r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7037
Expires: Sat, 04 Feb 2023 09:46:06 GMT
Date: Sat, 04 Feb 2023 07:48:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4866
Expires: Sat, 04 Feb 2023 09:09:55 GMT
Date: Sat, 04 Feb 2023 07:48:49 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 07:43:37 GMT
content-type: application/json
age: 312
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6694
Expires: Sat, 04 Feb 2023 09:40:23 GMT
Date: Sat, 04 Feb 2023 07:48:49 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: nnUZLa38D175ozH3EuTALLMNzbT9k9fVA4FTco0WI02hdYCytZbDIWrnyKoa3ovZVei/r9ezWAU=
x-amz-request-id: 0D8S7RHKW8J7F6YY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 06:52:44 GMT
age: 3365
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 07:48:49 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 06:49:07 GMT
age: 3582
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5623
Expires: Sat, 04 Feb 2023 09:22:32 GMT
Date: Sat, 04 Feb 2023 07:48:49 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IRGzvqqijnI4yU2YFl4UDA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NF+h7r/3pKfuUhXPR6Svb0WoH2Y=
12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
200 OK 17 kB URL HTTP/1.1 12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
IP
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 82a8fe4c3048021b0fa1d07bf30a76d5
ea109a21375a994921ca8a62f61f42271b85f8da
7cddc50b74ccb640b2e998786b0eee263fcff86ed1144fb592fd0626c3943827
Analyzer Verdict Alert fortinet Malware
GET /down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:49 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/css/global.css
200 OK 7.6 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/css/global.css
IP
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (710)
Hash b2502d4c36bc519e47bce519ffb3a295
d252dd5c34dbd231f5c120d8f45ded16e0aa3f4c
10bec4c97bde3cac4a43e4d86604e1ff2c54926ec350419e404435f0616d1a1a
GET /template/company/duote-xiazai/css/global.css HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:50 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:20:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6b-935f"
Expires: Sat, 04 Feb 2023 19:48:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/js/orsxg5a.script
200 OK 531 B URL HTTP/1.1 12855.url.tudown.com/js/orsxg5a.script
IP
ASN #137951 Clayer Limited
File type HTML document, ASCII text, with CRLF line terminators
Hash 39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15
Analyzer Verdict Alert fortinet Malware
GET /js/orsxg5a.script HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/css/soft.css
200 OK 8.6 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/css/soft.css
IP
ASN #137951 Clayer Limited
Hash 952b2841668e8303c2ee8bc817394790
1e7d159d8d75df0112f06eedab3ecd62b7075a52
51c463da96c71adce2a234968d1e46949fa82804f680861cb6562da84239e209
GET /template/company/duote-xiazai/css/soft.css HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:50 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6e-a090"
Expires: Sat, 04 Feb 2023 19:48:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/css/news.css
200 OK 1.5 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/css/news.css
IP
ASN #137951 Clayer Limited
Hash 4d5f155ee78bab18dd989f8fedda8ebc
d3e3353e7a3da786e2a1342ca13407fd432e3398
6754cc7b30008e41d53b0ebfb6b52a0c59712348880d235a77a07c3af02d9886
GET /template/company/duote-xiazai/css/news.css HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:50 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6d-16fd"
Expires: Sat, 04 Feb 2023 19:48:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/css/message.css
200 OK 1.6 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/css/message.css
IP
ASN #137951 Clayer Limited
Hash 90d699f8127fe2e7210c0f31f0b90bb0
245191b7026614b76c7234e8e82724d463d4adf1
50d4eaf1d089edb739f43068f78330d22700b47f9ea8acb14fa5606637aeaf23
GET /template/company/duote-xiazai/css/message.css HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:50 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6d-17a8"
Expires: Sat, 04 Feb 2023 19:48:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/css/scrollbar.css
200 OK 353 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/css/scrollbar.css
IP
ASN #137951 Clayer Limited
Hash 6fc35ccb15b461bc6b549a85ea398894
21581ad4fc3db4acc99bb2fb4ed2fde1dfa50049
8d88f6d1d76a2cf300e9378742dc29f48060c9747cfdeb6b05050cf25cc5ebfb
GET /template/company/duote-xiazai/css/scrollbar.css HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:50 GMT
Content-Type: text/css
Content-Length: 353
Last-Modified: Sun, 06 Nov 2022 08:21:02 GMT
Connection: keep-alive
ETag: "63676e6e-161"
Expires: Sat, 04 Feb 2023 19:48:50 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
12855.url.tudown.com/template/company/duote-xiazai/css/scrollStyle.css
404 Not Found 146 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/css/scrollStyle.css
IP
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /template/company/duote-xiazai/css/scrollStyle.css HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 04 Feb 2023 07:48:50 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
12855.url.tudown.com/template/company/duote-xiazai/js/jquery.min.js
200 OK 37 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/js/jquery.min.js
IP
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d4e282e0e1e69d378568eac0d45bfd24
8b62528373788e473676aa025a72aae45ec17d01
b5bbdf5ae69bfc2b39919ac018f41b27efac22f98ab92848db65022eb03dfd12
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/jquery.min.js HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:50 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e99-16f44"
Expires: Sat, 04 Feb 2023 19:48:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/css/jquery-ui.min.css
200 OK 8.9 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/css/jquery-ui.min.css
IP
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (29165), with CRLF line terminators
Hash fd0bdc561b4f37fa8e4539d86c5fd0e4
663b932af8ef82dff4cfeb56351bd32853e54804
98161b22bc6e6613ecf1c230ff9664ba032c3abfe8d6a4079263f9daeb1829db
GET /template/company/duote-xiazai/css/jquery-ui.min.css HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:50 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6d-7d6e"
Expires: Sat, 04 Feb 2023 19:48:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/js/duotecommon_top.js
200 OK 799 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/js/duotecommon_top.js
IP
ASN #137951 Clayer Limited
Hash ac93d373f5090fbc3e8a7152aab7170d
160c0bc3072bccced250979b7999ae060941eb06
e15e1cefcdcd40db68eecbd7a02af32a8a97e5749791b07b434f8454408c1570
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/duotecommon_top.js HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:50 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e96-a0b"
Expires: Sat, 04 Feb 2023 19:48:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/css/index.css
200 OK 3.6 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/css/index.css
IP
ASN #137951 Clayer Limited
Hash fbfd831dee308c5094076e0b4022a222
fa69c04bf3f0c911d2b1697717e05706362f0c57
ab5a9d33745256917eb22abecd3d8ed4790e612720f2a743206d00b85aa5ff4f
GET /template/company/duote-xiazai/css/index.css HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:50 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6c-42b3"
Expires: Sat, 04 Feb 2023 19:48:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/css/teach.css
200 OK 4.1 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/css/teach.css
IP
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (499)
Hash 16ca38b11b525a142c6086c2c2802545
88ed9d1c7088344b24f18132ad025ed63623bb7e
c7d5eef240fb383c039b0141854336a78a07597b0bff022ae71514e913351d7a
GET /template/company/duote-xiazai/css/teach.css HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:50 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e70-503f"
Expires: Sat, 04 Feb 2023 19:48:50 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/js/super_slider.js
200 OK 741 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/js/super_slider.js
IP
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (1844)
Hash 64d8d6bbbe2129e883c5af163b76600d
5c0f7df223f7f0ca25cc5c8247ae8b8f0cae4805
66f01728ee43d433d4fd4c0409354667cc543ae51cd362376d3f053da321369b
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/super_slider.js HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676ea0-763"
Expires: Sat, 04 Feb 2023 19:48:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ocsp.digicert.cn/
200 OK 471 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 04 Feb 2023 07:48:51 GMT
Last-Modified: Sat, 04 Feb 2023 07:12:34 GMT
ETag: "63de0562-1d7"
Expires: Mon, 06 Feb 2023 07:12:34 GMT
Cache-Control: max-age=170623
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1675496931
Via: cache12.l2de2[48,47,200-0,M], cache12.l2de2[50,0], cache2.se1[71,71,200-0,M], cache2.se1[73,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 07:48:51 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9616754969312864845e
12855.url.tudown.com/template/company/duote-xiazai/js/index.js
200 OK 2.3 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/js/index.js
IP
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with very long lines (8638)
Hash a1f3815ea981db7480ca3c4d5d54aac6
f3961cccb17dc2190e2a8c249d936d0b1185fd7e
7adb4d2ea2856125d829deeabfc70e92f87a5e50f84187ed8d570b810c807d6f
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/index.js HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e97-223b"
Expires: Sat, 04 Feb 2023 19:48:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/js/soft_comment.js
200 OK 1.4 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/js/soft_comment.js
IP
ASN #137951 Clayer Limited
Hash 33db5499343abb12f6c7d980cfdf5af0
ca9f7d2be1dd0f229f709b2effd22d57413fc7d4
3ca1208b56597372cccafd9817375f08e7e85ab84b310cb882ff8a76bac1c388
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/soft_comment.js HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676ea0-f1c"
Expires: Sat, 04 Feb 2023 19:48:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/js/clickdown_stat_ajax.js
200 OK 577 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/js/clickdown_stat_ajax.js
IP
ASN #137951 Clayer Limited
Hash d2fd0ff89c3e773f8cfb6e5e57ae2909
537114b9b969f30770ba619a17d217bb69efb759
9665a3c5c2aa7e032819815b24dccc0dd5fbfbbef8876d7d42dfe2751e06d8f7
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/clickdown_stat_ajax.js HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e96-57a"
Expires: Sat, 04 Feb 2023 19:48:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/js/new_global.js
200 OK 592 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/js/new_global.js
IP
ASN #137951 Clayer Limited
Hash 232fd4a41f68cb95c02a365b6aca84e9
4d17747184f32abc1b922759c510bdbab4eccedd
0d50c1f4db8f330ef99775e40dadb29b531eb33314540560567b1f2623d4885e
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/new_global.js HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e9d-685"
Expires: Sat, 04 Feb 2023 19:48:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/template/company/duote-xiazai/images/stars.png
200 OK 409 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/images/stars.png
IP
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/stars.png HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/template/company/duote-xiazai/css/global.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:35 GMT
Connection: keep-alive
ETag: "63676e8f-199"
Accept-Ranges: bytes
ocsp.digicert.cn/
200 OK 471 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 07:48:51 GMT
Ali-Swift-Global-Savetime: 1675496931
Via: cache14.l2de2[184,183,200-0,M], cache14.l2de2[184,0], cache1.se1[206,206,200-0,M], cache1.se1[207,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 07:48:51 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9516754969312866509e
ocsp.digicert.cn/
200 OK 471 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 04 Feb 2023 07:48:51 GMT
Last-Modified: Sat, 04 Feb 2023 07:12:34 GMT
ETag: "63de0562-1d7"
Expires: Mon, 06 Feb 2023 07:12:34 GMT
Cache-Control: max-age=170623
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1675496931
Via: cache14.l2de2[293,293,200-0,M], cache14.l2de2[295,0], cache5.se1[315,315,200-0,M], cache5.se1[317,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 07:48:51 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9916754969312855137e
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fc91044ea257e54846f8dd907b48d29e
6d2231e05dabe5ee55f8dbf8687d7b7a92c25d64
8e77e1a87ab035ed1affd01159d1c899e46d7c247d0bc085dd57d1b1c6fed830
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E77E1A87AB035ED1AFFD01159D1C899E46D7C247D0BC085DD57D1B1C6FED830"
Last-Modified: Thu, 02 Feb 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2567
Expires: Sat, 04 Feb 2023 08:31:38 GMT
Date: Sat, 04 Feb 2023 07:48:51 GMT
Connection: keep-alive
ocsp.digicert.cn/
200 OK 471 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 04 Feb 2023 07:48:51 GMT
Last-Modified: Sat, 04 Feb 2023 07:12:34 GMT
ETag: "63de0562-1d7"
Expires: Mon, 06 Feb 2023 07:12:34 GMT
Cache-Control: max-age=170623
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1675496931
Via: cache14.l2de2[311,310,200-0,M], cache14.l2de2[312,0], cache4.se1[332,332,200-0,M], cache4.se1[334,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 07:48:51 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9816754969312855291e
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6290
Expires: Sat, 04 Feb 2023 09:33:41 GMT
Date: Sat, 04 Feb 2023 07:48:51 GMT
Connection: keep-alive
img4.duote.com/duoteimg/dtnew_recom_img/duoteself/softdown_1.js
200 OK 361 B URL HTTP/2 img4.duote.com/duoteimg/dtnew_recom_img/duoteself/softdown_1.js
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (361), with no line terminators
Hash d7877f2308efe72c7913b65816859daa
755606b601ae85ebcbf0dd47660fb028d1bf30d7
3af5e226f01cd0faf44433ba44517cc6b0fe9596de061a613c8d719227cc2c1a
GET /duoteimg/dtnew_recom_img/duoteself/softdown_1.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 361
date: Wed, 04 Jan 2023 10:48:37 GMT
x-oss-request-id: 63B55985341EC4383238B58D
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "D7877F2308EFE72C7913B65816859DAA"
last-modified: Wed, 04 Jan 2023 09:53:30 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13587884656729146177
x-oss-storage-class: Standard
x-oss-meta-mtime: 1672826010
x-oss-expiration: expiry-date="Thu, 05 Jan 2023 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: CAEQVxiBgMCnu.bwqxgiIGMwYmRlOGE3NDQ3MjQxYmY4Y2NiYWYyOWExMzU2Zjdi
content-md5: 14d/Iwjv5yx5E7ZYFoWdqg==
x-oss-server-time: 26
ali-swift-global-savetime: 1672829317
via: cache42.l2cn3037[0,0,200-0,H], cache35.l2cn3037[1,0], ens-vcache1.cn5274[0,0,200-0,H], ens-vcache25.cn5274[1,0]
age: 2667614
x-cache: HIT TCP_MEM_HIT dirn:12:299221420
x-swift-savetime: Wed, 04 Jan 2023 11:29:37 GMT
x-swift-cachetime: 15549540
timing-allow-origin: *
eagleid: deba11ac16754969315123081e
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 392b61306c346508d3ac4a2f28218f9c
d2de32b52e0d3f4fc6acaf687b3521294b01dc03
018712a4d6734b84ac1777124f97dae4d93b1e5b297a5dcfe0955b52710b8a35
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G8F3Fflod6HB4QFtjpD09xzi-2LKPw_DBJT0PKYKU3bs3pvOwO_LRw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:32 GMT
age: 34699
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F043bf414-ba77-4973-9779-d0c124ae0baf.jpeg
200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F043bf414-ba77-4973-9779-d0c124ae0baf.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 28099f5ad8a27e5a49a0d1c842486329
d47caba75b363a4c008e5a9a9d0b8e39d9fa4abd
1d798d35ceae594d86fa43aa0ef47b962c52bb1557e17dda9b294bd01f374b3a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F043bf414-ba77-4973-9779-d0c124ae0baf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8352
x-amzn-requestid: 80032cef-14cd-4f56-9830-8c74891ed00f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEqQFDJIAMFspQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8174-6d3310287fc74bb27e9b038a;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:49:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fAgrJvhZVkG4PsCQPTpyr3pzjFm0KzcoiP6BmcGmecYdamwIMjHMng==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:01 GMT
age: 34730
etag: "d47caba75b363a4c008e5a9a9d0b8e39d9fa4abd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:04 GMT
age: 36047
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 34698
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6kDIOqhM4aVL80sF02uFu2TuGbiBE7_L_S2W7x-P46hO5YZFmuL9nQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 34521
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b5c35cdff2fb0758db780212b0b1f77
edbb557a3bf57128467335685aebbd4831d802f8
e0fa59843073ba8bd171c66610bc1b3d59a1a94c4991e6023507b9453ca0edba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9349
x-amzn-requestid: ecd1913d-7dbe-4ffd-ba85-0549aab51a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyayOGPlIAMFQ7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dda4da-6a9b8d146155fa8b6c1c02d6;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 00:20:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jGBEz2d-SXXPBZhwlJgR4w248y-NY2c-18euLre5PULjWUIfhfUmNQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 00:20:43 GMT
etag: "edbb557a3bf57128467335685aebbd4831d802f8"
content-type: image/jpeg
age: 26888
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
12855.url.tudown.com/template/company/duote-xiazai/js/keyword_new.js
200 OK 63 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/js/keyword_new.js
IP
ASN #137951 Clayer Limited
File type ASCII text, with no line terminators
Hash 827609f4f6b6dbef37e7bbb2c6cb8535
09929f83133df43c4ec28623065e3af7647a1f11
f7f82084b7a593e189a56487ea3179a61e6d8c93ec6ffdfada18e8c5e8863375
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/keyword_new.js HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: application/javascript
Content-Length: 63
Last-Modified: Sun, 06 Nov 2022 08:21:47 GMT
Connection: keep-alive
ETag: "63676e9b-3f"
Expires: Sat, 04 Feb 2023 19:48:51 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
12855.url.tudown.com/template/company/duote-xiazai/js/scrollbar.js
200 OK 738 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/js/scrollbar.js
IP
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (1755)
Hash 941e223b206b2f389ba88e5c62146e05
1ea47333441413a3afd2fbc6e335810513cd3b5f
c0034343dbd842fc5ba9dfae6be7145ec000eb017fc0ca9a7fd6e245811df660
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/scrollbar.js HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e9e-707"
Expires: Sat, 04 Feb 2023 19:48:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
img4.duote.com/duoteimg/dtnew_assets/pc/js/soft/auto_complete.js
200 OK 1.0 kB URL HTTP/2 img4.duote.com/duoteimg/dtnew_assets/pc/js/soft/auto_complete.js
IP
Hash 8c6a6de562181b71d2867e2711f31df9
6e3aed7b36431b15293f6a3a1c66567a6fec5334
f65233dc7f87033f78a736238467c78ce1973af259b67f932c285a0f180174ee
GET /duoteimg/dtnew_assets/pc/js/soft/auto_complete.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 1015
date: Wed, 19 Oct 2022 02:18:07 GMT
vary: Accept-Encoding
x-oss-request-id: 634F5E5F9F5C5134319809A9
x-oss-cdn-auth: success
last-modified: Wed, 19 Oct 2022 02:15:25 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3181168464323094172
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Thu, 20 Oct 2022 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: CAEQVRiBgICaq4y4nxgiIDJjNjljMDkwMWY0MjQ4N2JhZTA2NmEwOWJkZmNhMWYx
content-md5: 5qfmF/GrELbus726BAkyLQ==
x-oss-server-time: 11
content-encoding: gzip
ali-swift-global-savetime: 1666145887
via: cache71.l2cn3037[0,0,200-0,H], cache1.l2cn3037[1,0], ens-vcache29.cn5274[0,0,200-0,H], ens-vcache25.cn5274[1,0]
age: 9351044
x-cache: HIT TCP_HIT dirn:11:216046172
x-swift-savetime: Sun, 01 Jan 2023 07:31:10 GMT
x-swift-cachetime: 9139617
timing-allow-origin: *
eagleid: deba11ac16754969316453201e
X-Firefox-Spdy: h2
ocsp.digicert.cn/
200 OK 471 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 07:48:51 GMT
Ali-Swift-Global-Savetime: 1675496931
Via: cache4.l2de2[472,472,200-0,M], cache4.l2de2[474,0], cache2.se1[495,494,200-0,M], cache2.se1[495,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 07:48:51 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9616754969312864844e
12855.url.tudown.com/uploads/images/679799.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/679799.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/679799.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=855956760,922258746&fm=224&app=112&f=JPEG?w=500&h=500
12855.url.tudown.com/uploads/images/logo.png?n=4s4k3znrwhs3raxfxo5oplmr46tzdzukqdtjlgpiqkzojofn4w7yg&w=250
200 OK 3.3 kB URL HTTP/1.1 12855.url.tudown.com/uploads/images/logo.png?n=4s4k3znrwhs3raxfxo5oplmr46tzdzukqdtjlgpiqkzojofn4w7yg&w=250
IP
ASN #137951 Clayer Limited
File type PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Hash 104c64465f33e665f7c527a2e488b9ba
735af02115973bfd82e2de24b0e84411b05f2118
8a1696265b5ac18c16483e94ad81a5a1e376a21fc7e4b659c994785b6c758545
GET /uploads/images/logo.png?n=4s4k3znrwhs3raxfxo5oplmr46tzdzukqdtjlgpiqkzojofn4w7yg&w=250 HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
img4.duote.com/duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js
