r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16274
Expires: Sat, 04 Feb 2023 16:24:57 GMT
Date: Sat, 04 Feb 2023 11:53:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19811
Expires: Sat, 04 Feb 2023 17:23:54 GMT
Date: Sat, 04 Feb 2023 11:53:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 11:36:14 GMT
content-type: application/json
age: 1049
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8026
Expires: Sat, 04 Feb 2023 14:07:29 GMT
Date: Sat, 04 Feb 2023 11:53:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: oJYXh06P5Ue+rk06mSPfDpN2P0gu0e+57f2mW7Rp+5RYomYSBhlXfe19jclak7o4AEt/wBrYDMQ=
x-amz-request-id: NTPEH9AB61SQT292
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 11:23:58 GMT
age: 1785
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 11:53:43 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 11:07:19 GMT
age: 2785
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
154.218.151.71200 OK 6.7 kB URL HTTP/1.1 12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (729), with CRLF, LF line terminators
Hash fede7ec4af064277a752f8e6ac50fd36
e12e7357cb8e613cd8d1d346b6239fe7581ffc2f
c1e7b1e7ad04faa6e752b6aecf13edac80e33af36226e9a2b2cb0c483fa507a0
Analyzer Verdict Alert fortinet Malware
GET /down/fasts3wifidr@376_20274.exe HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:44 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10444
Expires: Sat, 04 Feb 2023 14:47:48 GMT
Date: Sat, 04 Feb 2023 11:53:44 GMT
Connection: keep-alive
push.services.mozilla.com/
54.200.29.22101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.200.29.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3bnL5DcyfUQKRL38b8isLw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VHEe3Ll1h01DJ6DeEqFvez95rmY=
12731.url.tudown.com/template/company/0302/css/style.min.css
154.218.151.71200 OK 5.0 kB URL HTTP/1.1 12731.url.tudown.com/template/company/0302/css/style.min.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (25242), with no line terminators
Hash c7b1260ebcbb9c63a6744c1e9f37ba87
08de2e04ca3fe765892cc77a80c65d2c42eedec7
d8d7b908e1455fef566bb414772fd354a739ea3738d79294feea1293265a0d57
GET /template/company/0302/css/style.min.css HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:44 GMT
Content-Type: text/css
Last-Modified: Tue, 02 Mar 2021 15:32:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"603e5a86-629a"
Expires: Sat, 04 Feb 2023 23:53:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12731.url.tudown.com/js/orsxg5a.script
154.218.151.71200 OK 531 B URL HTTP/1.1 12731.url.tudown.com/js/orsxg5a.script
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document, ASCII text, with CRLF line terminators
Hash 39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15
Analyzer Verdict Alert fortinet Malware
GET /js/orsxg5a.script HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12731.url.tudown.com/template/company/0302/js/main.js
154.218.151.71200 OK 18 kB URL HTTP/1.1 12731.url.tudown.com/template/company/0302/js/main.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with very long lines (17543), with CRLF line terminators
Hash ea96e586f9095ed9d4b542159488d75a
81fd5eb364579e7c609f545be90d109eddf8b695
89fc7055f00e92705f671d339bf701a965f31a8a02852918c6a5de9ef2836483
Analyzer Verdict Alert fortinet Malware
GET /template/company/0302/js/main.js HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:44 GMT
Content-Type: application/javascript
Last-Modified: Thu, 27 Aug 2020 11:40:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f479ba8-cd88"
Expires: Sat, 04 Feb 2023 23:53:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12731.url.tudown.com/template/company/0302/js/jquery.min.js
154.218.151.71200 OK 33 kB URL HTTP/1.1 12731.url.tudown.com/template/company/0302/js/jquery.min.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (32110), with CRLF line terminators
Hash 7509321c69d54b101a4a43e782868a2a
679c3d5a3772a714bc03a99ed06c18ab35961a53
b3fe20feaad99931eb923101edfaffcc11ca67d7d0f87f772b62fb2d86f74db0
Analyzer Verdict Alert fortinet Malware
GET /template/company/0302/js/jquery.min.js HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:44 GMT
Content-Type: application/javascript
Last-Modified: Thu, 27 Aug 2020 11:40:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f479bab-1449c"
Expires: Sat, 04 Feb 2023 23:53:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12731.url.tudown.com/template/company/0302/css//style.css
154.218.151.71200 OK 20 kB URL HTTP/1.1 12731.url.tudown.com/template/company/0302/css//style.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document, ASCII text, with very long lines (65196), with CRLF line terminators
Hash 5867494c833cc596e0a94c636a8b4e49
387a9f0cd088b2d551446ef3e4f44858f5588829
10b2002f9661120f7f6d13a8cbf377070a42b5bedf5f458bd8e7384a85f8a760
GET /template/company/0302/css//style.css HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: text/css
Last-Modified: Tue, 02 Mar 2021 15:38:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"603e5bde-1bc98"
Expires: Sat, 04 Feb 2023 23:53:45 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ae58d39edb7923f0dac8e7b20767f306
827e75323edf1548d2b898b96caaec9556893e3a
2c18f66718230665099bdc4a96dbed4e667ff233f9853aebd3e0802235c658d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C18F66718230665099BDC4A96DBED4E667FF233F9853AEBD3E0802235C658D8"
Last-Modified: Thu, 02 Feb 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7902
Expires: Sat, 04 Feb 2023 14:05:27 GMT
Date: Sat, 04 Feb 2023 11:53:45 GMT
Connection: keep-alive
12731.url.tudown.com/uploads/images/611174.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/611174.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/611174.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2991854527,2294893127&fm=253&fmt=auto&app=138&f=JPEG?w=352&h=500
12731.url.tudown.com/uploads/images/931862.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/931862.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/931862.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=961407469,3939124360&fm=253&fmt=auto&app=138&f=JPEG?w=366&h=500
12731.url.tudown.com/uploads/images/694028.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/694028.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/694028.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=485290630,4011633325&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
12731.url.tudown.com/uploads/images/956587.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/956587.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/956587.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3742383831,741488140&fm=253&app=138&f=JPEG?w=500&h=889
12731.url.tudown.com/uploads/images/342430.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/342430.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/342430.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2090316947,2429540012&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
12731.url.tudown.com/uploads/images/507870.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/507870.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/507870.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1158784419,2454374181&fm=224&app=112&f=JPEG?w=500&h=500&s=C9146D9A5CD74FEB1AF064DD0300A022
at.alicdn.com/t/font_1652089_tg0x7qv1f1.woff2
47.246.44.251200 OK 1.0 kB URL HTTP/1.1 at.alicdn.com/t/font_1652089_tg0x7qv1f1.woff2
IP 47.246.44.251:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type Web Open Font Format (Version 2), TrueType, length 1032, version 1.0\012- data
Hash 5011371b36b7287ee277dee3889c83f6
d8e51076284dd4265431a4d44025642da256a89e
