L}..\..5.w
=l..<.U6.....1.<)k...c...r.NN}98. .....u..@m..........%....,1...
.......tFO.w..x..s.).Y.6...I....X../....na!V...c..k..!f..2.S...j...=..
......{......\...}.m.....B..:...-V.x.c.vkR.. ........c.H&u..qR...;@..y
k...<..2vW!o1N.p>..H&..7OSV.G..A,p..8...T.ep..'.....i......V,..B
_.AU.U..GQV....(.6w~....k...1DS.z..o..PK[.ZE..o&#.....?*..L.o.$ .VW..\
...^...A......b.y......... W'.q..-.R.*5h{:{.:.e....o.dG...Ty..X^x..GYw
c8V#....[..1_x..."..J......Z....O./r....].3....Um>....T.k.X.....Q..
4..FK:..@..)....k.<g.../.;..c*...>...|]y....^.(qh.<g..u..z...
.......k.0.t...Y.V#.>......w/.R5&.......?6`.J..;.......v....j..| ..
.H.6.eix..).....].....x2..>...K..{..L..............<"..j......ll
... .e..{{.Uv.>c...5..h..;,......a..F.;.W..3..3..=..4..G.....;....`
OA.zU......@>..6.u,...~\m'L...b.....T..w.. .rZ.:...G....sJKD.I.
<<< skipped >>>

GET /note_pic/298857.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Sat, 30 Nov 2013 10:44:54 GMT

Accept-Ranges: bytes

ETag: "0972634b9edce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:48 GMT

Content-Length: 7346
......JFIF.....`.`.....C..............................................
......................C...............................................
............................."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.......J
..K ...........$..;......X{05..p...q..W.....Y.......=)...*...vv.Xo...U
....[....c....H..~.. .3.jC.L"..pG....3.......$V..'$........)..w*...$*.
nr...J...UO..jxmNIH..p...%;..DK...)..V..!R.g....;....F....H.1....&..._
.&..W...E.#[email protected].^x...c..,..Ye..W.is.....k..,I..Z.
$.$.Gu.d ....\.x.%sc..2..f..&...'.#...%..."..>O.........-..]...."..
3.....`W:...<xi:.......<...x.[?.:....;....Rs.V...Hm.&.e.;...g5.p
.w..t....K/@=i..` HX...R1.9..nk...UH..'......9......Q.>.t......,.L.
....Gp........._L....:..?.... Y..o3H....2......B*...<.....[).O.....
.Y.[Bw0bX.W.x{...c...."....p......N.........H.w.F.4.........c"..M6K.2A
'..k)..U..1......U............=.SRE..#o...h.8x..*.>..b.2......m2]..
.El..:.4P.!.u.s.4...j...6...E2..3.....).`..r.C.C....P...q..Y.......*..
tY_.j.b....e .t.)n.C..H....U...[.Z.........-8~...Zzlr.=.0.!C.^.1....R.
.k>..X\.!...s.#......lAh.."..J........]gmb.W....ea..i......G...
<<< skipped >>>

GET /huandeng_pic/hd21.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 13:30:45 GMT

Accept-Ranges: bytes

ETag: "8070e88fbddbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:51 GMT

Content-Length: 50203
......JFIF.....H.H.....GExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2013:11:07 21:28:10....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................H...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'[email protected].` ..S. ...R.)...`$.
....'........l......Py.k4..^.M..W@\.XA.mgG:I...<..Yg.7..Y..ht.}.6..
....X..........Yx.c..[.ZN....Q.........@s)..$.n.s.......~........v.4/.
l.[.:..H.>....h.s...[.v..u.g.,...z._../..Sv......q...a....y... .o..
...?...2N..]..mop.sTS... ...g..y;.Xt......I...(...{.sa.....T..]..ok.. 
.....MV@.*H.&;0.r....:].S...t...d..~..m.H.....u.}6-..k..~=...&.w$i.>
;.....N.n...y.]....E.^.\.....x..7...z...V7....hDhQj.BzY....B#BH\.0....
.\.0.Z..J\. ..H.....!.][email protected]...)......
~y.1....U.dl...3._.sq)..6;.X..........E`7c6._r...?.........Z...Ux.8..)
..$.$........=_.*.[..X.!..\l... L............W.jW..!...........%.n
<<< skipped >>>

GET /huandeng_pic/hd33.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 07 Nov 2013 13:42:32 GMT