200 OK 895 B URL HTTP/2 img4.duote.com/duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js
IP
Hash f8f676d38231dad63dfc1144b4739051
978c21f9675780eb755412efc1ddc8fe098c5d7f
2ab62b8459e616fbc36456facba7af14984e90a3a5522a317d46cdb6f133f871
GET /duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/x-javascript
content-length: 895
date: Thu, 08 Dec 2022 06:30:46 GMT
x-oss-request-id: 63918496AFFD703338923AEB
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "4C7F46FF62D37B2CC7456F8F9EB96611"
last-modified: Thu, 10 Sep 2020 02:00:56 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13670043018340852857
x-oss-storage-class: Standard
x-oss-meta-mode: 33188
x-oss-meta-mtime: 1599017058
x-oss-expiration: expiry-date="Fri, 11 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
vary: Accept-Encoding
content-md5: TH9G/2LTeyzHRW+PnrlmEQ==
x-oss-server-time: 24
content-encoding: gzip
ali-swift-global-savetime: 1670481046
via: cache8.l2cn3037[0,0,200-0,H], cache8.l2cn3037[1,0], ens-vcache24.cn5274[0,0,200-0,H], ens-vcache25.cn5274[0,0]
age: 5015885
x-cache: HIT TCP_MEM_HIT dirn:12:234291198
x-swift-savetime: Sun, 01 Jan 2023 07:02:50 GMT
x-swift-cachetime: 13476476
timing-allow-origin: *
eagleid: deba11ac16754969317603313e
X-Firefox-Spdy: h2
img4.duote.com/duoteimg/js/baidu_js_push.js
200 OK 359 B URL HTTP/2 img4.duote.com/duoteimg/js/baidu_js_push.js
IP
File type ASCII text, with CRLF line terminators
Hash f63ef5e096ef52af0cb95b8d2f3fda32
8d6dcc307c816618f7b26e1482d16d447f382e51
e0679eaf3f94f9353f167a1ebe1a8424c61631cc9be2d5a5445ba35e77f58932
GET /duoteimg/js/baidu_js_push.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 359
date: Mon, 19 Dec 2022 17:16:09 GMT
x-oss-request-id: 63A09C59AFFD70313763EF54
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "F63EF5E096EF52AF0CB95B8D2F3FDA32"
last-modified: Tue, 21 Jun 2022 08:41:11 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2603761381065918884
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Wed, 22 Jun 2022 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: CAEQUxiBgID4uNiVjBgiIDdjODgyMTExYzA2OTQ5NmU4NjMxZTI4MDZmMTc2NGEx
content-md5: 9j714JbvUq8MuVuNLz/aMg==
x-oss-server-time: 5
ali-swift-global-savetime: 1671470169
via: cache17.l2cn3037[0,0,200-0,H], cache43.l2cn3037[1,0], ens-vcache19.cn5274[0,0,200-0,H], ens-vcache25.cn5274[1,0]
age: 4026762
x-cache: HIT TCP_MEM_HIT dirn:9:233564221
x-swift-savetime: Sun, 01 Jan 2023 05:15:12 GMT
x-swift-cachetime: 14472057
timing-allow-origin: *
eagleid: deba11ac16754969317743319e
X-Firefox-Spdy: h2
www.2345.com/js/index/activity/20171111/widget.min.js
301 Moved Permanently 262 B URL HTTP/1.1 www.2345.com/js/index/activity/20171111/widget.min.js
IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 72fa0fca20c82853e6dbbc1f13c78100
4e9b01e3ad0b56c9409bb02e5700430792fecacd
4555de589ff9b307e20c708d6f112bc47bb377df29ff0a5914f8fb0932926887
GET /js/index/activity/20171111/widget.min.js HTTP/1.1
Host: www.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/
HTTP/1.1 301 Moved Permanently
Server: Tengine
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: text/html
Content-Length: 262
Connection: keep-alive
Location: https://www.2345.com/js/index/activity/20171111/widget.min.js
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Via: cache3.se1[,0]
Timing-Allow-Origin: *
EagleId: 2ff62c9716754969319031233e
img4.duote.com/duoteimg/js/front_ad.js
200 OK 0 B URL HTTP/2 img4.duote.com/duoteimg/js/front_ad.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /duoteimg/js/front_ad.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 0
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A373EC81393377A042
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "D41D8CD98F00B204E9800998ECF8427E"
last-modified: Wed, 02 Sep 2020 01:55:56 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 0
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Thu, 03 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: 1B2M2Y8AsgTpgAmY7PhCfg==
ali-swift-global-savetime: 1675307171
via: cache60.l2cn3055[0,0,200-0,H], cache64.l2cn3055[1,0], ens-vcache22.cn5274[0,0,200-0,H], ens-vcache25.cn5274[1,0]
age: 189760
x-cache: HIT TCP_MEM_HIT dirn:9:90532967
x-swift-savetime: Thu, 02 Feb 2023 12:35:26 GMT
x-swift-cachetime: 15517845
timing-allow-origin: *
eagleid: deba11ac16754969319343453e
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/287.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/287.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/287.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=949138556,2787578369&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
12855.url.tudown.com/uploads/images/919535.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/919535.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/919535.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2439718269,492867587&fm=253&fmt=auto&app=138&f=JPEG?w=343&h=500
12855.url.tudown.com/uploads/images/206084.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/206084.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/206084.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2319822749,3491519295&fm=253&fmt=auto&app=120&f=JPEG?w=690&h=976
12855.url.tudown.com/uploads/images/850722.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/850722.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/850722.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2699299409,2929288944&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=695
12855.url.tudown.com/template/company/duote-xiazai/images/soft-down.png
200 OK 409 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/images/soft-down.png
IP
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/soft-down.png HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/template/company/duote-xiazai/css/soft.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:32 GMT
Connection: keep-alive
ETag: "63676e8c-199"
Accept-Ranges: bytes
12855.url.tudown.com/template/company/duote-xiazai/images/softfastdownbtn.png
200 OK 409 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/images/softfastdownbtn.png
IP
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/softfastdownbtn.png HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/template/company/duote-xiazai/css/soft.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:33 GMT
Connection: keep-alive
ETag: "63676e8d-199"
Accept-Ranges: bytes
ocsp2.globalsign.com/gsorganizationvalsha2g2
200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
Hash 2d1a15af936b883451dbf3d75568f863
fc4961b5f0041dc198464c6dda01183cb07ef0ae
b85ef4c0fe7a48d851368152ecd1cf3f17611ed52c2a11936e5d3ae01d932e9d
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 04:50:17 GMT
ETag: "fc4961b5f0041dc198464c6dda01183cb07ef0ae"
Last-Modified: Sat, 04 Feb 2023 04:50:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 298
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7941ce7389e8b50f-OSL
ocsp.trust-provider.cn/
200 OK 599 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 07:34:16 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=600332,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 7941b9130c2f3650-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675496056
via: cache2.l2de2[0,0,304-0,H], cache15.l2de2[1,0], cache3.se1[21,21,200-0,H], cache5.se1[22,0], cache1.se1[25,0]
age: 876
x-cache: HIT TCP_REFRESH_HIT dirn:11:208718372
x-swift-savetime: Sat, 04 Feb 2023 07:48:52 GMT
x-swift-cachetime: 924
timing-allow-origin: *, *
eagleid: 2ff62c9516754969324667529e, 2ff62c9516754969324667529e
ocsp.trust-provider.cn/
200 OK 599 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 07:34:16 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=600332,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 7941b9130c2f3650-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675496056
via: cache2.l2de2[0,0,304-0,H], cache17.l2de2[1,0], cache5.se1[20,20,200-0,H], cache5.se1[22,0], cache7.se1[25,0]
age: 876
x-cache: HIT TCP_REFRESH_HIT dirn:11:187066771
x-swift-savetime: Sat, 04 Feb 2023 07:48:52 GMT
x-swift-cachetime: 924
timing-allow-origin: *, *
eagleid: 2ff62c9b16754969324665353e, 2ff62c9b16754969324665353e
ocsp.trust-provider.cn/
200 OK 599 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 07:34:16 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=600332,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 7941b9130c2f3650-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675496056
via: cache2.l2de2[0,0,304-0,H], cache17.l2de2[1,0], cache5.se1[20,19,200-0,C], cache5.se1[22,0], cache4.se1[25,0]
age: 876
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 04 Feb 2023 07:48:52 GMT
x-swift-cachetime: 924
timing-allow-origin: *, *
eagleid: 2ff62c9816754969324656271e, 2ff62c9816754969324656271e
ocsp.trust-provider.cn/
200 OK 599 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 07:34:16 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=600332,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 7941b9130c2f3650-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675496056
via: cache2.l2de2[0,0,304-0,H], cache17.l2de2[1,0], cache5.se1[20,13,200-0,C], cache5.se1[22,0], cache3.se1[25,0]
age: 876
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 04 Feb 2023 07:48:52 GMT
x-swift-cachetime: 924
timing-allow-origin: *, *
eagleid: 2ff62c9716754969324631726e, 2ff62c9716754969324631726e
ocsp.trust-provider.cn/
200 OK 599 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 07:34:16 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=600332,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 7941b9130c2f3650-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675496056
via: cache2.l2de2[0,0,304-0,H], cache17.l2de2[1,0], cache5.se1[20,19,200-0,C], cache5.se1[22,0], cache5.se1[23,0]
age: 876
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 04 Feb 2023 07:48:52 GMT
x-swift-cachetime: 924
timing-allow-origin: *, *
eagleid: 2ff62c9916754969324666151e, 2ff62c9916754969324666151e
12855.url.tudown.com/common/ipnotice/
200 OK 17 kB URL HTTP/1.1 12855.url.tudown.com/common/ipnotice/
IP
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash a2ccd0ed238380f3d69c5e671e7596fe
ff4fdfbdf8b7bd0d5a20891132b8363adeeb358d
33917b794bb721fb1754606ba411464b7358d0ad898ace22dad7820ab3b665ef
Analyzer Verdict Alert fortinet Malware
GET /common/ipnotice/ HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
bdcode.2345.com/source/g/common/by/ht_jy_qx.js
200 OK 2.2 kB URL HTTP/1.1 bdcode.2345.com/source/g/common/by/ht_jy_qx.js
IP
File type ASCII text, with very long lines (5412), with no line terminators
Hash a24aa57f37fade8a8f602cf6fbe18099
e04db672e4ff870068e25b9a647b830118c04a66
8f96cdb4046dacee423c13de3908938c42965f63f2bcd1c718f756bfcd0f36db
Analyzer Verdict Alert fortinet Malware
GET /source/g/common/by/ht_jy_qx.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2207
Connection: keep-alive
Cache-Control: max-age=14400
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 11:48:52 GMT
Last-Modified: Sun, 29 Jan 2023 02:02:23 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c202e3eb047637df-143
Server: yunjiasu
bdcode.2345.com/common/xsoa-r/openjs/pu/ao.js
200 OK 2.2 kB URL HTTP/1.1 bdcode.2345.com/common/xsoa-r/openjs/pu/ao.js
IP
File type ASCII text, with very long lines (5409), with no line terminators
Hash d19bdae2e7e260cf8d073f646b1327b1
f11ad6bbb5854b91f30ae1d1d9e40b0735648a49
db04653da94f0ab49ba4af223faa764d36bdd60a1aa1dcb1fc773512d100bce5
Analyzer Verdict Alert fortinet Malware
GET /common/xsoa-r/openjs/pu/ao.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2200
Connection: keep-alive
Cache-Control: max-age=3600
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 08:48:52 GMT
Last-Modified: Sun, 29 Jan 2023 02:02:23 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c202e3eb801d37e1-143
Server: yunjiasu
12855.url.tudown.com/template/company/duote-xiazai/images/icon-sprites.png
200 OK 1.2 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/images/icon-sprites.png
IP
ASN #137951 Clayer Limited
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash cc3e19fad8a144bf1e7bf400678f99cb
6ac3ec9a26fdec416640a98d24564ddee9886999
1725f9122ad4ec5075cd0967aef3ef5aff312d90e17a33b854d71434f7cbba4c
GET /template/company/duote-xiazai/images/icon-sprites.png HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/template/company/duote-xiazai/css/soft.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/png
Content-Length: 1160
Last-Modified: Sun, 06 Nov 2022 08:21:18 GMT
Connection: keep-alive
ETag: "63676e7e-488"
Accept-Ranges: bytes
12855.url.tudown.com/template/company/duote-xiazai/images/like.png
200 OK 409 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/images/like.png
IP
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/like.png HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/template/company/duote-xiazai/css/soft.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:22 GMT
Connection: keep-alive
ETag: "63676e82-199"
Accept-Ranges: bytes
12855.url.tudown.com/template/company/duote-xiazai/images/left.png
200 OK 409 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/images/left.png
IP
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/left.png HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/template/company/duote-xiazai/css/soft.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:20 GMT
Connection: keep-alive
ETag: "63676e80-199"
Accept-Ranges: bytes
12855.url.tudown.com/template/company/duote-xiazai/images/dislike.png
200 OK 295 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/images/dislike.png
IP
ASN #137951 Clayer Limited
File type PNG image data, 16 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash a23e4dc6044953a149d0eb87aa9df5a4
48ab906d07b8d3265c0de7255d41d5352df29b9d
0342c264fcaac6c9fb4c0ea801d56145043dcd37613bddc633a6333c783eb2b9
GET /template/company/duote-xiazai/images/dislike.png HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/template/company/duote-xiazai/css/soft.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/png
Content-Length: 295
Last-Modified: Sun, 06 Nov 2022 08:21:09 GMT
Connection: keep-alive
ETag: "63676e75-127"
Accept-Ranges: bytes
img1.duote.com/duoteimg/zhuanti/comment/images/4.gif
200 OK 1.7 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/4.gif
IP
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 9429cb260cbf87e528d14cf6baaf2b5b
eb067540c3b93c515efbc46b5a1cb4c7bcb16ff7
4cce9443159a3c082fbf59610efbf5ef9b92d5422bce4bbe8ef43d1bcc8d0475
GET /duoteimg/zhuanti/comment/images/4.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1706
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3DFFFCE35347F52A3
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "9429CB260CBF87E528D14CF6BAAF2B5B"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 875222251737355829
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: lCnLJgy/h+Uo0Uz2uq8rWw==
x-oss-server-time: 88
ali-swift-global-savetime: 1675307171
via: cache5.l2cn3055[0,0,200-0,H], cache65.l2cn3055[2,0], vcache3.cn4730[0,0,200-0,H], vcache22.cn4730[2,0]
age: 189761
x-cache: HIT TCP_HIT dirn:11:185880632
x-swift-savetime: Thu, 02 Feb 2023 03:07:59 GMT
x-swift-cachetime: 15551892
timing-allow-origin: *
eagleid: 3ad72f2a16754969325004815e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/10.gif
200 OK 2.1 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/10.gif
IP
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 8535863eee1ae5dfffa4f25a79cffa10
ae60588f804b611794c725429927f1a37c31a6e5
13fd5ae010e7d97dc637a2ec0537a28a8d74dac1f1480fa87279ae226e13e535
GET /duoteimg/zhuanti/comment/images/10.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 2105
date: Tue, 03 Jan 2023 14:51:52 GMT
x-oss-request-id: 63B44108DA57CC3430E71280
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "8535863EEE1AE5DFFFA4F25A79CFFA10"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 720901678692586227
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: hTWGPu4a5d//pPJaec/6EA==
x-oss-server-time: 80
ali-swift-global-savetime: 1672757512
via: cache79.l2cn3055[0,0,200-0,H], cache73.l2cn3055[2,0], vcache27.cn4730[0,0,200-0,H], vcache22.cn4730[2,0]
age: 2739420
x-cache: HIT TCP_HIT dirn:10:376752577
x-swift-savetime: Thu, 02 Feb 2023 03:08:32 GMT
x-swift-cachetime: 13002200
timing-allow-origin: *
eagleid: 3ad72f2a16754969325004817e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/9.gif
200 OK 1.7 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/9.gif
IP
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 52c2ef213baaff54c731557b999a0bf7
804e7ac80e4255b27247350265bbc92ce8d075bb
6bc6cc4739fbf0b9257b84549097c06651f82bcb2edef386710f4bb88e5b1676
GET /duoteimg/zhuanti/comment/images/9.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1733
date: Tue, 03 Jan 2023 11:51:50 GMT
x-oss-request-id: 63B416D62B654B3335D3555D
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "52C2EF213BAAFF54C731557B999A0BF7"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7207152638915174298
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: UsLvITuq/1THMVV7mZoL9w==
x-oss-server-time: 135
ali-swift-global-savetime: 1672746710
via: cache4.l2cn3055[0,0,200-0,H], cache55.l2cn3055[1,0], vcache10.cn4730[0,0,200-0,H], vcache22.cn4730[2,0]
age: 2750222
x-cache: HIT TCP_HIT dirn:10:171407477
x-swift-savetime: Thu, 02 Feb 2023 03:08:04 GMT
x-swift-cachetime: 12991426
timing-allow-origin: *
eagleid: 3ad72f2a16754969325004819e
X-Firefox-Spdy: h2
s5.cnzz.com/z_stat.php?id=1277770517&web_id=1277770517
200 OK 20 B URL HTTP/2 s5.cnzz.com/z_stat.php?id=1277770517&web_id=1277770517
IP
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /z_stat.php?id=1277770517&web_id=1277770517 HTTP/1.1
Host: s5.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 20
date: Sat, 04 Feb 2023 07:36:54 GMT
vary: Accept-Encoding
x-powered-by: PHP/5.5.25
last-modified: Sat, 04 Feb 2023 07:36:54 GMT
cache-control: max-age=1800,s-maxage=3600
content-encoding: gzip
ali-swift-global-savetime: 1675496214
via: cache6.l2ea120-8[51,50,200-0,M], cache24.l2ea120-8[52,0], cache9.cn2205[0,0,200-0,H], cache18.cn2205[0,0]
age: 718
x-cache: HIT TCP_MEM_HIT dirn:12:763376962
x-swift-savetime: Sat, 04 Feb 2023 07:36:54 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: b461fb2e16754969325223072e
X-Firefox-Spdy: h2
union2.50bang.org/js/duoteall
200 OK 370 B URL HTTP/1.1 union2.50bang.org/js/duoteall
IP
ASN #138950 Jiangsu Wuxi International IDC network
File type ASCII text, with very long lines (370), with no line terminators
Hash ea6846f84df4e5786e210e9d986b198a
38f754e544f571e0605058c9288eccbac8626009
5dc14392fa00311038f15caaeecadf8c46708801d9897d6d956aa975124f7ec5
GET /js/duoteall HTTP/1.1
Host: union2.50bang.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Length: 370
12855.url.tudown.com/template/company/duote-xiazai/images/right.png
200 OK 409 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/images/right.png
IP
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/right.png HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/template/company/duote-xiazai/css/soft.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:30 GMT
Connection: keep-alive
ETag: "63676e8a-199"
Accept-Ranges: bytes
img1.duote.com/duoteimg/zhuanti/comment/images/8.gif
200 OK 1.8 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/8.gif
IP
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 15c10a442a7bd8384cd17ed420cf21e9
477ba29d0b04ec0a2950d715b58abe2db4d68cdd
153b9c74c5a92e7ec480365537cd43c9973840f3b6c72dad3032f5aeb0a4d30e
GET /duoteimg/zhuanti/comment/images/8.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1788
date: Wed, 04 Jan 2023 12:19:30 GMT
x-oss-request-id: 63B56ED2565BBE303154AA8D
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "15C10A442A7BD8384CD17ED420CF21E9"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10105978504471775518
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: FcEKRCp72DhM0X7UIM8h6Q==
x-oss-server-time: 68
ali-swift-global-savetime: 1672834770
via: cache16.l2cn3055[0,0,200-0,H], cache41.l2cn3055[1,0], vcache4.cn4730[0,0,200-0,H], vcache22.cn4730[3,0]
age: 2662162
x-cache: HIT TCP_HIT dirn:10:164606086
x-swift-savetime: Thu, 02 Feb 2023 03:08:23 GMT
x-swift-cachetime: 13079467
timing-allow-origin: *
eagleid: 3ad72f2a16754969325004820e
X-Firefox-Spdy: h2
12855.url.tudown.com/template/company/duote-xiazai/images/biaoq-icon.png
200 OK 409 B URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/images/biaoq-icon.png
IP
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/biaoq-icon.png HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/template/company/duote-xiazai/css/global.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:07 GMT
Connection: keep-alive
ETag: "63676e73-199"
Accept-Ranges: bytes
img1.duote.com/duoteimg/zhuanti/comment/images/1.gif
200 OK 1.8 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/1.gif
IP
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 26df8be954a888cd2b29429bcc7d91de
2fa6246adde0616962ed672907c5da94893ce35e
9c73781c61d66f4af9043f08da67a47653fe9662e0aabd4cfa133cfbe55eaa76
GET /duoteimg/zhuanti/comment/images/1.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1771
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3AEF36B303982E532
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "26DF8BE954A888CD2B29429BCC7D91DE"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7119512290700278717
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: Jt+L6VSoiM0rKUKbzH2R3g==
x-oss-server-time: 72
