r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5273
Expires: Sat, 04 Feb 2023 17:23:28 GMT
Date: Sat, 04 Feb 2023 15:55:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14035
Expires: Sat, 04 Feb 2023 19:49:30 GMT
Date: Sat, 04 Feb 2023 15:55:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 15:43:38 GMT
content-type: application/json
age: 717
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12861
Expires: Sat, 04 Feb 2023 19:29:56 GMT
Date: Sat, 04 Feb 2023 15:55:35 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: M4dxy4YcOX1BzAY1odQT0HyCIXMsSHfKynEgDK1gGMkrgVMzvnF9Jevnn+abnjMZu980LkMgznVaiLRvPdViPA==
x-amz-request-id: N6DDCJ614S60W59Q
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 15:24:04 GMT
age: 1891
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:55:35 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 15:07:19 GMT
age: 2897
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2275
Expires: Sat, 04 Feb 2023 16:33:31 GMT
Date: Sat, 04 Feb 2023 15:55:36 GMT
Connection: keep-alive
12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
154.218.151.71200 OK 8.5 kB URL HTTP/1.1 12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Hash 0347935da47a21fcea94479ed0664a81
9e8403ebd05ca7dc3584540e15b8a963d3bb2c13
0ef978f2b0b4bfbb0ef5ad61e396170e35c2b265d2ae201ea19595216d134c5d
Analyzer Verdict Alert fortinet Malware
GET /down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __bid_n=1861d1cf31c694962b4207
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:36 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
35.160.45.85101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.45.85:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yuL98YuoPrkYB7ccTOW5QA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: oJhc8DjYjH/CQv2Kxc88VtaUkPw=
12931.url.tudown.com/js/orsxg5a.script
154.218.151.71200 OK 531 B URL HTTP/1.1 12931.url.tudown.com/js/orsxg5a.script
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document, ASCII text, with CRLF line terminators
Hash 39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15
Analyzer Verdict Alert fortinet Malware
GET /js/orsxg5a.script HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12931.url.tudown.com/template/company/955yx/css/gb.css
154.218.151.71200 OK 47 kB URL HTTP/1.1 12931.url.tudown.com/template/company/955yx/css/gb.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with very long lines (393), with CRLF line terminators
Hash 50dd1318432db01d440645564e53edc9
ee0cb6adb44f515312f771197c6c08b951cb7689
2b908ce7540ed6b03b07bdec7eb7eb504b76e78b3304474f40af3b8f3afb2135
GET /template/company/955yx/css/gb.css HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:36 GMT
Content-Type: text/css
Last-Modified: Tue, 15 Jun 2021 09:16:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86fef-30c0d"
Expires: Sun, 05 Feb 2023 03:55:36 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12931.url.tudown.com/template/company/955yx/js/searchword.js
154.218.151.71200 OK 1.3 kB URL HTTP/1.1 12931.url.tudown.com/template/company/955yx/js/searchword.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 95c12a0f8944cbd1c05e11f7a72875dd
22430886820419d75b8da5721af251bdeb6811d1
36e33550c0a108df269183b53afe7f8c86316cc7e24a84ee3804e8ae12c627eb
Analyzer Verdict Alert fortinet Malware
GET /template/company/955yx/js/searchword.js HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Jun 2021 09:16:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86ff1-fb5"
Expires: Sun, 05 Feb 2023 03:55:37 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12931.url.tudown.com/template/company/955yx/js/week_rank.js
154.218.151.71200 OK 656 B URL HTTP/1.1 12931.url.tudown.com/template/company/955yx/js/week_rank.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with CRLF line terminators
Hash 00ac918b54dd742e0ec507274205038a
6a2976eb86376f33eb4f7b587f71296f07940da5
11624c98f05816c06f80e2ea5ef22376ce5509cb2c076003f9d5f27ac81f4ec9
Analyzer Verdict Alert fortinet Malware
GET /template/company/955yx/js/week_rank.js HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: application/javascript
Content-Length: 656
Last-Modified: Tue, 15 Jun 2021 09:16:32 GMT
Connection: keep-alive
ETag: "60c86ff0-290"
Expires: Sun, 05 Feb 2023 03:55:37 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
12931.url.tudown.com/template/company/955yx/js/script_index2.js
154.218.151.71200 OK 2.3 kB URL HTTP/1.1 12931.url.tudown.com/template/company/955yx/js/script_index2.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ISO-8859 text, with CRLF line terminators
Hash e3f1b130f72b9756f002c6bbbc284fb7
d51b59da45422005ca5f02b66cb02eaf1b44a8fd
3c0e569d33461414b263a4a7e6602577873e4843bb450d5de979f263d02644c9
Analyzer Verdict Alert fortinet Malware
GET /template/company/955yx/js/script_index2.js HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Jun 2021 09:16:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86ff2-1f77"
Expires: Sun, 05 Feb 2023 03:55:37 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12931.url.tudown.com/template/company/955yx/js/api.js
154.218.151.71200 OK 22 B URL HTTP/1.1 12931.url.tudown.com/template/company/955yx/js/api.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with CRLF line terminators
Hash 143a35d673d243f56603ac04a89d8099
677acddc2a341ec711d74ecfd05bb919208c23df
ab368ffd11e345075f085c40cfdd9254280e0db19ed65e2668c287b17508170f
Analyzer Verdict Alert fortinet Malware
GET /template/company/955yx/js/api.js HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: application/javascript
Content-Length: 22
Last-Modified: Tue, 15 Jun 2021 09:16:34 GMT
Connection: keep-alive
ETag: "60c86ff2-16"
Expires: Sun, 05 Feb 2023 03:55:37 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
12931.url.tudown.com/template/company/955yx/js/gb.js
154.218.151.71200 OK 7.7 kB URL HTTP/1.1 12931.url.tudown.com/template/company/955yx/js/gb.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 2a105ecd23c8abe20d0f84a4d10903a7
f3a1339005455be7df05412b2bde5d33ed096da0
9e8e3180840152689c4d7732c3660da6c766645aad88f695c041720ff5ec0a67
Analyzer Verdict Alert fortinet Malware
GET /template/company/955yx/js/gb.js HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Jun 2021 09:16:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86fef-7685"
Expires: Sun, 05 Feb 2023 03:55:37 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12931.url.tudown.com/template/company/955yx/js/jquery-1.8.3.min.js
154.218.151.71200 OK 41 kB URL HTTP/1.1 12931.url.tudown.com/template/company/955yx/js/jquery-1.8.3.min.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (65483)
Hash aef63d51fe884fe89d488a2abc96381b
ed39edfb824178566b87b08164c7d382a119705b
51826bef0d69d08144d8605e1c56e1602cb1b6f620f854972c31080cf17d11f5
Analyzer Verdict Alert fortinet Malware
GET /template/company/955yx/js/jquery-1.8.3.min.js HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Jun 2021 09:16:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86fef-198c3"
Expires: Sun, 05 Feb 2023 03:55:37 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ae58d39edb7923f0dac8e7b20767f306
827e75323edf1548d2b898b96caaec9556893e3a
2c18f66718230665099bdc4a96dbed4e667ff233f9853aebd3e0802235c658d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C18F66718230665099BDC4A96DBED4E667FF233F9853AEBD3E0802235C658D8"
Last-Modified: Thu, 02 Feb 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21038
Expires: Sat, 04 Feb 2023 21:46:15 GMT
Date: Sat, 04 Feb 2023 15:55:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19713
Expires: Sat, 04 Feb 2023 21:24:10 GMT
Date: Sat, 04 Feb 2023 15:55:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19713
Expires: Sat, 04 Feb 2023 21:24:10 GMT
Date: Sat, 04 Feb 2023 15:55:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19713
Expires: Sat, 04 Feb 2023 21:24:10 GMT
Date: Sat, 04 Feb 2023 15:55:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19713
Expires: Sat, 04 Feb 2023 21:24:10 GMT
Date: Sat, 04 Feb 2023 15:55:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19713
Expires: Sat, 04 Feb 2023 21:24:10 GMT
Date: Sat, 04 Feb 2023 15:55:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 63904
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6kDIOqhM4aVL80sF02uFu2TuGbiBE7_L_S2W7x-P46hO5YZFmuL9nQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 63727
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 63916
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 392b61306c346508d3ac4a2f28218f9c
d2de32b52e0d3f4fc6acaf687b3521294b01dc03
018712a4d6734b84ac1777124f97dae4d93b1e5b297a5dcfe0955b52710b8a35
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G8F3Fflod6HB4QFtjpD09xzi-2LKPw_DBJT0PKYKU3bs3pvOwO_LRw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:32 GMT
age: 63905
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b5c35cdff2fb0758db780212b0b1f77
edbb557a3bf57128467335685aebbd4831d802f8
e0fa59843073ba8bd171c66610bc1b3d59a1a94c4991e6023507b9453ca0edba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9349
x-amzn-requestid: ecd1913d-7dbe-4ffd-ba85-0549aab51a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyayOGPlIAMFQ7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dda4da-6a9b8d146155fa8b6c1c02d6;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 00:20:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jGBEz2d-SXXPBZhwlJgR4w248y-NY2c-18euLre5PULjWUIfhfUmNQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 00:20:43 GMT
etag: "edbb557a3bf57128467335685aebbd4831d802f8"
content-type: image/jpeg
age: 56094
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:04 GMT
age: 65253
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
12931.url.tudown.com/static/api/http://12931.url.tudown.com/template/company/955yx/js/share.js?v=89860593.js?cdnversion=465422
154.218.151.71404 Not Found 146 B URL HTTP/1.1 12931.url.tudown.com/static/api/http://12931.url.tudown.com/template/company/955yx/js/share.js?v=89860593.js?cdnversion=465422
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Malware
GET /static/api/http://12931.url.tudown.com/template/company/955yx/js/share.js?v=89860593.js?cdnversion=465422 HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
12931.url.tudown.com/uploads/images/613997.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/613997.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/613997.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2885283128,899350702&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170
12931.url.tudown.com/uploads/images/769889.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/769889.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/769889.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2122931362,465787482&fm=253&fmt=auto&app=120&f=JPEG?w=400&h=400
12931.url.tudown.com/template/company/955yx/images/home.png
154.218.151.71200 OK 1.3 kB URL HTTP/1.1 12931.url.tudown.com/template/company/955yx/images/home.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash 302b4d0465daebb6a02b59b721d92a41