Accept-Ranges: bytes

ETag: "0145035bfdbce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:54 GMT

Content-Length: 53270
GIF89a..............r....,$%D.$4..VEIE,4,..<$,;57...$..*.$4$-...7,6
......pYsA9F,'4........$..................x.....,444?7...,4(.....H....
............................8.....z........d........"..............,..
...-,$...U...$..4,...l<4...V......... $........./$....w4,........u.
.g....J4...F......B ...N..},.....sK.8&.<,.;4*...X6..T.bA.....Q..t2.
.\...e8.G*.D-..Z,K4...p $..t.w?.$.....,....>4$....S<$<,.$..4,
$....a...;....w,.Z(V5..ud.....$L,._=#Q=-..z...,...f"<$.D,...~..h:..
.m..L..Z&..U..h.m!.q,g6...?.sJ..YrH1.jKJ4'._.Y%....._ 5..$..L,.T4$,..a
?..\G4$..w`<,$wdZ...D#..E).wL.X:[email protected] ..J.h&.y9.L$..Y8.N7pUJ./..9
..;..D$V)..h>.b?o:&^4$X@7....<..6..H(.Y4,...K24..<$.N...>.
x-..I'g)..S5.K5<..D$.f..G,&&..V,$^4-T4.=..L$.5..H87.........4.....,
..<..4..$..=$$...,..4$$...<,,$..3,,...............!.......,.....
..........G.N={...s..a....5h0.A.x...s..V.R.B..%J.HR(...&L..f.......<
;k.r.|@....@...*..A{.~.u..^F..J...k..t......_..=}........"X `.....".u.
.n..j.V...o...:t.........X...c.."G. Y.........C...Bo.........X......[.
.M.....s...[. ./..F.z.....p.$.K%N.8q....(\..)..M.vi..q...>.1..B%.N.
:.d....&_>|\..'...?...."J.... [email protected]@ ........HD.FDQ..0U.,.
 .....C.J..d.H...R. .2.K..TN8;...5..".V=q..A...O.P...EL.3KG.43.,X.2..[
VuU). ...<-..Y@e.&.....Z.T`A.m.I.].X..^rV ..}QPXb.q..#.u....].Yd.\v
.h...A...VXd.i.C..n Y....Zl0h..i....m....[k...[l......).."/(.......r.U
....]W.|.(.]w.(.M.....~.I.-v.%c.~...n...g`....L*......&..3.Dw]2.......
3.....!C...N:..RN9....(...R...(R(l...0..2. ...L...R..1U..-..S.C\.#
<<< skipped >>>

GET /img/iconjans.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Sun, 10 Nov 2013 14:48:44 GMT

If-None-Match: "06ecf423dece1:0"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: dfgfdherwtewrnvbcxcgdsf.89919.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Date: Tue, 25 Aug 2015 11:16:27 GMT

Etag: "06ecf423dece1:0"
....

GET /adx.php?c=d25pZD1hN2FmY2I5MGZkZDE1YzdiAHM9YTdhZmNiOTBmZGQxNWM3YgB0PTE0NDA1MDAzMzkAc2U9MQBidT00AHByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAGNoYXJnZV9wcmljZT1WZHhLY3dBSlN5bDdqRXBnVzVJQThoNEdRdHp5MDM3OFBKV3dmZwBzaGFyaW5nX3ByaWNlPVZkeEtjd0FKU3lsN2pFcGdXNUlBOGg0R1F0enkwMzc4UEpXd2ZnAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9NDJmY2Q2OTE HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=1&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1522x8&psr=1916x902&pss=995x1784&qn=6017087a97ff6662&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.656.3125.3125

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: wn.pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 25 Aug 2015 10:59:01 GMT

Content-Type: image/gif

Content-Length: 49

Connection: keep-alive

Expires: Mon, 26 Jul 1997 05:00:00 GMT
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Serv
er: nginx..Date: Tue, 25 Aug 2015 10:59:01 GMT..Content-Type: image/gi
f..Content-Length: 49..Connection: keep-alive..Expires: Mon, 26 Jul 19
97 05:00:00 GMT..GIF89a...................!.......,...........T..;nt>....