ali-swift-global-savetime: 1675307171
via: cache12.l2cn3055[0,0,200-0,H], cache59.l2cn3055[1,0], vcache19.cn4730[0,1,200-0,H], vcache22.cn4730[4,0]
age: 189761
x-cache: HIT TCP_HIT dirn:9:87652474
x-swift-savetime: Thu, 02 Feb 2023 03:08:42 GMT
x-swift-cachetime: 15551849
timing-allow-origin: *
eagleid: 3ad72f2a16754969324994813e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/6.gif
200 OK 3.5 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/6.gif
IP
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash eb575dd556470ae55acfa8350f63f3ab
5ded8852598c3cb4ff9130d24b1b7b03c558d14e
0be355d4a20f70a41fef403a817d2d27a1c5122fa1b58ef04dc884fb9a12ed7a
GET /duoteimg/zhuanti/comment/images/6.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 3468
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3C428EB3630F276FE
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "EB575DD556470AE55ACFA8350F63F3AB"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17858666986198953545
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: 61dd1VZHCuVaz6g1D2Pzqw==
x-oss-server-time: 117
ali-swift-global-savetime: 1675307171
via: cache12.l2cn3055[0,0,200-0,H], cache41.l2cn3055[1,0], vcache4.cn4730[0,0,200-0,H], vcache22.cn4730[2,0]
age: 189761
x-cache: HIT TCP_MEM_HIT dirn:9:7497928
x-swift-savetime: Thu, 02 Feb 2023 03:08:29 GMT
x-swift-cachetime: 15551862
timing-allow-origin: *
eagleid: 3ad72f2a16754969325014823e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/7.gif
200 OK 1.5 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/7.gif
IP
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 56bd697fdac1de3dbe8d4dd53e309a9b
215d4fead2dbf7bf6aeea1136749675cc5034f9e
7acdc1e69fd8d2c578ccf122054b7dab5a58a59caa255cd5585d45956136f4a3
GET /duoteimg/zhuanti/comment/images/7.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1495
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3E3631F36348B9DE4
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "56BD697FDAC1DE3DBE8D4DD53E309A9B"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 6398064933782332215
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: Vr1pf9rB3j2+jU3VPjCamw==
x-oss-server-time: 88
ali-swift-global-savetime: 1675307171
via: cache25.l2cn3055[0,0,200-0,H], cache35.l2cn3055[2,0], vcache23.cn4730[0,0,200-0,H], vcache22.cn4730[2,0]
age: 189761
x-cache: HIT TCP_HIT dirn:10:136696048
x-swift-savetime: Thu, 02 Feb 2023 03:08:45 GMT
x-swift-cachetime: 15551846
timing-allow-origin: *
eagleid: 3ad72f2a16754969325014822e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/11.gif
200 OK 7.0 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/11.gif
IP
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 0dfec8a688ee97162d852f42a0fa2a23
a6bc13493b4f2471b72b9d9e8474a9889ad2f4cb
bfef5124ff15cc50ba2eb8e6c605541b642bb5c8c18a4c618ed248522f8d44e0
GET /duoteimg/zhuanti/comment/images/11.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 6979
date: Fri, 03 Feb 2023 01:07:51 GMT
x-oss-request-id: 63DC5E67C0503936329731E6
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "0DFEC8A688EE97162D852F42A0FA2A23"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 5501157311881781066
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: Df7IpojulxYthS9CoPoqIw==
x-oss-server-time: 97
ali-swift-global-savetime: 1675386471
via: cache16.l2cn2635[0,0,200-0,H], cache54.l2cn2635[1,0], vcache7.cn4730[0,0,200-0,H], vcache22.cn4730[2,0]
age: 110461
x-cache: HIT TCP_HIT dirn:9:306531595
x-swift-savetime: Fri, 03 Feb 2023 02:43:19 GMT
x-swift-cachetime: 15546272
timing-allow-origin: *
eagleid: 3ad72f2a16754969325204844e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/3.gif
200 OK 3.0 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/3.gif
IP
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 2ea694cf637a163c094f4e88ae235ec7
8c80f708bc2b9ade2838743d1ec2f779662054e4
8824766f185db8f093dabd01f47636740f26f1a0340b8ed170e4268f36488a44
GET /duoteimg/zhuanti/comment/images/3.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 3011
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A39A01B13931D7DCBD
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "2EA694CF637A163C094F4E88AE235EC7"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8455495457239003797
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: LqaUz2N6FjwJT06IriNexw==
x-oss-server-time: 156
ali-swift-global-savetime: 1675307171
via: cache63.l2cn3055[0,0,200-0,H], cache8.l2cn3055[2,0], vcache8.cn4730[0,0,200-0,H], vcache22.cn4730[1,0]
age: 189761
x-cache: HIT TCP_HIT dirn:9:137980682
x-swift-savetime: Thu, 02 Feb 2023 03:08:09 GMT
x-swift-cachetime: 15551882
timing-allow-origin: *
eagleid: 3ad72f2a16754969327555152e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/5.gif
200 OK 2.8 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/5.gif
IP
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash a7bff4f63a973a68e2d98ee780d9e29e
4c87d92faf82347bb122c2ad0e74e166aec5c567
18e82892f579e1f63d003f7e8404754b775542d72ea2d677f61d8ed3c7dfd21c
GET /duoteimg/zhuanti/comment/images/5.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 2768
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3F1D5B233305BE7E5
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "A7BFF4F63A973A68E2D98EE780D9E29E"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 11302870927342222426
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: p7/09jqXOmji2Y7ngNning==
x-oss-server-time: 127
ali-swift-global-savetime: 1675307171
via: cache51.l2cn3055[0,0,200-0,H], cache14.l2cn3055[1,0], vcache13.cn4730[0,0,200-0,H], vcache22.cn4730[2,0]
age: 189761
x-cache: HIT TCP_HIT dirn:10:306174331
x-swift-savetime: Thu, 02 Feb 2023 03:08:08 GMT
x-swift-cachetime: 15551883
timing-allow-origin: *
eagleid: 3ad72f2a16754969327555153e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/2.gif
200 OK 1.7 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/2.gif
IP
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash daaa6d71e871eec644788b703b718bd8
8fadc0f0070931b2f807159e87b82bc2269b467a
6d31802a2485e9ff603aa0ec2528c96590e9d4c5ac8961ddf8a9c3fe3bb5c0b8
GET /duoteimg/zhuanti/comment/images/2.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1668
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3EE37C83934296313
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "DAAA6D71E871EEC644788B703B718BD8"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17840225992830112301
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: 2qptcehx7sZEeItwO3GL2A==
x-oss-server-time: 101
ali-swift-global-savetime: 1675307171
via: cache51.l2cn3055[0,0,200-0,H], cache5.l2cn3055[1,0], vcache22.cn4730[0,0,200-0,H], vcache22.cn4730[2,0]
age: 189761
x-cache: HIT TCP_HIT dirn:10:225089549
x-swift-savetime: Thu, 02 Feb 2023 03:08:37 GMT
x-swift-cachetime: 15551854
timing-allow-origin: *
eagleid: 3ad72f2a16754969327555154e
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/554073.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/554073.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/554073.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=3324626083,3198221996&fm=253&app=120&f=JPEG?w=1280&h=800
img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
404 Not Found 146 B URL HTTP/2 img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /duoteimg/js/base64.js?_vtim=2014122301 HTTP/1.1
Host: img1.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: Tengine
content-type: text/html; charset=gb2312
content-length: 146
date: Sat, 04 Feb 2023 07:48:52 GMT
ali-swift-global-savetime: 1675496932
via: cache48.l2cn3037[153,153,404-1280,M], cache37.l2cn3037[155,0], cache37.l2cn3037[155,0], vcache19.cn4733[164,164,404-1280,M], vcache15.cn4733[166,0]
x-cache: MISS TCP_MISS dirn:-2:-2
x-swift-savetime: Sat, 04 Feb 2023 07:48:52 GMT
x-swift-cachetime: 1
x-swift-error: orig response 4XX error
timing-allow-origin: *
eagleid: b465c72316754969325236198e
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/818364.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/818364.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/818364.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3468927902,388639629&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=500
12855.url.tudown.com/uploads/images/572169.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/572169.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/572169.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3997176466,1358253601&fm=253&fmt=auto&app=138&f=JPEG?w=504&h=500
bdcode.2345.com/awycyrm.js
200 OK 38 kB URL HTTP/1.1 bdcode.2345.com/awycyrm.js
IP
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 5fbb10e03d1f57d1cc8b11f6733f05e9
6c5795f7e16e68be43e5416cf63e509a6caa58b8
550493b918a5548592ae1a76018c938f3ff7e9f64fe5af1dfcf91839e7270bd8
Analyzer Verdict Alert fortinet Malware
GET /awycyrm.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:48:52 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 38255
Connection: keep-alive
Cache-Control: max-age=3600
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 08:48:52 GMT
Last-Modified: Sun, 29 Jan 2023 02:02:23 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c202e3ee047737df-143
Server: yunjiasu
img1.duote.com/duoteimg/zhuanti/comment/images/12.gif
200 OK 2.6 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/12.gif
IP
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 74dc1aa4f1e4f7219da7ad597c91b8e7
bfda85aaa1fd81b79b792ee83cd448cd2cde5005
733f3dc6aa38aaad278d72cbef942326c77b0f872727e5971cc8fb9b3b683efe
GET /duoteimg/zhuanti/comment/images/12.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 2575
date: Sat, 10 Dec 2022 02:48:42 GMT
x-oss-request-id: 6393F38A28E01236303D13AE
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "74DC1AA4F1E4F7219DA7AD597C91B8E7"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17001896356624891276
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: dNwapPHk9yGdp61ZfJG45w==
x-oss-server-time: 48
ali-swift-global-savetime: 1670640522
via: cache34.l2cn3037[0,0,304-0,H], cache45.l2cn3037[1,0], vcache24.cn4730[0,0,200-0,H], vcache22.cn4730[2,0]
age: 4856410
x-cache: HIT TCP_HIT dirn:9:326094677
x-swift-savetime: Sat, 10 Dec 2022 03:12:06 GMT
x-swift-cachetime: 15550596
timing-allow-origin: *
eagleid: 3ad72f2a16754969329275378e
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/13518.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/13518.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/13518.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=925594230,1200990613&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=285
12855.url.tudown.com/template/company/duote-xiazai/js/jquery-ui.min.js
200 OK 80 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/js/jquery-ui.min.js
IP
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (32074), with CRLF line terminators
Hash e81ec1034a64ade1aa8b290326108e91
67aa74b0a4d0039f59acacca2ee6eee5ebaa312e
825cd708c0562c4b038d007351af36e0c4b34a32c0a1e8fd5852206417cbf94e
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/jquery-ui.min.js HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:51 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e99-3def1"
Expires: Sat, 04 Feb 2023 19:48:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12855.url.tudown.com/uploads/images/325604.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/325604.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/325604.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1999003475,3086156756&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=411
ocsp.trust-provider.cn/
200 OK 600 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash eceaa87d9a3316ee0dcad3fa5f444ee7
74afece1d64ad7c63136ffcd5d58ad1d15a764df
fb586a5f0f8968e29212268bb4bd746eae9cc20b4eda7fc41f1420482c74b3b9
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 07:48:53 GMT
last-modified: Thu, 02 Feb 2023 04:39:52 GMT
expires: Thu, 09 Feb 2023 04:39:51 GMT
etag: "74afece1d64ad7c63136ffcd5d58ad1d15a764df"
cache-control: max-age=442131,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb3
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 7941ce77cce8900c-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675496933
via: cache9.l2de2[183,183,304-0,M], cache26.l2de2[184,0], cache8.se1[204,204,200-0,H], cache5.se1[205,0], cache1.se1[207,0]
age: 0
x-cache: HIT TCP_REFRESH_HIT dirn:1:186453430
x-swift-savetime: Sat, 04 Feb 2023 07:48:53 GMT
x-swift-cachetime: 1800
timing-allow-origin: *, *
eagleid: 2ff62c9516754969330547996e, 2ff62c9516754969330547996e
12855.url.tudown.com/uploads/images/135098.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/135098.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/135098.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1009838707,3415849935&fm=224&app=112&f=JPEG?w=375&h=500
12855.url.tudown.com/uploads/images/480548.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/480548.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/480548.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2813421157,3352110648&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=500
12855.url.tudown.com/uploads/images/882991.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/882991.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/882991.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1373843912,1079625469&fm=224&app=112&f=JPEG?w=500&h=500
static.mediav.com/js/mvf_g2.js
200 OK 9.0 kB URL HTTP/1.1 static.mediav.com/js/mvf_g2.js
IP
ASN #55992 Beijing Qihu Technology Company Limited
File type ASCII text, with very long lines (25539), with no line terminators
Hash 1baf9fc7116527b1a41307a6653030ca
f854953834e70e842d0d3fe6c8966ffb38e16744
d601207a5fa9a6b11008bc0a5a295c46ed62707d4a4b7b04a276eef33c3dcbd3
GET /js/mvf_g2.js HTTP/1.1
Host: static.mediav.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 07:57:41 GMT
Vary: Accept-Encoding
Expires: Sat, 04 Feb 2023 12:48:53 GMT
Cache-Control: max-age=18000
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Encoding: gzip
KCS-Via: HIT from w-fc01.hkht;HIT from w-sc04.bjyt
12855.url.tudown.com/template/company/duote-xiazai/images/newbtnbg.png
200 OK 1.3 kB URL HTTP/1.1 12855.url.tudown.com/template/company/duote-xiazai/images/newbtnbg.png
IP
ASN #137951 Clayer Limited
File type PNG image data, 178 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 7e22e63af128066b4d249bec71934fa7
09313b9c9717d049883d7c82b3b87f1a4af28408
ea827b6f53f2f091eb1a9ab83c5f53c5f4215e5a14721037af0b50dc47ffe5b0
GET /template/company/duote-xiazai/images/newbtnbg.png HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/template/company/duote-xiazai/css/soft.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/png
Content-Length: 1308
Last-Modified: Sun, 06 Nov 2022 08:21:23 GMT
Connection: keep-alive
ETag: "63676e83-51c"
Accept-Ranges: bytes
12855.url.tudown.com/uploads/images/146474.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/146474.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/146474.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=4218433205,3662047589&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699
img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
404 Not Found 146 B URL HTTP/2 img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /duoteimg/js/base64.js?_vtim=2014122301 HTTP/1.1
Host: img1.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: Tengine
content-type: text/html; charset=gb2312
content-length: 146
date: Sat, 04 Feb 2023 07:48:53 GMT
ali-swift-global-savetime: 1675496933
via: cache48.l2cn3037[21,21,404-1280,M], cache56.l2cn3037[22,0], cache56.l2cn3037[22,0], vcache19.cn4733[25,24,404-1280,M], vcache15.cn4733[27,0]
x-cache: MISS TCP_MISS dirn:-2:-2
x-swift-savetime: Sat, 04 Feb 2023 07:48:53 GMT
x-swift-cachetime: 1
x-swift-error: orig response 4XX error
timing-allow-origin: *
eagleid: b465c72316754969334398919e
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/134547.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/134547.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/134547.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=1852215905,124408758&fm=253&app=120&f=JPEG?w=1280&h=800
ocsp.globalsign.com/gsrsaovsslca2018
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP
Hash fd85c457807ba420192d9fdb1e3b2e76
1309191996088c5e1bce3f6d5ca5b8ea2ff489ad
7d1c4dba2f7a95c9ec75b4f5abeb2b9d66abc8650424b896152f4d27fd3b4a8c
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 06:27:25 GMT
ETag: "1309191996088c5e1bce3f6d5ca5b8ea2ff489ad"
Last-Modified: Sat, 04 Feb 2023 06:27:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2225
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7941ce7b4a97b4ff-OSL
static.mediav.com/js/mvf_pm_slider.js
200 OK 40 kB URL HTTP/1.1 static.mediav.com/js/mvf_pm_slider.js
IP
ASN #55992 Beijing Qihu Technology Company Limited
File type ASCII text, with very long lines (65536), with no line terminators, with escape sequences
Hash b23b60a7adefb62f50583079ed66f03b
965ea6506ea6c004b1135f23c10c67484fc0d238
987d03cb317bd411589ab916be6ea0e5aaabf8de0e94a2de7712beff577a62f8
GET /js/mvf_pm_slider.js HTTP/1.1
Host: static.mediav.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 07:57:42 GMT
Vary: Accept-Encoding
Expires: Sat, 04 Feb 2023 12:48:53 GMT
Cache-Control: max-age=18000
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Encoding: gzip
KCS-Via: HIT from w-fc01.hkht;HIT from w-sc04.bjyt
12855.url.tudown.com/uploads/images/116590.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/116590.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/116590.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=594897306,3779752551&fm=224&app=112&f=JPEG?w=492&h=400
12855.url.tudown.com/uploads/images/599196.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/599196.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/599196.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=180278012,2326215977&fm=253&fmt=auto&app=138&f=JPEG?w=220&h=500
12855.url.tudown.com/uploads/images/216218.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/216218.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/216218.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=1631194590,2699727937&fm=253&app=120&f=JPEG?w=1280&h=800
t13.baidu.com/it/u=594897306,3779752551&fm=224&app=112&f=JPEG?w=492&h=400
200 OK 46 kB URL HTTP/1.1 t13.baidu.com/it/u=594897306,3779752551&fm=224&app=112&f=JPEG?w=492&h=400
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 492x400, components 3\012- data
Hash dbbd8e91aac217001bce2dd76a797ce9
1001ae280d89d6b622d905c74db1b66337c275b6
2bb3189876d1ddbb82c3572bd8f1ce87eecf485d85d56d233fc75d9f649e6fc2
GET /it/u=594897306,3779752551&fm=224&app=112&f=JPEG?w=492&h=400 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpeg
Content-Length: 46408
Connection: keep-alive
Expires: Wed, 22 Feb 2023 14:28:08 GMT
Last-Modified: Mon, 12 Jan 1970 00:00:00 GMT
ETag: dbbd8e91aac217001bce2dd76a797ce9
Age: 15361
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 14:28:08 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [4], zhuzuncache58 [1], czix83 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 46408
X-Cache-Status: HIT
Timing-Allow-Origin: *
t13.baidu.com/it/u=855956760,922258746&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 40 kB URL HTTP/1.1 t13.baidu.com/it/u=855956760,922258746&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash f3f2909bb046510f39a4d41d3e01a99c
cf1e34a7f369975d72ad602f6a7aaa5b4eb39629
c8db52e61f6f098c814915a1dcfd5f6748f02814ec6c575ee49a2f632aea4a20
GET /it/u=855956760,922258746&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpeg
Content-Length: 39901
Connection: keep-alive
Expires: Wed, 22 Feb 2023 20:55:07 GMT
Last-Modified: Sun, 18 Jan 1970 00:00:00 GMT
ETag: f3f2909bb046510f39a4d41d3e01a99c
Age: 541070
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 20:55:07 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [4], zhuzuncache61 [1], czix188 [4]
Ohc-Response-Time: 1 0 0 0 0 2
Ohc-File-Size: 39901
X-Cache-Status: HIT
Timing-Allow-Origin: *
t13.baidu.com/it/u=1373843912,1079625469&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 52 kB URL HTTP/1.1 t13.baidu.com/it/u=1373843912,1079625469&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 222e95f4cf327a2c00118148617559e0
b7a0db0294108dc00ee592428d6ea199cbd07229
4a60cbe5739ab8cb2ac6ab574ca9ee3891bb585e37d35d9c6e00a58e54b49870
GET /it/u=1373843912,1079625469&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpeg
Content-Length: 51867
Connection: keep-alive
Expires: Mon, 06 Feb 2023 18:45:56 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 222e95f4cf327a2c00118148617559e0
Age: 2025009
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 18:45:56 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], zhuzuncache56 [1], xaix233 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51867
X-Cache-Status: HIT
Timing-Allow-Origin: *
img4.runjiapp.com/duoteimg/dtnew_recom_img/202008/20200812163506_69310.jpg
200 OK 41 kB URL HTTP/1.1 img4.runjiapp.com/duoteimg/dtnew_recom_img/202008/20200812163506_69310.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 910x86, components 3\012- data
Hash f8f15f37c9961bc7463d1df83059d32c
7b4aa49eaed0106e8722fda960d4f397b78e7811
eb99269720c3ad25a285d1cae14a73f57a45ffe3e1f086f1e0a8351a83e62cc0
GET /duoteimg/dtnew_recom_img/202008/20200812163506_69310.jpg HTTP/1.1
Host: img4.runjiapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Content-Type: image/jpeg
Content-Length: 41017