ccc1ce96db7771bb8bb0e54318fd87ab463c24b2e6bf0d9826fb33b097b6233f
GET /t/font_1652089_tg0x7qv1f1.woff2 HTTP/1.1
Host: at.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://12731.url.tudown.com
Connection: keep-alive
Referer: http://12731.url.tudown.com/
HTTP/1.1 200 OK
Server: Tengine
Content-Type: font/woff2
Content-Length: 1032
Connection: keep-alive
Date: Sat, 04 Feb 2023 05:10:15 GMT
x-oss-request-id: 63DDE8B79F70D6393257F9E7
Vary: Origin
Accept-Ranges: bytes
ETag: "5011371B36B7287EE277DEE3889C83F6"
Last-Modified: Fri, 24 Dec 2021 17:00:24 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16100374768313971226
x-oss-storage-class: Standard
Cache-Control: max-age=63072000
Content-MD5: UBE3Gza3KH7id97jiJyD9g==
x-oss-server-time: 11
Ali-Swift-Global-Savetime: 1675487415
Via: cache13.l2us1[707,706,200-0,M], cache16.l2us1[708,0], cache3.se1[0,12,200-0,H], cache4.se1[13,0]
Age: 24210
X-Cache: HIT TCP_HIT dirn:11:188746541
X-Swift-SaveTime: Sat, 04 Feb 2023 05:10:15 GMT
X-Swift-CacheTime: 31104000
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
EagleId: 2ff62c9816755116259158434e
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11023
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:45 GMT
Connection: keep-alive
t14.baidu.com/it/u=1158784419,2454374181&fm=224&app=112&f=JPEG?w=500&h=500&s=C9146D9A5CD74FEB1AF064DD0300A022
185.10.104.124200 OK 64 kB URL HTTP/1.1 t14.baidu.com/it/u=1158784419,2454374181&fm=224&app=112&f=JPEG?w=500&h=500&s=C9146D9A5CD74FEB1AF064DD0300A022
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash e16460f4c348b6b8c473f4842aaec94d
23f0eb6e7180e24a650b7ea205a9f3fc9cc7482e
ec4532abb0cf1705d2cb618c642022846a499c41be994b85e5f177beb8a469e9
GET /it/u=1158784419,2454374181&fm=224&app=112&f=JPEG?w=500&h=500&s=C9146D9A5CD74FEB1AF064DD0300A022 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpeg
Content-Length: 64481
Connection: keep-alive
Expires: Tue, 21 Feb 2023 09:53:00 GMT
Last-Modified: Sat, 17 Jan 1970 00:00:00 GMT
ETag: e16460f4c348b6b8c473f4842aaec94d
Age: 1074346
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 09:53:00 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache56 [1], czix243 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 64481
X-Cache-Status: HIT
Timing-Allow-Origin: *
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11023
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 49404
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11023
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 49404
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11022
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 518bba9a8770e8ff15229a68be5bddc3
139f944b3f4279e640901f7a6b993f1a49b51a22
0591e73dec2190752677f06525bc993dc8c7a5aa20984a5eda64c323188e2b1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9743
x-amzn-requestid: b6c1caa9-72e4-476f-9c3d-4a746c410ba3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EHLJoAMF_TA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-1289ef383fbad59621eda6d0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nIp2nUVnamnoTpFwrN1L4K1dqjYvcDGuV2yFqYskkXb14k72AZsjMg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:08:41 GMT
age: 49505
etag: "139f944b3f4279e640901f7a6b993f1a49b51a22"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11022
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 49393
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6kDIOqhM4aVL80sF02uFu2TuGbiBE7_L_S2W7x-P46hO5YZFmuL9nQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 49216
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 896527e9b74cc1e9b5b97c09ad3b321c
77f8053e0989f43e0820de5d8ca4fa2c011dabf0
c3e179932c16e93245a00ae2c3575f1e6c0e7632a8bde1898e9e27c0b9b41e4c
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 10:09:59 GMT
ETag: "77f8053e0989f43e0820de5d8ca4fa2c011dabf0"
Last-Modified: Sat, 04 Feb 2023 10:10:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2499
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943352f891a1bfe-OSL
12731.url.tudown.com/uploads/images/227640.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/227640.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/227640.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2451065939,2179232251&fm=253&fmt=auto&app=138&f=JPG?w=397&h=645
12731.url.tudown.com/uploads/images/480196.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/480196.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/480196.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3457898662,739595987&fm=224&app=112&f=JPEG?w=500&h=500
12731.url.tudown.com/uploads/images/881507.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/881507.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/881507.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3181037217,2180889067&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
12731.url.tudown.com/uploads/images/logo.png?n=5g5zd2n6thtldh7ixwx6jo5w4s4jvzmkuhuyhka&w=250
154.218.151.71200 OK 3.2 kB URL HTTP/1.1 12731.url.tudown.com/uploads/images/logo.png?n=5g5zd2n6thtldh7ixwx6jo5w4s4jvzmkuhuyhka&w=250
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Hash 7443f3676339c96d19ab58b72f972469
1c2b0a759675b583c112d405719cdbd8f6542e3f
9d9303a1e279a6ea2828a31929e45b66c78c67092ba1403c0670929fa8bf1852
GET /uploads/images/logo.png?n=5g5zd2n6thtldh7ixwx6jo5w4s4jvzmkuhuyhka&w=250 HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
12731.url.tudown.com/uploads/images/905002.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/905002.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/905002.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=889383370,1008151367&fm=253&fmt=auto&app=138&f=JPEG?w=567&h=500
12731.url.tudown.com/template/company/0302/css//fonts/iconfont.woff2
154.218.151.71200 OK 33 kB URL HTTP/1.1 12731.url.tudown.com/template/company/0302/css//fonts/iconfont.woff2
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (729), with CRLF, LF line terminators
Hash c6c1b5cd86e19528aeb16df3ee787520
735ed4b0ba34f375df0d2846d9ce4209b67a647b
335ecbb19b7bf94db680d6afcef42a934a16005b1578332be815014608b76a22
Analyzer Verdict Alert fortinet Malware
GET /template/company/0302/css//fonts/iconfont.woff2 HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://12731.url.tudown.com/template/company/0302/css//style.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
t13.baidu.com/it/u=3457898662,739595987&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 56 kB URL HTTP/1.1 t13.baidu.com/it/u=3457898662,739595987&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 87da8c1811a54cb251d5ef389cf61b2f
bf584d3b36c2e5e4189cc3bf79d8175036b8df2a
a2b07fa2f8c5d2e3f69561ee40912bde8c0cc867efd6ec9161b836ddaa5f7f01
GET /it/u=3457898662,739595987&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpeg
Content-Length: 55840
Connection: keep-alive
Expires: Sat, 18 Feb 2023 19:06:24 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 87da8c1811a54cb251d5ef389cf61b2f
Age: 1247381
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 19 Jan 2023 19:06:24 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache61 [1], qdix97 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 55840
X-Cache-Status: HIT
Timing-Allow-Origin: *
12731.url.tudown.com/uploads/images/723226.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/723226.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/723226.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=829719919,3588146038&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800