20d18d0cb9f052ec48b775ec2de2e8ce1a233c1e
a7fa550286b2b0974ab70bbadbe26cfa5b6770da8a71445b3b3f87abd896d3f2
GET /template/company/955yx/images/home.png HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/template/company/955yx/css/gb.css
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: image/png
Content-Length: 1270
Last-Modified: Tue, 15 Jun 2021 09:16:32 GMT
Connection: keep-alive
ETag: "60c86ff0-4f6"
Accept-Ranges: bytes
12931.url.tudown.com/uploads/images/885230.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/885230.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/885230.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=775835733,433013180&fm=224&app=112&f=JPEG?w=500&h=500
12931.url.tudown.com/uploads/images/563177.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/563177.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/563177.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=4286396864,596511379&fm=253&fmt=auto&app=138&f=JPEG?w=359&h=499
12931.url.tudown.com/uploads/images/26002.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/26002.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/26002.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1496123987,2661962405&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=224
12931.url.tudown.com/uploads/images/954850.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/954850.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/954850.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=685579189,1283811002&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
12931.url.tudown.com/uploads/images/626865.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/626865.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/626865.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1770764717,1064998531&fm=253&fmt=auto&app=138&f=JPEG?w=501&h=500
12931.url.tudown.com/uploads/images/746741.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/746741.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/746741.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1408659075,2347218015&fm=253&fmt=auto&app=138&f=JPEG?w=360&h=201
12931.url.tudown.com/uploads/images/874439.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/874439.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/874439.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=551660493,979160127&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
12931.url.tudown.com/uploads/images/122944.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/122944.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/122944.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2417688547,1972936716&fm=224&app=112&f=JPEG?w=500&h=500
12931.url.tudown.com/uploads/images/47661.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/47661.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/47661.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2602722561,1421725466&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
push.zhanzhang.baidu.com/push.js
180.101.212.103200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 180.101.212.103:0
ASN #134770 CHINANET Jiangsu province Suzhou taihu IDC network
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sat, 04 Feb 2023 15:55:38 GMT
Etag: "4078521116"
Expires: Sun, 04 Feb 2024 15:55:38 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=EBD3AAF6C0A910900885360B7EC898CF:FG=1; max-age=31536000; expires=Sun, 04-Feb-24 15:55:38 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 81f5c123f4a83e821e1e2f7c4101a7bf
650933ff62323a28072863389d558e213041f68a
5a56d766b7901444e0da4d430348ca3f0ddae9cf26f9bb4f41266c36750572d7
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 12:17:24 GMT
ETag: "650933ff62323a28072863389d558e213041f68a"
Last-Modified: Sat, 04 Feb 2023 12:17:25 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2529
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7944977e6d02b521-OSL
12931.url.tudown.com/template/company/955yx/images/litterstar.png
154.218.151.71200 OK 1.7 kB URL HTTP/1.1 12931.url.tudown.com/template/company/955yx/images/litterstar.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 73 x 143, 8-bit colormap, non-interlaced\012- data
Hash d130270dc6abd41d1d40acbe01e36739
5dec8c0c88e9c3dfb13cbfc7d1d9818baa7ee96c
8b31f0ef117010f8ad5e5c8c73ede7468072e1cb08f994fce90ada97f461b59b
GET /template/company/955yx/images/litterstar.png HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/template/company/955yx/css/gb.css
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/png
Content-Length: 1706
Last-Modified: Tue, 15 Jun 2021 09:16:33 GMT
Connection: keep-alive
ETag: "60c86ff1-6aa"
Accept-Ranges: bytes
12931.url.tudown.com/uploads/images/609533.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/609533.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/609533.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=4145886606,1382989624&fm=253&fmt=auto&app=138&f=JPEG?w=950&h=500
12931.url.tudown.com/uploads/images/533227.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/533227.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/533227.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1274908658,1713950003&fm=224&app=112&f=JPEG?w=500&h=500
12931.url.tudown.com/uploads/images/322644.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/322644.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/322644.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=228495488,3907876275&fm=253&fmt=auto&app=138&f=PNG?w=500&h=500
12931.url.tudown.com/uploads/images/625103.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/625103.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/625103.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=893979314,60350366&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=500
12931.url.tudown.com/template/company/955yx/images/bgs.png
154.218.151.71200 OK 101 kB URL HTTP/1.1 12931.url.tudown.com/template/company/955yx/images/bgs.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 500 x 900, 8-bit/color RGBA, non-interlaced\012- data
Size 101 kB (101362 bytes)
Hash 1621ecee9c5f80ff96ab42e1ee259f58
5867acc872a638e86b981dbd81632c219a8093ec
f7809c07dbf542cc134fa715f678d4fba323bffdc649c9fb85a866b55b0c47f9
GET /template/company/955yx/images/bgs.png HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/template/company/955yx/css/gb.css
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:37 GMT
Content-Type: image/png
Content-Length: 101362
Last-Modified: Tue, 15 Jun 2021 09:16:31 GMT
Connection: keep-alive
ETag: "60c86fef-18bf2"
Accept-Ranges: bytes
12931.url.tudown.com/uploads/images/227082.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/227082.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/227082.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1311957819,2512572683&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
12931.url.tudown.com/uploads/images/707785.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/707785.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/707785.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=944806952,3984221054&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=711
12931.url.tudown.com/uploads/images/69369.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/69369.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/69369.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=95212082,672529190&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=500
12931.url.tudown.com/uploads/images/344230.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/344230.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/344230.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1082996496,623551424&fm=224&app=112&f=JPEG?w=500&h=500
12931.url.tudown.com/uploads/images/28823.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/28823.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/28823.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1237450180,4033918051&fm=224&app=112&f=JPEG?w=500&h=500&s=27E0DC4B841A15D41908609203008092
ocsp.crlocsp.cn/
101.198.193.5200 OK 472 B IP 101.198.193.5:0
ASN #55992 Beijing Qihu Technology Company Limited
Hash 0d324131dca4960e6e81b522efd00a68
b8d5934359a12f1585f7f6025e3e252c915b6e83
ca1c02c77c4e94efd7846bed454d839b407056477c43f7dca8b1d219d3b8a1b1
POST / HTTP/1.1
Host: ocsp.crlocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.9.14
Date: Sat, 04 Feb 2023 15:54:21 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Content-Transfer-Encoding: Binary
Last-modified: Sat, 04 Feb 2023 07:32:09 GMT
Expires: Sat, 11 Feb 2023 07:32:08 GMT
ETag: "B8D5934359A12F1585F7F6025E3E252C915B6E83"
cache-control: max-age=172800,public,no-transform,must-revalidate
s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js
54.230.111.4200 OK 478 B URL HTTP/2 s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js
IP 54.230.111.4:0
File type ASCII text, with very long lines (478), with no line terminators
Hash 5dd27f8f2b042194c3cdabd62fd80110
c035036a939799d4c29b9c0f7229ae1953d03109
928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a
GET /ssl/ab77b6ea7f3fbf79.js HTTP/1.1
Host: s.ssl.qhres2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12931.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 478
date: Fri, 06 Jan 2023 02:40:18 GMT
x-qstatic-hit: 1
last-modified: Mon, 01 Jan 2018 00:00:00 GMT
etag: W/"67d74adaac6d2f43"
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
expires: Mon, 03 Jan 2033 02:40:18 GMT
kcs-via: HIT from w-fc03.lato;MISS from w-sc01.lato
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Q0CQVcuHyqvLCll8ivKBCbC8OzZ6D4KORYajbhRMkKaxI4_eOPYa5A==
age: 2553321
X-Firefox-Spdy: h2
12931.url.tudown.com/uploads/images/137086.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/137086.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/137086.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1867987343,3008850380&fm=253&fmt=auto&app=138&f=GIF?w=583&h=500
api.share.baidu.com/s.gif?l=http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
39.156.68.163200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
IP 39.156.68.163:0
ASN #9808 China Mobile Communications Group Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 04 Feb 2023 15:55:39 GMT
12931.url.tudown.com/uploads/images/632474.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/632474.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/632474.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3124816760,490579788&fm=224&app=112&f=JPEG?w=500&h=500
12931.url.tudown.com/uploads/images/397329.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/397329.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/397329.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4252571863,1839450856&fm=253&fmt=auto&app=138&f=JPEG?w=362&h=500