Connection: keep-alive
Date: Wed, 04 Jan 2023 09:53:47 GMT
x-oss-request-id: 63B54CAB565BBE34373244FA
x-oss-cdn-auth: success
Accept-Ranges: bytes
ETag: "F8F15F37C9961BC7463D1DF83059D32C"
Last-Modified: Fri, 04 Sep 2020 08:59:59 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2768094505068467474
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Sat, 05 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
Content-MD5: +PFfN8mWG8dGPR34MFnTLA==
x-oss-server-time: 16
Ali-Swift-Global-Savetime: 1672826027
Via: cache46.l2cn2647[0,0,200-0,H], cache75.l2cn2647[1,0], vcache12.cn2811[0,0,200-0,H], vcache31.cn2811[1,0]
Age: 2670906
X-Cache: HIT TCP_MEM_HIT dirn:9:558993811
X-Swift-SaveTime: Sat, 28 Jan 2023 04:12:56 GMT
X-Swift-CacheTime: 13498851
Timing-Allow-Origin: *
EagleId: b47a4eb516754969334807469e
12855.url.tudown.com/uploads/images/358864.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/358864.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/358864.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3612224809,2949711048&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
img2.baidu.com/it/u=949138556,2787578369&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
200 OK 28 kB URL HTTP/2 img2.baidu.com/it/u=949138556,2787578369&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 965576da06ebc4984bba84e217b644f0
70fdb8f4c2419cae72f5661ed131b6a587c2fe05
074a5c9afb65f88385d1d660b218fa9aa9f82cf8bd57b2dd7f5eda892ea1114f
GET /it/u=949138556,2787578369&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:53 GMT
content-type: image/webp
content-length: 27474
expires: Thu, 02 Mar 2023 04:44:57 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 965576da06ebc4984bba84e217b644f0
age: 7113
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 04:44:57 GMT
ohc-cache-hit: chenzct52 [4], xiangyix52 [4]
ohc-file-size: 27474
x-cache-status: HIT
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/262519.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/262519.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/262519.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=284028803,3173713995&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800
union2.50bang.org/web/duoteall?uId2=SUTSSUVTQQ&r=&fBL=1280*1024
200 OK 0 B URL HTTP/1.1 union2.50bang.org/web/duoteall?uId2=SUTSSUVTQQ&r=&fBL=1280*1024
IP
ASN #138950 Jiangsu Wuxi International IDC network
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /web/duoteall?uId2=SUTSSUVTQQ&r=&fBL=1280*1024 HTTP/1.1
Host: union2.50bang.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: uidFlag=1; path=/; domain=union2.50bang.org; expires=Sun,22-Feb-2099 00:00:00 GMT
uUid=C7E963DE0DE5000C8F7BE06B0008; path=/; domain=union2.50bang.org; expires=Sun,22-Feb-2099 00:00:00 GMT
uHTL=1; path=/web/duoteall; expires=Sun,22-Feb-2099 00:00:00 GMT
uHTT=1675496933; path=/web/duoteall; expires=Sun,22-Feb-2099 00:00:00 GMT
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Length: 0
img1.baidu.com/it/u=2439718269,492867587&fm=253&fmt=auto&app=138&f=JPEG?w=343&h=500
200 OK 21 kB URL HTTP/2 img1.baidu.com/it/u=2439718269,492867587&fm=253&fmt=auto&app=138&f=JPEG?w=343&h=500
IP
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 343x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c587949757412aa4cdbc88c214b720c1
fd6046f594144662e6a096b91d60d69b43746d8d
cea46d628913ada8d549d3b2ed6b94ca4b0083053f9a26c4268711edaced9bb3
GET /it/u=2439718269,492867587&fm=253&fmt=auto&app=138&f=JPEG?w=343&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:53 GMT
content-type: image/webp
content-length: 21442
expires: Wed, 22 Feb 2023 01:55:03 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: c587949757412aa4cdbc88c214b720c1
age: 186272
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 01:55:03 GMT
ohc-cache-hit: cd2ct51 [4], suzix136 [4]
ohc-file-size: 21442
x-cache-status: HIT
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/757565.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/757565.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/757565.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=2497883494,3001772174&fm=253&app=120&f=JPEG?w=1280&h=800
12855.url.tudown.com/uploads/images/830834.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/830834.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/830834.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=735806453,3679380027&fm=224&app=112&f=JPEG?w=500&h=500
t15.baidu.com/it/u=1009838707,3415849935&fm=224&app=112&f=JPEG?w=375&h=500
200 OK 8.0 kB URL HTTP/1.1 t15.baidu.com/it/u=1009838707,3415849935&fm=224&app=112&f=JPEG?w=375&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 375x500, components 3\012- data
Hash c64b5c66c6e2e740c15f4727170bf763
07623198df5ee201ae489d4da8c707dd8d73b603
09964d8fd7f7b6911c8f8d5a2edc698a9edb143a6c2129cb240ed211e98768a8
GET /it/u=1009838707,3415849935&fm=224&app=112&f=JPEG?w=375&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpeg
Content-Length: 8027
Connection: keep-alive
Expires: Mon, 06 Feb 2023 12:20:48 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: c64b5c66c6e2e740c15f4727170bf763
Age: 2025775
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 12:20:48 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache56 [4], wzix100 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 8027
X-Cache-Status: HIT
Timing-Allow-Origin: *
12855.url.tudown.com/uploads/images/807657.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/807657.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/807657.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=696942281,2759011304&fm=253&fmt=auto?w=500&h=500
12855.url.tudown.com/uploads/images/765021.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/765021.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/765021.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3273694484,1076472709&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
img0.baidu.com/it/u=2699299409,2929288944&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=695
200 OK 22 kB URL HTTP/2 img0.baidu.com/it/u=2699299409,2929288944&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=695
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x695, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3b88c7bb3272ad8acc8d26158f9df57b
ccc5fa25b5c2779579f7794295f3cbefa9047f66
edee9ebc9dc9b6e84bc17f4bd000a68ee5f001fc4a225ed211ef381eb1ecb91c
GET /it/u=2699299409,2929288944&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=695 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 21812
expires: Thu, 23 Feb 2023 12:56:44 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 3b88c7bb3272ad8acc8d26158f9df57b
age: 246563
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 12:56:44 GMT
ohc-cache-hit: gyct57 [4], xiangyix200 [4]
ohc-file-size: 21812
x-cache-status: HIT
X-Firefox-Spdy: h2
push.zhanzhang.baidu.com/push.js
200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sat, 04 Feb 2023 07:48:54 GMT
Etag: "4078521116"
Expires: Sun, 04 Feb 2024 07:48:54 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=64DA37E32B922B7157173BAA0F2F881D:FG=1; max-age=31536000; expires=Sun, 04-Feb-24 07:48:54 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
img1.baidu.com/it/u=4218433205,3662047589&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699
200 OK 49 kB URL HTTP/2 img1.baidu.com/it/u=4218433205,3662047589&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699
IP
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x699, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f414904d0536cb5f4992c0331a41d738
147e3d3935f5a01f0808a356a7258b66d2359614
6057ff016f9e0ccaf5c258d7100bee6b92a5ba6b6ae14d27e2d7dac5991149d3
GET /it/u=4218433205,3662047589&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:53 GMT
content-type: image/webp
content-length: 48854
expires: Thu, 02 Mar 2023 09:31:40 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: f414904d0536cb5f4992c0331a41d738
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 09:31:40 GMT
ohc-cache-hit: cd2ct66 [1], wzix118 [4]
ohc-file-size: 48854
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/382570.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/382570.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/382570.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=1883426645,2647279928&fm=253&app=120&f=JPEG?w=1280&h=800
12855.url.tudown.com/uploads/images/737501.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/737501.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/737501.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=327443173,3668268040&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
img2.baidu.com/it/u=3324626083,3198221996&fm=253&app=120&f=JPEG?w=1280&h=800
200 OK 75 kB URL HTTP/1.1 img2.baidu.com/it/u=3324626083,3198221996&fm=253&app=120&f=JPEG?w=1280&h=800
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash 005afecc616978809d18332cbe82b358
59e3bf35fb072e2f4f76b352e1189d51e38106c7
f5813d9e99e6f30eef70d2445a6937f68f122b0196779fa608102794168c1879
GET /it/u=3324626083,3198221996&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: image/jpeg
Content-Length: 75055
Connection: keep-alive
Expires: Sun, 05 Feb 2023 07:16:06 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 005afecc616978809d18332cbe82b358
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 07:16:06 GMT
Ohc-Cache-HIT: chenzct59 [1], qdix59 [4]
Ohc-File-Size: 75055
X-Cache-Status: MISS
sofire.bdstatic.com/js/dfxaf3-635b4cd6.js
200 OK 123 kB URL HTTP/1.1 sofire.bdstatic.com/js/dfxaf3-635b4cd6.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Size 123 kB (123037 bytes)
Hash c39ed7d28cee6240d44cc5b5c2bbd686
eab7220ff1195b14d9c1c21ae4fcad33315549b5
cd5d1c61337dd6b5a3ddffdc95ed7da921b125c9911aa22eaef8f054a2345459
GET /js/dfxaf3-635b4cd6.js HTTP/1.1
Host: sofire.bdstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:53 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 06 Feb 2023 08:39:29 GMT
Last-Modified: Fri, 06 Jan 2023 03:24:00 GMT
ETag: "6c8af00e14f394b624a4b374d18b9b7a"
Content-Encoding: gzip
Age: 83364
Accept-Ranges: bytes
Content-MD5: bIrwDhTzlLYkpLN00Yubeg==
x-bce-content-crc32: 1362413814
x-bce-debug-id: ICLoXEJkzZvZmCft2ehLoRmswzs6B0FB6yI3vRkX/+k2LvlF58f/N6XslyX5jGyekjJcPYJPoeU2guZJYYjGDQ==
x-bce-request-id: 459f8903-1ead-4d78-8de1-9d47d09746a5
x-bce-restore-cache: -
x-bce-restore-tier: -
x-bce-storage-class: STANDARD
Ohc-Global-Saved-Time: Fri, 03 Feb 2023 08:39:29 GMT
Ohc-Cache-HIT: wz2ct56 [2], nb2ctcache51 [2]
Ohc-Response-Time: 1 0 0 0 0 0
12855.url.tudown.com/uploads/images/610839.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/610839.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/610839.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=114080083,3393909188&fm=253&fmt=auto&app=138&f=PNG?w=554&h=495
12855.url.tudown.com/uploads/images/563846.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/563846.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/563846.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1695857157,4140732250&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
img2.baidu.com/it/u=3997176466,1358253601&fm=253&fmt=auto&app=138&f=JPEG?w=504&h=500
200 OK 48 kB URL HTTP/2 img2.baidu.com/it/u=3997176466,1358253601&fm=253&fmt=auto&app=138&f=JPEG?w=504&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 504x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 92deb3259444faf108d90eda2a58500e
9d6ce577468447feaafacb3c86330550d5856637
eb8e621c171696e3dc5e8f6809f8592661b98d19f05759accaa04849c3fae41e
GET /it/u=3997176466,1358253601&fm=253&fmt=auto&app=138&f=JPEG?w=504&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:53 GMT
content-type: image/webp
content-length: 48430
expires: Mon, 20 Feb 2023 06:05:05 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 92deb3259444faf108d90eda2a58500e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 06:05:05 GMT
ohc-cache-hit: chenzct65 [1], suzix65 [4]
ohc-file-size: 48430
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=925594230,1200990613&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=285
200 OK 12 kB URL HTTP/2 img2.baidu.com/it/u=925594230,1200990613&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=285
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x285, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f45923b1bc3df996d578ea5c37b9aee8
711faa2133bbdb639c2d8b59024e45b6981df146
82f61922171109bfdb80832770a32387f71df0fa6c732d6df5303f8554bac401
GET /it/u=925594230,1200990613&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=285 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:53 GMT
content-type: image/webp
content-length: 12164
expires: Tue, 21 Feb 2023 17:12:40 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: f45923b1bc3df996d578ea5c37b9aee8
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 17:12:40 GMT
ohc-cache-hit: chenzct63 [1], bdix162 [2]
ohc-file-size: 12164
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=284028803,3173713995&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800
200 OK 40 kB URL HTTP/2 img0.baidu.com/it/u=284028803,3173713995&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a3cf02715bebb78249bad3ae97e1be1c
42c5ea23234540b6e0be8bea47cdd97c79ad2225
267e4a200de52e41e1cd86c34545e742dd5f52aeb0c96f88d99534e3ab3a7f7a
GET /it/u=284028803,3173713995&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 40008
expires: Fri, 10 Feb 2023 22:08:16 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: a3cf02715bebb78249bad3ae97e1be1c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 22:08:16 GMT
ohc-cache-hit: gyct53 [1], xiangyix135 [4]
ohc-file-size: 40008
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/382454.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/382454.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/382454.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=35759489,2067520241&fm=224&app=112&f=JPEG?w=500&h=500
12855.url.tudown.com/uploads/images/150800.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/150800.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/150800.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1306697561,3766684422&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=280
img0.baidu.com/it/u=696942281,2759011304&fm=253&fmt=auto?w=500&h=500
200 OK 12 kB URL HTTP/2 img0.baidu.com/it/u=696942281,2759011304&fm=253&fmt=auto?w=500&h=500
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3c4aac250be7985e065510abd4e52bdc
423c3994de5fe81636dc7cd7a267d04e1e23beda
14b4cf6f49fa8c3dde324aa4d695ab09fecb49d573d43da7372691893f7edae5
GET /it/u=696942281,2759011304&fm=253&fmt=auto?w=500&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 12480
expires: Thu, 02 Mar 2023 04:42:44 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 3c4aac250be7985e065510abd4e52bdc
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 04:42:44 GMT
ohc-cache-hit: gyct59 [1], xiangyix105 [4]
ohc-file-size: 12480
x-cache-status: MISS
X-Firefox-Spdy: h2
cpro.baidustatic.com/cpro/ui/pr.js
200 OK 191 B URL HTTP/1.1 cpro.baidustatic.com/cpro/ui/pr.js
IP
File type ASCII text, with CRLF line terminators
Hash 48bbe750b892850b181762bf739e10dd
716574fe9afcde8faef513b16d6867cb07afe626
e538c894cae59538764a334e2cf2bc02e53fa6a9e4efebcd251bc5da82fa2158
GET /cpro/ui/pr.js HTTP/1.1
Host: cpro.baidustatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 04 Feb 2023 08:10:44 GMT
Last-Modified: Tue, 31 Jan 2023 07:16:09 GMT
ETag: "63d8c039-ff"
Cache-Control: max-age=3600
Content-Encoding: gzip
Age: 2290
Accept-Ranges: bytes
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 07:10:44 GMT
Ohc-Cache-HIT: yy2ct64 [2], wzix64 [1]
Ohc-File-Size: 191
X-Cache-Status: HIT
img1.baidu.com/it/u=2813421157,3352110648&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=500
200 OK 45 kB URL HTTP/2 img1.baidu.com/it/u=2813421157,3352110648&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=500
IP
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 953911aabbc1de3373137fedbb27f73e
1e66b89750c92fdb44c050ca2404ba71289aa3f5
d9ecf2a3e956af2575d10ac778e3613af58ab84aebd780351ed1802accc626e7
GET /it/u=2813421157,3352110648&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 44746
expires: Fri, 10 Feb 2023 21:05:28 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 953911aabbc1de3373137fedbb27f73e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 21:05:28 GMT
ohc-cache-hit: cd2ct68 [1], xiangyix87 [4]
ohc-file-size: 44746
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3612224809,2949711048&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
200 OK 39 kB URL HTTP/2 img2.baidu.com/it/u=3612224809,2949711048&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ba4a0db8a77d1683ccf7b301f5f0bc44
9795ec98d2ad287e4c4faff6a5bbfd17d89cdfb2
5ed4cfe7b2c0527301f9ca9d324a04cc268534942215021b41446723e667452e
GET /it/u=3612224809,2949711048&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 38846
expires: Sun, 19 Feb 2023 19:15:23 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: ba4a0db8a77d1683ccf7b301f5f0bc44
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 19:15:23 GMT
ohc-cache-hit: chenzct50 [1], czix147 [4]
ohc-file-size: 38846
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=1999003475,3086156756&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=411
200 OK 35 kB URL HTTP/2 img1.baidu.com/it/u=1999003475,3086156756&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=411
IP
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 658x411, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3741ccb6d17c8a97b34863566cef3a7f
0cb3355e365397562450121cdf4ff06b2e55bcaa
ab729dc3e0c47f87e44463f87d09fa116886d3e365ae49ee7530704ad9903032
GET /it/u=1999003475,3086156756&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=411 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 34766
expires: Mon, 20 Feb 2023 06:50:18 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 3741ccb6d17c8a97b34863566cef3a7f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 06:50:18 GMT
ohc-cache-hit: cd2ct52 [1], suzix154 [2]
ohc-file-size: 34766
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=180278012,2326215977&fm=253&fmt=auto&app=138&f=JPEG?w=220&h=500
200 OK 23 kB URL HTTP/1.1 img2.baidu.com/it/u=180278012,2326215977&fm=253&fmt=auto&app=138&f=JPEG?w=220&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 220x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2713112e61ff7c589076f11dc20ced97
bdf83c96cbf3cf99a5e7ea1cfd14bd498c8c9767
43f99aab7488dc126c139eb821aa10809f91040f86c34b34a749f02c2b60709c
GET /it/u=180278012,2326215977&fm=253&fmt=auto&app=138&f=JPEG?w=220&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/webp
Content-Length: 23078
Connection: keep-alive
Expires: Sun, 12 Feb 2023 07:04:01 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: 2713112e61ff7c589076f11dc20ced97
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 13 Jan 2023 07:04:01 GMT
Ohc-Cache-HIT: chenzct61 [1], qdix167 [4]
Ohc-File-Size: 23078
X-Cache-Status: MISS
12855.url.tudown.com/uploads/images/496696.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/496696.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/496696.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=2453722177,3490361538&fm=253&app=120&f=JPEG?w=1280&h=800
img2.baidu.com/it/u=3468927902,388639629&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=500
200 OK 47 kB URL HTTP/2 img2.baidu.com/it/u=3468927902,388639629&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 032e7ea20653a993d59b427e9ea40fb4
018ef0748229511bc52e4f3a7bf391f84d553f4d
1ced2893b2d7d4836e96a12c3f19670d5871b44fa935014262691f0975ddd4f1
GET /it/u=3468927902,388639629&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 47238
expires: Fri, 17 Feb 2023 10:41:28 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 032e7ea20653a993d59b427e9ea40fb4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 10:41:28 GMT
ohc-cache-hit: chenzct85 [1], xaix126 [4]
ohc-file-size: 47238
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/734593.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/734593.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/734593.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2427161569,316359015&fm=253&fmt=auto&app=138&f=PNG?w=500&h=678
12855.url.tudown.com/uploads/images/618350.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/618350.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/618350.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=445391888,2462671831&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=428
www.2345.com/js/index/activity/20171111/widget.min.js
200 OK 61 kB URL HTTP/2 www.2345.com/js/index/activity/20171111/widget.min.js
IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type ASCII text, with very long lines (19539), with no line terminators
Hash 23f0b6b565846fab8dd8cb4c801cf71b
e1978f368a7fa773f0c065db3b7d895941202bb2
84207017868c0fe1c52d4005b9b63c78ade207af90dd6df3d5ad008f2ba0dac8
GET /js/index/activity/20171111/widget.min.js HTTP/1.1
Host: www.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
strict-transport-security: max-age=5184000
date: Sat, 04 Feb 2023 07:47:41 GMT
last-modified: Wed, 06 Nov 2019 08:19:39 GMT
etag: W/"5dc2821b-4c53"
vary: Accept-Encoding, Accept-Encoding
expires: Tue, 22 Nov 2022 14:45:06 GMT
cache-control: max-age=600
ali-swift-global-savetime: 1675496861
via: cache1.l2de2[0,0,304-0,H], cache3.l2de2[1,0], cache8.se1[82,82,200-0,H], cache1.se1[84,0]