12731.url.tudown.com/uploads/images/672192.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/672192.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/672192.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1294190256,3359814370&fm=253&fmt=auto&app=138&f=GIF?w=500&h=500
12731.url.tudown.com/uploads/images/954556.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/954556.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/954556.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2144345989,2246226505&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
12731.url.tudown.com/uploads/images/518791.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/518791.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/518791.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2134404391,1303417250&fm=224&app=112&f=JPEG?w=500&h=500
12731.url.tudown.com/uploads/images/147057.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/147057.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/147057.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=203161250,326234976&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
img1.baidu.com/it/u=485290630,4011633325&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
183.131.118.35200 OK 20 kB URL HTTP/2 img1.baidu.com/it/u=485290630,4011633325&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP 183.131.118.35:0
ASN #136190 JINHUA, ZHEJIANG Province, P.R.China.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d83ab77425a250c418e27f73807e9931
aaeeb18fae4eba3c514f9125b38641bafb3323f0
ec4ff086e0a064581779e42e97938bf54d7b4205e7a8eab7c855d5de9e832888
GET /it/u=485290630,4011633325&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 19546
expires: Wed, 01 Mar 2023 23:35:04 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: d83ab77425a250c418e27f73807e9931
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 30 Jan 2023 23:35:04 GMT
ohc-cache-hit: tzct57 [1], czix57 [4]
ohc-file-size: 19546
x-cache-status: MISS
X-Firefox-Spdy: h2
t14.baidu.com/it/u=2134404391,1303417250&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 46 kB URL HTTP/1.1 t14.baidu.com/it/u=2134404391,1303417250&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 55e6af0f80bbf11f1f1361ba3eec8974
7b7a09e5c5ca32a8c843e416481b6fdf1559e7c4
74a94bc92deb10a6a7f4d962208c3307dcaa44ad4f5d388f5c08367f218c10e1
GET /it/u=2134404391,1303417250&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpeg
Content-Length: 46178
Connection: keep-alive
Expires: Tue, 21 Feb 2023 20:19:22 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 55e6af0f80bbf11f1f1361ba3eec8974
Age: 197195
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 20:19:22 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [2], zhuzuncache53 [1], xaix199 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 46178
X-Cache-Status: HIT
Timing-Allow-Origin: *
img1.baidu.com/it/u=3742383831,741488140&fm=253&app=138&f=JPEG?w=500&h=889
183.131.118.35200 OK 50 kB URL HTTP/1.1 img1.baidu.com/it/u=3742383831,741488140&fm=253&app=138&f=JPEG?w=500&h=889
IP 183.131.118.35:0
ASN #136190 JINHUA, ZHEJIANG Province, P.R.China.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x889, components 3\012- data
Hash c82e94460e9f9bc438afbd05e5bfb4d8
6e312864d0bc61392e6116f9f1f5ed75dd3fa6b0
b01c9200ee63bfca21776862d337c7e490fed3108de180a1c59a01208aad22ab
GET /it/u=3742383831,741488140&fm=253&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpeg
Content-Length: 49786
Connection: keep-alive
Expires: Mon, 06 Feb 2023 16:08:00 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: c82e94460e9f9bc438afbd05e5bfb4d8
Age: 1382224
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 16:08:00 GMT
Ohc-Cache-HIT: tzct51 [4], wzix51 [2]
Ohc-File-Size: 49786
X-Cache-Status: HIT
img2.baidu.com/it/u=2991854527,2294893127&fm=253&fmt=auto&app=138&f=JPEG?w=352&h=500
113.219.142.35200 OK 16 kB URL HTTP/2 img2.baidu.com/it/u=2991854527,2294893127&fm=253&fmt=auto&app=138&f=JPEG?w=352&h=500
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 352x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5318ba05c333fa0c32862688cc90a6bc
eaa6bf7a8d3766b000649bbfb8e5a33e9b7b49e5
6dd94865ecccaf6ab30c592a7574564d4817d0d301915b63a3d6f697c22680fa
GET /it/u=2991854527,2294893127&fm=253&fmt=auto&app=138&f=JPEG?w=352&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 15742
expires: Thu, 02 Mar 2023 14:00:28 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 5318ba05c333fa0c32862688cc90a6bc
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 14:00:28 GMT
ohc-cache-hit: chenzct85 [1], csix85 [4]
ohc-file-size: 15742
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=961407469,3939124360&fm=253&fmt=auto&app=138&f=JPEG?w=366&h=500
49.79.225.35200 OK 34 kB URL HTTP/2 img0.baidu.com/it/u=961407469,3939124360&fm=253&fmt=auto&app=138&f=JPEG?w=366&h=500
IP 49.79.225.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 366x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b8e615487a9313012f57799c608493a9
9c869d274d73df5c3d6584237dd7f837196474bb
80b40dd9c3d0e696d8c785dd4ab0db9b945cc659a4e05886f6ef78c62f401fbc
GET /it/u=961407469,3939124360&fm=253&fmt=auto&app=138&f=JPEG?w=366&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 33876
expires: Sun, 19 Feb 2023 00:16:10 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: b8e615487a9313012f57799c608493a9
age: 202669
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 00:16:10 GMT
ohc-cache-hit: ntct62 [4], bdix93 [2]
ohc-file-size: 33876
x-cache-status: HIT
X-Firefox-Spdy: h2
12731.url.tudown.com/uploads/images/925646.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/925646.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/925646.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2568969537,511856250&fm=224&app=112&f=JPEG?w=500&h=281
img1.baidu.com/it/u=829719919,3588146038&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800
183.131.118.35200 OK 46 kB URL HTTP/2 img1.baidu.com/it/u=829719919,3588146038&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800
IP 183.131.118.35:0
ASN #136190 JINHUA, ZHEJIANG Province, P.R.China.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash faf39e1f4bb112def3e8161f8bd8acaa
2f9343c04bf0738b1eb89ff1fc50ce7eefcaa9f5
c4ddd7c81b9f7221ac54cbcdd317f13533ef15d93221e52e7f9c3cf67744835f
GET /it/u=829719919,3588146038&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 45986
expires: Wed, 15 Feb 2023 06:06:06 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: faf39e1f4bb112def3e8161f8bd8acaa
age: 1651153
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 16 Jan 2023 06:06:06 GMT
ohc-cache-hit: tzct56 [4], xaix180 [2]
ohc-file-size: 45986
x-cache-status: HIT
X-Firefox-Spdy: h2
t14.baidu.com/it/u=2568969537,511856250&fm=224&app=112&f=JPEG?w=500&h=281
185.10.104.124200 OK 8.4 kB URL HTTP/1.1 t14.baidu.com/it/u=2568969537,511856250&fm=224&app=112&f=JPEG?w=500&h=281
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x281, components 3\012- data
Hash 4d4059c1e344f68fb5c5e2919a1e700c
03bbd7abc684877a1a38e2c22e5bd2fc4ab749e2
68ba151593c473b7407cf2621d7d2161ef6867147092e05769d0276585c32cb7
GET /it/u=2568969537,511856250&fm=224&app=112&f=JPEG?w=500&h=281 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpeg
Content-Length: 8417
Connection: keep-alive
Expires: Fri, 17 Feb 2023 22:10:11 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 4d4059c1e344f68fb5c5e2919a1e700c
Age: 1415815
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 18 Jan 2023 22:10:10 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache62 [1], xaix211 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 8417
X-Cache-Status: HIT
Timing-Allow-Origin: *