12931.url.tudown.com/uploads/images/909419.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/909419.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/909419.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3830720015,3772898188&fm=253&fmt=auto?w=1422&h=800
12931.url.tudown.com/uploads/images/446629.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/446629.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/446629.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=162976163,2845049117&fm=253&fmt=auto&app=138&f=PNG?w=500&h=676
12931.url.tudown.com/uploads/images/729740.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/729740.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/729740.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2695204531,2698869799&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
12931.url.tudown.com/uploads/images/941478.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/941478.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/941478.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2428433112,1248005970&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
12931.url.tudown.com/uploads/images/286300.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/286300.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/286300.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2423740803,4005398423&fm=224&app=112&f=JPEG?w=500&h=500
12931.url.tudown.com/uploads/images/235094.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/235094.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/235094.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3275485709,1879986680&fm=253&fmt=auto&app=138&f=JPEG?w=508&h=268
12931.url.tudown.com/uploads/images/31657.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/31657.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/31657.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1504889317,3226780132&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=313
12931.url.tudown.com/uploads/images/71103.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/71103.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/71103.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3746346873,596028162&fm=253&fmt=auto&app=120&f=JPEG?w=500&h=750
12931.url.tudown.com/index.php?m=content&c=index&a=get_searchkey&pc_hash=WrCDxe&_=1675526175423
154.218.151.71200 OK 8.6 kB URL HTTP/1.1 12931.url.tudown.com/index.php?m=content&c=index&a=get_searchkey&pc_hash=WrCDxe&_=1675526175423
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Hash 043696cd4535f3fff178dc807f825f11
b0f16ddf7f906b5e3f164f27b6dfe867f85b3db8
3bce207a2473d7632fced2ab0290ef015ee471fd965662bc400f89192bbd92cf
GET /index.php?m=content&c=index&a=get_searchkey&pc_hash=WrCDxe&_=1675526175423 HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
s.360.cn/so/zz.gif?url=http%3A%2F%2F12931.url.tudown.com%2Fdown%2Fberrybox%25E4%25B8%258B%25E8%25BD%25BD%40134_2582.exe&sid=d182b3f28525f2db83acfaaf6e696dba&token=de1x8e2.b238f5228_542351f@2DdBb%
101.198.2.147200 OK 0 B URL HTTP/1.1 s.360.cn/so/zz.gif?url=http%3A%2F%2F12931.url.tudown.com%2Fdown%2Fberrybox%25E4%25B8%258B%25E8%25BD%25BD%40134_2582.exe&sid=d182b3f28525f2db83acfaaf6e696dba&token=de1x8e2.b238f5228_542351f@2DdBb%
IP 101.198.2.147:0
ASN #23724 IDC, China Telecommunications Corporation
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /so/zz.gif?url=http%3A%2F%2F12931.url.tudown.com%2Fdown%2Fberrybox%25E4%25B8%258B%25E8%25BD%25BD%40134_2582.exe&sid=d182b3f28525f2db83acfaaf6e696dba&token=de1x8e2.b238f5228_542351f@2DdBb% HTTP/1.1
Host: s.360.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/
HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Tue, 31 May 2022 08:31:45 GMT
Connection: keep-alive
ETag: "6295d271-0"
Accept-Ranges: bytes
t13.baidu.com/it/u=775835733,433013180&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 45 kB URL HTTP/1.1 t13.baidu.com/it/u=775835733,433013180&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 29d1dedbb6bfa07d6c63140a9afb2b76
78b12eb90ef1ddedf72e130a7aba16c9a4736f5b
9fea958ac8354e264d3bec59882c610f5e5f9f9eca167c15fcf6b14ab879bef7
GET /it/u=775835733,433013180&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpeg
Content-Length: 44965
Connection: keep-alive
Expires: Fri, 17 Feb 2023 15:30:15 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 29d1dedbb6bfa07d6c63140a9afb2b76
Age: 1430311
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 18 Jan 2023 15:30:15 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache64 [1], bdix140 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 44965
X-Cache-Status: HIT
Timing-Allow-Origin: *
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (633)
Hash 99b9073ee4cb1cc83ccdbd5783846698
8e64914898ff209bcaba81a3f480bf4c1bb1c15b
d302a08fe67ed59aa57a11ae51a468d4c0e418506e898bea9af8b32b2bc4aa21
GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12931.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 15:55:39 GMT
Etag: 6f853986f261897c8914754c8d3f0498
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=4854D1CC258FA16E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
t13.baidu.com/it/u=2423740803,4005398423&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 27 kB URL HTTP/1.1 t13.baidu.com/it/u=2423740803,4005398423&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 4c528e55e50bbdc0fa9fba29808c8521
3f8bdd64d3733be1aac5fc201bd4b18b77ef5030
29affc6fe60b169806acb5b1e5f8537925812a4cf67e400accc5a757a8a7bb43
GET /it/u=2423740803,4005398423&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpeg
Content-Length: 26833
Connection: keep-alive
Expires: Wed, 15 Feb 2023 00:19:18 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 4c528e55e50bbdc0fa9fba29808c8521
Age: 384405
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 16 Jan 2023 00:19:18 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [4], zhuzuncache57 [1], czix153 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 26833
X-Cache-Status: HIT
Timing-Allow-Origin: *
t13.baidu.com/it/u=3124816760,490579788&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 42 kB URL HTTP/1.1 t13.baidu.com/it/u=3124816760,490579788&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 14dde8f17a41f2eb82998d99fc16ac2b
e4d8ea2fda6af65f3a172ff3a00876eac00e00a2
ea11d5a1876db05e5732cc14af08de04515c3f0ddcb63d40ae9f80b8bb59be31
GET /it/u=3124816760,490579788&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:39 GMT
Content-Type: image/jpeg
Content-Length: 42119
Connection: keep-alive
Expires: Sat, 18 Feb 2023 12:20:12 GMT
Last-Modified: Sun, 18 Jan 1970 00:00:00 GMT
ETag: 14dde8f17a41f2eb82998d99fc16ac2b
Age: 19284
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 19 Jan 2023 12:20:12 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache64 [1], suzix96 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 42119
X-Cache-Status: HIT
Timing-Allow-Origin: *
12931.url.tudown.com/api.php?op=digg&action=show&id=23038
154.218.151.71404 Not Found 146 B URL HTTP/1.1 12931.url.tudown.com/api.php?op=digg&action=show&id=23038
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /api.php?op=digg&action=show&id=23038 HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
12931.url.tudown.com/uploads/images/209979.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/209979.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/209979.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3842301589,2661641299&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200
12931.url.tudown.com/uploads/images/273628.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/273628.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/273628.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=814922709,807715786&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
12931.url.tudown.com/uploads/images/893264.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/893264.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/893264.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=754383408,4173477665&fm=224&app=112&f=JPEG?w=500&h=500
img0.baidu.com/it/u=2885283128,899350702&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170
125.74.42.35200 OK 6.7 kB URL HTTP/2 img0.baidu.com/it/u=2885283128,899350702&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 130x170, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 11da4663bf208bd1a6256dcd8363b343
637cfb1224506be8a0d931a8c328370d18c2d47c
ad5b3be30da010bae4bf120d8ff1c5266c585ad4bf6cf7008bf5b01144396a42
GET /it/u=2885283128,899350702&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 6744
expires: Fri, 17 Feb 2023 06:53:52 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 11da4663bf208bd1a6256dcd8363b343
age: 385027
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 06:53:52 GMT
ohc-cache-hit: lz3ct72 [4], qdix227 [2]
ohc-file-size: 6744
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1311957819,2512572683&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
125.74.42.35200 OK 18 kB URL HTTP/2 img0.baidu.com/it/u=1311957819,2512572683&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0972bc41e7105ea76487b66875289ca1
e6af8771bc789d73c2e4301c4dc948a7b38a0e2a
e71a1ebedea6b9ef20f569101d0e7c589ea4caf1f57f2597e974abf6a93cb013
GET /it/u=1311957819,2512572683&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 18538
expires: Wed, 01 Mar 2023 17:24:14 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 0972bc41e7105ea76487b66875289ca1
age: 39697
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 30 Jan 2023 17:24:14 GMT
ohc-cache-hit: lz3ct70 [4], bdix113 [2]
ohc-file-size: 18538
x-cache-status: HIT
X-Firefox-Spdy: h2
t13.baidu.com/it/u=754383408,4173477665&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 38 kB URL HTTP/1.1 t13.baidu.com/it/u=754383408,4173477665&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash d71dd77c0ee5283dd2b6d3e0abcb2733
b0598779f0411b78862ec221c8287921ddb4ed63
cfad2f8b1f15679f5516dd4551e7d00b2c8c5e363cfaa5b66f5ab92cc8928471
GET /it/u=754383408,4173477665&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpeg
Content-Length: 37504
Connection: keep-alive
Expires: Mon, 20 Feb 2023 02:31:32 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: d71dd77c0ee5283dd2b6d3e0abcb2733
Age: 1200388
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 21 Jan 2023 02:31:32 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache57 [4], xaix199 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 37504
X-Cache-Status: HIT
Timing-Allow-Origin: *
12931.url.tudown.com/uploads/images/159884.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/159884.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/159884.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3923600217,797260628&fm=224&app=112&f=JPEG?w=500&h=500
12931.url.tudown.com/uploads/images/486751.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/486751.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/486751.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1516083702,1859252157&fm=253&fmt=auto&app=138&f=JPEG?w=352&h=500