age: 71
x-cache: HIT TCP_REFRESH_HIT dirn:4:201818412
x-swift-savetime: Sat, 04 Feb 2023 07:48:52 GMT
x-swift-cachetime: 529
content-encoding: br
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
timing-allow-origin: *
eagleid: 2ff62c9516754969324187484e
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/946654.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/946654.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/946654.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=164423245,1478100639&fm=224&app=112&f=JPEG?w=500&h=500
img2.baidu.com/it/u=3273694484,1076472709&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
200 OK 44 kB URL HTTP/2 img2.baidu.com/it/u=3273694484,1076472709&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 566bd91c6d1609cabd0d7a8ebacd65a8
5d40e83021c8e625e0343d4a989695704743f4f0
a390841d543932efdce397b3bb1aeb5b6c5b45648a35fa42723bf067225ba727
GET /it/u=3273694484,1076472709&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 44260
expires: Fri, 17 Feb 2023 08:32:19 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 566bd91c6d1609cabd0d7a8ebacd65a8
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 08:32:19 GMT
ohc-cache-hit: chenzct79 [1], xiangyix79 [4]
ohc-file-size: 44260
x-cache-status: MISS
X-Firefox-Spdy: h2
t13.baidu.com/it/u=164423245,1478100639&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 50 kB URL HTTP/1.1 t13.baidu.com/it/u=164423245,1478100639&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash e31e4063fda82cb2a9a484ff790a795a
66c90e36e616ebb2a01584c523b15968ac661471
b4a3e7c4a780d1137500ceef4ea0848bd7c548f5f856f872839cf732f4857786
GET /it/u=164423245,1478100639&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpeg
Content-Length: 49778
Connection: keep-alive
Expires: Sun, 05 Mar 2023 20:50:25 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: e31e4063fda82cb2a9a484ff790a795a
Age: 13603
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 03 Feb 2023 20:50:25 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache63 [1], bdix135 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 49778
X-Cache-Status: HIT
Timing-Allow-Origin: *
api.share.baidu.com/s.gif?l=http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
IP
ASN #9808 China Mobile Communications Group Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 04 Feb 2023 07:48:54 GMT
t15.baidu.com/it/u=35759489,2067520241&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 56 kB URL HTTP/1.1 t15.baidu.com/it/u=35759489,2067520241&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 0775afdbbd50a9d85c77a6f7972e721b
ee264918734407eebed3e357aa987b0e03fa426a
aa3f58a821a7eb173951f156569cb7045b14a2f7ee4ee6c4589f653d460326d9
GET /it/u=35759489,2067520241&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpeg
Content-Length: 55489
Connection: keep-alive
Expires: Wed, 22 Feb 2023 19:09:27 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 0775afdbbd50a9d85c77a6f7972e721b
Age: 506859
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 19:09:27 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache60 [1], xiangyix200 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 55489
X-Cache-Status: HIT
Timing-Allow-Origin: *
img2.baidu.com/it/u=327443173,3668268040&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
200 OK 59 kB URL HTTP/2 img2.baidu.com/it/u=327443173,3668268040&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 22d5989ca04f579e2417f1d799baa07e
058d6936cf3ca378c264e818b2d87622c5d83c04
8789ed6d418473e3b0a81d8d0e9a6e55d6c499a8cba5d39b27457df553e08986
GET /it/u=327443173,3668268040&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 59072
expires: Mon, 20 Feb 2023 06:55:17 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 22d5989ca04f579e2417f1d799baa07e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 06:55:17 GMT
ohc-cache-hit: chenzct65 [1], bdix229 [2]
ohc-file-size: 59072
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1852215905,124408758&fm=253&app=120&f=JPEG?w=1280&h=800
200 OK 100 kB URL HTTP/1.1 img0.baidu.com/it/u=1852215905,124408758&fm=253&app=120&f=JPEG?w=1280&h=800
IP
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash 8c172c83b354f8095083afc014770142
2880de2ebe26b22651a3fc343c2a9d35f5b680f2
2a00a5c07b41dd9bb7be5d36516cea36c2c253ad0ea399f9f2ba19da9d564521
GET /it/u=1852215905,124408758&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpeg
Content-Length: 99673
Connection: keep-alive
Expires: Wed, 15 Feb 2023 11:21:37 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: 8c172c83b354f8095083afc014770142
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 16 Jan 2023 11:21:37 GMT
Ohc-Cache-HIT: gyct55 [1], wzix93 [4]
Ohc-File-Size: 99673
X-Cache-Status: MISS
bdcode.2345.com/swtqusc.js
200 OK 4.0 kB URL HTTP/1.1 bdcode.2345.com/swtqusc.js
IP
File type ASCII text, with very long lines (11438), with no line terminators
Hash 4927ec7cf61077c3cb553d1e91fbe407
81cecb6db2e670675c9bdac9c8c9225b987262cc
439bad0c6b3cec8c27d7bd369cf89917af4deec831c07836e4e1d265113a641c
Analyzer Verdict Alert fortinet Malware
GET /swtqusc.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 4034
Connection: keep-alive
Cache-Control: max-age=3600
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 08:48:54 GMT
Last-Modified: Tue, 23 Aug 2022 08:20:53 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c202e403047837df-143
Server: yunjiasu
img2.baidu.com/it/u=114080083,3393909188&fm=253&fmt=auto&app=138&f=PNG?w=554&h=495
200 OK 29 kB URL HTTP/2 img2.baidu.com/it/u=114080083,3393909188&fm=253&fmt=auto&app=138&f=PNG?w=554&h=495
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8cbe4bceac56508d6b6654159919caae
7fcedcce524cf298135ad42663c32cce3a38baf7
266020e97e9e5068eb0d97caa847d59202a4428f1e89173460e0238f44c356c9
GET /it/u=114080083,3393909188&fm=253&fmt=auto&app=138&f=PNG?w=554&h=495 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 28702
expires: Sat, 04 Mar 2023 03:48:46 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 8cbe4bceac56508d6b6654159919caae
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 03:48:46 GMT
ohc-cache-hit: chenzct62 [1], xaix227 [4]
ohc-file-size: 28702
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/600703.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/600703.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/600703.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2903415963,3418617759&fm=253&app=120&f=JPEG?w=1280&h=800
12855.url.tudown.com/uploads/images/398350.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/398350.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/398350.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3824483064,1723014272&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=500
img0.baidu.com/it/u=1306697561,3766684422&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=280
200 OK 17 kB URL HTTP/2 img0.baidu.com/it/u=1306697561,3766684422&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=280
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x280, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 86abc34e91196da119058cd5b18945ec
45f89b47a266fd981ce6f1ebe2b4db7b3e138ecf
705f7097d4d3cfb724460d97f43b322c056892cb6829b89b8a87b0419e790d00
GET /it/u=1306697561,3766684422&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=280 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 16888
expires: Sun, 19 Feb 2023 14:08:12 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 86abc34e91196da119058cd5b18945ec
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 14:08:12 GMT
ohc-cache-hit: gyct51 [1], bdix128 [4]
ohc-file-size: 16888
x-cache-status: MISS
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (633)
Hash 59e5250ab638d81c7b88cad1c84e3db4
04b58db5cae18105bc2d20847a570811bc7b3985
30b45757988e769e70d94a8b2071615ff48d4d4ec631e419b5383c5789635c2b
GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 07:48:54 GMT
Etag: 2762316a2546978ec888fc785b500174
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=444AF3CF23391E45; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
img2.baidu.com/it/u=2319822749,3491519295&fm=253&fmt=auto&app=120&f=JPEG?w=690&h=976
200 OK 74 kB URL HTTP/2 img2.baidu.com/it/u=2319822749,3491519295&fm=253&fmt=auto&app=120&f=JPEG?w=690&h=976
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 690x976, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 283c56d0f8cbc15bd53b385fccb314b2
007fe100e514330fe6c364eafaf3479831f63059
54951679fe601ab8181b88ab2e140607e0545c37cc496bfc29e81c9ab297d392
GET /it/u=2319822749,3491519295&fm=253&fmt=auto&app=120&f=JPEG?w=690&h=976 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 74124
expires: Sun, 19 Feb 2023 13:24:03 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 283c56d0f8cbc15bd53b385fccb314b2
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 13:24:03 GMT
ohc-cache-hit: chenzct74 [1], xaix104 [4]
ohc-file-size: 74124
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=1695857157,4140732250&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
200 OK 7.7 kB URL HTTP/2 img2.baidu.com/it/u=1695857157,4140732250&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 327fbb3f879dac9936b057596dfe3c12
7b5d472f6983577c9b62db1d5d829e06a08ac407
906d86c6f8ecc05abd346ff3821b0d2272b50d18b6441b1176641b2f9c0220db
GET /it/u=1695857157,4140732250&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 7676
expires: Wed, 15 Feb 2023 19:19:59 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 327fbb3f879dac9936b057596dfe3c12
age: 10124
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 16 Jan 2023 19:19:59 GMT
ohc-cache-hit: chenzct73 [4], czix218 [4]
ohc-file-size: 7676
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2497883494,3001772174&fm=253&app=120&f=JPEG?w=1280&h=800
200 OK 85 kB URL HTTP/1.1 img0.baidu.com/it/u=2497883494,3001772174&fm=253&app=120&f=JPEG?w=1280&h=800
IP
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash 811a6273c99439d55fb17930f2c54de8
8720363bec9e9821ac18f59f33d22b5a5b88706a
91ba07ee76b4ddb565ddefca69535fd37e57231cec88f82874dfbc3002765cd7
GET /it/u=2497883494,3001772174&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpeg
Content-Length: 85068
Connection: keep-alive
Expires: Mon, 13 Feb 2023 07:42:23 GMT
Last-Modified: Thu, 15 Jan 1970 00:00:00 GMT
ETag: 811a6273c99439d55fb17930f2c54de8
Age: 238256
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 14 Jan 2023 07:42:23 GMT
Ohc-Cache-HIT: gyct53 [4], xaix196 [4]
Ohc-File-Size: 85068
X-Cache-Status: HIT
img1.baidu.com/it/u=1631194590,2699727937&fm=253&app=120&f=JPEG?w=1280&h=800
200 OK 163 kB URL HTTP/1.1 img1.baidu.com/it/u=1631194590,2699727937&fm=253&app=120&f=JPEG?w=1280&h=800
IP
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 163 kB (162992 bytes)
Hash 665004e5215873b15d574f7870fd09e6
1a09c7d286d53738b8c2c91423de41ac010d2402
ed7be1d0fea93b60011aa7b73b3c07ac99f190d2da7f55e107d95e2108856d9c
GET /it/u=1631194590,2699727937&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpeg
Content-Length: 162992
Connection: keep-alive
Expires: Thu, 09 Feb 2023 03:20:33 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: 665004e5215873b15d574f7870fd09e6
Age: 1746799
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 10 Jan 2023 03:20:33 GMT
Ohc-Cache-HIT: cd2ct63 [3], xaix247 [3]
Ohc-File-Size: 162992
X-Cache-Status: HIT
12855.url.tudown.com/uploads/images/379883.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/379883.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/379883.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3829630217,1912335658&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=867
12855.url.tudown.com/uploads/images/129640.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/129640.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/129640.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2272015776,954508770&fm=224&app=112&f=JPEG?w=500&h=500
12855.url.tudown.com/uploads/images/374008.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/374008.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/374008.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=536270855,1477431967&fm=253&app=138&f=JPEG?w=500&h=889
img0.baidu.com/it/u=445391888,2462671831&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=428
200 OK 21 kB URL HTTP/2 img0.baidu.com/it/u=445391888,2462671831&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=428
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 658x428, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8b5caf43b46ae168bde4fa47bf22d985
986096556c0247ff69afa1eba3f0cfd52263c8c2
0662e202c80997900b9dfa454f6eeb5813fef20abba30484ebce60ce3678ef0f
GET /it/u=445391888,2462671831&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=428 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:54 GMT
content-type: image/webp
content-length: 21082
expires: Sat, 11 Feb 2023 02:17:57 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 8b5caf43b46ae168bde4fa47bf22d985
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 12 Jan 2023 02:17:57 GMT
ohc-cache-hit: gyct54 [1], xiangyix123 [4]
ohc-file-size: 21082
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/560044.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/560044.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/560044.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=121291751,3003929754&fm=253&app=138&f=JPEG?w=500&h=889
t15.baidu.com/it/u=2272015776,954508770&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 41 kB URL HTTP/1.1 t15.baidu.com/it/u=2272015776,954508770&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 67d519d89ace3b9311ffe4d8505522c9
86a71d7a3559df3eb608f48c23d800904af60eaf
6987a8f8b71ed20b69a27fcbb99a9495453415a63604d8b0ec3da09794388480
GET /it/u=2272015776,954508770&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpeg
Content-Length: 41185
Connection: keep-alive
Expires: Sat, 04 Mar 2023 10:04:21 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: 67d519d89ace3b9311ffe4d8505522c9
Age: 10737
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 02 Feb 2023 10:04:21 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache50 [4], qdix150 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 41185
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=3824483064,1723014272&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=500
200 OK 21 kB URL HTTP/2 img0.baidu.com/it/u=3824483064,1723014272&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=500
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 353x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0a8220ca688f3258dbd9fd4247ada0e8
8e848c1b51b9afe98608525704d6821f7a94c201
cc09f2abce5aceda75ec5017fbbaf4e7de15f89b0270684e2ee160431ac07192
GET /it/u=3824483064,1723014272&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:55 GMT
content-type: image/webp
content-length: 20658
expires: Tue, 21 Feb 2023 05:58:42 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 0a8220ca688f3258dbd9fd4247ada0e8
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 05:58:42 GMT
ohc-cache-hit: gyct55 [1], suzix148 [4]
ohc-file-size: 20658
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/173205.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/173205.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/173205.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1079642607,3880365473&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
bdsearch.2345.com/auto_ds?tvt=ON9V2&riz=w&kgi=v01zy303011w0&tgc=u&ckl=bnnjWx4Ww9Ww9vw2zzWUolfWUno_iqhWUZigWw9_iqhWw9ZifilWwz8zWwz4yWwz34Wwz8zWwz57Wwz43Wwz80Wwz23Wwz25Wwz8zWwz52Wwz3uWyuvxyUxz3w0WU-r-&twm=u&rek=u&usm=u>j=vw02r3x3&mvi=uvw3&urz=u&vogj=vvuuvv&uwk=u&uij=v&vel=-hZi_cha&kcd=v01zy30301&uz=u&uts=UUUYXc_oUohcihUZXffYXZe&uiz=u&ugk=hih-&rr=v&gj=uru&uzj=u&in=3x3&kz=W8yW54W34W8zW27W34wuwwW80W23W25W80W36W54W81W33W55W8zW57W3zW81W57W3vW8zW37W2u(W8yW52W47W8zW35W57)W8zW48W32W80W30W53W81W57W3vW81W45W33pzWUzWUxv&gjz=10w1vz002x0vzX3w<=vw2urvuuw&gjj=vw02rwzz2&gifk=w&ttv=nlo-&ukd=4ONIUDMIHJ&ut=y&gzj=VvrVv&tyz=v&kte=v01zy30302&ji=vw2urvuwy&llzu=u32v2ZywY0110Z13&umz=uWUu&utz=Vv&vtu=v
200 OK 78 B URL HTTP/2 bdsearch.2345.com/auto_ds?tvt=ON9V2&riz=w&kgi=v01zy303011w0&tgc=u&ckl=bnnjWx4Ww9Ww9vw2zzWUolfWUno_iqhWUZigWw9_iqhWw9ZifilWwz8zWwz4yWwz34Wwz8zWwz57Wwz43Wwz80Wwz23Wwz25Wwz8zWwz52Wwz3uWyuvxyUxz3w0WU-r-&twm=u&rek=u&usm=u>j=vw02r3x3&mvi=uvw3&urz=u&vogj=vvuuvv&uwk=u&uij=v&vel=-hZi_cha&kcd=v01zy30301&uz=u&uts=UUUYXc_oUohcihUZXffYXZe&uiz=u&ugk=hih-&rr=v&gj=uru&uzj=u&in=3x3&kz=W8yW54W34W8zW27W34wuwwW80W23W25W80W36W54W81W33W55W8zW57W3zW81W57W3vW8zW37W2u(W8yW52W47W8zW35W57)W8zW48W32W80W30W53W81W57W3vW81W45W33pzWUzWUxv&gjz=10w1vz002x0vzX3w<=vw2urvuuw&gjj=vw02rwzz2&gifk=w&ttv=nlo-&ukd=4ONIUDMIHJ&ut=y&gzj=VvrVv&tyz=v&kte=v01zy30302&ji=vw2urvuwy&llzu=u32v2ZywY0110Z13&umz=uWUu&utz=Vv&vtu=v
IP
File type ASCII text, with no line terminators
Hash b3602b6a6b10cc1f325d5814c5159e9c
6f4426edfe928e3b7c6c2245fc454d70388d3e95
b77df48b4e3af6bc8600795a63a7e7b24dbf376f7517b41828fa9bb1463854bc
GET /auto_ds?tvt=ON9V2&riz=w&kgi=v01zy303011w0&tgc=u&ckl=bnnjWx4Ww9Ww9vw2zzWUolfWUno_iqhWUZigWw9_iqhWw9ZifilWwz8zWwz4yWwz34Wwz8zWwz57Wwz43Wwz80Wwz23Wwz25Wwz8zWwz52Wwz3uWyuvxyUxz3w0WU-r-&twm=u&rek=u&usm=u>j=vw02r3x3&mvi=uvw3&urz=u&vogj=vvuuvv&uwk=u&uij=v&vel=-hZi_cha&kcd=v01zy30301&uz=u&uts=UUUYXc_oUohcihUZXffYXZe&uiz=u&ugk=hih-&rr=v&gj=uru&uzj=u&in=3x3&kz=W8yW54W34W8zW27W34wuwwW80W23W25W80W36W54W81W33W55W8zW57W3zW81W57W3vW8zW37W2u(W8yW52W47W8zW35W57)W8zW48W32W80W30W53W81W57W3vW81W45W33pzWUzWUxv&gjz=10w1vz002x0vzX3w<=vw2urvuuw&gjj=vw02rwzz2&gifk=w&ttv=nlo-&ukd=4ONIUDMIHJ&ut=y&gzj=VvrVv&tyz=v&kte=v01zy30302&ji=vw2urvuwy&llzu=u32v2ZywY0110Z13&umz=uWUu&utz=Vv&vtu=v HTTP/1.1
Host: bdsearch.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: post-check=0, pre-check=0
content-encoding: gzip
content-type: application/javascript;charset=UTF-8
date: Sat, 04 Feb 2023 07:48:55 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat Feb 4 15:48:55 2023
p3p: CP=" OTI DSP COR IVA OUR IND COM "
pragma: no-cache
server: yunjiasu
x-xss-protection: 0
yjs-id: c202e40767b937e3-143
content-length: 78
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/934391.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/934391.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/934391.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4225101521,3307799046&fm=253&fmt=auto&app=120&f=JPEG?w=700&h=752
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=191100175&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=29160&r=0&ww=1280&u=http%3A%2F%2F12855.url.tudown.com%2Fdown%2Fcolor%25E5%25A4%259A%25E5%25BD%25A9%25E6%2589%258B%25E5%25B8%2590%40134_35926.exe&tt=%E4%BA%9A%E5%8D%9A2022%E6%89%8B%E6%9C%BA%E7%99%BB%E5%BD%95%E7%BD%91%E5%9D%80(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31
200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=191100175&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=29160&r=0&ww=1280&u=http%3A%2F%2F12855.url.tudown.com%2Fdown%2Fcolor%25E5%25A4%259A%25E5%25BD%25A9%25E6%2589%258B%25E5%25B8%2590%40134_35926.exe&tt=%E4%BA%9A%E5%8D%9A2022%E6%89%8B%E6%9C%BA%E7%99%BB%E5%BD%95%E7%BD%91%E5%9D%80(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=191100175&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=29160&r=0&ww=1280&u=http%3A%2F%2F12855.url.tudown.com%2Fdown%2Fcolor%25E5%25A4%259A%25E5%25BD%25A9%25E6%2589%258B%25E5%25B8%2590%40134_35926.exe&tt=%E4%BA%9A%E5%8D%9A2022%E6%89%8B%E6%9C%BA%E7%99%BB%E5%BD%95%E7%BD%91%E5%9D%80(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 07:48:55 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4ECF218960D2008E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
img1.baidu.com/it/u=3829630217,1912335658&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=867
200 OK 35 kB URL HTTP/2 img1.baidu.com/it/u=3829630217,1912335658&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=867
IP
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x867, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b52f26318be383026b885627a403737a
927154ea24eedc6fcc87344a4ea911e3f56f65bf
88998a392d5661742b1aa83176e690c3de2231cd8d02df9b9efc1902800d3b8c
GET /it/u=3829630217,1912335658&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=867 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:55 GMT
content-type: image/webp
content-length: 34880
expires: Tue, 21 Feb 2023 03:54:31 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: b52f26318be383026b885627a403737a
age: 478490
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 03:54:30 GMT
ohc-cache-hit: cd2ct59 [4], bdix80 [4]
ohc-file-size: 34880
x-cache-status: HIT
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/567480.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/567480.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/567480.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2880700676,197676621&fm=224&app=112&f=JPEG?w=500&h=500
12855.url.tudown.com/uploads/images/133903.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/133903.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/133903.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=689719040,1115213152&fm=253&app=120&f=JPEG?w=1422&h=800
img0.baidu.com/it/u=2453722177,3490361538&fm=253&app=120&f=JPEG?w=1280&h=800
200 OK 62 kB URL HTTP/1.1 img0.baidu.com/it/u=2453722177,3490361538&fm=253&app=120&f=JPEG?w=1280&h=800
IP
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash 174d5e50a477825a7497ca64720e93b3
637beb5edeecbbfa1480152177dcca6b315fe979
f6e2d16281d85675d853d5804790a0fdafd8ce93d5afcad8d4db903655baae20