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e425d8f9e367de5af66503bc3e0e27b8
05b44906cbeb26e8515afbf78519e70e26fae4ee
9c792ca2e2db616bb44b4bea2d4e3229047698321c791e6b5907bf9bf026fc95
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:53:46 GMT
Etag: "63dd55ca-1d7"
Server: ECS (amb/6B7D)
Content-Length: 471
12731.url.tudown.com/uploads/images/631484.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/631484.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/631484.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3191671757,637145362&fm=253&fmt=auto&app=138&f=JPEG?w=138&h=196
12731.url.tudown.com/uploads/images/543944.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/543944.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/543944.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1109849099,4255714048&fm=224&app=112&f=JPEG?w=381&h=499
12731.url.tudown.com/uploads/images/239135.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/239135.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/239135.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=852505513,2476117381&fm=224&app=112&f=JPEG?w=500&h=500
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e425d8f9e367de5af66503bc3e0e27b8
05b44906cbeb26e8515afbf78519e70e26fae4ee
9c792ca2e2db616bb44b4bea2d4e3229047698321c791e6b5907bf9bf026fc95
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:53:46 GMT
Server: ECS (amb/6BC5)
Content-Length: 471
12731.url.tudown.com/uploads/images/872181.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/872181.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/872181.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4005342380,2879154372&fm=253&fmt=auto&app=138&f=JPG?w=400&h=400
img2.baidu.com/it/u=2090316947,2429540012&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
113.219.142.35200 OK 30 kB URL HTTP/2 img2.baidu.com/it/u=2090316947,2429540012&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 53606c5769a0ffbfd7af69aa3afc886a
bf72ba62139684845a6ae8213e61b7046a87ed25
a4f6cafa94696e447ea705439fdec2ae0653016f8e38d4518000d657e20cad3e
GET /it/u=2090316947,2429540012&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 30178
expires: Fri, 24 Feb 2023 03:24:32 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 53606c5769a0ffbfd7af69aa3afc886a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 03:24:32 GMT
ohc-cache-hit: chenzct58 [1], bdix172 [4]
ohc-file-size: 30178
x-cache-status: MISS
X-Firefox-Spdy: h2
t14.baidu.com/it/u=1109849099,4255714048&fm=224&app=112&f=JPEG?w=381&h=499
185.10.104.124200 OK 46 kB URL HTTP/1.1 t14.baidu.com/it/u=1109849099,4255714048&fm=224&app=112&f=JPEG?w=381&h=499
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 381x499, components 3\012- data
Hash bdc6a5dce2f05ace70d90da6969cb846
db062e1f4cccbd406389a84c122ba36b9e949535
f43792dd4369fe2d5af8076a384147186b62f53eae2b1e486f4db1db1f186732
GET /it/u=1109849099,4255714048&fm=224&app=112&f=JPEG?w=381&h=499 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpeg
Content-Length: 46111
Connection: keep-alive
Expires: Wed, 08 Feb 2023 18:33:40 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: bdc6a5dce2f05ace70d90da6969cb846
Age: 2222407
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 18:33:40 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [4], zhuzuncache54 [1], czix123 [1]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 46111
X-Cache-Status: HIT
Timing-Allow-Origin: *
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (633)
Hash 821d422425337e4f5b820d832f1c7c6a
ce7c37c73283c4d8e47977165b736fcff5e63719
a584f7d9164e8cdf05360ce8cf978c4111793761986f649c5ce933d870b8dfe4
GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12731.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 11:53:46 GMT
Etag: 4035992e7bb26c3d4875819fbc880d67
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=34E8ECE086659F2A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
t13.baidu.com/it/u=852505513,2476117381&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 65 kB URL HTTP/1.1 t13.baidu.com/it/u=852505513,2476117381&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash b8de2384f2b152e32f3cb1502b8faa7b
a7c59dfa677471c033341f3ca8c8371c1c32d333
414ae6b7885a3033e2e7d60fc1ea1e47e115bd66d24280488fc1286c943430a5
GET /it/u=852505513,2476117381&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpeg
Content-Length: 64794
Connection: keep-alive
Expires: Thu, 02 Mar 2023 14:22:31 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: b8de2384f2b152e32f3cb1502b8faa7b
Age: 336676
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 14:22:31 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache58 [1], csix108 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 64794
X-Cache-Status: HIT
Timing-Allow-Origin: *
img1.baidu.com/it/u=2451065939,2179232251&fm=253&fmt=auto&app=138&f=JPG?w=397&h=645
183.131.118.35200 OK 19 kB URL HTTP/2 img1.baidu.com/it/u=2451065939,2179232251&fm=253&fmt=auto&app=138&f=JPG?w=397&h=645
IP 183.131.118.35:0
ASN #136190 JINHUA, ZHEJIANG Province, P.R.China.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 397x645, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 26a0910b3898e67d146821f584ee7fd7
61501a1089268fc031390db0880f02fef6866d34
d7421c1b23a253aca95efa7bfd523b002bd6fd9a6336935b7e5c1c6a28f7b5d0
GET /it/u=2451065939,2179232251&fm=253&fmt=auto&app=138&f=JPG?w=397&h=645 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 19026
expires: Mon, 06 Feb 2023 23:57:12 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 26a0910b3898e67d146821f584ee7fd7
age: 613190
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 07 Jan 2023 23:57:12 GMT
ohc-cache-hit: tzct60 [4], czix105 [2]
ohc-file-size: 19026
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=4005342380,2879154372&fm=253&fmt=auto&app=138&f=JPG?w=400&h=400
49.79.225.35200 OK 10 kB URL HTTP/2 img0.baidu.com/it/u=4005342380,2879154372&fm=253&fmt=auto&app=138&f=JPG?w=400&h=400
IP 49.79.225.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash de4c6f99c551c39316e6f2234fca6da6
7e816b91829917bed80d47760cc452c2ec98f5b5
fc5181134ac551c3ae1fe8b72548e72a8009e4ab33cbcd8f37bd40dcb9556957
GET /it/u=4005342380,2879154372&fm=253&fmt=auto&app=138&f=JPG?w=400&h=400 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 10268
expires: Tue, 14 Feb 2023 07:50:32 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: de4c6f99c551c39316e6f2234fca6da6
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 07:50:32 GMT
ohc-cache-hit: ntct62 [1], xaix184 [2]
ohc-file-size: 10268
x-cache-status: MISS
X-Firefox-Spdy: h2
12731.url.tudown.com/uploads/images/228540.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/228540.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/228540.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1288460254,3487570808&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
img2.baidu.com/it/u=1294190256,3359814370&fm=253&fmt=auto&app=138&f=GIF?w=500&h=500
113.219.142.35200 OK 76 kB URL HTTP/2 img2.baidu.com/it/u=1294190256,3359814370&fm=253&fmt=auto&app=138&f=GIF?w=500&h=500
IP 113.219.142.35:0
File type GIF image data, version 89a, 500 x 500\012- data
Hash 9fc129c9cdbc1c31f4304655eff61e4a
d212578280ba9c1eba0f95fd2e6a536961bbf841
85d4cb8d81273f55afe48d8c7dd3bf6eb00ad4a55adfe8692e096445d347bd13
GET /it/u=1294190256,3359814370&fm=253&fmt=auto&app=138&f=GIF?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/gif
content-length: 76175
expires: Thu, 09 Feb 2023 07:28:18 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 9fc129c9cdbc1c31f4304655eff61e4a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 10 Jan 2023 07:28:18 GMT