12931.url.tudown.com/uploads/images/330647.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/330647.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/330647.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3342466840,256674776&fm=224&app=112&f=JPEG?w=350&h=350
t14.baidu.com/it/u=1237450180,4033918051&fm=224&app=112&f=JPEG?w=500&h=500&s=27E0DC4B841A15D41908609203008092
185.10.104.124200 OK 31 kB URL HTTP/1.1 t14.baidu.com/it/u=1237450180,4033918051&fm=224&app=112&f=JPEG?w=500&h=500&s=27E0DC4B841A15D41908609203008092
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 77cb6e76f076d6822a34a33ae7fcbdfd
926b7542b36a5360abf11b34fd2d6f91fa269447
eecc9c2930db8cc9645962e1c15f0212083fe81b45020307647bd7b800429f1e
GET /it/u=1237450180,4033918051&fm=224&app=112&f=JPEG?w=500&h=500&s=27E0DC4B841A15D41908609203008092 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpeg
Content-Length: 30795
Connection: keep-alive
Expires: Thu, 02 Mar 2023 04:14:24 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: 77cb6e76f076d6822a34a33ae7fcbdfd
Age: 218183
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 04:14:24 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [2], zhuzuncache60 [4], xiangyix181 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 30795
X-Cache-Status: HIT
Timing-Allow-Origin: *
t14.baidu.com/it/u=1082996496,623551424&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 48 kB URL HTTP/1.1 t14.baidu.com/it/u=1082996496,623551424&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 892a20155f74938a4445948e5f6673bf
6bab76ec81b9fd07c5633ee5a4c742efe0de6aff
2014a5cd3c95361628953dfda18426494dadfe66e016ef91b4a98a9b5aa5c381
GET /it/u=1082996496,623551424&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpeg
Content-Length: 48130
Connection: keep-alive
Expires: Mon, 27 Feb 2023 05:17:38 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 892a20155f74938a4445948e5f6673bf
Age: 567406
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 28 Jan 2023 05:17:38 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [4], zhuzuncache56 [4], suzix76 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 48130
X-Cache-Status: HIT
Timing-Allow-Origin: *
t13.baidu.com/it/u=3342466840,256674776&fm=224&app=112&f=JPEG?w=350&h=350
185.10.104.124200 OK 23 kB URL HTTP/1.1 t13.baidu.com/it/u=3342466840,256674776&fm=224&app=112&f=JPEG?w=350&h=350
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 350x350, components 3\012- data
Hash 4cdd33ed3aba703f2b43e143e2fe0e4b
70afd9e7c470743d076969dc172e2949a5d48b47
f15f344e93ad01121459827964d550bc4a2f4b3bdb0ebd30695a5033cfc86523
GET /it/u=3342466840,256674776&fm=224&app=112&f=JPEG?w=350&h=350 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpeg
Content-Length: 22705
Connection: keep-alive
Expires: Mon, 06 Mar 2023 08:07:32 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 4cdd33ed3aba703f2b43e143e2fe0e4b
Age: 28088
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 08:07:32 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [4], zhuzuncache50 [1], xaix167 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 22705
X-Cache-Status: HIT
Timing-Allow-Origin: *
t14.baidu.com/it/u=1274908658,1713950003&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 54 kB URL HTTP/1.1 t14.baidu.com/it/u=1274908658,1713950003&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 7b582358165a4dc2e1c67ade560cca0a
18a6bd1c0b6a115b36614108916edb6782d52480
56dbf16da61e7ff3775d1d176a41c737fb6d22d78f43bcece10dbb205b43c062
GET /it/u=1274908658,1713950003&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpeg
Content-Length: 53760
Connection: keep-alive
Expires: Sat, 18 Feb 2023 02:26:54 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 7b582358165a4dc2e1c67ade560cca0a
Age: 1430926
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 19 Jan 2023 02:26:53 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], zhuzuncache53 [2], suzix155 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 53760
X-Cache-Status: HIT
Timing-Allow-Origin: *
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=1276629804&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=58366&r=0&ww=1152&u=http%3A%2F%2F12931.url.tudown.com%2Fdown%2Fberrybox%25E4%25B8%258B%25E8%25BD%25BD%40134_2582.exe&tt=ag%E4%BA%9A%E6%B4%B2%E4%B9%9D%E6%B8%B8%E4%BC%9A%E7%99%BB%E5%8F%A3-%E5%B9%B3%E5%8F%B0%E6%9C%80%E6%96%B0%E4%B8%8B%E8%BD%BD%C2%B7%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0iOS%2F%E5%AE%89%E5%8D%93%E5%AE%98%E6%96%B9%E7%89%88
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=1276629804&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=58366&r=0&ww=1152&u=http%3A%2F%2F12931.url.tudown.com%2Fdown%2Fberrybox%25E4%25B8%258B%25E8%25BD%25BD%40134_2582.exe&tt=ag%E4%BA%9A%E6%B4%B2%E4%B9%9D%E6%B8%B8%E4%BC%9A%E7%99%BB%E5%8F%A3-%E5%B9%B3%E5%8F%B0%E6%9C%80%E6%96%B0%E4%B8%8B%E8%BD%BD%C2%B7%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0iOS%2F%E5%AE%89%E5%8D%93%E5%AE%98%E6%96%B9%E7%89%88
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=1276629804&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=58366&r=0&ww=1152&u=http%3A%2F%2F12931.url.tudown.com%2Fdown%2Fberrybox%25E4%25B8%258B%25E8%25BD%25BD%40134_2582.exe&tt=ag%E4%BA%9A%E6%B4%B2%E4%B9%9D%E6%B8%B8%E4%BC%9A%E7%99%BB%E5%8F%A3-%E5%B9%B3%E5%8F%B0%E6%9C%80%E6%96%B0%E4%B8%8B%E8%BD%BD%C2%B7%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0iOS%2F%E5%AE%89%E5%8D%93%E5%AE%98%E6%96%B9%E7%89%88 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12931.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 15:55:40 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=67EE6B79153D369F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
img0.baidu.com/it/u=944806952,3984221054&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=711
125.74.42.35200 OK 7.7 kB URL HTTP/2 img0.baidu.com/it/u=944806952,3984221054&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=711
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x711, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 39890b931b08e68dd38902151c691d1c
7773c6ad3eec270e8f01b7a66bd31260e306e9ff
883e478210ba67d0cba857ab98b0b393cb277f00b74f7aa2e09a2f26c9432dcc
GET /it/u=944806952,3984221054&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=711 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 7732
expires: Sun, 19 Feb 2023 12:46:40 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 39890b931b08e68dd38902151c691d1c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 12:46:40 GMT
ohc-cache-hit: lz3ct77 [1], czix67 [4]
ohc-file-size: 7732
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1770764717,1064998531&fm=253&fmt=auto&app=138&f=JPEG?w=501&h=500
125.74.42.35200 OK 22 kB URL HTTP/2 img0.baidu.com/it/u=1770764717,1064998531&fm=253&fmt=auto&app=138&f=JPEG?w=501&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 501x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 759eae4c1dc268434acd35f736a93bd8
79da698b8dc2deb74dbeef35af3442c5679eae3b
89e1442b8cc6c1ca61774870e73254438973f065c8bf6cca03c94879aafd9501
GET /it/u=1770764717,1064998531&fm=253&fmt=auto&app=138&f=JPEG?w=501&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 21752
expires: Mon, 20 Feb 2023 10:51:53 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 759eae4c1dc268434acd35f736a93bd8
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 10:51:53 GMT
ohc-cache-hit: lz3ct82 [1], qdix148 [4]
ohc-file-size: 21752
x-cache-status: MISS
X-Firefox-Spdy: h2
t15.baidu.com/it/u=2417688547,1972936716&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 76 kB URL HTTP/1.1 t15.baidu.com/it/u=2417688547,1972936716&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 3d203fedc41dfb1218e27e0669bc9a38
5d9353856de0e35cbd3b4f00aaf903fb423e0ad3
8868b22739aa8848b8534fc17f2e3da45ba552aefb77ee9adea5a32cb10bc293
GET /it/u=2417688547,1972936716&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpeg
Content-Length: 75587
Connection: keep-alive
Expires: Tue, 28 Feb 2023 11:22:29 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: 3d203fedc41dfb1218e27e0669bc9a38
Age: 394726
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 29 Jan 2023 11:22:29 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], xauncache100 [2], xaix172 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 75587
X-Cache-Status: HIT
Timing-Allow-Origin: *
12931.url.tudown.com/index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16
154.218.151.71200 OK 8.6 kB URL HTTP/1.1 12931.url.tudown.com/index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Hash 0d5de1f03074122bcee21e614f6d466a
afee430289736eb31272638ef13124d3a2aff046
b5107c51fef67ebeffab2c87b77a3937e8a43da1fd0f1c1b10349afae8200912
GET /index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16 HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12931.url.tudown.com/index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16
154.218.151.71200 OK 8.7 kB URL HTTP/1.1 12931.url.tudown.com/index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Hash 84771d722990312643031ebd46e8310c
a466a58331d922abd063ed8d0b9f483b59b9a4b9
77e89903ba6bb39a510b65686adf4f120e544c50f93c402cbad07b5352afffdb
GET /index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16 HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12931.url.tudown.com/uploads/images/817971.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/817971.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/817971.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1626739494,1664083240&fm=224&app=112&f=JPEG?w=500&h=500
12931.url.tudown.com/uploads/images/268650.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/268650.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/268650.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2037062839,2216091887&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
t15.baidu.com/it/u=1626739494,1664083240&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 60 kB URL HTTP/1.1 t15.baidu.com/it/u=1626739494,1664083240&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 2782f47fec88092bea09fbd7f661e266
d9fc408a701ed4c686acd3da0da44d0128363bd6
d59791f6ebf4ba105d563144fbd681e5ec315b20eadb89919ff887a6b75f6acf
GET /it/u=1626739494,1664083240&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpeg
Content-Length: 59535
Connection: keep-alive
Expires: Mon, 13 Feb 2023 23:51:34 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 2782f47fec88092bea09fbd7f661e266
Age: 378676
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 14 Jan 2023 23:51:34 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache58 [1], xiangyix122 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 59535
X-Cache-Status: HIT
Timing-Allow-Origin: *
12931.url.tudown.com/uploads/images/778317.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/778317.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/778317.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3220094201,1000275519&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