GET /adx.php?c=d25pZD01NzEwYTU2ZTc4YjA2MmY3AHM9NTcxMGE1NmU3OGIwNjJmNwB0PTE0NDA1MDAzNDIAc2U9MQBidT00AHByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAGNoYXJnZV9wcmljZT1WZHhLZGdBSllmSjdqRXBnVzVJQThoVVdnYmcxTVo4N3NxSjc4UQBzaGFyaW5nX3ByaWNlPVZkeEtkZ0FKWWZKN2pFcGdXNUlBOGhVV2diZzFNWjg3c3FKNzhRAHdpbl9kc3A9NABjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9N2MzNDY3MjI HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=2&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=878x293&psr=1916x902&pss=995x1784&qn=1c53e6c91e61ea50&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.4078.6141.6141

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: wn.pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 25 Aug 2015 10:59:03 GMT

Content-Type: image/gif

Content-Length: 49

Connection: keep-alive

Expires: Mon, 26 Jul 1997 05:00:00 GMT
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Serv
er: nginx..Date: Tue, 25 Aug 2015 10:59:03 GMT..Content-Type: image/gi
f..Content-Length: 49..Connection: keep-alive..Expires: Mon, 26 Jul 19
97 05:00:00 GMT..GIF89a...................!.......,...........T..;nt>....


GET /adx.php?c=d25pZD02NDdmM2I0ZjA1OTZiZWIxAHM9NjQ3ZjNiNGYwNTk2YmViMQB0PTE0NDA1MDAzNDMAc2U9MQBidT0xAHByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAGNoYXJnZV9wcmljZT1WZHhLZHdBUE4wOTdqRXBnVzVJQThnLWkwMEhqbDQ2bXJMaDFJUQBzaGFyaW5nX3ByaWNlPVZkeEtkd0FQTjA5N2pFcGdXNUlBOGctaTAwSGpsNDZtckxoMUlRAHdpbl9kc3A9MQBjaG1kPTEAYmRpZD04MTM4QzMzNzU4MzA5QUU2RkY0QzIyMkYzMDc2QzY2MQBjcHJvaWQ9AGJjaG1kPTAAdj0xAGk9OTdjYWJmMGM HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.7063.7469.7469

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: wn.pos.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 25 Aug 2015 10:59:04 GMT

Content-Type: image/gif

Content-Length: 49

Connection: keep-alive

Expires: Mon, 26 Jul 1997 05:00:00 GMT
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Serv
er: nginx..Date: Tue, 25 Aug 2015 10:59:04 GMT..Content-Type: image/gi
f..Content-Length: 49..Connection: keep-alive..Expires: Mon, 26 Jul 19
97 05:00:00 GMT..GIF89a...................!.......,...........T..;..

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8888.33591.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Cache-Control: private

Content-Length: 139

Content-Type: text/html; charset=utf-8

Location: hXXp://8888.89919.com/

Server: Microsoft-IIS/7.5

X-AspNet-Version: 2.0.50727

Set-Cookie: ASP.NET_SessionId=lbhl0v45vziwtibuf4axnk55; path=/; HttpOnly

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 10:56:47 GMT
<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://8888.
89919.com/">here</a>.</h2>..</body></html>.
.HTTP/1.1 302 Found..Cache-Control: private..Content-Length: 139..Cont
ent-Type: text/html; charset=utf-8..Location: hXXp://8888.89919.com/..
Server: Microsoft-IIS/7.5..X-AspNet-Version: 2.0.50727..Set-Cookie: AS
P.NET_SessionId=lbhl0v45vziwtibuf4axnk55; path=/; HttpOnly..X-Powered-
By: ASP.NET..Date: Tue, 25 Aug 2015 10:56:47 GMT..<html><head
><title>Object moved</title></head><body>..
<h2>Object moved to <a href="hXXp://8888.89919.com/">here&
lt;/a>.</h2>..</body></html>....