ohc-cache-hit: chenzct85 [1], qdix157 [4]
ohc-file-size: 76175
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2144345989,2246226505&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
113.219.142.35200 OK 15 kB URL HTTP/2 img2.baidu.com/it/u=2144345989,2246226505&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 018fb0cdf34e42324752f6e3495f8221
9d0b99cc6ee2dfaf462913a24b2a86c1942815d2
289f3e3e12df570e087f6ecb3f92dea6cc09bb82d2cafe168513da0ea260b04a
GET /it/u=2144345989,2246226505&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 15164
expires: Sun, 19 Feb 2023 07:08:34 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 018fb0cdf34e42324752f6e3495f8221
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 07:08:34 GMT
ohc-cache-hit: chenzct79 [1], bdix115 [4]
ohc-file-size: 15164
x-cache-status: MISS
X-Firefox-Spdy: h2
12731.url.tudown.com/uploads/images/964204.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/964204.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/964204.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=2395695251,4145582447&fm=253&app=120&f=JPEG?w=800&h=1421
12731.url.tudown.com/uploads/images/17161.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/17161.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/17161.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1357144556,2866867507&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800
12731.url.tudown.com/uploads/images/810062.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/810062.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/810062.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD
12731.url.tudown.com/uploads/images/819963.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/819963.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/819963.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2762925853,3960277089&fm=253&fmt=auto&app=138&f=PNG?w=800&h=500
img0.baidu.com/it/u=203161250,326234976&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
49.79.225.35200 OK 61 kB URL HTTP/1.1 img0.baidu.com/it/u=203161250,326234976&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP 49.79.225.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash fe399601ba45dab5db2c6c6a0bf85b7c
3e06b17dc8b41f328a51448946568af320583221
befe79d95cdb9f5936581619a20092dc418e966467ba1e6054d09754a581285a
GET /it/u=203161250,326234976&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/webp
Content-Length: 61050
Connection: keep-alive
Expires: Tue, 21 Feb 2023 03:15:34 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: fe399601ba45dab5db2c6c6a0bf85b7c
Age: 344985
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 03:15:34 GMT
Ohc-Cache-HIT: ntct52 [4], czix82 [2]
Ohc-File-Size: 61050
X-Cache-Status: HIT
12731.url.tudown.com/template/company/0302/css//fonts/iconfont.woff
154.218.151.71200 OK 33 kB URL HTTP/1.1 12731.url.tudown.com/template/company/0302/css//fonts/iconfont.woff
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (729), with CRLF, LF line terminators
Hash cd70647e3842b0d9f9ddfa4002052e23
2e5f3bae488bc632607322c82b8d8d1f317047e4
c58dd6fd1216680f6bbc09d05b2f7d2bc21bf2352f3ac2e960b68a3178c0a5e6
Analyzer Verdict Alert fortinet Malware
GET /template/company/0302/css//fonts/iconfont.woff HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://12731.url.tudown.com/template/company/0302/css//style.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
hm.baidu.com/hm.js?71b36f22c21839fd7a38e40d68b92934
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?71b36f22c21839fd7a38e40d68b92934
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (624)
Hash 40166048cbbafce78c61a6f77da7b0ff
427103a532f196bc62411df885851eb1c9ca50f1
6dd2a2a67f2233570908d852865bb9632f87966af4dbc55738709807e991c0cd
GET /hm.js?71b36f22c21839fd7a38e40d68b92934 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12731.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11262
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 11:53:46 GMT
Etag: 2bd41a1245c4c1847a2b8a205dc36802
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B438BB7B9210FF3D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
img2.baidu.com/it/u=3181037217,2180889067&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
113.219.142.35200 OK 51 kB URL HTTP/2 img2.baidu.com/it/u=3181037217,2180889067&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 588c3c86befc0e4c5f599b3a553385b1
14f931e00fdec274cf43512b13ec4f2f4c18da4f
044d0f1448b10b410ddfdc8d7c8212fcc1181ce8ea02fe8c01c23b6eb6b71e7d
GET /it/u=3181037217,2180889067&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 50624
expires: Thu, 16 Feb 2023 22:19:14 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 588c3c86befc0e4c5f599b3a553385b1
age: 107041
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 17 Jan 2023 22:19:14 GMT
ohc-cache-hit: chenzct57 [4], csix57 [2]
ohc-file-size: 50624
x-cache-status: HIT
X-Firefox-Spdy: h2
img.yingyongge.com/wp-content/uploads/apk.png
47.75.18.176404 Not Found 264 B URL HTTP/1.1 img.yingyongge.com/wp-content/uploads/apk.png
IP 47.75.18.176:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type XML 1.0 document text\012- XML document, ASCII text
Hash f02ab07d9262262f66c1186d51ba493a
d02974e73edcc23507006788847d76b1424df6e6
b57b9d80bb0df080e88cfc4b50c5ac71712cbaa4321d58a5a301b989001e1b95
GET /wp-content/uploads/apk.png HTTP/1.1
Host: img.yingyongge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12731.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: AliyunOSS
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: application/xml
Content-Length: 264
Connection: keep-alive
x-oss-request-id: 63DE474B23C0543330A58EB1
x-oss-server-time: 8
img.yingyongge.com/wp-content/uploads/ios.png
47.75.18.176404 Not Found 264 B URL HTTP/1.1 img.yingyongge.com/wp-content/uploads/ios.png
IP 47.75.18.176:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type XML 1.0 document text\012- XML document, ASCII text
Hash 24fd955213974f6c4c11d64410832c7d
b0ac67b8906a94808e24ed6c5d6fb8632bd7ea6f
c7f556100a42a20ea074eefd6a0f2571b87ec5b5a132f84ee87060fa1cc8a2c1
GET /wp-content/uploads/ios.png HTTP/1.1
Host: img.yingyongge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12731.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: AliyunOSS
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: application/xml
Content-Length: 264
Connection: keep-alive
x-oss-request-id: 63DE474BDA8A793330C50F0C
x-oss-server-time: 4
t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD
185.10.104.124200 OK 52 kB URL HTTP/1.1 t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash ee58bc975bdf2da81d2423fa198793db
903380ced71106832c8792c0a57a99dd42ff49d0
7426f646b2d59501b3a598aa5c5d965247bc857253e95fd798f15ac6f1316abd
GET /it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpeg
Content-Length: 51923
Connection: keep-alive
Expires: Thu, 23 Feb 2023 21:36:49 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: ee58bc975bdf2da81d2423fa198793db
Age: 898719
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 21:36:49 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [2], zhuzuncache50 [1], xiangyix218 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51923
X-Cache-Status: HIT
Timing-Allow-Origin: *