GET /it/u=2453722177,3490361538&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpeg
Content-Length: 62205
Connection: keep-alive
Expires: Thu, 16 Feb 2023 15:52:37 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 174d5e50a477825a7497ca64720e93b3
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 17 Jan 2023 15:52:37 GMT
Ohc-Cache-HIT: gyct56 [1], wzix81 [2]
Ohc-File-Size: 62205
X-Cache-Status: MISS
img1.baidu.com/it/u=536270855,1477431967&fm=253&app=138&f=JPEG?w=500&h=889
200 OK 78 kB URL HTTP/1.1 img1.baidu.com/it/u=536270855,1477431967&fm=253&app=138&f=JPEG?w=500&h=889
IP
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x889, components 3\012- data
Hash 3f627da4715c157c0150ba931e0a8d03
3ec5a73fdde813cc012398269f5a37c9ae93579c
802331d20c57ae22f6828d220d430e5e9efea2c65f2024a2175e4e1fe67bc6c4
GET /it/u=536270855,1477431967&fm=253&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpeg
Content-Length: 77939
Connection: keep-alive
Expires: Thu, 23 Feb 2023 06:18:05 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: 3f627da4715c157c0150ba931e0a8d03
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 06:18:05 GMT
Ohc-Cache-HIT: cd2ct62 [1], suzix117 [4]
Ohc-File-Size: 77939
X-Cache-Status: MISS
12855.url.tudown.com/uploads/images/331355.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/331355.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/331355.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1260173943,2543732863&fm=224&app=112&f=JPEG?w=375&h=500
12855.url.tudown.com/uploads/images/85499.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/85499.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/85499.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=3672952081,4166537123&fm=253&app=138&f=JPEG?w=500&h=666
t13.baidu.com/it/u=2880700676,197676621&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 59 kB URL HTTP/1.1 t13.baidu.com/it/u=2880700676,197676621&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash bd2d8b1187cc7a6c9db11d582ba982f0
d4e060992da22f8455005b46ee5cec18a6033b02
3a2e07eef225c276cb2482d2fe775a049fd4d1d24f3c77fd5cc4cba97dec520d
GET /it/u=2880700676,197676621&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpeg
Content-Length: 58927
Connection: keep-alive
Expires: Sun, 05 Feb 2023 18:30:46 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: bd2d8b1187cc7a6c9db11d582ba982f0
Age: 364193
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 18:30:46 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache64 [1], xaix134 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 58927
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=1883426645,2647279928&fm=253&app=120&f=JPEG?w=1280&h=800
200 OK 126 kB URL HTTP/1.1 img0.baidu.com/it/u=1883426645,2647279928&fm=253&app=120&f=JPEG?w=1280&h=800
IP
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 126 kB (125791 bytes)
Hash c9847ca9ff11041ad7c85ed0d161a6da
b77e18152b99308d588cc7d1284b9c6e9e055750
af9125cd1dfb5dd3514bc292fa99e5f17ca957359cb55c7873a61d6d1e9cbba4
GET /it/u=1883426645,2647279928&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:54 GMT
Content-Type: image/jpeg
Content-Length: 125791
Connection: keep-alive
Expires: Sat, 04 Feb 2023 17:38:19 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: c9847ca9ff11041ad7c85ed0d161a6da
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 05 Jan 2023 17:38:19 GMT
Ohc-Cache-HIT: gyct52 [1], suzix52 [4]
Ohc-File-Size: 125791
X-Cache-Status: MISS
t13.baidu.com/it/u=1260173943,2543732863&fm=224&app=112&f=JPEG?w=375&h=500
200 OK 42 kB URL HTTP/1.1 t13.baidu.com/it/u=1260173943,2543732863&fm=224&app=112&f=JPEG?w=375&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 375x500, components 3\012- data
Hash 3b5b2fb73ac9d8d6041cd1b0261649a8
8e799d52f87aeede604add028d1bd89495359807
c757195fa1028c6deed739d5fe0ff2c902e65f8af70ef480c133d9fd7631985e
GET /it/u=1260173943,2543732863&fm=224&app=112&f=JPEG?w=375&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpeg
Content-Length: 41461
Connection: keep-alive
Expires: Sat, 18 Feb 2023 02:52:54 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 3b5b2fb73ac9d8d6041cd1b0261649a8
Age: 1230471
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 19 Jan 2023 02:52:54 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache63 [1], xiangyix107 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 41461
X-Cache-Status: HIT
Timing-Allow-Origin: *
pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=2111080814&s2=1960294161<u=http%3A%2F%2F12855.url.tudown.com%2Fdown%2Fcolor%25E5%25A4%259A%25E5%25BD%25A9%25E6%2589%258B%25E5%25B8%2590%40134_35926.exe&dc=3&ti=%E4%BA%9A%E5%8D%9A2022%E6%89%8B%E6%9C%BA%E7%99%BB%E5%BD%95%E7%BD%91%E5%9D%80(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31&ps=1802x34&drs=1&pcs=1268x939&pss=1268x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675496967&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675496968&dtm=HTML_POST&tpr=1675496967726&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=7627156683615a92&dft=0&ft=1
200 OK 13 kB URL HTTP/2 pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=2111080814&s2=1960294161<u=http%3A%2F%2F12855.url.tudown.com%2Fdown%2Fcolor%25E5%25A4%259A%25E5%25BD%25A9%25E6%2589%258B%25E5%25B8%2590%40134_35926.exe&dc=3&ti=%E4%BA%9A%E5%8D%9A2022%E6%89%8B%E6%9C%BA%E7%99%BB%E5%BD%95%E7%BD%91%E5%9D%80(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31&ps=1802x34&drs=1&pcs=1268x939&pss=1268x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675496967&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675496968&dtm=HTML_POST&tpr=1675496967726&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=7627156683615a92&dft=0&ft=1
IP
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7277)
Hash d69737eb1fe425fa96ad343b4432b988
e674cf53402ebff25deb1f1f9497aed51b4b8f6c
ff73c6826061f214ab07d41c7e7441f9c4e6797af556c2b14cadb9c2dbf2030b
GET /s?wid=910&hei=120&di=u4965894&s1=2111080814&s2=1960294161<u=http%3A%2F%2F12855.url.tudown.com%2Fdown%2Fcolor%25E5%25A4%259A%25E5%25BD%25A9%25E6%2589%258B%25E5%25B8%2590%40134_35926.exe&dc=3&ti=%E4%BA%9A%E5%8D%9A2022%E6%89%8B%E6%9C%BA%E7%99%BB%E5%BD%95%E7%BD%91%E5%9D%80(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31&ps=1802x34&drs=1&pcs=1268x939&pss=1268x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675496967&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675496968&dtm=HTML_POST&tpr=1675496967726&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=7627156683615a92&dft=0&ft=1 HTTP/1.1
Host: pos.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sat, 04 Feb 2023 07:48:54 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat Feb 4 15:48:54 2023
p3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
pragma: no-cache
server: nginx
set-cookie: BAIDUID=09ED7876B2BDC64F5CD89C5E186DC2A0:FG=1; expires=Sun, 04-Feb-54 07:48:54 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
x-xss-protection: 0
content-length: 13403
X-Firefox-Spdy: h2
pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=2721844593&s2=3425825729<u=http%3A%2F%2F12855.url.tudown.com%2Fdown%2Fcolor%25E5%25A4%259A%25E5%25BD%25A9%25E6%2589%258B%25E5%25B8%2590%40134_35926.exe&dc=3&ti=%E4%BA%9A%E5%8D%9A2022%E6%89%8B%E6%9C%BA%E7%99%BB%E5%BD%95%E7%BD%91%E5%9D%80(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31&ps=2136x34&drs=1&pcs=1268x939&pss=1268x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675496967&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675496968&dtm=HTML_POST&tpr=1675496967726&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=7627156683615a92&dft=0&ft=1
200 OK 15 kB URL HTTP/2 pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=2721844593&s2=3425825729<u=http%3A%2F%2F12855.url.tudown.com%2Fdown%2Fcolor%25E5%25A4%259A%25E5%25BD%25A9%25E6%2589%258B%25E5%25B8%2590%40134_35926.exe&dc=3&ti=%E4%BA%9A%E5%8D%9A2022%E6%89%8B%E6%9C%BA%E7%99%BB%E5%BD%95%E7%BD%91%E5%9D%80(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31&ps=2136x34&drs=1&pcs=1268x939&pss=1268x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675496967&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675496968&dtm=HTML_POST&tpr=1675496967726&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=7627156683615a92&dft=0&ft=1
IP
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (39028)
Hash edb4ee9c92cbe1ca02609511a3b9a81a
e9f3b5f0d49b51634457fa5b97aae72b851a5c53
2f3310c58ed5e57b11f5d4145f31c7aafac47500162c5a78afa2cff3e0efe7f0
GET /s?wid=890&hei=200&di=u5039524&s1=2721844593&s2=3425825729<u=http%3A%2F%2F12855.url.tudown.com%2Fdown%2Fcolor%25E5%25A4%259A%25E5%25BD%25A9%25E6%2589%258B%25E5%25B8%2590%40134_35926.exe&dc=3&ti=%E4%BA%9A%E5%8D%9A2022%E6%89%8B%E6%9C%BA%E7%99%BB%E5%BD%95%E7%BD%91%E5%9D%80(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31&ps=2136x34&drs=1&pcs=1268x939&pss=1268x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675496967&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675496968&dtm=HTML_POST&tpr=1675496967726&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=7627156683615a92&dft=0&ft=1 HTTP/1.1
Host: pos.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sat, 04 Feb 2023 07:48:54 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat Feb 4 15:48:54 2023
p3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
pragma: no-cache
server: nginx
set-cookie: BAIDUID=09ED7876B2BDC64F03265D4CE090D55E:FG=1; expires=Sun, 04-Feb-54 07:48:54 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
x-xss-protection: 0
content-length: 14916
X-Firefox-Spdy: h2
img1.baidu.com/it/u=121291751,3003929754&fm=253&app=138&f=JPEG?w=500&h=889
200 OK 48 kB URL HTTP/1.1 img1.baidu.com/it/u=121291751,3003929754&fm=253&app=138&f=JPEG?w=500&h=889
IP
ASN #136190 JINHUA, ZHEJIANG Province, P.R.China.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x889, components 3\012- data
Hash 2774bb738bad52556ea40b7bac0d9f57
f0c532bb13b167b3521a34a516dea8771ae15a99
19b8dad7167f2981b5ab67be25b88b10ad76b817cfa9e220ac5dca47a58d535b
GET /it/u=121291751,3003929754&fm=253&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpeg
Content-Length: 48394
Connection: keep-alive
Expires: Tue, 14 Feb 2023 23:51:35 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 2774bb738bad52556ea40b7bac0d9f57
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 15 Jan 2023 23:51:35 GMT
Ohc-Cache-HIT: jh2ct68 [1], bdix218 [4]
Ohc-File-Size: 48394
X-Cache-Status: MISS
img2.baidu.com/it/u=1079642607,3880365473&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
200 OK 11 kB URL HTTP/2 img2.baidu.com/it/u=1079642607,3880365473&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x501, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0d9ca0ceae4e5fdf6c1c793d33bbf7cf
883e0c375076956b4e878c55f55b762348c4037b
cf252431314d5f3244db3762d9adfbbcfab48d15d4957b283d72fc8a7cbdfbc5
GET /it/u=1079642607,3880365473&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:55 GMT
content-type: image/webp
content-length: 11082
expires: Wed, 22 Feb 2023 02:55:20 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 0d9ca0ceae4e5fdf6c1c793d33bbf7cf
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 02:55:20 GMT
ohc-cache-hit: chenzct65 [1], bdix212 [4]
ohc-file-size: 11082
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/365817.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/365817.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/365817.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=2994735403,968514482&fm=253&fmt=auto&app=138&f=JPEG?w=310&h=310
img0.baidu.com/it/u=4225101521,3307799046&fm=253&fmt=auto&app=120&f=JPEG?w=700&h=752
200 OK 55 kB URL HTTP/2 img0.baidu.com/it/u=4225101521,3307799046&fm=253&fmt=auto&app=120&f=JPEG?w=700&h=752
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 700x752, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a58bcb6fc234be8b013aeabaefc7fd65
0647ac60fb9decf200c79d0231c69f8820b8a022
8148f082b25b4fe191ed4b12257be4507815ade547ec600b6dc42eac06ba06cf
GET /it/u=4225101521,3307799046&fm=253&fmt=auto&app=120&f=JPEG?w=700&h=752 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:55 GMT
content-type: image/webp
content-length: 54638
expires: Tue, 21 Feb 2023 12:06:17 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: a58bcb6fc234be8b013aeabaefc7fd65
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 12:06:17 GMT
ohc-cache-hit: gyct58 [1], wzix58 [2]
ohc-file-size: 54638
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/272611.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/272611.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/272611.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=4207279856,3562824755&fm=224&app=112&f=JPEG?w=500&h=500
img0.baidu.com/it/u=3672952081,4166537123&fm=253&app=138&f=JPEG?w=500&h=666
200 OK 76 kB URL HTTP/1.1 img0.baidu.com/it/u=3672952081,4166537123&fm=253&app=138&f=JPEG?w=500&h=666
IP
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x666, components 3\012- data
Hash 7dd6453a406283711297688e2477d233
35780e29b502fe9393566fed34cd3e94bd016182
2d6b995cc136fb7b9d879328fb3f25793149f0e8dc3dc0397dc6950ee30b216d
GET /it/u=3672952081,4166537123&fm=253&app=138&f=JPEG?w=500&h=666 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpeg
Content-Length: 75931
Connection: keep-alive
Expires: Mon, 06 Feb 2023 10:11:16 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: 7dd6453a406283711297688e2477d233
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 10:11:16 GMT
Ohc-Cache-HIT: gyct53 [1], csix89 [4]
Ohc-File-Size: 75931
X-Cache-Status: MISS
12855.url.tudown.com/uploads/images/171042.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/171042.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/171042.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=18317477,3515976008&fm=253&fmt=auto&app=138&f=PNG?w=649&h=414
12855.url.tudown.com/uploads/images/978828.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/978828.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/978828.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1663510710,3414022009&fm=224&app=112&f=JPEG?w=500&h=500
12855.url.tudown.com/uploads/images/307876.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/307876.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/307876.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1860816323,2457517798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=981
t13.baidu.com/it/u=1663510710,3414022009&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 42 kB URL HTTP/1.1 t13.baidu.com/it/u=1663510710,3414022009&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 330d23b73a18b1efd94c5ee11631a277
9cca27e5d052da05139913b0ad8d44c414143dd8
3fbd15cfc59a55f3a9a189501a2705f82f6a69ebf1ddd5d23468d4711ad3408f
GET /it/u=1663510710,3414022009&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpeg
Content-Length: 41968
Connection: keep-alive
Expires: Sat, 11 Feb 2023 03:20:16 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 330d23b73a18b1efd94c5ee11631a277
Age: 2002291
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 12 Jan 2023 03:20:16 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [2], zhuzuncache57 [1], xaix101 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 41968
X-Cache-Status: HIT
Timing-Allow-Origin: *
12855.url.tudown.com/uploads/images/262940.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/262940.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/262940.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2678920358,3506451101&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
t15.baidu.com/it/u=4207279856,3562824755&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 66 kB URL HTTP/1.1 t15.baidu.com/it/u=4207279856,3562824755&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 46644c8d39591d346cd660c7ae63ab3a
1d489700e475d98545c4858a18ef6789cb9f4a93
394021276548b44d66c94f192cdad964c72128568c9165a64ad5dc6c9e3869a8
GET /it/u=4207279856,3562824755&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpeg
Content-Length: 66268
Connection: keep-alive
Expires: Tue, 28 Feb 2023 11:06:23 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 46644c8d39591d346cd660c7ae63ab3a
Age: 366842
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 29 Jan 2023 11:06:23 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache65 [1], qdix184 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 66268
X-Cache-Status: HIT
img2.baidu.com/it/u=2427161569,316359015&fm=253&fmt=auto&app=138&f=PNG?w=500&h=678
200 OK 85 kB URL HTTP/1.1 img2.baidu.com/it/u=2427161569,316359015&fm=253&fmt=auto&app=138&f=PNG?w=500&h=678
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x678, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b1654b0ddbab937efcacadf2d17446cb
33f85f0fda5fff21c571f39bd614e2f43e46c0de
fd10e0920177b7f8af8255178bcf912ea336f27fe8ca38f69829fa1146482958
GET /it/u=2427161569,316359015&fm=253&fmt=auto&app=138&f=PNG?w=500&h=678 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/webp
Content-Length: 84772
Connection: keep-alive
Expires: Wed, 22 Feb 2023 12:08:18 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: b1654b0ddbab937efcacadf2d17446cb
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 12:08:18 GMT
Ohc-Cache-HIT: chenzct57 [1], bdix193 [4]
Ohc-File-Size: 84772
X-Cache-Status: MISS
img0.baidu.com/it/u=2994735403,968514482&fm=253&fmt=auto&app=138&f=JPEG?w=310&h=310
200 OK 22 kB URL HTTP/1.1 img0.baidu.com/it/u=2994735403,968514482&fm=253&fmt=auto&app=138&f=JPEG?w=310&h=310
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 310x310, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 31bb003db59234dada204b3e5f83fda5
1e6c1c60dcfdfacf390b93a4c1372934c62245cb
912de2d1c080a22e4bd7f8ec9c169ba2f1a6f7bc01c3266d47986972cd0b2c64
GET /it/u=2994735403,968514482&fm=253&fmt=auto&app=138&f=JPEG?w=310&h=310 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/webp
Content-Length: 21734
Connection: keep-alive
Expires: Sat, 04 Mar 2023 04:10:54 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 31bb003db59234dada204b3e5f83fda5
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 02 Feb 2023 04:10:54 GMT
Ohc-Cache-HIT: gyct55 [2], xaix209 [4]
Ohc-File-Size: 21734
X-Cache-Status: MISS
img0.baidu.com/it/u=689719040,1115213152&fm=253&app=120&f=JPEG?w=1422&h=800
200 OK 121 kB URL HTTP/1.1 img0.baidu.com/it/u=689719040,1115213152&fm=253&app=120&f=JPEG?w=1422&h=800
IP
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size 121 kB (120972 bytes)
Hash 67f564eb31c902c38f723503e78f630a
50bcd8fee70f2fadabf6fa2772137696ce093786
72780875a317416f83d21e3c62e242f09ad723d64b82bba966b737f4c32b1559
GET /it/u=689719040,1115213152&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpeg
Content-Length: 120972
Connection: keep-alive
Expires: Tue, 07 Feb 2023 08:03:02 GMT
Last-Modified: Thu, 15 Jan 1970 00:00:00 GMT
ETag: 67f564eb31c902c38f723503e78f630a
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 08:03:02 GMT
Ohc-Cache-HIT: gyct56 [1], czix86 [4]
Ohc-File-Size: 120972
X-Cache-Status: MISS
12855.url.tudown.com/uploads/images/185919.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/185919.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/185919.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3204667243,2709648927&fm=253&fmt=auto&app=138&f=JPEG?w=386&h=500
12855.url.tudown.com/uploads/images/777585.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/777585.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/777585.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3097922423,625899036&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
img0.baidu.com/it/u=18317477,3515976008&fm=253&fmt=auto&app=138&f=PNG?w=649&h=414
200 OK 31 kB URL HTTP/2 img0.baidu.com/it/u=18317477,3515976008&fm=253&fmt=auto&app=138&f=PNG?w=649&h=414
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 649x414, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 92c8a71cd6f53346a61e573c888bec7a
ec4b8d85a0b1a748b86d5de90420cbf940e53d63
312f334a98184cabc2999aa47a835a3dc9db07920d1ac4dfb9d958d8a470fc28
GET /it/u=18317477,3515976008&fm=253&fmt=auto&app=138&f=PNG?w=649&h=414 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:56 GMT
content-type: image/webp
content-length: 30828
expires: Wed, 01 Mar 2023 20:57:09 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 92c8a71cd6f53346a61e573c888bec7a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 30 Jan 2023 20:57:08 GMT
ohc-cache-hit: gyct54 [1], xiangyix182 [4]
ohc-file-size: 30828
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/920272.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/920272.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/920272.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=211325146,2639768682&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=733
12855.url.tudown.com/uploads/images/1240.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/1240.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/1240.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2302691202,3561704378&fm=224&app=112&f=JPEG?w=500&h=500
img0.baidu.com/it/u=2678920358,3506451101&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
200 OK 20 kB URL HTTP/2 img0.baidu.com/it/u=2678920358,3506451101&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2797e473cb23be8009431b84bdaec029
1092311d5aad3b8e62850060369b5923506f2612
96baddb41d02b42459b0e49cd6ea05048c4549dedd78270ffd7ffdbae68bb3a4
GET /it/u=2678920358,3506451101&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:56 GMT
content-type: image/webp
content-length: 20376