GET /stat.php?id=5862873&show=pic HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s22.cnzz.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Date: Tue, 25 Aug 2015 10:59:04 GMT

Last-Modified: Tue, 25 Aug 2015 10:59:04 GMT

Cache-Control: max-age=5400,s-maxage=5400

Via: cache28.l2de1[670,200-0,M], cache5.l2de1[684,0], cache6.de1[683,200-0,M], cache9.de1[684,0]

X-Cache: MISS TCP_REFRESH_MISS dirn:6:700978635

X-Swift-SaveTime: Tue, 25 Aug 2015 10:59:05 GMT

X-Swift-CacheTime: 5399
298..(function(){function k(){this.c="5862873";this.R="z";this.N="pic"
;this.K="";this.M="";this.r="1440500344";this.P="oz.cnzz.com";this.L="
";this.u="CNZZDATA" this.c;this.t="_CNZZDbridge_" this.c;this.F="_cnzz
_CV" this.c;this.G="CZ_UUID" this.c;this.v="0";this.A={};this.a={};thi
s.la()}function g(a,b){try{var c=.[];c.push("siteid=5862873");c.push("
name=" f(a.name));c.push("msg=" f(a.message));c.push("r=" f(h.referrer
));c.push("page=" f(e.location.href));c.push("agent=" f(e.navigator.us
erAgent));c.push("ex=" f(b));c.push("rnd=" Math.floor(2147483648*Math.
random()));(new Image).src="hXXp://jserr.cnzz.com/log.php?" c.join("&"
)}catch(d){}}var h=document,e=window,f=..1cdf..encodeURIComponent,l=de
codeURIComponent,n=unescape;k.prototype={la:function(){try{this.U(),th
is.J(),this.ia(),this.H(),this.o(),this.ga(),.this.fa(),this.ja(),this
.j(),this.ea(),this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.
pa(),e[this.t]=e[this.t]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i faile
d")}},na:function(){try{var a=this;e._czc={push:function(){return a.B.
apply(a,arguments)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var
 a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a
.length;b  ){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account=
"[object String]"==={}.toString.call(c[1])?c[1]:String(c[1]);.break;ca
se "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1
])}}}catch(d){g(d,"cS failed")}},pa:function(){try{if("undefined"===ty
peof e._cz_account||e._cz_account===this.c){e._cz_account=this.c;i
<<< skipped >>>

GET /media/v1/0f000PCl-eM7bK8cufB8p0.jpg HTTP/1.1

Accept: */*

Referer: hXXp://pos.baidu.com/acom?adn=3&at=6&aurl=&cad=1&ccd=32&cec=utf-8&cfv=11&ch=0&col=en-us&conOP=0&cpa=1&dai=3&dis=0<r=<u=http://8888.89919.com/&lunum=6&n=46055029_cpr&pcs=628x452&pis=10000x10000&ps=1427x293&psr=1916x902&pss=995x1784&qn=397da722a6333ad8&rad=&rsi0=250&rsi1=250&rsi5=4&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#F781F7&rss3=#525052&rss4=#008000&rss5=&rss6=#F781F7&rss7=&scale=&skin=&td_id=1548235&tn=text_default_250_250&tpr=1440500346621&ts=1&version=2.0&xuanting=0&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1548235&ti=缘分网 - 中国最大的在线音乐分享网站&tt=1440500345980.7063.7469.7469

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ubmcmm.baidustatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 25 Aug 2015 10:59:05 GMT

Content-Type: image/jpeg

Content-Length: 33036

Connection: close

Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT

Expires: Wed, 04 May 2016 04:39:00 GMT

Age: 9699605

Cache-Control: max-age=31536000

media: media

Ohc-Content-Crc: 934791390

Server: hkg01-sys-jorcol02.hkg01.baidu.com
......Exif..II*.................Ducky.......P.....ohXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:05E517B31664E1118
CED844A5DA008F8" xmpMM:DocumentID="xmp.did:A90DCD81D00D11E287D4AF7341D
5F52F" xmpMM:InstanceID="xmp.iid:A90DCD80D00D11E287D4AF7341D5F52F" xmp
:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:209A11860DD0E211AFDDC0A5C709F9EB" stRef:doc
umentID="xmp.did:05E517B31664E1118CED844A5DA008F8"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
......................................................................
.................................................!.1"..A2#.....WQa.G..
qBb3$t.%V.R...FgX.r.H..S4DTd.U.&f.'(.......................!.1AQ.aq.."
........2..Sc..BR.T...br...#3$..s4Dd%............?....."h..&.."h..&.."
h...v..m.r..&."m..6..m.q.&.."h..&.."h..&.."h..&.."...V-.x..M.5L..t..4.
!.s..0...<DDu....5....b....q..$...w>.q.y..k.... "S.n%j.D<
<<< skipped >>>

GET /sync2r.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://pos.baidu.com/sync_pos.htm?cproid=8138C33758309AE6FF4C222F3076C661:FG=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: release.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8138C33758309AE6FF4C222F3076C661:FG=1