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=931845151&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=43853&r=0&ww=1280&u=http%3A%2F%2F12731.url.tudown.com%2Fdown%2Ffasts3wifidr%40376_20274.exe&tt=%E4%BA%9A%E6%B4%B2%E5%8D%9A%E4%BD%93%E8%82%B2%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=931845151&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=43853&r=0&ww=1280&u=http%3A%2F%2F12731.url.tudown.com%2Fdown%2Ffasts3wifidr%40376_20274.exe&tt=%E4%BA%9A%E6%B4%B2%E5%8D%9A%E4%BD%93%E8%82%B2%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=931845151&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=43853&r=0&ww=1280&u=http%3A%2F%2F12731.url.tudown.com%2Fdown%2Ffasts3wifidr%40376_20274.exe&tt=%E4%BA%9A%E6%B4%B2%E5%8D%9A%E4%BD%93%E8%82%B2%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12731.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 11:53:47 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=D6C6E1DB7DA06168; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
img2.baidu.com/it/u=889383370,1008151367&fm=253&fmt=auto&app=138&f=JPEG?w=567&h=500
113.219.142.35200 OK 26 kB URL HTTP/2 img2.baidu.com/it/u=889383370,1008151367&fm=253&fmt=auto&app=138&f=JPEG?w=567&h=500
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 567x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash aee52af81372700679cea5ad5b1a12df
d8ef333591da5185b43f5e828329d639b78a6ad2
4862efdac399775a6a2e5c72bd67560fef85042a2beb4abc29f3cbfc9fe60cf2
GET /it/u=889383370,1008151367&fm=253&fmt=auto&app=138&f=JPEG?w=567&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 26274
expires: Thu, 02 Mar 2023 11:01:18 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: aee52af81372700679cea5ad5b1a12df
age: 10823
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 11:01:18 GMT
ohc-cache-hit: chenzct69 [4], csix99 [2]
ohc-file-size: 26274
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3191671757,637145362&fm=253&fmt=auto&app=138&f=JPEG?w=138&h=196
113.219.142.35200 OK 3.7 kB URL HTTP/2 img2.baidu.com/it/u=3191671757,637145362&fm=253&fmt=auto&app=138&f=JPEG?w=138&h=196
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 138x196, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4705d959457f24b961e4574c59ff0036
56ed22beb312bc3cc29f1c8708a10c17944c472e
0bd08e9d06cc7043563f0d4e625ca4dfd6331f3edc4affb54e8fee7242515edf
GET /it/u=3191671757,637145362&fm=253&fmt=auto&app=138&f=JPEG?w=138&h=196 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 3744
expires: Thu, 16 Feb 2023 03:22:43 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 4705d959457f24b961e4574c59ff0036
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 17 Jan 2023 03:22:43 GMT
ohc-cache-hit: chenzct84 [1], xiangyix125 [4]
ohc-file-size: 3744
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1288460254,3487570808&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
49.79.225.35200 OK 19 kB URL HTTP/2 img0.baidu.com/it/u=1288460254,3487570808&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
IP 49.79.225.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x749, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f1d8b6a9a8566e8f2d06598cacd09e2f
e72f9a80167391364c0c73ee35d234f1f6d15fc9
640f07a2e8504f5b79ad22b5d7f2e7e3c49974660a029f762c0472802db2b7bd
GET /it/u=1288460254,3487570808&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 19414
expires: Mon, 20 Feb 2023 14:57:54 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: f1d8b6a9a8566e8f2d06598cacd09e2f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 14:57:54 GMT
ohc-cache-hit: ntct50 [1], bdix187 [2]
ohc-file-size: 19414
x-cache-status: MISS
X-Firefox-Spdy: h2
12731.url.tudown.com/uploads/images/94913.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/94913.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/94913.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1596358634,2056085501&fm=253&fmt=auto&app=138&f=JPEG?w=475&h=591
12731.url.tudown.com/uploads/images/424676.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/424676.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/424676.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2255714356,4139830919&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=281
12731.url.tudown.com/uploads/images/320780.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/320780.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/320780.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=4105755212,132343308&fm=253&app=120&f=JPEG?w=1280&h=800
12731.url.tudown.com/uploads/images/187108.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/187108.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/187108.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=993620306,3049325355&fm=253&fmt=auto&app=138&f=JPEG?w=732&h=500
12731.url.tudown.com/uploads/images/154837.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/154837.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/154837.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=3891346948,3751388608&fm=253&app=120&f=JPEG?w=1422&h=800
img2.baidu.com/it/u=2762925853,3960277089&fm=253&fmt=auto&app=138&f=PNG?w=800&h=500
113.219.142.35200 OK 121 kB URL HTTP/2 img2.baidu.com/it/u=2762925853,3960277089&fm=253&fmt=auto&app=138&f=PNG?w=800&h=500
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 121 kB (121254 bytes)
Hash ba14fd72ae318e11cb88b546c117c21e
ed9a3c02274bb2ee853dbe8780467360b80a808f
93941c0d811bbdba3a24a2f189ee77e90434c79be61c57230e9252d2871cdf58
GET /it/u=2762925853,3960277089&fm=253&fmt=auto&app=138&f=PNG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 121254
expires: Wed, 22 Feb 2023 03:03:27 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: ba14fd72ae318e11cb88b546c117c21e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 03:03:27 GMT
ohc-cache-hit: chenzct76 [1], xiangyix105 [4]
ohc-file-size: 121254
x-cache-status: MISS
X-Firefox-Spdy: h2
12731.url.tudown.com/uploads/images/956239.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/956239.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/956239.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=113352441,223121214&fm=224&app=112&f=JPEG?w=500&h=500
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1955616388&si=71b36f22c21839fd7a38e40d68b92934&v=1.3.0&lv=1&sn=43853&r=0&ww=1280&u=http%3A%2F%2F12731.url.tudown.com%2Fdown%2Ffasts3wifidr%40376_20274.exe&tt=%E4%BA%9A%E6%B4%B2%E5%8D%9A%E4%BD%93%E8%82%B2%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1955616388&si=71b36f22c21839fd7a38e40d68b92934&v=1.3.0&lv=1&sn=43853&r=0&ww=1280&u=http%3A%2F%2F12731.url.tudown.com%2Fdown%2Ffasts3wifidr%40376_20274.exe&tt=%E4%BA%9A%E6%B4%B2%E5%8D%9A%E4%BD%93%E8%82%B2%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1955616388&si=71b36f22c21839fd7a38e40d68b92934&v=1.3.0&lv=1&sn=43853&r=0&ww=1280&u=http%3A%2F%2F12731.url.tudown.com%2Fdown%2Ffasts3wifidr%40376_20274.exe&tt=%E4%BA%9A%E6%B4%B2%E5%8D%9A%E4%BD%93%E8%82%B2%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12731.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 11:53:47 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=EAF5B06B2BB0BA35; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
img1.baidu.com/it/u=1357144556,2866867507&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800
183.131.118.35200 OK 122 kB URL HTTP/2 img1.baidu.com/it/u=1357144556,2866867507&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800
IP 183.131.118.35:0
ASN #136190 JINHUA, ZHEJIANG Province, P.R.China.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1422x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 122 kB (121580 bytes)
Hash 2d9b819c1145284bf877e74f642666a9
022660eb8b9d85978dd40392f76546043e36874b
5ebe0a35e5ab7da119d45c384593010c965af45fd3f10540d8f4503365aa997e
GET /it/u=1357144556,2866867507&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 121580
expires: Tue, 21 Feb 2023 05:26:09 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 2d9b819c1145284bf877e74f642666a9
age: 1099956