img1.baidu.com/it/u=4145886606,1382989624&fm=253&fmt=auto&app=138&f=JPEG?w=950&h=500
125.64.104.35200 OK 55 kB URL HTTP/2 img1.baidu.com/it/u=4145886606,1382989624&fm=253&fmt=auto&app=138&f=JPEG?w=950&h=500
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 950x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash be21fc1f6a1cc6bb5f063c4c7f016528
73ded968aa95df7835cbcafab7fbc2b2141e214f
bd0fbce42a44df0a76e1fcb3fffd010b63d8884b29edfa64592afa6ab6495bcf
GET /it/u=4145886606,1382989624&fm=253&fmt=auto&app=138&f=JPEG?w=950&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 54590
expires: Sun, 19 Feb 2023 15:56:06 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: be21fc1f6a1cc6bb5f063c4c7f016528
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 15:56:06 GMT
ohc-cache-hit: dy2ct64 [1], qdix158 [4]
ohc-file-size: 54590
x-cache-status: MISS
X-Firefox-Spdy: h2
12931.url.tudown.com/uploads/images/logo.png?n=42625znxt3s3raxjqw4ord445gy3zzm7xhuk5lpexcw6lp4d&w=250
154.218.151.71200 OK 2.7 kB URL HTTP/1.1 12931.url.tudown.com/uploads/images/logo.png?n=42625znxt3s3raxjqw4ord445gy3zzm7xhuk5lpexcw6lp4d&w=250
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Hash 33ce0714525543a15c522ec28bbad7dc
bec345dfbe76de3022f58cfb597274883d428434
60450c6eecf88254df3f0a6e04c0fd5b49567a0dd4a23e15e70c5e30ea6c184c
GET /uploads/images/logo.png?n=42625znxt3s3raxjqw4ord445gy3zzm7xhuk5lpexcw6lp4d&w=250 HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
img0.baidu.com/it/u=893979314,60350366&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=500
125.74.42.35200 OK 33 kB URL HTTP/2 img0.baidu.com/it/u=893979314,60350366&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 353x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 38e4d9cc67d0a1f962fc0dbc32a69557
f51608235503624aca01d00678514665c102a706
a509f163e51be7ea9bbf0b564aea244a19ef099067a0dfdca7a04289ddfc2447
GET /it/u=893979314,60350366&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 32980
expires: Wed, 22 Feb 2023 02:14:39 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 38e4d9cc67d0a1f962fc0dbc32a69557
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 02:14:39 GMT
ohc-cache-hit: lz3ct53 [1], bdix153 [4]
ohc-file-size: 32980
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=3842301589,2661641299&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200
125.74.42.35200 OK 8.5 kB URL HTTP/2 img0.baidu.com/it/u=3842301589,2661641299&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c29fc805e3d9177002bb8cd2ba0b3299
4e081864fbe2ec03906815038fc74ed613afc12d
479360f9b525f2a4e7730dda5ba1831d5b5d8a2a33f9495f59eaaa5cdc468a0d
GET /it/u=3842301589,2661641299&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 8548
expires: Tue, 21 Feb 2023 04:34:40 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: c29fc805e3d9177002bb8cd2ba0b3299
age: 200337
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 04:34:39 GMT
ohc-cache-hit: lz3ct89 [4], bdix248 [4]
ohc-file-size: 8548
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=228495488,3907876275&fm=253&fmt=auto&app=138&f=PNG?w=500&h=500
125.74.42.35200 OK 24 kB URL HTTP/2 img0.baidu.com/it/u=228495488,3907876275&fm=253&fmt=auto&app=138&f=PNG?w=500&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 57805bd6e7dc4861773512a252a148b6
b085205cd25178937c3eaf63463d99a23b0d3539
33873ab5885f604c9488b8a77a44ed8922d1cb511f6d408648e742c7d361ba02
GET /it/u=228495488,3907876275&fm=253&fmt=auto&app=138&f=PNG?w=500&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 23634
expires: Wed, 22 Feb 2023 08:48:50 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 57805bd6e7dc4861773512a252a148b6
age: 191267
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 08:48:50 GMT
ohc-cache-hit: lz3ct79 [4], czix79 [4]
ohc-file-size: 23634
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=814922709,807715786&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
125.74.42.35200 OK 9.1 kB URL HTTP/2 img0.baidu.com/it/u=814922709,807715786&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2b2994ee28dc182f698f6fa9e7da4840
342be9fb3a5b281aa77ae4758244eb90d8e95aa5
011240d6aa9405a057b8698d8bb7fe81ce608f2ff2a9e835639ee8bdc6105b11
GET /it/u=814922709,807715786&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 9056
expires: Sat, 18 Feb 2023 04:47:31 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 2b2994ee28dc182f698f6fa9e7da4840
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 04:47:31 GMT
ohc-cache-hit: lz3ct61 [1], suzix237 [4]
ohc-file-size: 9056
x-cache-status: MISS
X-Firefox-Spdy: h2
t15.baidu.com/it/u=3923600217,797260628&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 43 kB URL HTTP/1.1 t15.baidu.com/it/u=3923600217,797260628&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 15389e3bdc5d1b71d5fb95f2e7829862
a6a23d0d29617da32aada131144a255da4511099
671789d007a9b83ba9314ca69a10c8c6dc4105cfee5747a7f0f7e1e167d4d489
GET /it/u=3923600217,797260628&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpeg
Content-Length: 43299
Connection: keep-alive
Expires: Mon, 06 Mar 2023 15:55:40 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: 15389e3bdc5d1b71d5fb95f2e7829862
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 15:55:40 GMT
Ohc-Upstream-Trace: 180.97.33.13; 113.142.198.70; 58.20.204.54
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache64 [4], xaix70 [2]
Ohc-Response-Time: 1 0 0 0 437 438
Ohc-File-Size: 43299
X-Cache-Status: MISS
Timing-Allow-Origin: *
12931.url.tudown.com/uploads/images/499478.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/499478.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/499478.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3379831772,3117866736&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=347
12931.url.tudown.com/uploads/images/771324.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/771324.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/771324.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=1999391408,2670787466&fm=253&app=120&f=JPEG?w=640&h=1136
12931.url.tudown.com/uploads/images/168759.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/168759.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/168759.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=400271853,960095199&fm=224&app=112&f=JPEG?w=500&h=500
12931.url.tudown.com/uploads/images/542426.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/542426.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/542426.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3100190542,1243609320&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=514
t13.baidu.com/it/u=400271853,960095199&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 45 kB URL HTTP/1.1 t13.baidu.com/it/u=400271853,960095199&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash a8b0ba19033aac508e41bd0274b13e31
4d1405fe6d7b2ceedd1fb61e38706f63b1c3db86
1ee45b0f31a05e386f6fedbc1debed2bca6291b52d4848b1c75d1c22fd7949a3
GET /it/u=400271853,960095199&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpeg
Content-Length: 44956
Connection: keep-alive
Expires: Mon, 20 Feb 2023 03:10:28 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: a8b0ba19033aac508e41bd0274b13e31
Age: 405980
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 21 Jan 2023 03:10:28 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache60 [1], csix60 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 44956
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=95212082,672529190&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=500
125.74.42.35200 OK 18 kB URL HTTP/2 img0.baidu.com/it/u=95212082,672529190&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 499x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7899183fcbfe9c1778aa4229fa5712c2
9c37dae935778f01df13b4bd68845a435843530a
86806a799cd166f30c5ad2f8f4124cfef05f8270d1145a91f9a111c00b51b897
GET /it/u=95212082,672529190&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 18270
expires: Fri, 10 Feb 2023 07:19:12 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 7899183fcbfe9c1778aa4229fa5712c2
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 07:19:12 GMT
ohc-cache-hit: lz3ct50 [1], wzix111 [4]
ohc-file-size: 18270
x-cache-status: MISS
X-Firefox-Spdy: h2
12931.url.tudown.com/uploads/images/194179.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/194179.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/194179.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1352737939,1322848535&fm=224&app=112&f=JPG?w=352&h=500&s=F590CB395102DF4D468461F70300C022
12931.url.tudown.com/uploads/images/683197.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/683197.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/683197.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2687657228,3818127795&fm=253&app=120&f=JPEG?w=1280&h=800
img0.baidu.com/it/u=2428433112,1248005970&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
125.74.42.35200 OK 25 kB URL HTTP/2 img0.baidu.com/it/u=2428433112,1248005970&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x749, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e7621955b679461529b17c723ee2fee4
234447069f08c5bc410a15d98d44b925199d4297
a5ffcbce975a70b37e9132c0c53a8565a495bb6e53ef76d471fea97c2a6dadb0
GET /it/u=2428433112,1248005970&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 24774
expires: Tue, 21 Feb 2023 09:24:59 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: e7621955b679461529b17c723ee2fee4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 09:24:59 GMT
ohc-cache-hit: lz3ct77 [1], qdix177 [4]
ohc-file-size: 24774
x-cache-status: MISS
X-Firefox-Spdy: h2
t14.baidu.com/it/u=1352737939,1322848535&fm=224&app=112&f=JPG?w=352&h=500&s=F590CB395102DF4D468461F70300C022
185.10.104.124200 OK 25 kB URL HTTP/1.1 t14.baidu.com/it/u=1352737939,1322848535&fm=224&app=112&f=JPG?w=352&h=500&s=F590CB395102DF4D468461F70300C022
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 352x500, components 3\012- data
Hash 2745aff0b40c1ae9b9124ed0e9e1a33e
fb17dbecf7c5f357a0c6872e8ece17f2ced4186b
537aa4a2c3d819025714c5961d488aab38ee24885d08ab1eaa2cfc8e50b4789e
GET /it/u=1352737939,1322848535&fm=224&app=112&f=JPG?w=352&h=500&s=F590CB395102DF4D468461F70300C022 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpeg
Content-Length: 25406
Connection: keep-alive
Expires: Mon, 20 Feb 2023 16:20:45 GMT
Last-Modified: Mon, 19 Jan 1970 00:00:00 GMT
ETag: 2745aff0b40c1ae9b9124ed0e9e1a33e
Age: 1084454
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 21 Jan 2023 16:20:44 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache55 [1], qdix70 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 25406
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=1867987343,3008850380&fm=253&fmt=auto&app=138&f=GIF?w=583&h=500
125.74.42.35200 OK 111 kB URL HTTP/2 img0.baidu.com/it/u=1867987343,3008850380&fm=253&fmt=auto&app=138&f=GIF?w=583&h=500
IP 125.74.42.35:0
File type GIF image data, version 89a, 583 x 500\012- data
Size 111 kB (111137 bytes)