expires: Mon, 27 Feb 2023 03:01:56 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 2797e473cb23be8009431b84bdaec029
age: 174144
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 28 Jan 2023 03:01:56 GMT
ohc-cache-hit: gyct51 [4], czix155 [4]
ohc-file-size: 20376
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1860816323,2457517798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=981
200 OK 38 kB URL HTTP/2 img0.baidu.com/it/u=1860816323,2457517798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=981
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x981, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3a810cb9662aacd3acb2c2b1a3c6687b
19a165caaf10c3bfabca5e7e5e0cdf99d838f053
47d8d67372db5a255bb5a87106be70e467a49e53d40882825f2c22e6c6853099
GET /it/u=1860816323,2457517798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=981 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:56 GMT
content-type: image/webp
content-length: 37878
expires: Sun, 26 Feb 2023 01:28:25 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 3a810cb9662aacd3acb2c2b1a3c6687b
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 01:28:25 GMT
ohc-cache-hit: gyct61 [1], bdix230 [4]
ohc-file-size: 37878
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/101049.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/101049.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/101049.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1659083339,3866357200&fm=253&fmt=auto?w=1280&h=800
sofire.baidu.com/abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-e9be7a12adfb308c47ac8395342339f071f479c6&9=0&10=0&11=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F12855.url.tudown.com%2Fdown%2Fcolor%25E5%25A4%259A%25E5%25BD%25A9%25E6%2589%258B%25E5%25B8%2590%40134_35926.exe&t=1675496969125&r=init
200 OK 0 B URL HTTP/2 sofire.baidu.com/abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-e9be7a12adfb308c47ac8395342339f071f479c6&9=0&10=0&11=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F12855.url.tudown.com%2Fdown%2Fcolor%25E5%25A4%259A%25E5%25BD%25A9%25E6%2589%258B%25E5%25B8%2590%40134_35926.exe&t=1675496969125&r=init
IP
ASN #23724 IDC, China Telecommunications Corporation
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-e9be7a12adfb308c47ac8395342339f071f479c6&9=0&10=0&11=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F12855.url.tudown.com%2Fdown%2Fcolor%25E5%25A4%259A%25E5%25BD%25A9%25E6%2589%258B%25E5%25B8%2590%40134_35926.exe&t=1675496969125&r=init HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Sat, 04 Feb 2023 07:48:56 GMT
content-length: 0
X-Firefox-Spdy: h2
sofire.baidu.com/h5/t/8800
204 No Content 0 B URL HTTP/2 sofire.baidu.com/h5/t/8800
IP
ASN #23724 IDC, China Telecommunications Corporation
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /h5/t/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-bdh5-pf
Referer: http://12855.url.tudown.com/
Origin: http://12855.url.tudown.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://12855.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
date: Sat, 04 Feb 2023 07:48:56 GMT
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/491706.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/491706.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/491706.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=437089299,1155026280&fm=224&app=112&f=JPEG?w=500&h=500
sofire.baidu.com/h5/e/8800
204 No Content 0 B URL HTTP/2 sofire.baidu.com/h5/e/8800
IP
ASN #23724 IDC, China Telecommunications Corporation
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /h5/e/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-bdh5-pf
Referer: http://12855.url.tudown.com/
Origin: http://12855.url.tudown.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://12855.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
date: Sat, 04 Feb 2023 07:48:56 GMT
X-Firefox-Spdy: h2
t13.baidu.com/it/u=437089299,1155026280&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 86 kB URL HTTP/1.1 t13.baidu.com/it/u=437089299,1155026280&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 7a7bcada2783be8d2188dec027ae14be
b27efb461f7432daf458ac99b141ca9acd425423
9c8c2e6c55cd5e8df09c05d7b9f7d833909dc254562722c8c0f2930609e793c1
GET /it/u=437089299,1155026280&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpeg
Content-Length: 85539
Connection: keep-alive
Expires: Sat, 04 Mar 2023 03:38:51 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 7a7bcada2783be8d2188dec027ae14be
Age: 161897
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 02 Feb 2023 03:38:51 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache64 [1], xaix242 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 85539
X-Cache-Status: HIT
Timing-Allow-Origin: *
img2.baidu.com/it/u=2903415963,3418617759&fm=253&app=120&f=JPEG?w=1280&h=800
200 OK 72 kB URL HTTP/1.1 img2.baidu.com/it/u=2903415963,3418617759&fm=253&app=120&f=JPEG?w=1280&h=800
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash 8f51b05e1bff4defbce03c76cf22f926
2d3b51f7ee59f362942dcff66fda32b292aa3ce4
9609b05619c23d9cf7681d66775f6c7d0cc2abf5bfd53b173960177e80fc2259
GET /it/u=2903415963,3418617759&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpeg
Content-Length: 72124
Connection: keep-alive
Expires: Mon, 27 Feb 2023 17:20:52 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 8f51b05e1bff4defbce03c76cf22f926
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 28 Jan 2023 17:20:52 GMT
Ohc-Cache-HIT: chenzct67 [1], qdix173 [4]
Ohc-File-Size: 72124
X-Cache-Status: MISS
img2.baidu.com/it/u=3097922423,625899036&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
200 OK 34 kB URL HTTP/2 img2.baidu.com/it/u=3097922423,625899036&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d90918c6c3a77cc79072cd6fb4de8853
1726465b372f9642ab2ccfb3e0872e64e921bfad
33b3b257827ae12ea749c0f5bce7cc7d4455ecce4bf9330e19b653512727f61f
GET /it/u=3097922423,625899036&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:56 GMT
content-type: image/webp
content-length: 33576
expires: Sun, 05 Mar 2023 21:27:20 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: d90918c6c3a77cc79072cd6fb4de8853
age: 10129
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 03 Feb 2023 21:27:20 GMT
ohc-cache-hit: chenzct79 [4], wzix89 [4]
ohc-file-size: 33576
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3204667243,2709648927&fm=253&fmt=auto&app=138&f=JPEG?w=386&h=500
200 OK 48 kB URL HTTP/2 img2.baidu.com/it/u=3204667243,2709648927&fm=253&fmt=auto&app=138&f=JPEG?w=386&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 386x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b8b4b2df138cf65b40022f5cdd3c9d39
075f04817d28f165793724b833964f0848c75cb4
4db9a1d3fd455f66568865fe85d17189c58bf1778d6aa436f8b389634805c42b
GET /it/u=3204667243,2709648927&fm=253&fmt=auto&app=138&f=JPEG?w=386&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:56 GMT
content-type: image/webp
content-length: 47616
expires: Tue, 07 Feb 2023 14:30:44 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: b8b4b2df138cf65b40022f5cdd3c9d39
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 08 Jan 2023 14:30:44 GMT
ohc-cache-hit: chenzct72 [1], suzix116 [4]
ohc-file-size: 47616
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/39302.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/39302.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/39302.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1612866542,1335902659&fm=224&app=112&f=JPEG?w=500&h=500
12855.url.tudown.com/uploads/images/337550.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/337550.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/337550.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=929446061,1192946017&fm=224&app=112&f=JPEG?w=350&h=350
sofire.baidu.com/h5/t/8800
200 OK 591 B URL HTTP/2 sofire.baidu.com/h5/t/8800
IP
ASN #23724 IDC, China Telecommunications Corporation
File type JSON data\012- , ASCII text, with very long lines (591), with no line terminators
Hash 6cd03ff835bfa2a1657d630d12d64a9e
575a8a8eb1323dee2b60eae53f354074e779f19b
9339253659b315319a9337ad14460c518dca3c011b78bce847b1eeb16883c55f
POST /h5/t/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
X-Bdh5-Pf: 1
Content-Length: 3346
Origin: http://12855.url.tudown.com
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://12855.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
content-type: application/json; charset=utf-8
date: Sat, 04 Feb 2023 07:48:56 GMT
content-length: 591
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/375256.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/375256.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/375256.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2469355530,4007533252&fm=253&app=120&f=JPEG?w=1280&h=800
sofire.baidu.com/h5/e/8800
200 OK 77 B URL HTTP/2 sofire.baidu.com/h5/e/8800
IP
ASN #23724 IDC, China Telecommunications Corporation
File type JSON data\012- , ASCII text, with no line terminators
Hash ce5f555a283811c9bfdd86cb20dcf37e
332c87587d50685f844d39b2818a1e26112ca8e8
f820bab2cee36043a95b072985b513937fbec3241ae4db21e3d17f91d4ff4898
POST /h5/e/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
X-Bdh5-Pf: 1
Origin: http://12855.url.tudown.com
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://12855.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
content-type: application/json; charset=utf-8
date: Sat, 04 Feb 2023 07:48:56 GMT
content-length: 77
X-Firefox-Spdy: h2
t13.baidu.com/it/u=929446061,1192946017&fm=224&app=112&f=JPEG?w=350&h=350
200 OK 30 kB URL HTTP/1.1 t13.baidu.com/it/u=929446061,1192946017&fm=224&app=112&f=JPEG?w=350&h=350
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 350x350, components 3\012- data
Hash 07a541c1b5228cdd4572acd715182812
6dd1733c92cfac5d7f61ffcbf177c6294441a19b
73ef1c6f8256f034ea929264ea65c3f9f5aed575e6103d156d04b5704442c206
GET /it/u=929446061,1192946017&fm=224&app=112&f=JPEG?w=350&h=350 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpeg
Content-Length: 30018
Connection: keep-alive
Expires: Mon, 06 Feb 2023 12:06:42 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 07a541c1b5228cdd4572acd715182812
Age: 541052
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 12:06:42 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [2], zhuzuncache65 [1], czix186 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 30018
X-Cache-Status: HIT
Timing-Allow-Origin: *
12855.url.tudown.com/uploads/images/163334.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/163334.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/163334.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2236432464,3715600255&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709
12855.url.tudown.com/uploads/images/899476.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/899476.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/899476.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=427115793,3800982710&fm=224&app=112&f=PNG?w=500&h=500
img0.baidu.com/it/u=1659083339,3866357200&fm=253&fmt=auto?w=1280&h=800
200 OK 48 kB URL HTTP/2 img0.baidu.com/it/u=1659083339,3866357200&fm=253&fmt=auto?w=1280&h=800
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 860a3490c3e473908d2e5a561216cf6e
17484c1ad9d5dcd5e2477b4a360765ca747bddb8
e1c95dab56da158e11038817d1322ce0e72cbd3f6d8adceab15418e654f79d73
GET /it/u=1659083339,3866357200&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:56 GMT
content-type: image/webp
content-length: 47814
expires: Fri, 24 Feb 2023 00:59:59 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 860a3490c3e473908d2e5a561216cf6e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 00:59:59 GMT
ohc-cache-hit: gyct60 [1], bdix214 [2]
ohc-file-size: 47814
x-cache-status: MISS
X-Firefox-Spdy: h2
t15.baidu.com/it/u=1612866542,1335902659&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 40 kB URL HTTP/1.1 t15.baidu.com/it/u=1612866542,1335902659&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash af61f0c4c49b9c5a2794de949403419e
327c063fec078aae0785cd4cab909705663227f5
fe7e2c033be46f2a8f9fe24d149be7fba81a85ea988d72c80c32a564b9f9b832
GET /it/u=1612866542,1335902659&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpeg
Content-Length: 39516
Connection: keep-alive
Expires: Wed, 08 Feb 2023 08:35:07 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: af61f0c4c49b9c5a2794de949403419e
Age: 364460
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 08:35:07 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [2], zhuzuncache58 [1], xiangyix74 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 39516
X-Cache-Status: HIT
Timing-Allow-Origin: *
12855.url.tudown.com/uploads/images/487643.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/487643.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/487643.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3703390478,297776897&fm=253&fmt=auto&app=138&f=JPEG?w=354&h=500
img2.baidu.com/it/u=211325146,2639768682&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=733
200 OK 51 kB URL HTTP/2 img2.baidu.com/it/u=211325146,2639768682&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=733
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x733, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 85563554b30da8cd50e4da75c2318738
83bff71626201f216e38ee9db58346d9e7069cd7
d22b80441feb7bac504bd50c17f2675341b0de453ca76565034e101790681f62
GET /it/u=211325146,2639768682&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=733 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:56 GMT
content-type: image/webp
content-length: 50932
expires: Sat, 11 Feb 2023 08:45:39 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 85563554b30da8cd50e4da75c2318738
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 12 Jan 2023 08:45:39 GMT
ohc-cache-hit: chenzct81 [1], xaix137 [4]
ohc-file-size: 50932
x-cache-status: MISS
X-Firefox-Spdy: h2
t13.baidu.com/it/u=427115793,3800982710&fm=224&app=112&f=PNG?w=500&h=500
200 OK 475 kB URL HTTP/1.1 t13.baidu.com/it/u=427115793,3800982710&fm=224&app=112&f=PNG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size 475 kB (475205 bytes)
Hash 28748d15e4b226c8007a462dd4b55ef8
cf4b096c4ebc699bf29d065fd0e7cfdebf474ea3
2b91770f1ce1d45f88d8d2580f3fdb32025a53bea635b62a7ca5080d961d799c
GET /it/u=427115793,3800982710&fm=224&app=112&f=PNG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/png
Content-Length: 475205
Connection: keep-alive
Expires: Fri, 10 Feb 2023 03:34:38 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 28748d15e4b226c8007a462dd4b55ef8
Age: 2025471
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 03:34:38 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache89 [3], czix89 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 475205
X-Cache-Status: HIT
bdcode.2345.com/js/logo/css/logo-sm.css
200 OK 783 B URL HTTP/2 bdcode.2345.com/js/logo/css/logo-sm.css
IP
File type ASCII text, with very long lines (2128), with no line terminators
Hash 621b3563f1231de3a058fa25980064be
c2575c8110cbaba0c87c543fabf7c592789ad67f
37944a5c3981b16d6a498a7dc9427edcd64c1752e6728c5323525bc400efc8d6
GET /js/logo/css/logo-sm.css HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: gzip
content-type: text/css
date: Sat, 04 Feb 2023 07:48:56 GMT
etag: W/"61e63136-850"
expires: Sat, 04 Feb 2023 08:48:56 GMT
last-modified: Tue, 18 Jan 2022 03:17:10 GMT
p3p: CP=" OTI DSP COR IVA OUR IND COM "
server: yunjiasu
yjs-id: c202e416151437e4-143
content-length: 783
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/19024.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/19024.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/19024.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=422049887,1292202835&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
12855.url.tudown.com/uploads/images/808269.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/808269.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/808269.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4134436382,1159220072&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=822
12855.url.tudown.com/uploads/images/416005.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/416005.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/416005.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1168416887,144403695&fm=224&app=112&f=JPEG?w=500&h=500
img1.baidu.com/it/u=2236432464,3715600255&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709
200 OK 25 kB URL HTTP/2 img1.baidu.com/it/u=2236432464,3715600255&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709
IP
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x709, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f8793bfa2048bf86a6d266ef085b473d
2000c9229d9411a7199adf5dc8a2654194625195
636145cbfc4909793c68b91ab9b6372833f8af6a2f14da0af9c10d4af1dec43f
GET /it/u=2236432464,3715600255&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:56 GMT
content-type: image/webp
content-length: 24992
expires: Wed, 08 Feb 2023 07:42:21 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: f8793bfa2048bf86a6d266ef085b473d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 09 Jan 2023 07:42:21 GMT
ohc-cache-hit: cd2ct50 [1], csix105 [4]
ohc-file-size: 24992
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/542991.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/542991.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/542991.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=537538927,714582321&fm=253&fmt=auto&app=138&f=PNG?w=500&h=831
t13.baidu.com/it/u=1168416887,144403695&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 30 kB URL HTTP/1.1 t13.baidu.com/it/u=1168416887,144403695&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 2eebcdc310e2a41fc01d358e705e8d31
582698b4fd601e19619fec238afcaee8834c5e87
52e61564dce1c856693f3e995acf3e1a1395c5ed4c18004f77a1e584ac07b8c6
GET /it/u=1168416887,144403695&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpeg
Content-Length: 30492
Connection: keep-alive
Expires: Sat, 11 Feb 2023 06:33:20 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: 2eebcdc310e2a41fc01d358e705e8d31
Age: 1857334
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 12 Jan 2023 06:33:19 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache54 [2], suzix229 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 30492
X-Cache-Status: HIT
Timing-Allow-Origin: *
12855.url.tudown.com/uploads/images/220744.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/220744.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/220744.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1944347316,1974881700&fm=253&fmt=auto&app=138&f=JPEG?w=100&h=100
img2.baidu.com/it/u=3703390478,297776897&fm=253&fmt=auto&app=138&f=JPEG?w=354&h=500
200 OK 26 kB URL HTTP/2 img2.baidu.com/it/u=3703390478,297776897&fm=253&fmt=auto&app=138&f=JPEG?w=354&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 354x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 48f050ec213e6150303f6932590386e7
4445e7ca76beabcb8e51b5b51a6a055943c9ec40
1adb80a7132f8027a51b5870c2611b80c74a1302c08481e3cc4007fd056036ba
GET /it/u=3703390478,297776897&fm=253&fmt=auto&app=138&f=JPEG?w=354&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:56 GMT
content-type: image/webp
content-length: 25642
expires: Tue, 21 Feb 2023 07:20:59 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 48f050ec213e6150303f6932590386e7
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 07:20:59 GMT
ohc-cache-hit: chenzct64 [1], xaix211 [2]
ohc-file-size: 25642
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2469355530,4007533252&fm=253&app=120&f=JPEG?w=1280&h=800
200 OK 110 kB URL HTTP/1.1 img2.baidu.com/it/u=2469355530,4007533252&fm=253&app=120&f=JPEG?w=1280&h=800
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 110 kB (110116 bytes)
Hash 2ee56860b40bb76a61230f98697a0c97
a67a5461c7d1239e3d72d1a334f73ef4be2986a4
cdf83a7028e538363211a860261395ef915f26ccbc65bb83db1befea3011ca95
GET /it/u=2469355530,4007533252&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpeg
Content-Length: 110116
Connection: keep-alive
Expires: Sun, 05 Feb 2023 09:11:47 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 2ee56860b40bb76a61230f98697a0c97
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 09:11:47 GMT
Ohc-Cache-HIT: chenzct82 [1], suzix148 [2]
Ohc-File-Size: 110116
X-Cache-Status: MISS
12855.url.tudown.com/uploads/images/97386.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/97386.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/97386.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1413665729,950515299&fm=224&app=112&f=JPEG?w=500&h=500
img0.baidu.com/it/u=4134436382,1159220072&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=822
200 OK 29 kB URL HTTP/2 img0.baidu.com/it/u=4134436382,1159220072&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=822
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x822, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a4ea0ee5ad5f19fb90afc3ffd67ab1a0
0723f07b55afa5634c0f61d781157b9834fc90b0
809907f76dcfb20af6016630631b9d636824cf4e281a82e36c0e88d072a5723f
GET /it/u=4134436382,1159220072&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=822 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:57 GMT
content-type: image/webp
content-length: 28664
expires: Wed, 15 Feb 2023 08:58:25 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: a4ea0ee5ad5f19fb90afc3ffd67ab1a0
age: 1277907
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 16 Jan 2023 08:58:25 GMT