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 05:26:09 GMT
ohc-cache-hit: tzct54 [4], bdix114 [2]
ohc-file-size: 121580
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=1596358634,2056085501&fm=253&fmt=auto&app=138&f=JPEG?w=475&h=591
183.131.118.35200 OK 21 kB URL HTTP/2 img1.baidu.com/it/u=1596358634,2056085501&fm=253&fmt=auto&app=138&f=JPEG?w=475&h=591
IP 183.131.118.35:0
ASN #136190 JINHUA, ZHEJIANG Province, P.R.China.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 475x591, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 79db352c9bcf2945285cb4e613e1031e
dbf9e3f695c77959d51ece136edcf2fd0be765bc
a2d1e8bcbd7334404409e631d8b7ec7d86498c3389f66ff3ab9429bc6dcf7a25
GET /it/u=1596358634,2056085501&fm=253&fmt=auto&app=138&f=JPEG?w=475&h=591 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 21196
expires: Fri, 24 Feb 2023 03:37:43 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 79db352c9bcf2945285cb4e613e1031e
age: 549460
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 03:37:43 GMT
ohc-cache-hit: tzct54 [4], suzix246 [4]
ohc-file-size: 21196
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2395695251,4145582447&fm=253&app=120&f=JPEG?w=800&h=1421
183.131.118.35200 OK 102 kB URL HTTP/1.1 img1.baidu.com/it/u=2395695251,4145582447&fm=253&app=120&f=JPEG?w=800&h=1421
IP 183.131.118.35:0
ASN #136190 JINHUA, ZHEJIANG Province, P.R.China.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x1421, components 3\012- data
Size 102 kB (101514 bytes)
Hash 86274d847cf746a4e181a2534b2a2726
464b098c4504c00c52008f743384ac70d951300c
5c231425ace023e8bc372b9ffee1ce294c03f838dbe54a2f401618382ec85fbf
GET /it/u=2395695251,4145582447&fm=253&app=120&f=JPEG?w=800&h=1421 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpeg
Content-Length: 101514
Connection: keep-alive
Expires: Sun, 26 Feb 2023 13:38:20 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 86274d847cf746a4e181a2534b2a2726
Age: 80674
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 13:38:20 GMT
Ohc-Cache-HIT: tzct73 [4], xiangyix189 [4]
Ohc-File-Size: 101514
X-Cache-Status: HIT
12731.url.tudown.com/template/company/0302/css//fonts/iconfont.ttf
154.218.151.71200 OK 6.7 kB URL HTTP/1.1 12731.url.tudown.com/template/company/0302/css//fonts/iconfont.ttf
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (729), with CRLF, LF line terminators
Hash 22acbf4462de66b3c07b2849cf95eb88
cbf66d383efb595ad6d43d231f72fe4ceb7721f2
0b54052c38ac41b35a613556fbdfc461cbead11f74401df7c35ab972de3c1082
Analyzer Verdict Alert fortinet Malware
GET /template/company/0302/css//fonts/iconfont.ttf HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/template/company/0302/css//style.css
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675511663; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1675511663
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
img1.baidu.com/it/u=2255714356,4139830919&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=281
183.131.118.35200 OK 21 kB URL HTTP/2 img1.baidu.com/it/u=2255714356,4139830919&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=281
IP 183.131.118.35:0
ASN #136190 JINHUA, ZHEJIANG Province, P.R.China.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 499x281, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7baa264709a9474ff6032d1616e1163c
e1e41c8972aabb7af2e4ad255c5cc7153daf8b74
79b2d3f8d4a8a1e13a555cbbc580970b14907e5e30d69180bf6083a3d1ebe106
GET /it/u=2255714356,4139830919&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=281 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 20630
expires: Fri, 24 Feb 2023 20:30:12 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 7baa264709a9474ff6032d1616e1163c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 20:30:12 GMT
ohc-cache-hit: tzct69 [1], bdix92 [4]
ohc-file-size: 20630
x-cache-status: MISS
X-Firefox-Spdy: h2
12731.url.tudown.com/uploads/images/744641.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/744641.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/744641.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=95054306,2799987580&fm=224&app=112&f=JPEG?w=500&h=500
12731.url.tudown.com/uploads/images/419996.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/419996.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/419996.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2246418931,1080345835&fm=224&app=112&f=JPEG?w=396&h=500
12731.url.tudown.com/uploads/images/625249.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/625249.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/625249.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1096280536,2566434421&fm=224&app=112&f=JPEG?w=500&h=500
12731.url.tudown.com/uploads/images/526621.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/526621.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/526621.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=4110683136,311288991&fm=224&app=112&f=JPEG?w=500&h=500
t14.baidu.com/it/u=2246418931,1080345835&fm=224&app=112&f=JPEG?w=396&h=500
185.10.104.124200 OK 67 kB URL HTTP/1.1 t14.baidu.com/it/u=2246418931,1080345835&fm=224&app=112&f=JPEG?w=396&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 396x500, components 3\012- data
Hash 848056f51ee4138731b0fe4966922112
a1283f05e66ba713c5c92fb92638fd228e52400d
9cba801b5362cbbf72d50e79d1ca96884bd0d032897258efe0a048db8b167ee3
GET /it/u=2246418931,1080345835&fm=224&app=112&f=JPEG?w=396&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpeg
Content-Length: 66613
Connection: keep-alive
Expires: Tue, 07 Feb 2023 21:08:41 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 848056f51ee4138731b0fe4966922112
Age: 2261111
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 21:08:41 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache57 [1], wzix88 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 66613
X-Cache-Status: HIT
Timing-Allow-Origin: *
12731.url.tudown.com/uploads/images/403842.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/403842.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/403842.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=118301553,1212716945&fm=253&fmt=auto&app=120&f=JPEG?w=428&h=625
img1.baidu.com/it/u=993620306,3049325355&fm=253&fmt=auto&app=138&f=JPEG?w=732&h=500
183.131.118.35200 OK 66 kB URL HTTP/2 img1.baidu.com/it/u=993620306,3049325355&fm=253&fmt=auto&app=138&f=JPEG?w=732&h=500
IP 183.131.118.35:0
ASN #136190 JINHUA, ZHEJIANG Province, P.R.China.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 732x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash fa9d19cd534eb63f48a670454631c83c
a1887e7a87dedc4a3ae366008461c598c67336f2
79620950f57cc1fa63aaa72f12002a4d2df04b381a3ddd1df9f57c474d01f710
GET /it/u=993620306,3049325355&fm=253&fmt=auto&app=138&f=JPEG?w=732&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:48 GMT
content-type: image/webp
content-length: 66442
expires: Mon, 06 Mar 2023 11:53:48 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: fa9d19cd534eb63f48a670454631c83c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 11:53:48 GMT
ohc-cache-hit: tzct56 [1], xiangyix167 [2]
ohc-file-size: 66442
x-cache-status: MISS
X-Firefox-Spdy: h2
12731.url.tudown.com/uploads/images/499765.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12731.url.tudown.com/uploads/images/499765.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/499765.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2173543328,1561856439&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=914
img1.baidu.com/it/u=118301553,1212716945&fm=253&fmt=auto&app=120&f=JPEG?w=428&h=625