Hash 739452c84a507186a007335364fe8c03
503892d3fa4ba820ae107565266aedf8c06fa765
54935fe9235cd19b1c7ab975a8443925560026e372f99eacadaff56e89f11662
GET /it/u=1867987343,3008850380&fm=253&fmt=auto&app=138&f=GIF?w=583&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/gif
content-length: 111137
expires: Wed, 22 Feb 2023 08:07:48 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 739452c84a507186a007335364fe8c03
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 08:07:48 GMT
ohc-cache-hit: lz3ct59 [1], czix199 [4]
ohc-file-size: 111137
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1496123987,2661962405&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=224
125.74.42.35200 OK 6.2 kB URL HTTP/2 img0.baidu.com/it/u=1496123987,2661962405&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=224
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 224x224, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5a1d8e7e7071e26d2d1410d547af312e
7655f6ef24155001d4b7c5113863ee5775e3132d
8c183dd4d059f2638b83e2c1c6ffe25bbff8b704088e9d1dcfc2b297f879aa6e
GET /it/u=1496123987,2661962405&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=224 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 6192
expires: Mon, 06 Mar 2023 06:17:06 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 5a1d8e7e7071e26d2d1410d547af312e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 06:17:06 GMT
ohc-cache-hit: lz3ct79 [1], csix79 [4]
ohc-file-size: 6192
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2695204531,2698869799&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
125.74.42.35200 OK 24 kB URL HTTP/2 img0.baidu.com/it/u=2695204531,2698869799&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 71dacaca0febf117378e43cb1df51084
81743df7bc378c950532a9714256253cbe5ef86c
268ab16b671450d699d185cb4835d52c44365d0316246bc712d23bfda50fc175
GET /it/u=2695204531,2698869799&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 24446
expires: Wed, 08 Feb 2023 02:11:22 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 71dacaca0febf117378e43cb1df51084
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 09 Jan 2023 02:11:22 GMT
ohc-cache-hit: lz3ct79 [1], wzix79 [4]
ohc-file-size: 24446
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3275485709,1879986680&fm=253&fmt=auto&app=138&f=JPEG?w=508&h=268
125.74.42.35200 OK 3.5 kB URL HTTP/2 img2.baidu.com/it/u=3275485709,1879986680&fm=253&fmt=auto&app=138&f=JPEG?w=508&h=268
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 508x268, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash bc61b6e3c6a007facb24e887cbf78eec
aa9cf1edb99a3b2ed9656a2cdbd0117cb9599a6e
395c6d621738559cb70e95b4c07e83fe638da0d63c41e308769fb739fd093a7a
GET /it/u=3275485709,1879986680&fm=253&fmt=auto&app=138&f=JPEG?w=508&h=268 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 3532
expires: Mon, 06 Mar 2023 15:47:26 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: bc61b6e3c6a007facb24e887cbf78eec
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 15:47:26 GMT
ohc-cache-hit: lz3ct61 [1], xiangyix232 [4]
ohc-file-size: 3532
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=1408659075,2347218015&fm=253&fmt=auto&app=138&f=JPEG?w=360&h=201
125.74.42.35200 OK 9.6 kB URL HTTP/2 img2.baidu.com/it/u=1408659075,2347218015&fm=253&fmt=auto&app=138&f=JPEG?w=360&h=201
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 360x201, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 447cf9dbe8e81e41af5aee4c92330f8f
c632afd9f98c175937e262f71bc942789f03ccca
0390bb7fc0be65a23b1660ca13eb72a144ca5949e2b4c15f27ef8a0d8d8597b9
GET /it/u=1408659075,2347218015&fm=253&fmt=auto&app=138&f=JPEG?w=360&h=201 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 9562
expires: Fri, 24 Feb 2023 03:25:35 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 447cf9dbe8e81e41af5aee4c92330f8f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 03:25:35 GMT
ohc-cache-hit: lz3ct85 [1], bdix202 [4]
ohc-file-size: 9562
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=4252571863,1839450856&fm=253&fmt=auto&app=138&f=JPEG?w=362&h=500
125.74.42.35200 OK 39 kB URL HTTP/2 img2.baidu.com/it/u=4252571863,1839450856&fm=253&fmt=auto&app=138&f=JPEG?w=362&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 362x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c04cd35e3b7220c37852f0895289c8eb
de893f6c029cda5837965356a06d7234b2c42308
2f9fe4c3c2e39ef66408e6f91e8d31e55521b5e6903776d30f1a6fc940bff8bf
GET /it/u=4252571863,1839450856&fm=253&fmt=auto&app=138&f=JPEG?w=362&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 39240
expires: Sun, 19 Feb 2023 05:33:28 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: c04cd35e3b7220c37852f0895289c8eb
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 05:33:28 GMT
ohc-cache-hit: lz3ct76 [1], qdix76 [4]
ohc-file-size: 39240
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3746346873,596028162&fm=253&fmt=auto&app=120&f=JPEG?w=500&h=750
125.74.42.35200 OK 44 kB URL HTTP/2 img2.baidu.com/it/u=3746346873,596028162&fm=253&fmt=auto&app=120&f=JPEG?w=500&h=750
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x750, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8be69ac0178b13f9eea4f93d8f722e0a
f8e13dac166008307a3e18a89454e9a4d8a75125
26840f9ca7e3127555e913427d56a5ec75f653cb65ebe75e0931c4b12a380a2e
GET /it/u=3746346873,596028162&fm=253&fmt=auto&app=120&f=JPEG?w=500&h=750 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 43782
expires: Sat, 18 Feb 2023 16:17:24 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 8be69ac0178b13f9eea4f93d8f722e0a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 16:17:24 GMT
ohc-cache-hit: lz3ct78 [1], qdix78 [4]
ohc-file-size: 43782
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=3830720015,3772898188&fm=253&fmt=auto?w=1422&h=800
125.64.104.35200 OK 114 kB URL HTTP/2 img1.baidu.com/it/u=3830720015,3772898188&fm=253&fmt=auto?w=1422&h=800
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1422x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 114 kB (113790 bytes)
Hash 29806cc7843db51ade42b2c5ba9bde65
1e3a87a40aea29befe34aefe952db2a478b9098e
43b5541a07d707354328dffdddc9a954e01ed3a5c9acc06065dce981b82a1bb9
GET /it/u=3830720015,3772898188&fm=253&fmt=auto?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 113790
expires: Mon, 20 Feb 2023 15:24:41 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 29806cc7843db51ade42b2c5ba9bde65
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 15:24:41 GMT
ohc-cache-hit: dy2ct94 [1], czix177 [4]
ohc-file-size: 113790
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=1504889317,3226780132&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=313
125.64.104.35200 OK 38 kB URL HTTP/2 img1.baidu.com/it/u=1504889317,3226780132&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=313
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x313, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 30c1113abb0bc7dfe2eb120b7a2507d7
05f5cfe8bb33256275a43d7a14304354bd3b43f4
0756cfafd330bd6314cc76fa1e8209eb109bba5e9fad31cf94b16a53c6b5e4bb
GET /it/u=1504889317,3226780132&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=313 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 38088
expires: Tue, 21 Feb 2023 14:17:17 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 30c1113abb0bc7dfe2eb120b7a2507d7
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 14:17:17 GMT
ohc-cache-hit: dy2ct76 [1], xaix205 [4]
ohc-file-size: 38088
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=1516083702,1859252157&fm=253&fmt=auto&app=138&f=JPEG?w=352&h=500
125.74.42.35200 OK 32 kB URL HTTP/2 img2.baidu.com/it/u=1516083702,1859252157&fm=253&fmt=auto&app=138&f=JPEG?w=352&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 352x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 241a940a6b3e20aba85c5ea944d03b26
37b78481fc8a09cbded881d791fe62c04a2125bd
337cfbef9c5e8b65f503bc7f767c1ba4aed36163d4781d1aa945a1906a84729f
GET /it/u=1516083702,1859252157&fm=253&fmt=auto&app=138&f=JPEG?w=352&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 32522
expires: Sun, 26 Feb 2023 16:36:24 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 241a940a6b3e20aba85c5ea944d03b26
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 16:36:24 GMT
ohc-cache-hit: lz3ct53 [1], wzix105 [4]
ohc-file-size: 32522
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=4286396864,596511379&fm=253&fmt=auto&app=138&f=JPEG?w=359&h=499
125.64.104.35200 OK 36 kB URL HTTP/2 img1.baidu.com/it/u=4286396864,596511379&fm=253&fmt=auto&app=138&f=JPEG?w=359&h=499
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 359x499, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2edf5f2a8b439035ecf1434e9b831b58
16b6c9f4d07f4926afee248d63f203260418f5ee
9d13a90fffc9504eec8cb9cadf0f23423628c77f7f957b86e0cd61039588c701
GET /it/u=4286396864,596511379&fm=253&fmt=auto&app=138&f=JPEG?w=359&h=499 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 35920
expires: Mon, 06 Feb 2023 09:41:30 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 2edf5f2a8b439035ecf1434e9b831b58
age: 42415
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 07 Jan 2023 09:41:30 GMT
ohc-cache-hit: dy2ct59 [4], csix59 [4]
ohc-file-size: 35920
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=551660493,979160127&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
125.74.42.35200 OK 57 kB URL HTTP/2 img2.baidu.com/it/u=551660493,979160127&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ef00b4142311dd50336c78fbadfca30e
fdb4b31f3229a5141212d963f39d50e653cd99a1
c96a5259d25aa42667c829a40de625feba32a414d6c6577ad566aeaa218920c5
GET /it/u=551660493,979160127&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 57010
expires: Sun, 05 Mar 2023 13:41:22 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: ef00b4142311dd50336c78fbadfca30e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 03 Feb 2023 13:41:22 GMT
ohc-cache-hit: lz3ct52 [1], wzix52 [2]
ohc-file-size: 57010
x-cache-status: MISS
X-Firefox-Spdy: h2
12931.url.tudown.com/uploads/images/478620.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/478620.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/478620.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1932780,1774025666&fm=224&app=112&f=JPEG?w=500&h=500
img0.baidu.com/it/u=2122931362,465787482&fm=253&fmt=auto&app=120&f=JPEG?w=400&h=400
125.74.42.35200 OK 13 kB URL HTTP/2 img0.baidu.com/it/u=2122931362,465787482&fm=253&fmt=auto&app=120&f=JPEG?w=400&h=400
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash dd20f2e71a1646d252f272839949c8b7
4c2a74861e7644ac57956aab8e722afcf772ff1e
0e70b37f451859d098e108cca3db430f0d0eb83bec7b047985e8f73ee29d5c4d
GET /it/u=2122931362,465787482&fm=253&fmt=auto&app=120&f=JPEG?w=400&h=400 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 12660
expires: Mon, 06 Mar 2023 15:55:40 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: dd20f2e71a1646d252f272839949c8b7
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 15:55:40 GMT