ohc-cache-hit: gyct61 [4], wzix108 [4]
ohc-file-size: 28664
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=422049887,1292202835&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
200 OK 12 kB URL HTTP/2 img1.baidu.com/it/u=422049887,1292202835&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
IP
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 270x185, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0c6d30ecc6ce05d3832b57e04f2962a3
3a5d08a8578e5754bf2a55e45293ffb945a687f1
737fc07ba04023e3bff8c1abce2d6fefc8f2f5475e262568c5573fa6a416313b
GET /it/u=422049887,1292202835&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:57 GMT
content-type: image/webp
content-length: 11678
expires: Tue, 21 Feb 2023 23:45:55 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 0c6d30ecc6ce05d3832b57e04f2962a3
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 23:45:55 GMT
ohc-cache-hit: cd2ct64 [1], bdix210 [2]
ohc-file-size: 11678
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/89610.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/89610.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/89610.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=591494372,4032779055&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
12855.url.tudown.com/uploads/images/658187.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/658187.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/658187.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=433080601,332529642&fm=224&app=112&f=JPEG?w=500&h=500
img0.baidu.com/it/u=1944347316,1974881700&fm=253&fmt=auto&app=138&f=JPEG?w=100&h=100
200 OK 3.3 kB URL HTTP/2 img0.baidu.com/it/u=1944347316,1974881700&fm=253&fmt=auto&app=138&f=JPEG?w=100&h=100
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 70a8ba9c4edf9e868397f30e73cc4556
feb5b7b916a21ef5283d32f3c293717dfb0ed037
19458eb6247e810e9ce761da2e587e1059e237fc9c7ffa8b8d8487a7718edd54
GET /it/u=1944347316,1974881700&fm=253&fmt=auto&app=138&f=JPEG?w=100&h=100 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:57 GMT
content-type: image/webp
content-length: 3326
expires: Wed, 22 Feb 2023 03:25:33 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 70a8ba9c4edf9e868397f30e73cc4556
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 03:25:33 GMT
ohc-cache-hit: gyct62 [1], xaix125 [4]
ohc-file-size: 3326
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/92082.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/92082.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/92082.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=660712573,2266555466&fm=253&fmt=auto&app=138&f=JPEG?w=668&h=500
12855.url.tudown.com/uploads/images/439352.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/439352.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/439352.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD
12855.url.tudown.com/uploads/images/691650.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/691650.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/691650.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=243961687,3241123276&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=363
img2.baidu.com/it/u=537538927,714582321&fm=253&fmt=auto&app=138&f=PNG?w=500&h=831
200 OK 159 kB URL HTTP/2 img2.baidu.com/it/u=537538927,714582321&fm=253&fmt=auto&app=138&f=PNG?w=500&h=831
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x831, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 159 kB (159164 bytes)
Hash 6e3aa246b3d6e3975ee83e684a6eb956
e2d068e9430752589a9676aaa634d61901e21dd7
8f22dcd63160447b55dfc7b342b55ce13a70ca3574d1872358a0c7376f9c1954
GET /it/u=537538927,714582321&fm=253&fmt=auto&app=138&f=PNG?w=500&h=831 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:57 GMT
content-type: image/webp
content-length: 159164
expires: Wed, 01 Mar 2023 12:41:13 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 6e3aa246b3d6e3975ee83e684a6eb956
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 30 Jan 2023 12:41:13 GMT
ohc-cache-hit: chenzct64 [2], qdix109 [3]
ohc-file-size: 159164
x-cache-status: MISS
X-Firefox-Spdy: h2
t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD
200 OK 52 kB URL HTTP/1.1 t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash ee58bc975bdf2da81d2423fa198793db
903380ced71106832c8792c0a57a99dd42ff49d0
7426f646b2d59501b3a598aa5c5d965247bc857253e95fd798f15ac6f1316abd
GET /it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpeg
Content-Length: 51923
Connection: keep-alive
Expires: Thu, 23 Feb 2023 21:36:49 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: ee58bc975bdf2da81d2423fa198793db
Age: 884029
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 21:36:49 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [2], zhuzuncache50 [1], xiangyix218 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51923
X-Cache-Status: HIT
Timing-Allow-Origin: *
bdcode.2345.com/js/logo/js/logo.js
200 OK 7.6 kB URL HTTP/2 bdcode.2345.com/js/logo/js/logo.js
IP
File type Unicode text, UTF-8 text, with very long lines (14002), with no line terminators
Hash 699865e9a63a241e32ba5acf2d6f2b4d
d2052ac4693c8a3d6c1b8842e85cc29297148ccf
9b02c771844c5e8f20708ddd253377519579061970c5bfe9179452c5c6cc309e
Analyzer Verdict Alert fortinet Malware
GET /js/logo/js/logo.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: gzip
content-type: application/x-javascript
date: Sat, 04 Feb 2023 07:48:56 GMT
etag: W/"630ecdaa-371a"
expires: Sat, 04 Feb 2023 08:48:56 GMT
last-modified: Wed, 31 Aug 2022 02:55:38 GMT
p3p: CP=" OTI DSP COR IVA OUR IND COM "
server: yunjiasu
yjs-id: c202e410329f37e4-143
X-Firefox-Spdy: h2
t13.baidu.com/it/u=1413665729,950515299&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 64 kB URL HTTP/1.1 t13.baidu.com/it/u=1413665729,950515299&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 23ff52a9180ce32c627976178f696784
01ad874431bdf6adf60395117e5065b2687571a4
4e03acbe003d62ed6d3817a0d6c4891e3c434a908af3fcc8e1a35209c1dafaaf
GET /it/u=1413665729,950515299&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpeg
Content-Length: 63836
Connection: keep-alive
Expires: Mon, 06 Mar 2023 07:20:54 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 23ff52a9180ce32c627976178f696784
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 07:20:54 GMT
Ohc-Upstream-Trace: 58.20.204.60
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [2], bduncache60 [4], xaix194 [4]
Ohc-Response-Time: 1 0 0 0 350 350
Ohc-File-Size: 63836
X-Cache-Status: MISS
Timing-Allow-Origin: *
t14.baidu.com/it/u=433080601,332529642&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 57 kB URL HTTP/1.1 t14.baidu.com/it/u=433080601,332529642&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 61f8a75bc4d111407858ccdda640be66
19f1c2ecfd907faf8e61ec60514f1c39eb186a1c
043cf1ff2184540376986ec0cf337c6c76d6679867e55dcd28b0baed75ed5d3e
GET /it/u=433080601,332529642&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpeg
Content-Length: 57388
Connection: keep-alive
Expires: Thu, 02 Mar 2023 16:12:08 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 61f8a75bc4d111407858ccdda640be66
Age: 18346
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 16:12:08 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [2], zhuzuncache51 [1], suzix51 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 57388
X-Cache-Status: HIT
Timing-Allow-Origin: *
12855.url.tudown.com/uploads/images/815158.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/815158.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/815158.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3264976075,114542755&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
img0.baidu.com/it/u=591494372,4032779055&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
200 OK 30 kB URL HTTP/2 img0.baidu.com/it/u=591494372,4032779055&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
IP
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x501, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7b2d3cde4a8bf6bea519f139218b81b1
1efc54ba6f445adf5b2f55a6298fb7d77a4cb882
239caa3b4ccd6e12feb5f015fcd757a2dd7c124899e469a5e8e9314c1f314adf
GET /it/u=591494372,4032779055&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:57 GMT
content-type: image/webp
content-length: 30402
expires: Thu, 02 Mar 2023 04:56:53 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 7b2d3cde4a8bf6bea519f139218b81b1
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 04:56:53 GMT
ohc-cache-hit: gyct61 [1], xiangyix61 [4]
ohc-file-size: 30402
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/819321.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/819321.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/819321.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1985517073,447975328&fm=253&fmt=auto?w=1280&h=800
12855.url.tudown.com/uploads/images/970791.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/970791.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/970791.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=1067049637,3872217364&fm=253&app=138&f=JPEG?w=500&h=889
12855.url.tudown.com/uploads/images/91120.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/91120.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/91120.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=864322244,3640025780&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=658
img1.baidu.com/it/u=660712573,2266555466&fm=253&fmt=auto&app=138&f=JPEG?w=668&h=500
200 OK 28 kB URL HTTP/2 img1.baidu.com/it/u=660712573,2266555466&fm=253&fmt=auto&app=138&f=JPEG?w=668&h=500
IP
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 668x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ba131ef9771451ffd350ba18089ce5a2
c7dd911fd276902b26e8f9dbae690f6bf98519b3
9e1b17a0d542f7d5bdec9484cc22348e19fb21a34303f28e46cf6583cfda32d8
GET /it/u=660712573,2266555466&fm=253&fmt=auto&app=138&f=JPEG?w=668&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:57 GMT
content-type: image/webp
content-length: 27732
expires: Mon, 20 Feb 2023 10:52:39 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: ba131ef9771451ffd350ba18089ce5a2
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 10:52:39 GMT
ohc-cache-hit: cd2ct60 [1], czix82 [4]
ohc-file-size: 27732
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/774291.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/774291.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/774291.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3427889961,1258402341&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500
12855.url.tudown.com/uploads/images/35503.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/35503.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/35503.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1801752014,1226642322&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=729
img1.baidu.com/it/u=243961687,3241123276&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=363
200 OK 32 kB URL HTTP/2 img1.baidu.com/it/u=243961687,3241123276&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=363
IP
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x363, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash bbcd97aa09f747abf3e079d977d5a9a7
dcc3df5c6b858f5e0903ab1c04ffc228339b9c88
34b9aed218499375036748f06b393d149b9d19f383f4880b5423d51145fdd37e
GET /it/u=243961687,3241123276&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=363 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:57 GMT
content-type: image/webp
content-length: 31524
expires: Tue, 07 Feb 2023 05:18:06 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: bbcd97aa09f747abf3e079d977d5a9a7
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 08 Jan 2023 05:18:06 GMT
ohc-cache-hit: cd2ct66 [1], suzix84 [4]
ohc-file-size: 31524
x-cache-status: MISS
X-Firefox-Spdy: h2
cpro.baidustatic.com/cpro/ui/noexpire/img/2.0.0/native_ad.png
200 OK 4.5 kB URL HTTP/2 cpro.baidustatic.com/cpro/ui/noexpire/img/2.0.0/native_ad.png
IP
File type PNG image data, 44 x 984, 8-bit colormap, non-interlaced\012- data
Hash 3e2d110dd13ae372eac3c04347687487
666c77091671206a1ee7202bfa821afa63dfed94
4b86aeb9d139835e6517cef965d3442d8efca774abc2d6befc580ec63aace62e
GET /cpro/ui/noexpire/img/2.0.0/native_ad.png HTTP/1.1
Host: cpro.baidustatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:57 GMT
content-type: image/png
content-length: 4514
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 01 Apr 2022 07:05:03 GMT
etag: "6246a41f-11a2"
cache-control: max-age=315360000
age: 1576038
accept-ranges: bytes
timing-allow-origin: *
ohc-global-saved-time: Tue, 21 Jun 2022 04:49:12 GMT
ohc-cache-hit: yy2ct60 [2], wzix60 [2]
ohc-file-size: 4514
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=3264976075,114542755&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
200 OK 50 kB URL HTTP/2 img1.baidu.com/it/u=3264976075,114542755&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b052759a95c894fe93caa2780cd56b3d
9784bca8fe1061c7ea5443bae52f01ce56a23821
42cb261bdcc8f8344c09a6dba8b2200910adba0b4200a1cd69c8aa7efdbdd0ce
GET /it/u=3264976075,114542755&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:57 GMT
content-type: image/webp
content-length: 50134
expires: Sat, 04 Mar 2023 16:35:53 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: b052759a95c894fe93caa2780cd56b3d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 16:35:53 GMT
ohc-cache-hit: cd2ct50 [1], csix108 [2]
ohc-file-size: 50134
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/709854.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/709854.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/709854.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=215821373,307198680&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
t13.baidu.com/it/u=2302691202,3561704378&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 36 kB URL HTTP/1.1 t13.baidu.com/it/u=2302691202,3561704378&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 6113b68c62687f9cbaaccf4d1ed41328
58b8958419648f7f84bc93c37ed3359c8f1ee426
d9ce989d0b1b7fcc060f0492efff8d088d0e39d0bf96a7acde72ba253730e3bf
GET /it/u=2302691202,3561704378&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:58 GMT
Content-Type: image/jpeg
Content-Length: 36313
Connection: keep-alive
Expires: Mon, 27 Feb 2023 17:23:05 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 6113b68c62687f9cbaaccf4d1ed41328
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 28 Jan 2023 17:23:04 GMT
Ohc-Upstream-Trace: 113.142.198.127; 58.20.204.59
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache59 [1], xaix127 [4]
Ohc-Response-Time: 1 0 0 0 1752 1752
Ohc-File-Size: 36313
X-Cache-Status: MISS
Timing-Allow-Origin: *
img2.baidu.com/it/u=864322244,3640025780&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=658
200 OK 24 kB URL HTTP/2 img2.baidu.com/it/u=864322244,3640025780&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=658
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x658, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9c710db1765454f81d296041ac0f4848
9e8c5929d3eb5c314e23a84f1ecf77d77fa18d7d
8e9f7c6164585c831596a54de6c9639371380ab998efc76ea508f339ce40c7b7
GET /it/u=864322244,3640025780&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=658 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:57 GMT
content-type: image/webp
content-length: 24522
expires: Tue, 14 Feb 2023 02:32:40 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 9c710db1765454f81d296041ac0f4848
age: 176886
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 02:32:40 GMT
ohc-cache-hit: chenzct52 [4], wzix109 [4]
ohc-file-size: 24522
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1067049637,3872217364&fm=253&app=138&f=JPEG?w=500&h=889
200 OK 63 kB URL HTTP/1.1 img0.baidu.com/it/u=1067049637,3872217364&fm=253&app=138&f=JPEG?w=500&h=889
IP
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x889, components 3\012- data
Hash a1428025b51977a8b92d6c15e4963a50
f6aaa5c35b81e0b22611a91f0e2f06dfe36ce8b1
8b6ebec081c08de910bf09201fa293b5ea4d69cbd1722e684395eb7b6687ba62
GET /it/u=1067049637,3872217364&fm=253&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12855.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpeg
Content-Length: 62652
Connection: keep-alive
Expires: Fri, 03 Mar 2023 12:16:03 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: a1428025b51977a8b92d6c15e4963a50
Age: 241316
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 01 Feb 2023 12:16:03 GMT
Ohc-Cache-HIT: gyct55 [4], csix71 [2]
Ohc-File-Size: 62652
X-Cache-Status: HIT
img2.baidu.com/it/u=1985517073,447975328&fm=253&fmt=auto?w=1280&h=800
200 OK 74 kB URL HTTP/2 img2.baidu.com/it/u=1985517073,447975328&fm=253&fmt=auto?w=1280&h=800
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 759d67143ff2a2645f279ced8379b656
c38d092d5638391c135bc9d815dfa0106fab0a4a
52f1148c1f1865190cb646310951563a94f9b1257e9e56ed0372271899278a57
GET /it/u=1985517073,447975328&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:57 GMT
content-type: image/webp
content-length: 73872
expires: Sat, 18 Feb 2023 03:59:50 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 759d67143ff2a2645f279ced8379b656
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 03:59:50 GMT
ohc-cache-hit: chenzct61 [1], bdix61 [4]
ohc-file-size: 73872
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/520871.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/520871.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/520871.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=396887868,238860106&fm=253&fmt=auto&app=138&f=JPEG?w=542&h=500
img2.baidu.com/it/u=3427889961,1258402341&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500
200 OK 10 kB URL HTTP/2 img2.baidu.com/it/u=3427889961,1258402341&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 281x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0ddca9b018164f65612da5c03fff1d97
2a916f4ef150b3549e7e7410d23d4ea6d35b70a7
528674fa117944c657a2d1e4dfaa614dc83db7793e562b4e9378ac2c652d4c2c
GET /it/u=3427889961,1258402341&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:57 GMT
content-type: image/webp
content-length: 9974
expires: Sun, 26 Feb 2023 04:51:05 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 0ddca9b018164f65612da5c03fff1d97
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 04:51:05 GMT
ohc-cache-hit: chenzct72 [1], xaix178 [4]
ohc-file-size: 9974
x-cache-status: MISS
X-Firefox-Spdy: h2
12855.url.tudown.com/uploads/images/884340.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/884340.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/884340.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=989778572,1961813752&fm=224&app=112&f=JPEG?w=500&h=500
12855.url.tudown.com/uploads/images/433176.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/433176.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/433176.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1731480874,3951617793&fm=253&fmt=auto&app=138&f=JPEG?w=441&h=600
12855.url.tudown.com/uploads/images/361116.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/361116.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/361116.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2532042116,102810498&fm=224&app=112&f=JPEG?w=500&h=500
12855.url.tudown.com/uploads/images/937439.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12855.url.tudown.com/uploads/images/937439.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/937439.jpg HTTP/1.1
Host: 12855.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12855.url.tudown.com/down/color%E5%A4%9A%E5%BD%A9%E6%89%8B%E5%B8%90@134_35926.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 07:48:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3227887794,1820708213&fm=253&fmt=auto?w=120&h=80
img2.baidu.com/it/u=215821373,307198680&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
200 OK 17 kB URL HTTP/2 img2.baidu.com/it/u=215821373,307198680&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cbd75a6d159fd59ddcf5ef1269070ddf
5c5b56fbac56567f07bd371c2ef9a340fc902061
b735fa5590962bc38b5adebcd9b22fd03ed3f4f54892c8a7750bb3fe71ac0817
GET /it/u=215821373,307198680&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12855.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 07:48:58 GMT
content-type: image/webp
content-length: 17094
expires: Sun, 26 Feb 2023 06:39:56 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: cbd75a6d159fd59ddcf5ef1269070ddf
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 06:39:56 GMT
ohc-cache-hit: chenzct50 [1], xiangyix154 [4]
ohc-file-size: 17094
x-cache-status: MISS
X-Firefox-Spdy: h2
e2.2345.com/news/module2/js/newsModule-v2.js
200 OK 0 B URL HTTP/2 e2.2345.com/news/module2/js/newsModule-v2.js
IP
GET /news/module2/js/newsModule-v2.js HTTP/1.1
Host: e2.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12855.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
date: Sat, 04 Feb 2023 07:03:48 GMT
etag: W/"5f35e38f-cacf"
last-modified: Fri, 14 Aug 2020 01:06:23 GMT
vary: Accept-Encoding, Accept-Encoding
ali-swift-global-savetime: 1675494228
via: cache59.l2cn3037[4,4,304-0,M], cache32.l2cn3037[5,0], cache32.l2cn3037[6,0], vcache20.cn4733[0,0,200-0,H], vcache15.cn4733[1,0]
age: 2704
x-cache: HIT TCP_MEM_HIT dirn:10:456437127
x-swift-savetime: Sat, 04 Feb 2023 07:03:48 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: b465c72316754969326626548e
content-encoding: gzip
X-Firefox-Spdy: h2
154.218.151.71
52.43.230.196
42.81.8.130
104.18.20.226
47.246.44.205
23.36.76.226