HTTP/1.1 200 OK

Accept-Ranges: bytes

Connection: keep-alive

Content-Length: 2047

Content-Type: text/html

Date: Tue, 25 Aug 2015 10:59:08 GMT

Etag: "55dc1feb-7ff"

Last-Modified: Tue, 25 Aug 2015 07:57:31 GMT

Server: nginx
<!DOCTYPE html>.<html>.    .    <head></head>.
    .    <body>.        <script type="text/javascript">.  
          var sendByIframe = function (b) {.                    var c 
= document.createElement("iframe");.                    c.style.displa
y = "none";.                    c.setAttribute("src", b);.            
        document.body.insertBefore(c, document.body.firstChild).      
          },.                getCookie = function (b, c) {.           
         var a;.                    c = c || window;.                 
   var d = RegExp("(^| )"   b   "=([^;]*)(;|$)").exec(c.document.cooki
e);.                    d && (a = d[2]);.                    return a.
                },.                setCookie = function (b, c, a) {.  
                  a = a || {};.                    var d = a.expires;.
                    "number" == typeof a.expires && (d = new Date, d.s
etTime(d.getTime()   a.expires));.                    document.cookie 
= b   "="   c   (a.path ? "; path="   a.path : "")   (d ? "; expires="
   d.toGMTString() : "")   (a.domain ? "; domain="   a.domain : "")   
(a.secure ? "; secure" : "").                },.                getUrl
Param = function (b) {.                    b = RegExp("(^|&)"   b   "=
([^&]*)(&|$)", "i");.                    b = window.location.search.su
bstr(1).match(b);.                    return null != b ? decodeURIComp
onent(b[2]) : null.                },.                currentDomain = 
document.domain.toLowerCase(),.                referDomain = (docu
<<< skipped >>>

GET /userdata/2015/08/19/00/52330314.jpg.small.jpg HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qazwsxedcrfvtgbyhnujmikolpmnbvcxza5.qazwsxedcrfvtgbyhnujmikolpmnbvcxzasdfghjkl.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Tue, 18 Aug 2015 16:52:33 GMT

Accept-Ranges: bytes

ETag: "f126147d6d9d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 11:15:46 GMT

Content-Length: 7970
......JFIF.....`.`.....C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222...........".....................................
.......................}........!1A..Qa."q.2....#B...R..$3br........%&
'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................
......................................................................
.............................w.......!1..AQ.aq."2...B.....#3R..br...$4
.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................
................................................................?..x.9
.......v8O.W......}......;.W..E...E;.>...|........."#./..*..C.;....
...&..Z.r..s..>O......9...Ah..'.m..|..~..:..si..$l.c...O..?h.e.2J".
\.....A$.TD..[.........SK.Q.[$c....._....3-........'...4K....-#..u{.w.
.._..o.... ..U.......kCqF....m.|@..J-.O....Y.......> A...d...>.q
.&-..L..:.....O.^Ak.i.......@H\...j/.i.#_.......Q...>..qm^Q..#.wk..
ksmy.........5l#./.. ..4hb..O.{9$<.r....X..k..'...[.....z^........)
v.....*...Q..k..../$...j..s....b.P........B...C...V..,.......N..A#4..C
...up..l..Stf....,.....>....!......Q\. ..(..B......>t.9.P...Ey.2
..)'...4.q.s.1.V..1.T....c.z...l...........G4.%mJ......f.........U.NO7
R.'.z.O.U.m.oQ...../.t 8Y.r.G....yN...W_....f..........U.n8...P.....lT
...d.:t.....I.9..dU.`...z.....J......d.;......../.qEE./.9....WPqU.....
Wc.$..x..O..^...#.g......H...w.}....v..Uk.<}..|.h..!.Q....-.:0....5
....[..n|..J..=9....5..>......T..=>...}........R.....if....5
<<< skipped >>>

GET /img/dldldl.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8888.89919.com

Connection: Keep-Alive

Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Sat, 02 Nov 2013 09:50:33 GMT

Accept-Ranges: bytes

ETag: "dc133bf9b0d7ce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 10:56:56 GMT