ohc-cache-hit: lz3ct77 [2], xiangyix212 [4]
ohc-file-size: 12660
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=685579189,1283811002&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
125.74.42.35200 OK 17 kB URL HTTP/2 img0.baidu.com/it/u=685579189,1283811002&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 31e35930d9a3974a885db556fe3c1522
3d50996b24f996fc39b0fd2f242217bcf9da6cb4
cd8ee30272ae46bbfc672a958aa5241278841901cfda60534bd316abea8085cf
GET /it/u=685579189,1283811002&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 17248
expires: Tue, 07 Feb 2023 06:49:44 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 31e35930d9a3974a885db556fe3c1522
age: 154165
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 08 Jan 2023 06:49:44 GMT
ohc-cache-hit: lz3ct64 [4], suzix169 [4]
ohc-file-size: 17248
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2602722561,1421725466&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
125.64.104.35200 OK 18 kB URL HTTP/2 img1.baidu.com/it/u=2602722561,1421725466&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0d6cd6e071de88daa72230917f6d42e6
2445c5c01fa361c23a93b609e3cd804e33c0711f
78c57670613d05dbfaf6659ece4afe57c11e43cacf408a3ba37b856dc83217fd
GET /it/u=2602722561,1421725466&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 18170
expires: Thu, 23 Feb 2023 10:29:23 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 0d6cd6e071de88daa72230917f6d42e6
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 10:29:23 GMT
ohc-cache-hit: dy2ct87 [1], qdix216 [4]
ohc-file-size: 18170
x-cache-status: MISS
X-Firefox-Spdy: h2
12931.url.tudown.com/uploads/images/556726.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/556726.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/556726.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3331637964,3729564777&fm=253&fmt=auto&app=120&f=JPEG?w=1244&h=800
t14.baidu.com/it/u=1932780,1774025666&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 21 kB URL HTTP/1.1 t14.baidu.com/it/u=1932780,1774025666&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash e67f7b539ef642724d979425d38f2485
d9fdf59352ef9a7fdde165083365f0d314cff98e
5e1c0907c5be9fea1bb533ba0761c255306bc78582c33344a6a9294b5b0c6313
GET /it/u=1932780,1774025666&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpeg
Content-Length: 20710
Connection: keep-alive
Expires: Sun, 05 Feb 2023 17:26:59 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: e67f7b539ef642724d979425d38f2485
Age: 393221
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 17:26:59 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache55 [1], csix71 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 20710
X-Cache-Status: HIT
Timing-Allow-Origin: *
12931.url.tudown.com/uploads/images/850731.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/850731.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/850731.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4028467205,644735175&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=334
12931.url.tudown.com/uploads/images/690410.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/690410.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/690410.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2440319501,258488184&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
12931.url.tudown.com/uploads/images/647982.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/647982.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/647982.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2620001455,1692512267&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=867
12931.url.tudown.com/uploads/images/100474.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/100474.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/100474.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3617770504,24983910&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
img1.baidu.com/it/u=162976163,2845049117&fm=253&fmt=auto&app=138&f=PNG?w=500&h=676
125.64.104.35200 OK 129 kB URL HTTP/2 img1.baidu.com/it/u=162976163,2845049117&fm=253&fmt=auto&app=138&f=PNG?w=500&h=676
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image\012- data
Size 129 kB (128726 bytes)
Hash a45151baf4bdf6ac477de8dbdb6eea12
a9bc1c2a413c56b52f661b2c3819007f318eadd0
f71a055da3db54f46b3855d27ca4a6972346fa746e5a2ca99c73ccf5fad58fbc
GET /it/u=162976163,2845049117&fm=253&fmt=auto&app=138&f=PNG?w=500&h=676 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 128726
expires: Tue, 21 Feb 2023 05:23:00 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: a45151baf4bdf6ac477de8dbdb6eea12
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 05:23:00 GMT
ohc-cache-hit: dy2ct93 [1], bdix158 [4]
ohc-file-size: 128726
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=3220094201,1000275519&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
125.64.104.35200 OK 49 kB URL HTTP/2 img1.baidu.com/it/u=3220094201,1000275519&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b1239dcecfd8d2ae8581983d523b5a8e
319659f2d9d298ebc183120ddad0e9f16007ab5f
2748ee959cf00d490249eef871f48ee296eee130ad33653140ed87b9ab10b5a4
GET /it/u=3220094201,1000275519&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 48642
expires: Fri, 17 Feb 2023 06:00:34 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: b1239dcecfd8d2ae8581983d523b5a8e
age: 116068
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 06:00:34 GMT
ohc-cache-hit: dy2ct92 [2], suzix148 [2]
ohc-file-size: 48642
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2037062839,2216091887&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
125.64.104.35200 OK 32 kB URL HTTP/2 img1.baidu.com/it/u=2037062839,2216091887&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x749, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 96cae23f879c94b67c6cdfc94c5ab6d3
b780c7fbabffcd1cc17953f8f2af6efd885d5d2c
4b12d2544c207774210f88e8577f791dba164cb8cf7c6f24bf84cb28fc8bc45d
GET /it/u=2037062839,2216091887&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:40 GMT
content-type: image/webp
content-length: 32280
expires: Thu, 02 Mar 2023 02:02:05 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 96cae23f879c94b67c6cdfc94c5ab6d3
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 02:02:05 GMT
ohc-cache-hit: dy2ct63 [1], czix63 [4]
ohc-file-size: 32280
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3100190542,1243609320&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=514
125.74.42.35200 OK 24 kB URL HTTP/2 img2.baidu.com/it/u=3100190542,1243609320&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=514
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x514, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 72bd44cb7f45f32174e88f2521fb4499
b8837e3cdd276e3f5a1718c8e706eee6579c442e
75c42ea534d4bbd4bbb76810dfd48c9d90f2a545874d68e05f67d2ab05913da3
GET /it/u=3100190542,1243609320&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=514 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:41 GMT
content-type: image/webp
content-length: 24334
expires: Wed, 22 Feb 2023 03:17:48 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 72bd44cb7f45f32174e88f2521fb4499
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 03:17:48 GMT
ohc-cache-hit: lz3ct88 [1], bdix113 [4]
ohc-file-size: 24334
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3379831772,3117866736&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=347
125.74.42.35200 OK 26 kB URL HTTP/2 img2.baidu.com/it/u=3379831772,3117866736&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=347
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x347, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a0eed35d242fa1cd5451d4ab160723cf
e0456789dc565478f40a385fd3b753534681824a
6f74f11b5ca2f3f0a205e2fd5d6ba1aa8cd04f644e29bd32edb285407df010d8
GET /it/u=3379831772,3117866736&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=347 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:41 GMT
content-type: image/webp
content-length: 25594
expires: Sun, 05 Mar 2023 16:10:11 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: a0eed35d242fa1cd5451d4ab160723cf
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 03 Feb 2023 16:10:11 GMT
ohc-cache-hit: lz3ct81 [1], csix81 [2]
ohc-file-size: 25594
x-cache-status: MISS
X-Firefox-Spdy: h2
12931.url.tudown.com/uploads/images/214945.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/214945.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/214945.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=849778306,1970475678&fm=253&fmt=auto&app=138&f=JPEG?w=890&h=500
12931.url.tudown.com/uploads/images/629110.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/629110.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/629110.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=1893088694,1514510018&fm=253&app=120&f=JPEG?w=1280&h=800
12931.url.tudown.com/uploads/images/851638.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/851638.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/851638.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=928402332,1870921766&fm=253&fmt=auto&app=138&f=JPEG?w=571&h=500
12931.url.tudown.com/uploads/images/240953.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/240953.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/240953.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1554408427,769955625&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
img2.baidu.com/it/u=1999391408,2670787466&fm=253&app=120&f=JPEG?w=640&h=1136
180.97.66.35200 OK 82 kB URL HTTP/1.1 img2.baidu.com/it/u=1999391408,2670787466&fm=253&app=120&f=JPEG?w=640&h=1136
IP 180.97.66.35:0
ASN #140292 CHINATELECOM Jiangsu province Suzhou 5G network
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 640x1136, components 3\012- data
Hash efd94291f63db6c6aac4f4895aba4884
707279b753d55bdf1906fd4ce641df773fa202dd
313bd069c8906cc33ca56e58e207ae6db8eb17826ac7eca6a6af6857b519c9f4
GET /it/u=1999391408,2670787466&fm=253&app=120&f=JPEG?w=640&h=1136 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpeg
Content-Length: 81917
Connection: keep-alive
Expires: Mon, 06 Feb 2023 13:43:12 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: efd94291f63db6c6aac4f4895aba4884
Age: 250634
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 13:43:12 GMT
Ohc-Cache-HIT: suz2ct62 [4], xiangyix82 [4]
Ohc-File-Size: 81917
X-Cache-Status: HIT
12931.url.tudown.com/uploads/images/304516.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12931.url.tudown.com/uploads/images/304516.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/304516.jpg HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3882191210,4062610010&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
img0.baidu.com/it/u=3331637964,3729564777&fm=253&fmt=auto&app=120&f=JPEG?w=1244&h=800
125.74.42.35200 OK 58 kB URL HTTP/2 img0.baidu.com/it/u=3331637964,3729564777&fm=253&fmt=auto&app=120&f=JPEG?w=1244&h=800