183.131.118.35200 OK 19 kB URL HTTP/2 img1.baidu.com/it/u=118301553,1212716945&fm=253&fmt=auto&app=120&f=JPEG?w=428&h=625
IP 183.131.118.35:0
ASN #136190 JINHUA, ZHEJIANG Province, P.R.China.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 428x625, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 521fdcbbb878620fdfff33a5da41ebaf
d4d60234b9cc3fdfbbabd89dac162b343bfbea12
eec5e8a5f4a19661c029983195fc616f844581833d2ea2fc4bd9b3cc9fc2d2bd
GET /it/u=118301553,1212716945&fm=253&fmt=auto&app=120&f=JPEG?w=428&h=625 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:48 GMT
content-type: image/webp
content-length: 18874
expires: Tue, 28 Feb 2023 01:25:23 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 521fdcbbb878620fdfff33a5da41ebaf
age: 18427
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 29 Jan 2023 01:25:23 GMT
ohc-cache-hit: tzct70 [4], qdix88 [4]
ohc-file-size: 18874
x-cache-status: HIT
X-Firefox-Spdy: h2
t13.baidu.com/it/u=4110683136,311288991&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 42 kB URL HTTP/1.1 t13.baidu.com/it/u=4110683136,311288991&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash c818a0ebf40b06d9953ae7453cb93217
4464dec6216837236ca64984dffb37d55670ee2d
b2463f55405ba58457e9c0d638eadc6a9b619a52b032f45b1470a5cd4ac68e65
GET /it/u=4110683136,311288991&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpeg
Content-Length: 42132
Connection: keep-alive
Expires: Mon, 06 Mar 2023 11:52:46 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: c818a0ebf40b06d9953ae7453cb93217
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 11:52:46 GMT
Ohc-Upstream-Trace: 58.20.204.53
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [2], zhuzuncache53 [1], qdix184 [4]
Ohc-Response-Time: 1 0 0 0 389 389
Ohc-File-Size: 42132
X-Cache-Status: MISS
Timing-Allow-Origin: *
img1.baidu.com/it/u=4105755212,132343308&fm=253&app=120&f=JPEG?w=1280&h=800
183.131.118.35200 OK 108 kB URL HTTP/1.1 img1.baidu.com/it/u=4105755212,132343308&fm=253&app=120&f=JPEG?w=1280&h=800
IP 183.131.118.35:0
ASN #136190 JINHUA, ZHEJIANG Province, P.R.China.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 108 kB (108109 bytes)
Hash 7481042715e9296bfdd6be466d4fba1f
c58e6c7ab72c3eded627ff3f0c4f67ada7fae805
a48f4d11f26a12092b9ab83600b688593f129e48cf6b111301174156ed2a537f
GET /it/u=4105755212,132343308&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpeg
Content-Length: 108109
Connection: keep-alive
Expires: Wed, 22 Feb 2023 03:36:12 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: 7481042715e9296bfdd6be466d4fba1f
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 03:36:12 GMT
Ohc-Cache-HIT: tzct58 [1], xiangyix97 [4]
Ohc-File-Size: 108109
X-Cache-Status: MISS
img0.baidu.com/it/u=2173543328,1561856439&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=914
49.79.225.35200 OK 26 kB URL HTTP/2 img0.baidu.com/it/u=2173543328,1561856439&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=914
IP 49.79.225.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x914, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e095f68fbf3ca9091ebde6bee83ad53c
fd6857b7482a5550d50d6320070289364c4cd265
835372c4af12c504d98237adcbb2ccaf5825de6a95bda30036949751ec53a3af
GET /it/u=2173543328,1561856439&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=914 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:48 GMT
content-type: image/webp
content-length: 26122
expires: Sun, 19 Feb 2023 12:01:05 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: e095f68fbf3ca9091ebde6bee83ad53c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 12:01:05 GMT
ohc-cache-hit: ntct63 [1], suzix167 [4]
ohc-file-size: 26122
x-cache-status: MISS
X-Firefox-Spdy: h2
t13.baidu.com/it/u=1096280536,2566434421&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 39 kB URL HTTP/1.1 t13.baidu.com/it/u=1096280536,2566434421&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 80a01e62e852333cdfd24df98d0b67d6
46ff0c92ee2535a2cfd68f6f27bdbae90a633b14
117c10c0b8ce6e26b74df00ac478d6afaa79c73b1547a22fe505ff0b2de64a4a
GET /it/u=1096280536,2566434421&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpeg
Content-Length: 39305
Connection: keep-alive
Expires: Mon, 27 Feb 2023 18:53:19 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 80a01e62e852333cdfd24df98d0b67d6
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 28 Jan 2023 18:53:19 GMT
Ohc-Upstream-Trace: 121.228.171.107; 58.20.204.62
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [1], zhuzuncache62 [1], suzix107 [4]
Ohc-Response-Time: 1 0 0 0 332 332
Ohc-File-Size: 39305
X-Cache-Status: MISS
Timing-Allow-Origin: *
img0.baidu.com/it/u=3891346948,3751388608&fm=253&app=120&f=JPEG?w=1422&h=800
49.79.225.35200 OK 176 kB URL HTTP/1.1 img0.baidu.com/it/u=3891346948,3751388608&fm=253&app=120&f=JPEG?w=1422&h=800
IP 49.79.225.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size 176 kB (176216 bytes)
Hash fd6dbf254c4b7167d690fa811c0c161e
333ff5c70c4313c9f3664b6992eae464f6b00f25
9a326badc4247192f3e8be00445dcf95ed07d543782572b98eeed7fe58d9cbf3
GET /it/u=3891346948,3751388608&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpeg
Content-Length: 176216
Connection: keep-alive
Expires: Mon, 06 Mar 2023 11:53:48 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: fd6dbf254c4b7167d690fa811c0c161e
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 11:53:48 GMT
Ohc-Cache-HIT: ntct60 [2], wzix60 [4]
Ohc-File-Size: 176216
X-Cache-Status: MISS
12731.url.tudown.com/favicon.ico
154.218.151.71200 OK 0 B URL HTTP/1.1 12731.url.tudown.com/favicon.ico
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675511663; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1675511663; Hm_lvt_71b36f22c21839fd7a38e40d68b92934=1675511663; Hm_lpvt_71b36f22c21839fd7a38e40d68b92934=1675511663
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:49 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes
t15.baidu.com/it/u=95054306,2799987580&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 44 kB URL HTTP/1.1 t15.baidu.com/it/u=95054306,2799987580&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 2737735d3baf53d8869bf598eac55c23
57f7b01224e43e32c6c461967ba13a83ce6d5df2
2e54bad46c94b2442620626608238a42dcb7f771bed2ce61deaf4fee0e3eb369
GET /it/u=95054306,2799987580&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:49 GMT
Content-Type: image/jpeg
Content-Length: 44392
Connection: keep-alive
Expires: Fri, 03 Mar 2023 12:10:16 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 2737735d3baf53d8869bf598eac55c23
Age: 203187
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 01 Feb 2023 12:10:15 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache62 [1], csix101 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 44392
X-Cache-Status: HIT
Timing-Allow-Origin: *
t15.baidu.com/it/u=113352441,223121214&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 55 kB URL HTTP/1.1 t15.baidu.com/it/u=113352441,223121214&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 4088331d309619799e16ba62ace99686
4631a7158be07dc3a1763c8fe0152de85312e812
099beee5b26a30ba927829af25826e325264102dd81b4f37c34e8fc9ce8abfd3
GET /it/u=113352441,223121214&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:49 GMT
Content-Type: image/jpeg
Content-Length: 55186
Connection: keep-alive
Expires: Mon, 06 Feb 2023 18:41:25 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 4088331d309619799e16ba62ace99686
Age: 2039863
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 18:41:24 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache64 [4], suzix78 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 55186
X-Cache-Status: HIT
Timing-Allow-Origin: *