Content-Length: 627
GIF89aa.!...........t..t..s..q..}...........n..w..z...................
..........x............................!.......,....a.!.... .1Ji.h..l.
.0.qWA.x..|....pH(\...r.l:...sJ.6K..v .r}..X....ht..CT.?He>.L..Jd\.
.:..........a>....{b}Vxw............>....ii...|R\......a....>
.........[.....9......>...._.V.....h...A.....\.....`....h..Z...v...
..pt0cG...uN. . .G.K.D-.CqZE:.. d....[..$...B.t9".....Y...Zm9 ...r...C
..AD....0P(f=1...@....=-W.]c4.=3k|........  .. A.1].f....WU.7.C.VL.;..
......d>;..D!.0.."[email protected].>.=7u...<.ld..@..'.h....a.c...,.. .
..N.K.Q......f..0.V.....'[email protected]#.
..E$p.`..........C..;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Mo
dified: Sat, 02 Nov 2013 09:50:33 GMT..Accept-Ranges: bytes..ETag: "dc
133bf9b0d7ce1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Da
te: Tue, 25 Aug 2015 10:56:56 GMT..Content-Length: 627..GIF89aa.!.....
......t..t..s..q..}...........n..w..z.............................x...
.........................!.......,....a.!.... .1Ji.h..l..0.qWA.x..|...
.pH(\...r.l:...sJ.6K..v .r}..X....ht..CT.?He>.L..Jd\..:..........a&
gt;....{b}Vxw............>....ii...|R\......a....>.........[....
.9......>...._.V.....h...A.....\.....`....h..Z...v.....pt0cG...uN. 
. .G.K.D-.CqZE:.. d....[..$...B.t9".....Y...Zm9 ...r...C..AD....0P(f=1
...@....=-W.]c4.=3k|........  .. A.1].f....WU.7.C.VL.;........d>;..
D!.0.."[email protected].>.=7u...<.ld..@..'.h....a.c...,.. ...N.K.Q......f
..0.V.....'[email protected]#...E$p.`...
<<< skipped >>>

GET /newskin9371/images/rqcode.gif HTTP/1.1

Accept: */*

Referer: hXXp://8888.89919.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 8888.89919.com

Connection: Keep-Alive

Cookie: ASP.NET_SessionId=noxzfm55f4gdq3554d2kzq45

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 28 Jan 2014 19:45:07 GMT

Accept-Ranges: bytes

ETag: "a657c372611ccf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Tue, 25 Aug 2015 10:57:06 GMT

Content-Length: 6930
GIF89af.f.............................................................
..................E0..v.iI.D0..S..a..z#fC._?.lG.[=.=*.[?.,.....sH.;%..
e.>'.T6.b?..U..p#iC.H...]!mH.X:.G/.@ .gE.H2.!..tH.nE.lE.^<.?(.E-
.lH....P/.?&.`<.W7.L0.H-.D .\;.W8.W7.Y9."..6$.D-.1!....E'.S1.A(.$..
;%.W7.I..R4.='.#..<(.A&.N0.3 .A).<&....!..@%....&..#............
......................................................................
......................................................................
......................................................................
.............................~~~|||zzzxxxwwwuuusssqqqooommmkkkiiifffee
ebbbaaa^^^\\\[[[XXXWWWTTTSSSPPPOOOMMMKKKIIIGGGEEECCC@@@>>><
;<<:::888666444333111///---***(((&&&%%%###!!!...................
............................................!.......,....f.f........H.
.....*\......#J.H.....3j...`,r C..I.......,. ..h.x%..R.AI..}JHK.Hn....
F.hH\...........!....2...8K........J(.*........).....;V....w...;...d.o
.....Z.....%.."c.(....0.]y....V..v....K...b.....'!....6..:.SK..\...`..
.....`.fC.?...R.7....M....=....#...........m.........v=..h.N.=Af....x.
..C....1.].]....]j.P..,.D(!P...G!.dHI".=3N1.H".8..dI..Lr..,z.X.....7..
#^9.." h..r........5X.0PEpH..a7.oz..Uk.e.dW....&l..$k.5.VK....ZO5#....
4]u.@%.!zx7.#......,..*.de.q.,..$z<b...Z.Y*.0b."[email protected]]5d....@
.O...T.0..q....5.f....`>"...Z....@.).I.b..r.i..~...y....S..z.....].
.@.@*....S...@ .v.&.... .N.jgl...N8..K.%.V.....`I.....8..[N>......p
..S..8n.V..*A.......&.[...%.....S...\[[email protected].
<<< skipped >>>