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1244x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 96e0f2a3e828b18878b9fa79dd9fa83d
0a251647d5051db5b1f096ae195ef4e351ec1740
29167abde82ce3acd721d74544a7669c5609919c0ebf0ce42f016f15e98f9c36
GET /it/u=3331637964,3729564777&fm=253&fmt=auto&app=120&f=JPEG?w=1244&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:41 GMT
content-type: image/webp
content-length: 58302
expires: Mon, 20 Feb 2023 13:57:31 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 96e0f2a3e828b18878b9fa79dd9fa83d
age: 201314
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 13:57:31 GMT
ohc-cache-hit: lz3ct87 [4], bdix160 [2]
ohc-file-size: 58302
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=4028467205,644735175&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=334
125.74.42.35200 OK 18 kB URL HTTP/2 img2.baidu.com/it/u=4028467205,644735175&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=334
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x334, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash dbdb0ab853c9a6b6432e510def95edbd
0e1d589a51ff03bb04c351525384648a32ff9b35
5b09c42f5078cf33b0122b9eefba34de1062a4c78d9bb0b4e07ecc8e8c466484
GET /it/u=4028467205,644735175&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=334 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:41 GMT
content-type: image/webp
content-length: 18410
expires: Mon, 06 Feb 2023 13:44:10 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: dbdb0ab853c9a6b6432e510def95edbd
age: 118797
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 07 Jan 2023 13:44:10 GMT
ohc-cache-hit: lz3ct59 [4], czix59 [4]
ohc-file-size: 18410
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2440319501,258488184&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
125.74.42.35200 OK 49 kB URL HTTP/2 img0.baidu.com/it/u=2440319501,258488184&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 889x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3fe1b9fbb0e78b2c74dec7a30fb7cc5b
f21e64426105488e039ea698d4e4e749863a5751
6a273f4e23f26dcb0647acd40e2d25b1a8f02fe966c13de7f4093659e215d6a2
GET /it/u=2440319501,258488184&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:41 GMT
content-type: image/webp
content-length: 49088
expires: Mon, 20 Feb 2023 02:36:07 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 3fe1b9fbb0e78b2c74dec7a30fb7cc5b
age: 39704
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 02:36:07 GMT
ohc-cache-hit: lz3ct88 [4], suzix104 [4]
ohc-file-size: 49088
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2620001455,1692512267&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=867
125.74.42.35200 OK 37 kB URL HTTP/2 img0.baidu.com/it/u=2620001455,1692512267&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=867
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x867, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 85fdc0e682d417409115511cee488c6b
9eae2848a379ea797fc6adfb9e9959e6f50aa397
d83806f3105753298148aa214397b76d84e3748598e267122be6b5ca90cb1437
GET /it/u=2620001455,1692512267&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=867 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:41 GMT
content-type: image/webp
content-length: 36768
expires: Mon, 20 Feb 2023 15:33:26 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 85fdc0e682d417409115511cee488c6b
age: 313306
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 15:33:26 GMT
ohc-cache-hit: lz3ct72 [4], suzix232 [4]
ohc-file-size: 36768
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=3617770504,24983910&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
125.74.42.35200 OK 25 kB URL HTTP/2 img0.baidu.com/it/u=3617770504,24983910&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c5703df470ea6c6d8f2ca15422c3c4a7
ced17e28ac841a8e9c2bc539c57d5897b7e62f34
2ae482553f558c9e8f56dd00957647e2bed6f211ff8f4430005d2b1ee3a41256
GET /it/u=3617770504,24983910&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:41 GMT
content-type: image/webp
content-length: 25198
expires: Wed, 15 Feb 2023 11:38:58 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: c5703df470ea6c6d8f2ca15422c3c4a7
age: 179283
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 16 Jan 2023 11:38:58 GMT
ohc-cache-hit: lz3ct70 [4], qdix197 [4]
ohc-file-size: 25198
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=849778306,1970475678&fm=253&fmt=auto&app=138&f=JPEG?w=890&h=500
125.74.42.35200 OK 30 kB URL HTTP/2 img2.baidu.com/it/u=849778306,1970475678&fm=253&fmt=auto&app=138&f=JPEG?w=890&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 890x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 00a3d5ad0b9808ee8246591e0bdca16f
651cc61f7af71ca9e932ae1d672cf6ad5152dad5
3d633c12ce4073ea80c9a145243ee09878d862b85e0e9cc0f0b90e4194af42af
GET /it/u=849778306,1970475678&fm=253&fmt=auto&app=138&f=JPEG?w=890&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:41 GMT
content-type: image/webp
content-length: 29906
expires: Thu, 09 Feb 2023 12:57:26 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 00a3d5ad0b9808ee8246591e0bdca16f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 10 Jan 2023 12:57:26 GMT
ohc-cache-hit: lz3ct83 [1], wzix83 [4]
ohc-file-size: 29906
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=928402332,1870921766&fm=253&fmt=auto&app=138&f=JPEG?w=571&h=500
125.64.104.35200 OK 37 kB URL HTTP/2 img1.baidu.com/it/u=928402332,1870921766&fm=253&fmt=auto&app=138&f=JPEG?w=571&h=500
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 571x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 278a867624f15132894c8264f6fb5349
787f1c84523bdf5e335711c1c9a79806b860f448
97f0ac89e773f8c7a1dab7c7e89ee0fb9af264bdbaf510a25b687b3c4ffbcc1c
GET /it/u=928402332,1870921766&fm=253&fmt=auto&app=138&f=JPEG?w=571&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:41 GMT
content-type: image/webp
content-length: 37282
expires: Sat, 11 Feb 2023 07:14:14 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 278a867624f15132894c8264f6fb5349
age: 137524
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 12 Jan 2023 07:14:14 GMT
ohc-cache-hit: dy2ct107 [4], czix237 [4]
ohc-file-size: 37282
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2687657228,3818127795&fm=253&app=120&f=JPEG?w=1280&h=800
180.97.66.35200 OK 81 kB URL HTTP/1.1 img2.baidu.com/it/u=2687657228,3818127795&fm=253&app=120&f=JPEG?w=1280&h=800
IP 180.97.66.35:0
ASN #140292 CHINATELECOM Jiangsu province Suzhou 5G network
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash 8bb15fbd4c1748bca82ee58c4badbc9b
41a3a94ca78f3ded9fbe8980984452cc6b566ac3
e2c537823b1e9659823f4f02ecfd413a2e6849fefd1095f70249ce318ac5d03b
GET /it/u=2687657228,3818127795&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpeg
Content-Length: 80633
Connection: keep-alive
Expires: Mon, 06 Feb 2023 18:19:33 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 8bb15fbd4c1748bca82ee58c4badbc9b
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 18:19:33 GMT
Ohc-Cache-HIT: suz2ct73 [1], qdix73 [4]
Ohc-File-Size: 80633
X-Cache-Status: MISS
img2.baidu.com/it/u=1893088694,1514510018&fm=253&app=120&f=JPEG?w=1280&h=800
180.97.66.35200 OK 87 kB URL HTTP/1.1 img2.baidu.com/it/u=1893088694,1514510018&fm=253&app=120&f=JPEG?w=1280&h=800
IP 180.97.66.35:0
ASN #140292 CHINATELECOM Jiangsu province Suzhou 5G network
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash dc15aeab146435f771128c7389a32393
84c254bf57ae87d38cb4c4314253f250f21ecdf6
9dfe55ab0b2e76939ac0120fbdfd4e7970deca117a571315cb4d39c230bee188
GET /it/u=1893088694,1514510018&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12931.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:55:41 GMT
Content-Type: image/jpeg
Content-Length: 86897
Connection: keep-alive
Expires: Sat, 11 Feb 2023 17:23:57 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: dc15aeab146435f771128c7389a32393
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 12 Jan 2023 17:23:57 GMT
Ohc-Cache-HIT: suz2ct63 [1], czix98 [4]
Ohc-File-Size: 86897
X-Cache-Status: MISS
img0.baidu.com/it/u=3882191210,4062610010&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
125.74.42.35200 OK 70 kB URL HTTP/2 img0.baidu.com/it/u=3882191210,4062610010&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c9d853505f5fa3dcf7af28f592d44bbe
667be22cb21c6f9bef612a63c885ba3539755174
c90dedeedf52f3bcd8ed7991b3f145d16dac695cc9683f53ec2b9af539a632d9
GET /it/u=3882191210,4062610010&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:42 GMT
content-type: image/webp
content-length: 69512
expires: Thu, 02 Mar 2023 13:39:03 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: c9d853505f5fa3dcf7af28f592d44bbe
age: 138692
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 13:39:03 GMT
ohc-cache-hit: lz3ct86 [4], wzix86 [2]
ohc-file-size: 69512
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1554408427,769955625&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
125.74.42.35200 OK 20 kB URL HTTP/2 img0.baidu.com/it/u=1554408427,769955625&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0e2a55b9f83b0378802decdc71679b95
8b32fea51b2f2cf769ec0efa554ec40167e56b62
18b357c569176f95cc71a0559895ca75da7c5bbbbb570294867e8e15640a9126
GET /it/u=1554408427,769955625&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12931.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:55:42 GMT
content-type: image/webp
content-length: 20202
expires: Tue, 21 Feb 2023 14:09:06 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 0e2a55b9f83b0378802decdc71679b95
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 14:09:06 GMT
ohc-cache-hit: lz3ct55 [1], czix96 [4]
ohc-file-size: 20202
x-cache-status: MISS
X-Firefox-Spdy: h2
12931.url.tudown.com/favicon.ico
154.218.151.71200 OK 0 B URL HTTP/1.1 12931.url.tudown.com/favicon.ico
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 12931.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12931.url.tudown.com/down/berrybox%E4%B8%8B%E8%BD%BD@134_2582.exe
Cookie: __bid_n=1861d1cf31c694962b4207; Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675526176; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1675526176
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:55:42 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes
jspassport.ssl.qhimg.com/11.0.1.js?d182b3f28525f2db83acfaaf6e696dba
54.230.111.58200 OK 0 B URL HTTP/2 jspassport.ssl.qhimg.com/11.0.1.js?d182b3f28525f2db83acfaaf6e696dba
IP 54.230.111.58:0
GET /11.0.1.js?d182b3f28525f2db83acfaaf6e696dba HTTP/1.1
Host: jspassport.ssl.qhimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12931.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
last-modified: Wed, 28 Nov 2018 07:43:20 GMT
kcs-via: HIT from w-fc01.lato;REVALIDATED from w-sc01.lato
date: Sat, 04 Feb 2023 15:50:26 GMT
cache-control: max-age=600
expires: Sat, 04 Feb 2023 15:59:52 GMT
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _g5nqjR67JJU_3wnch1HTMa6oFuVWy0iZ03NrYJ5n4XqfH-lhAw0_A==
age: 346
X-Firefox-Spdy: h2